| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows7: PDF von DHL Mail geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.06.2015, 16:30
| #1 |
| |  Windows7: PDF von DHL Mail geöffnet Hallo, ich habe Gestern eine Fake-DHL-Mail erhalten und den PDF Anhang geöffnet. Jetzt habe ich nachgelesen und herausgefunden das in solchen PDF Anhängen auch Trojaner versteckt sein können. Nun befürchte ich, dass sich auf meinem PC ein Trojaner oder ähnliches eingeschlichen hat. Bis jetzt habe ich keine außergewöhnlichen Handlungen feststellen können. Aber es kann ja auch sein dass ich nichts davon merke und trotzdem etwas da ist, oder? Ich habe bereits die Log Files erstellt und diese im Anhang gepostet. Danke für eure Hilfe. |
|
02.06.2015, 16:49
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7: PDF von DHL Mail geöffnet Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.06.2015, 18:00
| #3 |
| | Windows7: PDF von DHL Mail geöffnet defogger_disable:
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:18 on 02/06/2015 (Papa)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Papa (administrator) on PAPA-PC on 02-06-2015 16:19:57
Running from C:\Users\Papa\Downloads
Loaded Profiles: Papa (Available Profiles: Papa & M*** & R***)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(TP-LINK Technology, Corp.) C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
() C:\Users\Papa\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1285318879-3339298170-2587976329-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1285318879-3339298170-2587976329-1000\...\MountPoints2: {6b18e841-d9be-11e2-9ce2-806e6f6e6963} - D:\Launcher.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk [2013-06-20]
ShortcutTarget: TP-LINK Wireless Client Utility.lnk -> C:\Program Files (x86)\TP-LINK\COMMON\TWCU.exe (TP-LINK Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1285318879-3339298170-2587976329-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-17] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\fc0nws0z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe [374112 2011-03-14] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe [451936 2011-03-14] (Ralink Technology, Corp.)
S3 TpMediaServer; C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe [619872 2011-03-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-02 16:19 - 2015-06-02 16:20 - 00009079 _____ () C:\Users\Papa\Downloads\FRST.txt
2015-06-02 16:19 - 2015-06-02 16:20 - 00000000 ____D () C:\FRST
2015-06-02 16:18 - 2015-06-02 16:18 - 00000470 _____ () C:\Users\Papa\Downloads\defogger_disable.log
2015-06-02 16:18 - 2015-06-02 16:18 - 00000000 _____ () C:\Users\Papa\defogger_reenable
2015-06-02 16:16 - 2015-06-02 16:16 - 02108928 _____ (Farbar) C:\Users\Papa\Downloads\FRST64.exe
2015-06-02 16:16 - 2015-06-02 16:16 - 00380416 _____ () C:\Users\Papa\Downloads\Gmer-19357.exe
2015-06-02 16:15 - 2015-06-02 16:15 - 00050477 _____ () C:\Users\Papa\Downloads\Defogger.exe
2015-06-01 20:23 - 2015-06-01 20:23 - 00000000 ____D () C:\Users\Papa\AppData\Local\GWX
2015-05-23 21:41 - 2015-06-02 16:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 22:20 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:20 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:06 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 22:06 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 22:06 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 22:06 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 22:06 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 22:06 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 22:06 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 22:06 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 22:06 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 22:06 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 22:05 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 22:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 22:05 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 22:05 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 22:05 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 22:05 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 22:05 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 22:05 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 22:05 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 22:05 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 22:05 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 22:05 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 22:05 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 22:05 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 22:05 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 22:05 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 22:05 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 22:05 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 22:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 22:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 22:05 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 22:05 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 22:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 22:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 22:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 22:05 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 22:05 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 22:05 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 22:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 22:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 22:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 22:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 22:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 22:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 22:05 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 22:05 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 22:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 22:05 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 22:05 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 22:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 22:05 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 22:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 22:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 22:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 22:05 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 22:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 22:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 22:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 22:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 22:05 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 22:05 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 22:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 22:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 22:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 22:03 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 22:03 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 22:03 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 22:03 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 22:03 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 22:03 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 22:03 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 22:03 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 22:03 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 22:03 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 22:03 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 22:03 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 22:03 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 22:03 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 22:03 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 22:03 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 22:03 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 22:03 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 22:03 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 22:03 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 22:03 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 22:03 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 22:03 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 22:03 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 22:03 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 22:03 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 22:03 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 22:03 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 22:03 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 22:03 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 22:03 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 22:03 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 22:03 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 22:03 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 22:03 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 22:03 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 22:03 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 22:03 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 22:03 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 22:03 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 22:03 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 22:03 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 22:03 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 22:02 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 22:02 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 22:02 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 22:02 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 22:02 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 22:02 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 22:02 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 22:02 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 22:02 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-02 16:18 - 2013-06-20 17:39 - 00000000 ____D () C:\Users\Papa
2015-06-02 16:16 - 2013-06-27 18:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 16:02 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 16:02 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 15:51 - 2013-06-20 17:39 - 01457536 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 15:47 - 2014-07-08 17:41 - 00000356 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2015-06-02 15:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 15:47 - 2009-07-14 06:51 - 00086852 _____ () C:\Windows\setupact.log
2015-06-01 20:41 - 2014-07-08 17:41 - 00002708 _____ () C:\Windows\System32\Tasks\DriverToolkit Autorun
2015-06-01 20:40 - 2015-04-04 16:13 - 00000000 ____D () C:\Users\Papa\Desktop\ÖKB
2015-06-01 20:35 - 2013-06-23 13:19 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-05-25 19:45 - 2013-06-20 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 19:34 - 2015-04-04 21:46 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 19:34 - 2015-04-04 21:46 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 20:08 - 2013-06-20 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 20:07 - 2013-06-20 19:37 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-19 20:07 - 2013-06-20 19:37 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-15 21:19 - 2013-12-23 15:55 - 00000000 ____D () C:\Users\M***\AppData\Roaming\.minecraft
2015-05-14 13:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 12:20 - 2013-06-21 14:25 - 00000000 ____D () C:\Users\R***
2015-05-14 12:19 - 2013-06-20 19:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-14 11:37 - 2011-04-12 09:43 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 11:37 - 2011-04-12 09:43 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 11:37 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 11:32 - 2013-07-01 18:34 - 00000000 ____D () C:\Users\Papa\AppData\Roaming\Canon
2015-05-14 11:29 - 2009-07-14 06:45 - 00356824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 11:27 - 2011-04-12 09:55 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 19:42 - 2013-06-23 20:59 - 00000000 ____D () C:\Users\Papa\AppData\Local\Adobe
2015-05-12 19:42 - 2013-06-23 12:21 - 00000000 ____D () C:\Users\Papa\AppData\Roaming\Adobe
Some files in TEMP:
====================
C:\Users\M***\AppData\Local\Temp\avgnt.exe
C:\Users\M***\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Papa\AppData\Local\Temp\avgnt.exe
C:\Users\Papa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Papa\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\R***\AppData\Local\Temp\avgnt.exe
C:\Users\R***\AppData\Local\Temp\EBU906C.exe
C:\Users\R***\AppData\Local\Temp\EBUBB63.exe
C:\Users\R***\AppData\Local\Temp\MSETUP4.EXE
C:\Users\R***\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 12:55
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Papa at 2015-06-02 16:20:41
Running from C:\Users\Papa\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1285318879-3339298170-2587976329-500 - Administrator - Disabled)
Gast (S-1-5-21-1285318879-3339298170-2587976329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1285318879-3339298170-2587976329-1002 - Limited - Enabled)
M*** (S-1-5-21-1285318879-3339298170-2587976329-1003 - Limited - Enabled) => C:\Users\M***
Papa (S-1-5-21-1285318879-3339298170-2587976329-1000 - Administrator - Enabled) => C:\Users\Papa
R*** (S-1-5-21-1285318879-3339298170-2587976329-1004 - Administrator - Enabled) => C:\Users\R***
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adelantado 2 (HKLM-x32\...\Adelantado 2_is1) (Version: - Realore Studios)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG4200 series Benutzerregistrierung (HKLM-x32\...\Canon MG4200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Das Schwarze Auge - Schicksalsklinge (HKLM-x32\...\{8DA31208-BE1D-4D9C-B421-F97C04947F55}_is1) (Version: - UIG GmbH)
Die Schlümpfe - Auf... (HKLM-x32\...\Die Schlümpfe - Auf...) (Version: - )
DIE SIEDLER - Das Erbe der Könige - Gold Edition (HKLM-x32\...\{E08DE897-B6AF-4DFF-9E90-131E80C876B4}) (Version: 1.00.0000 - Blue Byte)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
DriverToolkit version 8.3.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.3.0.0 - Megaify Software)
Earth 2160 (HKLM-x32\...\Earth 2160) (Version: 1.37 En - Zuxxez Entertainment AG)
Gothic (HKLM-x32\...\{BD56DFBF-110C-4CC2-910A-80C0759397AA}) (Version: 1.0.0 - JoWooD)
Gothic 2 Gold (HKLM-x32\...\{3A5FB407-4499-4514-BE05-A4BCADD87163}) (Version: 1.0.0 - JoWooD )
HappyFoto-Designer 5.3 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
LEGO® Star Wars™: Die Komplette Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)
LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 de)) (Version: 17.0.8 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PENTAX USB DISK Device (HKLM-x32\...\{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}) (Version: 1.02.0000 - PENTAX)
Roads of Rome 3 (HKLM-x32\...\Roads of Rome 3_is1) (Version: - Realore Studios)
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 425 - MIT Media Lab)
Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab) Hidden
Stronghold 2 (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.00 - Firefly Studios)
TP-LINK Wireless Client Utility (HKLM-x32\...\{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}) (Version: 1.0.0.0 - TP-LINK)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7 - Martin Prikryl)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
15-04-2015 18:19:19 Windows Update
09-05-2015 20:10:17 Geplanter Prüfpunkt
13-05-2015 22:20:06 Windows Update
14-05-2015 12:19:29 Entfernt Tropico 2: Die Pirateninsel
14-05-2015 12:20:57 Konfiguriert LEGO® Star Wars™: The Complete Saga
20-05-2015 19:34:20 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1228CA1D-89B7-49AB-B9F1-B935F4662BCC} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-06-21] (Microsoft Corporation)
Task: {32518407-71F9-486C-803B-B639728D0ECB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1285318879-3339298170-2587976329-1000
Task: {3816FD79-56F5-4F06-8F03-343A1DE3D446} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7BCB788A-2580-4A1F-82A0-7439C070C14C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {8FB4BE24-E7B6-4F85-B2BE-7446CE921EC9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {94E177B9-2634-4426-A25D-8AEA30A63200} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [2014-04-30] (Megaify Software Co., Ltd.)
Task: {9A6C87FA-2624-4F31-B47A-E281CCE0F872} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {BA224ED2-96D2-409D-BD35-E0CFB1D6E12C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CC99F7A5-6F22-48FA-846E-60E83CFF7A0C} - System32\Tasks\{E1C7DB11-91F1-4AF8-824F-1D129A60A3BD} => C:\opt_slg_usb\setup.exe [2002-03-04] (Installshield Software Corporation )
Task: {D4759756-35F8-4EA7-8FB4-B39FA7033FBA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E2583EEE-70C5-45BE-B4D3-DEC79F6DA2FC} - System32\Tasks\{1A94E0F4-C94B-46E0-9FE5-830F088A6043} => C:\opt_slg_usb\setup.exe [2002-03-04] (Installshield Software Corporation )
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
==================== Loaded Modules (Whitelisted) ==============
2015-06-02 16:15 - 2015-06-02 16:15 - 00050477 _____ () C:\Users\Papa\Downloads\Defogger.exe
2014-07-08 16:24 - 2014-02-17 19:13 - 00092984 _____ () C:\Program Files (x86)\DriverToolkit\zlibwapi.dll
2013-06-20 19:45 - 2011-03-14 15:20 - 01033568 _____ () C:\Program Files (x86)\TP-LINK\COMMON\RaWLAPI.dll
2013-08-15 18:17 - 2013-08-15 18:17 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-08-15 18:17 - 2013-08-15 18:17 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-08-15 18:17 - 2013-08-15 18:17 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2015-04-14 19:16 - 2015-04-14 19:16 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1285318879-3339298170-2587976329-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DA989FE3-FD2C-4A73-9C7E-F1CA8CA16023}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{6F92DB30-394F-4B0B-8258-869642AD7674}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{1E939D59-C0AC-4E6F-AD7A-0DF604451AD3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{5C9A8783-EF5E-463B-BD3A-5D15ED07DEF0}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [TCP Query User{0A43D8F9-61F4-43F6-A7FD-106A1829EA0D}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1765786B-E233-49E9-860A-2F353B0AC4E8}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{5333D75A-AE25-4477-B51C-FE2FD00757B9}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B9234A23-2927-4B14-8AD5-736084E149CF}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{533C0515-97A4-41A2-9BEC-6ADCACFD5E76}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{4602FB27-B96B-4385-A531-4F49F90A7FF5}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{C2171127-4EB6-409B-B103-DB7268F7872A}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [{AAB6D89D-DDA2-477C-BD0C-EFB4311E027D}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe
FirewallRules: [TCP Query User{C0CC90B6-5D69-45E5-AFEB-FC0B4E3FAE23}C:\warcraft iii\war3.exe] => (Block) C:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{C6B9867C-968A-454C-942B-29D81A623923}C:\warcraft iii\war3.exe] => (Block) C:\warcraft iii\war3.exe
FirewallRules: [TCP Query User{80DCC899-81E2-4939-8D3A-C79F2C9BA043}C:\warcraft iii\war3.exe] => (Block) C:\warcraft iii\war3.exe
FirewallRules: [UDP Query User{08228BB8-FA25-47D2-9D5E-AEAB7BD0E82E}C:\warcraft iii\war3.exe] => (Block) C:\warcraft iii\war3.exe
FirewallRules: [TCP Query User{79F69FEC-5710-4F22-923A-9174925248E0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{88033989-29E1-4A53-A4EC-FBB36DEEDC44}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BC84386B-01DF-4373-AAD9-6089EBA6C2EC}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe] => (Block) C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe
FirewallRules: [UDP Query User{717E8E26-2362-4EC3-91EA-BCEC62333C1E}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe] => (Block) C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\extra2\bin\settlershok.exe
FirewallRules: [{81F5A094-0AF6-4D24-871C-5DFCFF9B4554}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7C0F6F46-DEF0-4514-8D1C-ECC3BE192EEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B223F3CC-73D7-4785-9233-F4ED3E42C199}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{33D4392A-294D-4AD0-B215-95C0CC302DB9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F16A308E-0FF7-4D91-89B6-8DAE29B06FE8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{37FAD18B-0256-45B0-964A-8FD74CABDC2B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
==================== Faulty Device Manager Devices =============
Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2015 03:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/01/2015 08:23:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/01/2015 00:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2015 09:03:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2015 08:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2015 06:52:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2015 01:09:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2015 08:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Stronghold2.exe, Version: 0.0.0.0, Zeitstempel: 0x42470361
Name des fehlerhaften Moduls: mss32.dll, Version: 3.0.0.0, Zeitstempel: 0x3e767330
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004045c
ID des fehlerhaften Prozesses: 0x668
Startzeit der fehlerhaften Anwendung: 0xStronghold2.exe0
Pfad der fehlerhaften Anwendung: Stronghold2.exe1
Pfad des fehlerhaften Moduls: Stronghold2.exe2
Berichtskennung: Stronghold2.exe3
Error: (05/25/2015 07:46:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2015 03:47:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/02/2015 03:47:16 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (06/02/2015 03:47:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (06/01/2015 08:22:34 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (06/01/2015 08:22:34 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (06/01/2015 00:30:23 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (06/01/2015 00:30:23 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/28/2015 09:17:18 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Diagnostics Tracking Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (05/28/2015 09:01:31 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/28/2015 09:01:31 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/27/2015 08:34:03 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Microsoft Office:
=========================
Error: (06/02/2015 03:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/01/2015 08:23:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/01/2015 00:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2015 09:03:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2015 08:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2015 06:52:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2015 01:09:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2015 08:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Stronghold2.exe0.0.0.042470361mss32.dll3.0.0.03e767330c00000050004045c66801d097154c9b20a3C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exeC:\Program Files (x86)\Firefly Studios\Stronghold 2\mss32.dll3b7ae4c2-030f-11e5-91ab-c73e8568734e
Error: (05/25/2015 07:46:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2015 03:47:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 250 Processor
Percentage of memory in use: 38%
Total physical RAM: 3838.18 MB
Available physical RAM: 2358.23 MB
Total Pagefile: 7674.57 MB
Available Pagefile: 5593.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:921.75 GB) (Free:843.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (SAGA) (CDROM) (Total:4.4 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B06897FB)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=921.7 GB) - (Type=07 NTFS)
==================== End of log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-02 16:42:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HDS721010CLA332 rev.JP4OA3MA 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Papa\AppData\Local\Temp\kxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075b91401 2 bytes JMP 76f9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075b91419 2 bytes JMP 76f9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075b91431 2 bytes JMP 77018f29 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075b9144a 2 bytes CALL 76f7489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075b914dd 2 bytes JMP 77018822 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075b914f5 2 bytes JMP 770189f8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075b9150d 2 bytes JMP 77018718 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075b91525 2 bytes JMP 77018ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075b9153d 2 bytes JMP 76f8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075b91555 2 bytes JMP 76f968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075b9156d 2 bytes JMP 77018fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075b91585 2 bytes JMP 77018b42 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075b9159d 2 bytes JMP 770186dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075b915b5 2 bytes JMP 76f8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075b915cd 2 bytes JMP 76f9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075b916b2 2 bytes JMP 77018ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075b916bd 2 bytes JMP 77018671 C:\Windows\syswow64\kernel32.dll
---- EOF - GMER 2.1 ----
|
|
03.06.2015, 11:50
| #4 |
| /// the machine /// TB-Ausbilder | Windows7: PDF von DHL Mail geöffnet hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2015, 19:53
| #5 |
| | Windows7: PDF von DHL Mail geöffnet Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.03.04
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Papa :: PAPA-PC [administrator]
03.06.2015 20:16:41
mbar-log-2015-06-03 (20-16-41).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 446586
Time elapsed: 21 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:45:54.0205 0x11c0 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:45:59.0583 0x11c0 ============================================================
20:45:59.0583 0x11c0 Current date / time: 2015/06/03 20:45:59.0582
20:45:59.0583 0x11c0 SystemInfo:
20:45:59.0583 0x11c0
20:45:59.0583 0x11c0 OS Version: 6.1.7601 ServicePack: 1.0
20:45:59.0583 0x11c0 Product type: Workstation
20:45:59.0583 0x11c0 ComputerName: PAPA-PC
20:45:59.0583 0x11c0 UserName: Papa
20:45:59.0584 0x11c0 Windows directory: C:\Windows
20:45:59.0584 0x11c0 System windows directory: C:\Windows
20:45:59.0584 0x11c0 Running under WOW64
20:45:59.0584 0x11c0 Processor architecture: Intel x64
20:45:59.0584 0x11c0 Number of processors: 2
20:45:59.0584 0x11c0 Page size: 0x1000
20:45:59.0584 0x11c0 Boot type: Normal boot
20:45:59.0584 0x11c0 ============================================================
20:46:03.0270 0x11c0 KLMD registered as C:\Windows\system32\drivers\13628129.sys
20:46:03.0605 0x11c0 System UUID: {02D45D06-15D4-DECC-2A76-AB76AA943233}
20:46:04.0203 0x11c0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:04.0207 0x11c0 ============================================================
20:46:04.0207 0x11c0 \Device\Harddisk0\DR0:
20:46:04.0208 0x11c0 MBR partitions:
20:46:04.0208 0x11c0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x7337D800
20:46:04.0208 0x11c0 ============================================================
20:46:04.0235 0x11c0 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:04.0259 0x11c0 ============================================================
20:46:04.0259 0x11c0 Initialize success
20:46:04.0259 0x11c0 ============================================================
20:47:08.0374 0x0d34 ============================================================
20:47:08.0374 0x0d34 Scan started
20:47:08.0374 0x0d34 Mode: Manual; SigCheck; TDLFS;
20:47:08.0374 0x0d34 ============================================================
20:47:08.0374 0x0d34 KSN ping started
20:47:11.0042 0x0d34 KSN ping finished: true
20:47:12.0118 0x0d34 ================ Scan system memory ========================
20:47:12.0118 0x0d34 System memory - ok
20:47:12.0118 0x0d34 ================ Scan services =============================
20:47:12.0243 0x0d34 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:47:12.0477 0x0d34 1394ohci - ok
20:47:12.0493 0x0d34 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:47:12.0524 0x0d34 ACPI - ok
20:47:12.0555 0x0d34 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:47:12.0586 0x0d34 AcpiPmi - ok
20:47:12.0664 0x0d34 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:47:12.0695 0x0d34 AdobeARMservice - ok
20:47:12.0805 0x0d34 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:12.0836 0x0d34 AdobeFlashPlayerUpdateSvc - ok
20:47:12.0867 0x0d34 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:47:12.0898 0x0d34 adp94xx - ok
20:47:12.0945 0x0d34 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:47:12.0961 0x0d34 adpahci - ok
20:47:12.0976 0x0d34 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:47:12.0992 0x0d34 adpu320 - ok
20:47:13.0007 0x0d34 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:47:13.0039 0x0d34 AeLookupSvc - ok
20:47:13.0101 0x0d34 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:47:13.0163 0x0d34 AFD - ok
20:47:13.0195 0x0d34 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:47:13.0210 0x0d34 agp440 - ok
20:47:13.0241 0x0d34 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:47:13.0304 0x0d34 ALG - ok
20:47:13.0319 0x0d34 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:47:13.0351 0x0d34 aliide - ok
20:47:13.0382 0x0d34 [ D696F317BD465A602566F8E1DCCE15F7, 6CE77CD4221C0854986F760D1944DF9F4255192D99630D43A0527A6D58D83406 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:47:13.0429 0x0d34 AMD External Events Utility - ok
20:47:13.0460 0x0d34 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:47:13.0475 0x0d34 amdide - ok
20:47:13.0507 0x0d34 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:47:13.0538 0x0d34 AmdK8 - ok
20:47:13.0553 0x0d34 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:47:13.0585 0x0d34 AmdPPM - ok
20:47:13.0600 0x0d34 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:47:13.0616 0x0d34 amdsata - ok
20:47:13.0631 0x0d34 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:47:13.0663 0x0d34 amdsbs - ok
20:47:13.0663 0x0d34 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:47:13.0678 0x0d34 amdxata - ok
20:47:13.0772 0x0d34 [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
20:47:13.0819 0x0d34 AntiVirMailService - ok
20:47:13.0881 0x0d34 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:47:13.0897 0x0d34 AntiVirSchedulerService - ok
20:47:13.0928 0x0d34 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:47:13.0943 0x0d34 AntiVirService - ok
20:47:14.0021 0x0d34 [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
20:47:14.0053 0x0d34 AntiVirWebService - ok
20:47:14.0084 0x0d34 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
20:47:14.0115 0x0d34 AppID - ok
20:47:14.0131 0x0d34 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:47:14.0162 0x0d34 AppIDSvc - ok
20:47:14.0177 0x0d34 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:47:14.0209 0x0d34 Appinfo - ok
20:47:14.0240 0x0d34 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
20:47:14.0255 0x0d34 arc - ok
20:47:14.0271 0x0d34 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:47:14.0287 0x0d34 arcsas - ok
20:47:14.0380 0x0d34 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:47:14.0427 0x0d34 aspnet_state - ok
20:47:14.0443 0x0d34 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:14.0583 0x0d34 AsyncMac - ok
20:47:14.0599 0x0d34 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:47:14.0614 0x0d34 atapi - ok
20:47:14.0817 0x0d34 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E, E96DD29A2FCE1403340CB29D34F657DF17F483F62A2E8E24890F9BC4812B2971 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:47:14.0989 0x0d34 atikmdag - ok
20:47:15.0051 0x0d34 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:15.0082 0x0d34 AudioEndpointBuilder - ok
20:47:15.0113 0x0d34 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:47:15.0129 0x0d34 AudioSrv - ok
20:47:15.0176 0x0d34 [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:47:15.0254 0x0d34 avgntflt - ok
20:47:15.0285 0x0d34 [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:47:15.0316 0x0d34 avipbb - ok
20:47:15.0394 0x0d34 [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:47:15.0425 0x0d34 Avira.OE.ServiceHost - ok
20:47:15.0425 0x0d34 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:47:15.0457 0x0d34 avkmgr - ok
20:47:15.0488 0x0d34 [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
20:47:15.0488 0x0d34 avnetflt - ok
20:47:15.0535 0x0d34 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:47:15.0613 0x0d34 AxInstSV - ok
20:47:15.0644 0x0d34 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:47:15.0675 0x0d34 b06bdrv - ok
20:47:15.0706 0x0d34 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:15.0769 0x0d34 b57nd60a - ok
20:47:15.0800 0x0d34 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:47:15.0847 0x0d34 BDESVC - ok
20:47:15.0862 0x0d34 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:47:15.0909 0x0d34 Beep - ok
20:47:15.0940 0x0d34 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:47:15.0987 0x0d34 BFE - ok
20:47:16.0034 0x0d34 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:47:16.0221 0x0d34 BITS - ok
20:47:16.0252 0x0d34 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:16.0268 0x0d34 blbdrive - ok
20:47:16.0283 0x0d34 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:47:16.0330 0x0d34 bowser - ok
20:47:16.0330 0x0d34 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:47:16.0346 0x0d34 BrFiltLo - ok
20:47:16.0361 0x0d34 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:47:16.0377 0x0d34 BrFiltUp - ok
20:47:16.0393 0x0d34 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:47:16.0424 0x0d34 Browser - ok
20:47:16.0439 0x0d34 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:47:16.0471 0x0d34 Brserid - ok
20:47:16.0486 0x0d34 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:16.0517 0x0d34 BrSerWdm - ok
20:47:16.0517 0x0d34 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:16.0549 0x0d34 BrUsbMdm - ok
20:47:16.0549 0x0d34 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:16.0564 0x0d34 BrUsbSer - ok
20:47:16.0580 0x0d34 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:47:16.0595 0x0d34 BTHMODEM - ok
20:47:16.0627 0x0d34 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:47:16.0673 0x0d34 bthserv - ok
20:47:16.0689 0x0d34 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:47:16.0720 0x0d34 cdfs - ok
20:47:16.0767 0x0d34 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:47:16.0798 0x0d34 cdrom - ok
20:47:16.0814 0x0d34 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:47:16.0861 0x0d34 CertPropSvc - ok
20:47:16.0876 0x0d34 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
20:47:16.0907 0x0d34 circlass - ok
20:47:16.0939 0x0d34 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
20:47:16.0970 0x0d34 CLFS - ok
20:47:17.0001 0x0d34 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:17.0063 0x0d34 clr_optimization_v2.0.50727_32 - ok
20:47:17.0110 0x0d34 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:17.0126 0x0d34 clr_optimization_v2.0.50727_64 - ok
20:47:17.0204 0x0d34 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:17.0251 0x0d34 clr_optimization_v4.0.30319_32 - ok
20:47:17.0266 0x0d34 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:17.0297 0x0d34 clr_optimization_v4.0.30319_64 - ok
20:47:17.0313 0x0d34 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:47:17.0329 0x0d34 CmBatt - ok
20:47:17.0344 0x0d34 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:47:17.0360 0x0d34 cmdide - ok
20:47:17.0375 0x0d34 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
20:47:17.0422 0x0d34 CNG - ok
20:47:17.0438 0x0d34 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:47:17.0453 0x0d34 Compbatt - ok
20:47:17.0469 0x0d34 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:47:17.0485 0x0d34 CompositeBus - ok
20:47:17.0500 0x0d34 COMSysApp - ok
20:47:17.0531 0x0d34 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:47:17.0547 0x0d34 crcdisk - ok
20:47:17.0578 0x0d34 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:47:17.0609 0x0d34 CryptSvc - ok
20:47:17.0641 0x0d34 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:47:17.0687 0x0d34 DcomLaunch - ok
20:47:17.0719 0x0d34 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:47:17.0750 0x0d34 defragsvc - ok
20:47:17.0765 0x0d34 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:47:17.0812 0x0d34 DfsC - ok
20:47:17.0828 0x0d34 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:47:17.0875 0x0d34 Dhcp - ok
20:47:17.0937 0x0d34 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
20:47:18.0015 0x0d34 DiagTrack - ok
20:47:18.0031 0x0d34 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:47:18.0062 0x0d34 discache - ok
20:47:18.0077 0x0d34 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
20:47:18.0093 0x0d34 Disk - ok
20:47:18.0124 0x0d34 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:47:18.0155 0x0d34 Dnscache - ok
20:47:18.0171 0x0d34 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:47:18.0233 0x0d34 dot3svc - ok
20:47:18.0249 0x0d34 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:47:18.0280 0x0d34 DPS - ok
20:47:18.0327 0x0d34 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:47:18.0374 0x0d34 drmkaud - ok
20:47:18.0436 0x0d34 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:47:18.0483 0x0d34 DXGKrnl - ok
20:47:18.0499 0x0d34 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:47:18.0561 0x0d34 EapHost - ok
20:47:18.0670 0x0d34 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:47:18.0795 0x0d34 ebdrv - ok
20:47:18.0811 0x0d34 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
20:47:18.0857 0x0d34 EFS - ok
20:47:18.0935 0x0d34 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:47:19.0013 0x0d34 ehRecvr - ok
20:47:19.0045 0x0d34 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:47:19.0107 0x0d34 ehSched - ok
20:47:19.0154 0x0d34 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:47:19.0185 0x0d34 elxstor - ok
20:47:19.0201 0x0d34 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:47:19.0216 0x0d34 ErrDev - ok
20:47:19.0247 0x0d34 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:47:19.0310 0x0d34 EventSystem - ok
20:47:19.0325 0x0d34 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:47:19.0357 0x0d34 exfat - ok
20:47:19.0388 0x0d34 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:47:19.0419 0x0d34 fastfat - ok
20:47:19.0466 0x0d34 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:47:19.0513 0x0d34 Fax - ok
20:47:19.0528 0x0d34 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
20:47:19.0544 0x0d34 fdc - ok
20:47:19.0575 0x0d34 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:47:19.0606 0x0d34 fdPHost - ok
20:47:19.0606 0x0d34 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:47:19.0637 0x0d34 FDResPub - ok
20:47:19.0653 0x0d34 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:47:19.0669 0x0d34 FileInfo - ok
20:47:19.0684 0x0d34 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:47:19.0731 0x0d34 Filetrace - ok
20:47:19.0747 0x0d34 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:47:19.0747 0x0d34 flpydisk - ok
20:47:19.0778 0x0d34 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:47:19.0793 0x0d34 FltMgr - ok
20:47:19.0856 0x0d34 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
20:47:19.0918 0x0d34 FontCache - ok
20:47:19.0949 0x0d34 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:19.0965 0x0d34 FontCache3.0.0.0 - ok
20:47:19.0996 0x0d34 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:47:19.0996 0x0d34 FsDepends - ok
20:47:20.0027 0x0d34 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:47:20.0043 0x0d34 Fs_Rec - ok
20:47:20.0074 0x0d34 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:47:20.0105 0x0d34 fvevol - ok
20:47:20.0121 0x0d34 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:47:20.0137 0x0d34 gagp30kx - ok
20:47:20.0168 0x0d34 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:47:20.0230 0x0d34 gpsvc - ok
20:47:20.0261 0x0d34 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:47:20.0277 0x0d34 hcw85cir - ok
20:47:20.0324 0x0d34 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:20.0355 0x0d34 HdAudAddService - ok
20:47:20.0386 0x0d34 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:20.0417 0x0d34 HDAudBus - ok
20:47:20.0433 0x0d34 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:47:20.0449 0x0d34 HidBatt - ok
20:47:20.0464 0x0d34 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:47:20.0480 0x0d34 HidBth - ok
20:47:20.0511 0x0d34 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
20:47:20.0527 0x0d34 HidIr - ok
20:47:20.0542 0x0d34 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:47:20.0573 0x0d34 hidserv - ok
20:47:20.0620 0x0d34 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:47:20.0651 0x0d34 HidUsb - ok
20:47:20.0667 0x0d34 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:47:20.0714 0x0d34 hkmsvc - ok
20:47:20.0729 0x0d34 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:47:20.0776 0x0d34 HomeGroupListener - ok
20:47:20.0792 0x0d34 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:47:20.0823 0x0d34 HomeGroupProvider - ok
20:47:20.0854 0x0d34 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:47:20.0870 0x0d34 HpSAMD - ok
20:47:20.0917 0x0d34 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:47:20.0979 0x0d34 HTTP - ok
20:47:20.0995 0x0d34 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:47:21.0010 0x0d34 hwpolicy - ok
20:47:21.0026 0x0d34 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:47:21.0041 0x0d34 i8042prt - ok
20:47:21.0073 0x0d34 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:47:21.0104 0x0d34 iaStorV - ok
20:47:21.0182 0x0d34 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:47:21.0197 0x0d34 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:47:23.0709 0x0d34 Detect skipped due to KSN trusted
20:47:23.0709 0x0d34 IDriverT - ok
20:47:23.0787 0x0d34 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:23.0849 0x0d34 idsvc - ok
20:47:23.0849 0x0d34 IEEtwCollectorService - ok
20:47:23.0881 0x0d34 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:47:23.0896 0x0d34 iirsp - ok
20:47:23.0943 0x0d34 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:47:23.0974 0x0d34 IKEEXT - ok
20:47:24.0005 0x0d34 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:47:24.0005 0x0d34 intelide - ok
20:47:24.0021 0x0d34 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
20:47:24.0037 0x0d34 intelppm - ok
20:47:24.0052 0x0d34 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:47:24.0099 0x0d34 IPBusEnum - ok
20:47:24.0115 0x0d34 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:24.0146 0x0d34 IpFilterDriver - ok
20:47:24.0177 0x0d34 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:47:24.0208 0x0d34 iphlpsvc - ok
20:47:24.0224 0x0d34 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:47:24.0239 0x0d34 IPMIDRV - ok
20:47:24.0255 0x0d34 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:47:24.0302 0x0d34 IPNAT - ok
20:47:24.0317 0x0d34 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:47:24.0333 0x0d34 IRENUM - ok
20:47:24.0349 0x0d34 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:47:24.0364 0x0d34 isapnp - ok
20:47:24.0395 0x0d34 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:47:24.0411 0x0d34 iScsiPrt - ok
20:47:24.0427 0x0d34 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:24.0442 0x0d34 kbdclass - ok
20:47:24.0473 0x0d34 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:24.0473 0x0d34 kbdhid - ok
20:47:24.0489 0x0d34 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
20:47:24.0505 0x0d34 KeyIso - ok
20:47:24.0520 0x0d34 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:47:24.0536 0x0d34 KSecDD - ok
20:47:24.0551 0x0d34 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:47:24.0583 0x0d34 KSecPkg - ok
20:47:24.0583 0x0d34 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:47:24.0614 0x0d34 ksthunk - ok
20:47:24.0645 0x0d34 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:47:24.0692 0x0d34 KtmRm - ok
20:47:24.0723 0x0d34 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:47:24.0770 0x0d34 LanmanServer - ok
20:47:24.0785 0x0d34 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:24.0817 0x0d34 LanmanWorkstation - ok
20:47:24.0863 0x0d34 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:47:24.0895 0x0d34 lltdio - ok
20:47:24.0926 0x0d34 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:47:24.0973 0x0d34 lltdsvc - ok
20:47:24.0988 0x0d34 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:47:25.0019 0x0d34 lmhosts - ok
20:47:25.0035 0x0d34 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:47:25.0051 0x0d34 LSI_FC - ok
20:47:25.0066 0x0d34 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:47:25.0082 0x0d34 LSI_SAS - ok
20:47:25.0097 0x0d34 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:47:25.0113 0x0d34 LSI_SAS2 - ok
20:47:25.0113 0x0d34 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:47:25.0129 0x0d34 LSI_SCSI - ok
20:47:25.0160 0x0d34 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:47:25.0191 0x0d34 luafv - ok
20:47:25.0222 0x0d34 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:47:25.0238 0x0d34 Mcx2Svc - ok
20:47:25.0253 0x0d34 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
20:47:25.0269 0x0d34 megasas - ok
20:47:25.0285 0x0d34 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:47:25.0300 0x0d34 MegaSR - ok
20:47:25.0331 0x0d34 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:47:25.0363 0x0d34 MMCSS - ok
20:47:25.0378 0x0d34 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:47:25.0409 0x0d34 Modem - ok
20:47:25.0425 0x0d34 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:47:25.0456 0x0d34 monitor - ok
20:47:25.0472 0x0d34 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:47:25.0487 0x0d34 mouclass - ok
20:47:25.0519 0x0d34 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:47:25.0534 0x0d34 mouhid - ok
20:47:25.0550 0x0d34 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:47:25.0565 0x0d34 mountmgr - ok
20:47:25.0597 0x0d34 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:47:25.0612 0x0d34 MozillaMaintenance - ok
20:47:25.0628 0x0d34 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:47:25.0643 0x0d34 mpio - ok
20:47:25.0659 0x0d34 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:47:25.0706 0x0d34 mpsdrv - ok
20:47:25.0737 0x0d34 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:47:25.0799 0x0d34 MpsSvc - ok
20:47:25.0815 0x0d34 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:47:25.0846 0x0d34 MRxDAV - ok
20:47:25.0862 0x0d34 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:25.0893 0x0d34 mrxsmb - ok
20:47:25.0924 0x0d34 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:25.0955 0x0d34 mrxsmb10 - ok
20:47:25.0971 0x0d34 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:25.0987 0x0d34 mrxsmb20 - ok
20:47:26.0002 0x0d34 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:47:26.0018 0x0d34 msahci - ok
20:47:26.0033 0x0d34 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:47:26.0049 0x0d34 msdsm - ok
20:47:26.0065 0x0d34 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:47:26.0096 0x0d34 MSDTC - ok
20:47:26.0111 0x0d34 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:47:26.0158 0x0d34 Msfs - ok
20:47:26.0174 0x0d34 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:47:26.0205 0x0d34 mshidkmdf - ok
20:47:26.0205 0x0d34 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:47:26.0221 0x0d34 msisadrv - ok
20:47:26.0236 0x0d34 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:47:26.0283 0x0d34 MSiSCSI - ok
20:47:26.0299 0x0d34 msiserver - ok
20:47:26.0314 0x0d34 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:47:26.0345 0x0d34 MSKSSRV - ok
20:47:26.0345 0x0d34 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:26.0377 0x0d34 MSPCLOCK - ok
20:47:26.0392 0x0d34 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:47:26.0423 0x0d34 MSPQM - ok
20:47:26.0455 0x0d34 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:47:26.0470 0x0d34 MsRPC - ok
20:47:26.0486 0x0d34 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:26.0501 0x0d34 mssmbios - ok
20:47:26.0501 0x0d34 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:47:26.0533 0x0d34 MSTEE - ok
20:47:26.0548 0x0d34 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:47:26.0564 0x0d34 MTConfig - ok
20:47:26.0611 0x0d34 [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:47:26.0626 0x0d34 MTsensor - ok
20:47:26.0642 0x0d34 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:47:26.0657 0x0d34 Mup - ok
20:47:26.0689 0x0d34 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:47:26.0735 0x0d34 napagent - ok
20:47:26.0767 0x0d34 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:47:26.0798 0x0d34 NativeWifiP - ok
20:47:26.0845 0x0d34 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:47:26.0876 0x0d34 NDIS - ok
20:47:26.0891 0x0d34 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:26.0938 0x0d34 NdisCap - ok
20:47:26.0954 0x0d34 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:26.0985 0x0d34 NdisTapi - ok
20:47:27.0001 0x0d34 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:27.0032 0x0d34 Ndisuio - ok
20:47:27.0047 0x0d34 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:27.0094 0x0d34 NdisWan - ok
20:47:27.0110 0x0d34 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:47:27.0157 0x0d34 NDProxy - ok
20:47:27.0172 0x0d34 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:47:27.0203 0x0d34 NetBIOS - ok
20:47:27.0219 0x0d34 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:47:27.0266 0x0d34 NetBT - ok
20:47:27.0281 0x0d34 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
20:47:27.0281 0x0d34 Netlogon - ok
20:47:27.0313 0x0d34 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:47:27.0359 0x0d34 Netman - ok
20:47:27.0391 0x0d34 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:27.0453 0x0d34 NetMsmqActivator - ok
20:47:27.0469 0x0d34 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:27.0484 0x0d34 NetPipeActivator - ok
20:47:27.0500 0x0d34 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:47:27.0547 0x0d34 netprofm - ok
20:47:27.0625 0x0d34 [ 53D7442AA919C91D055DBD44635F32B1, 6A5260DF72E8B82F65DC76F7E4E42DC5044E201B69B179B425E4657116C1EF62 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
20:47:27.0671 0x0d34 netr28ux - ok
20:47:27.0671 0x0d34 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:27.0687 0x0d34 NetTcpActivator - ok
20:47:27.0687 0x0d34 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:47:27.0703 0x0d34 NetTcpPortSharing - ok
20:47:27.0734 0x0d34 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:47:27.0749 0x0d34 nfrd960 - ok
20:47:27.0781 0x0d34 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:47:27.0812 0x0d34 NlaSvc - ok
20:47:27.0827 0x0d34 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:47:27.0859 0x0d34 Npfs - ok
20:47:27.0874 0x0d34 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:47:27.0921 0x0d34 nsi - ok
20:47:27.0937 0x0d34 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:47:27.0968 0x0d34 nsiproxy - ok
20:47:28.0030 0x0d34 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:47:28.0077 0x0d34 Ntfs - ok
20:47:28.0108 0x0d34 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:47:28.0139 0x0d34 Null - ok
20:47:28.0155 0x0d34 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:47:28.0171 0x0d34 nvraid - ok
20:47:28.0186 0x0d34 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:47:28.0202 0x0d34 nvstor - ok
20:47:28.0233 0x0d34 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:47:28.0249 0x0d34 nv_agp - ok
20:47:28.0264 0x0d34 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:47:28.0280 0x0d34 ohci1394 - ok
20:47:28.0311 0x0d34 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:28.0327 0x0d34 ose - ok
20:47:28.0342 0x0d34 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:47:28.0373 0x0d34 p2pimsvc - ok
20:47:28.0389 0x0d34 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:47:28.0436 0x0d34 p2psvc - ok
20:47:28.0451 0x0d34 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:47:28.0483 0x0d34 Parport - ok
20:47:28.0514 0x0d34 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:47:28.0529 0x0d34 partmgr - ok
20:47:28.0545 0x0d34 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:47:28.0576 0x0d34 PcaSvc - ok
20:47:28.0592 0x0d34 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:47:28.0623 0x0d34 pci - ok
20:47:28.0639 0x0d34 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:47:28.0654 0x0d34 pciide - ok
20:47:28.0685 0x0d34 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:47:28.0701 0x0d34 pcmcia - ok
20:47:28.0717 0x0d34 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:47:28.0732 0x0d34 pcw - ok
20:47:28.0763 0x0d34 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:47:28.0795 0x0d34 PEAUTH - ok
20:47:28.0873 0x0d34 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:47:28.0888 0x0d34 PerfHost - ok
20:47:28.0951 0x0d34 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:47:29.0029 0x0d34 pla - ok
20:47:29.0060 0x0d34 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:47:29.0107 0x0d34 PlugPlay - ok
20:47:29.0107 0x0d34 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:47:29.0138 0x0d34 PNRPAutoReg - ok
20:47:29.0153 0x0d34 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:47:29.0185 0x0d34 PNRPsvc - ok
20:47:29.0216 0x0d34 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:47:29.0263 0x0d34 PolicyAgent - ok
20:47:29.0294 0x0d34 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:47:29.0325 0x0d34 Power - ok
20:47:29.0356 0x0d34 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:47:29.0387 0x0d34 PptpMiniport - ok
20:47:29.0403 0x0d34 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
20:47:29.0419 0x0d34 Processor - ok
20:47:29.0450 0x0d34 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:47:29.0512 0x0d34 ProfSvc - ok
20:47:29.0528 0x0d34 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:47:29.0543 0x0d34 ProtectedStorage - ok
20:47:29.0559 0x0d34 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:47:29.0606 0x0d34 Psched - ok
20:47:29.0668 0x0d34 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:47:29.0715 0x0d34 ql2300 - ok
20:47:29.0746 0x0d34 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:47:29.0746 0x0d34 ql40xx - ok
20:47:29.0777 0x0d34 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:47:29.0809 0x0d34 QWAVE - ok
20:47:29.0824 0x0d34 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:47:29.0840 0x0d34 QWAVEdrv - ok
20:47:29.0902 0x0d34 [ 3FC8252625F2574036777D2981F839EE, A12E20C7565C96EA16C4A97190220442F25D92675AD18CB808F6B450184D3D1A ] RalinkRegistryWriter C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
20:47:29.0933 0x0d34 RalinkRegistryWriter - ok
20:47:29.0949 0x0d34 [ 3A6F58A249DF7466F9844F70499627F7, 0BD9A9D92CF33E5FF9127CF73DB821A51DB15299AB0AD7FB6CA3C63D7C9FC4DC ] RalinkRegistryWriter64 C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
20:47:29.0965 0x0d34 RalinkRegistryWriter64 - ok
20:47:29.0996 0x0d34 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:47:30.0027 0x0d34 RasAcd - ok
20:47:30.0027 0x0d34 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:30.0074 0x0d34 RasAgileVpn - ok
20:47:30.0089 0x0d34 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:47:30.0136 0x0d34 RasAuto - ok
20:47:30.0152 0x0d34 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:30.0199 0x0d34 Rasl2tp - ok
20:47:30.0214 0x0d34 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:47:30.0261 0x0d34 RasMan - ok
20:47:30.0277 0x0d34 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:30.0308 0x0d34 RasPppoe - ok
20:47:30.0323 0x0d34 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:47:30.0355 0x0d34 RasSstp - ok
20:47:30.0370 0x0d34 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:47:30.0433 0x0d34 rdbss - ok
20:47:30.0448 0x0d34 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:47:30.0464 0x0d34 rdpbus - ok
20:47:30.0479 0x0d34 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:30.0526 0x0d34 RDPCDD - ok
20:47:30.0542 0x0d34 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:47:30.0573 0x0d34 RDPENCDD - ok
20:47:30.0589 0x0d34 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:47:30.0635 0x0d34 RDPREFMP - ok
20:47:30.0651 0x0d34 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:47:30.0682 0x0d34 RDPWD - ok
20:47:30.0713 0x0d34 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:47:30.0729 0x0d34 rdyboost - ok
20:47:30.0760 0x0d34 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:47:30.0807 0x0d34 RemoteAccess - ok
20:47:30.0823 0x0d34 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:47:30.0869 0x0d34 RemoteRegistry - ok
20:47:30.0885 0x0d34 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:47:30.0916 0x0d34 RpcEptMapper - ok
20:47:30.0932 0x0d34 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:47:30.0947 0x0d34 RpcLocator - ok
20:47:30.0963 0x0d34 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:47:31.0010 0x0d34 RpcSs - ok
20:47:31.0025 0x0d34 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:47:31.0057 0x0d34 rspndr - ok
20:47:31.0072 0x0d34 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
20:47:31.0072 0x0d34 SamSs - ok
20:47:31.0088 0x0d34 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:47:31.0103 0x0d34 sbp2port - ok
20:47:31.0119 0x0d34 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:47:31.0166 0x0d34 SCardSvr - ok
20:47:31.0181 0x0d34 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:47:31.0213 0x0d34 scfilter - ok
20:47:31.0244 0x0d34 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:47:31.0322 0x0d34 Schedule - ok
20:47:31.0353 0x0d34 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:47:31.0369 0x0d34 SCPolicySvc - ok
20:47:31.0400 0x0d34 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:47:31.0431 0x0d34 SDRSVC - ok
20:47:31.0447 0x0d34 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:47:31.0493 0x0d34 secdrv - ok
20:47:31.0493 0x0d34 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:47:31.0540 0x0d34 seclogon - ok
20:47:31.0556 0x0d34 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
20:47:31.0587 0x0d34 SENS - ok
20:47:31.0603 0x0d34 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:47:31.0618 0x0d34 SensrSvc - ok
20:47:31.0634 0x0d34 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:47:31.0649 0x0d34 Serenum - ok
20:47:31.0665 0x0d34 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:47:31.0681 0x0d34 Serial - ok
20:47:31.0696 0x0d34 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:47:31.0727 0x0d34 sermouse - ok
20:47:31.0743 0x0d34 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:47:31.0790 0x0d34 SessionEnv - ok
20:47:31.0805 0x0d34 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:47:31.0821 0x0d34 sffdisk - ok
20:47:31.0821 0x0d34 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:47:31.0837 0x0d34 sffp_mmc - ok
20:47:31.0852 0x0d34 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:47:31.0868 0x0d34 sffp_sd - ok
20:47:31.0868 0x0d34 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:47:31.0883 0x0d34 sfloppy - ok
20:47:31.0915 0x0d34 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:47:31.0977 0x0d34 SharedAccess - ok
20:47:32.0024 0x0d34 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:47:32.0055 0x0d34 ShellHWDetection - ok
20:47:32.0071 0x0d34 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:47:32.0086 0x0d34 SiSRaid2 - ok
20:47:32.0102 0x0d34 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:47:32.0117 0x0d34 SiSRaid4 - ok
20:47:32.0133 0x0d34 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:47:32.0180 0x0d34 Smb - ok
20:47:32.0195 0x0d34 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:47:32.0211 0x0d34 SNMPTRAP - ok
20:47:32.0227 0x0d34 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:47:32.0227 0x0d34 spldr - ok
20:47:32.0258 0x0d34 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:47:32.0320 0x0d34 Spooler - ok
20:47:32.0461 0x0d34 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:47:32.0585 0x0d34 sppsvc - ok
20:47:32.0601 0x0d34 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:47:32.0663 0x0d34 sppuinotify - ok
20:47:32.0679 0x0d34 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:47:32.0710 0x0d34 srv - ok
20:47:32.0741 0x0d34 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:47:32.0773 0x0d34 srv2 - ok
20:47:32.0788 0x0d34 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:47:32.0819 0x0d34 srvnet - ok
20:47:32.0835 0x0d34 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:47:32.0882 0x0d34 SSDPSRV - ok
20:47:32.0897 0x0d34 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:47:32.0929 0x0d34 SstpSvc - ok
20:47:32.0944 0x0d34 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:47:32.0960 0x0d34 stexstor - ok
20:47:32.0991 0x0d34 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:47:33.0038 0x0d34 stisvc - ok
20:47:33.0053 0x0d34 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:47:33.0069 0x0d34 swenum - ok
20:47:33.0100 0x0d34 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:47:33.0147 0x0d34 swprv - ok
20:47:33.0194 0x0d34 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:47:33.0272 0x0d34 SysMain - ok
20:47:33.0287 0x0d34 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:47:33.0319 0x0d34 TabletInputService - ok
20:47:33.0334 0x0d34 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:47:33.0381 0x0d34 TapiSrv - ok
20:47:33.0381 0x0d34 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:47:33.0428 0x0d34 TBS - ok
20:47:33.0490 0x0d34 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:47:33.0553 0x0d34 Tcpip - ok
20:47:33.0615 0x0d34 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:47:33.0662 0x0d34 TCPIP6 - ok
20:47:33.0693 0x0d34 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:47:33.0709 0x0d34 tcpipreg - ok
20:47:33.0724 0x0d34 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:47:33.0740 0x0d34 TDPIPE - ok
20:47:33.0771 0x0d34 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:47:33.0787 0x0d34 TDTCP - ok
20:47:33.0802 0x0d34 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:47:33.0833 0x0d34 tdx - ok
20:47:33.0849 0x0d34 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:47:33.0865 0x0d34 TermDD - ok
20:47:33.0911 0x0d34 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:47:33.0943 0x0d34 TermService - ok
20:47:33.0974 0x0d34 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:47:34.0005 0x0d34 Themes - ok
20:47:34.0005 0x0d34 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:47:34.0036 0x0d34 THREADORDER - ok
20:47:34.0083 0x0d34 [ 25F16B72A7CC494EAC01A90A44218456, 94E5E8005C819DC043B3E0C8F3A8B3F3E45F205B0DF89AF0B7C70D4A8D114BCE ] TpMediaServer C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe
20:47:34.0099 0x0d34 TpMediaServer - ok
20:47:34.0130 0x0d34 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:47:34.0161 0x0d34 TrkWks - ok
20:47:34.0208 0x0d34 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:47:34.0255 0x0d34 TrustedInstaller - ok
20:47:34.0286 0x0d34 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:34.0301 0x0d34 tssecsrv - ok
20:47:34.0317 0x0d34 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:47:34.0364 0x0d34 TsUsbFlt - ok
20:47:34.0379 0x0d34 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:47:34.0411 0x0d34 TsUsbGD - ok
20:47:34.0426 0x0d34 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:47:34.0473 0x0d34 tunnel - ok
20:47:34.0489 0x0d34 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:47:34.0504 0x0d34 uagp35 - ok
20:47:34.0520 0x0d34 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:47:34.0567 0x0d34 udfs - ok
20:47:34.0582 0x0d34 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:47:34.0613 0x0d34 UI0Detect - ok
20:47:34.0629 0x0d34 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:47:34.0645 0x0d34 uliagpkx - ok
20:47:34.0660 0x0d34 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:47:34.0676 0x0d34 umbus - ok
20:47:34.0691 0x0d34 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
20:47:34.0707 0x0d34 UmPass - ok
20:47:34.0723 0x0d34 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:47:34.0769 0x0d34 upnphost - ok
20:47:34.0801 0x0d34 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:34.0832 0x0d34 usbccgp - ok
20:47:34.0863 0x0d34 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:47:34.0894 0x0d34 usbcir - ok
20:47:34.0925 0x0d34 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:47:34.0941 0x0d34 usbehci - ok
20:47:35.0003 0x0d34 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:47:35.0035 0x0d34 usbhub - ok
20:47:35.0050 0x0d34 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:47:35.0066 0x0d34 usbohci - ok
20:47:35.0097 0x0d34 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:47:35.0113 0x0d34 usbprint - ok
20:47:35.0144 0x0d34 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:35.0175 0x0d34 USBSTOR - ok
20:47:35.0191 0x0d34 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:47:35.0206 0x0d34 usbuhci - ok
20:47:35.0222 0x0d34 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:47:35.0253 0x0d34 UxSms - ok
20:47:35.0269 0x0d34 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
20:47:35.0284 0x0d34 VaultSvc - ok
20:47:35.0300 0x0d34 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:47:35.0315 0x0d34 vdrvroot - ok
20:47:35.0347 0x0d34 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:47:35.0393 0x0d34 vds - ok
20:47:35.0409 0x0d34 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:47:35.0425 0x0d34 vga - ok
20:47:35.0425 0x0d34 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:47:35.0456 0x0d34 VgaSave - ok
20:47:35.0487 0x0d34 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:47:35.0503 0x0d34 vhdmp - ok
20:47:35.0534 0x0d34 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:47:35.0534 0x0d34 viaide - ok
20:47:35.0565 0x0d34 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:47:35.0581 0x0d34 volmgr - ok
20:47:35.0596 0x0d34 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:47:35.0627 0x0d34 volmgrx - ok
20:47:35.0643 0x0d34 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:47:35.0674 0x0d34 volsnap - ok
20:47:35.0690 0x0d34 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:47:35.0705 0x0d34 vsmraid - ok
20:47:35.0768 0x0d34 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:47:35.0846 0x0d34 VSS - ok
20:47:35.0861 0x0d34 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:47:35.0877 0x0d34 vwifibus - ok
20:47:35.0877 0x0d34 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:47:35.0908 0x0d34 vwififlt - ok
20:47:35.0924 0x0d34 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:47:35.0971 0x0d34 W32Time - ok
20:47:36.0002 0x0d34 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:47:36.0017 0x0d34 WacomPen - ok
20:47:36.0049 0x0d34 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:47:36.0080 0x0d34 WANARP - ok
20:47:36.0080 0x0d34 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:47:36.0111 0x0d34 Wanarpv6 - ok
20:47:36.0205 0x0d34 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:47:36.0267 0x0d34 WatAdminSvc - ok
20:47:36.0329 0x0d34 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:47:36.0407 0x0d34 wbengine - ok
20:47:36.0423 0x0d34 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:47:36.0454 0x0d34 WbioSrvc - ok
20:47:36.0470 0x0d34 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:47:36.0517 0x0d34 wcncsvc - ok
20:47:36.0517 0x0d34 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:47:36.0548 0x0d34 WcsPlugInService - ok
20:47:36.0563 0x0d34 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
20:47:36.0579 0x0d34 Wd - ok
20:47:36.0626 0x0d34 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:47:36.0673 0x0d34 Wdf01000 - ok
20:47:36.0704 0x0d34 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:47:36.0735 0x0d34 WdiServiceHost - ok
20:47:36.0735 0x0d34 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:47:36.0751 0x0d34 WdiSystemHost - ok
20:47:36.0766 0x0d34 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:47:36.0797 0x0d34 WebClient - ok
20:47:36.0829 0x0d34 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:47:36.0875 0x0d34 Wecsvc - ok
20:47:36.0891 0x0d34 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:47:36.0922 0x0d34 wercplsupport - ok
20:47:36.0953 0x0d34 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:47:36.0985 0x0d34 WerSvc - ok
20:47:37.0000 0x0d34 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:47:37.0031 0x0d34 WfpLwf - ok
20:47:37.0047 0x0d34 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:47:37.0063 0x0d34 WIMMount - ok
20:47:37.0078 0x0d34 WinDefend - ok
20:47:37.0094 0x0d34 WinHttpAutoProxySvc - ok
20:47:37.0125 0x0d34 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:47:37.0172 0x0d34 Winmgmt - ok
20:47:37.0250 0x0d34 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:47:37.0328 0x0d34 WinRM - ok
20:47:37.0375 0x0d34 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:47:37.0390 0x0d34 WinUsb - ok
20:47:37.0421 0x0d34 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:47:37.0499 0x0d34 Wlansvc - ok
20:47:37.0515 0x0d34 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:47:37.0531 0x0d34 WmiAcpi - ok
20:47:37.0562 0x0d34 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:47:37.0577 0x0d34 wmiApSrv - ok
20:47:37.0593 0x0d34 WMPNetworkSvc - ok
20:47:37.0624 0x0d34 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:47:37.0655 0x0d34 WPCSvc - ok
20:47:37.0655 0x0d34 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:47:37.0702 0x0d34 WPDBusEnum - ok
20:47:37.0718 0x0d34 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:47:37.0749 0x0d34 ws2ifsl - ok
20:47:37.0765 0x0d34 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
20:47:37.0780 0x0d34 wscsvc - ok
20:47:37.0796 0x0d34 WSearch - ok
20:47:37.0921 0x0d34 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
20:47:38.0014 0x0d34 wuauserv - ok
20:47:38.0045 0x0d34 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:47:38.0061 0x0d34 WudfPf - ok
20:47:38.0108 0x0d34 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
20:47:38.0139 0x0d34 WUDFRd - ok
20:47:38.0201 0x0d34 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:47:38.0295 0x0d34 wudfsvc - ok
20:47:38.0357 0x0d34 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:47:38.0404 0x0d34 WwanSvc - ok
20:47:38.0420 0x0d34 ================ Scan global ===============================
20:47:38.0420 0x0d34 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:47:38.0451 0x0d34 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:47:38.0467 0x0d34 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:47:38.0482 0x0d34 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:47:38.0513 0x0d34 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:47:38.0529 0x0d34 [ Global ] - ok
20:47:38.0529 0x0d34 ================ Scan MBR ==================================
20:47:38.0529 0x0d34 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:47:38.0888 0x0d34 \Device\Harddisk0\DR0 - ok
20:47:38.0888 0x0d34 ================ Scan VBR ==================================
20:47:38.0888 0x0d34 [ F3AEF1D00238C50CD23425636A925120 ] \Device\Harddisk0\DR0\Partition1
20:47:38.0950 0x0d34 \Device\Harddisk0\DR0\Partition1 - ok
20:47:38.0950 0x0d34 ================ Scan generic autorun ======================
20:47:39.0059 0x0d34 [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:47:39.0075 0x0d34 avgnt - ok
20:47:39.0137 0x0d34 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:47:39.0153 0x0d34 Adobe ARM - ok
20:47:39.0278 0x0d34 [ CDFFB0058BA113ED8C6099DE11FAAD49, D258D1F340734113C1E538C32DF15011009C19A9E88E0F471E3D8387D4EA7AEB ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
20:47:39.0340 0x0d34 CanonQuickMenu - ok
20:47:39.0387 0x0d34 [ B793DDE01D181ED91F333BF10FE2FC50, F9BA0FD8EC0C0E9D7E5969BC9ED0D0322EDFC8E65B11F642A7118B41F5BF197F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
20:47:39.0403 0x0d34 IJNetworkScannerSelectorEX - ok
20:47:39.0434 0x0d34 [ 16D4D2AB28EDD90AEE06826B3ADF50AB, EE8E54702B22E7F1DB8DE7296132C3473DD9D18B9E9C47414F315173E0A26E16 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:47:39.0449 0x0d34 PDFPrint - ok
20:47:39.0481 0x0d34 [ 6D313E4121365B2ABEED5A93F9B197E5, 94CDAD27F1A362A23F6CE0D65881EB8753B7A3744DE127022DB77B4459EE1FD6 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:47:39.0496 0x0d34 SunJavaUpdateSched - ok
20:47:39.0543 0x0d34 [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:47:39.0574 0x0d34 Avira Systray - ok
20:47:39.0637 0x0d34 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:47:39.0715 0x0d34 Sidebar - ok
20:47:39.0730 0x0d34 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:47:39.0746 0x0d34 mctadmin - ok
20:47:39.0777 0x0d34 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:47:39.0824 0x0d34 Sidebar - ok
20:47:39.0824 0x0d34 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:47:39.0839 0x0d34 mctadmin - ok
20:47:39.0839 0x0d34 Waiting for KSN requests completion. In queue: 34
20:47:40.0853 0x0d34 Waiting for KSN requests completion. In queue: 34
20:47:41.0867 0x0d34 Waiting for KSN requests completion. In queue: 34
20:47:43.0006 0x0d34 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x40000 ( disabled : updated )
20:47:43.0037 0x0d34 Win FW state via NFP2: enabled
20:47:45.0533 0x0d34 ============================================================
20:47:45.0533 0x0d34 Scan finished
20:47:45.0533 0x0d34 ============================================================
20:47:45.0549 0x0c10 Detected object count: 0
20:47:45.0549 0x0c10 Actual detected object count: 0
Bei beiden stand bei den Programmen, dass nichts gefunden wurde. Heißt das jetzt dass ich mir durch das öffnen der PDF nichts eingefangen habe? Danke für eure schnelle Hilfe. mfg ulmi |
|
04.06.2015, 11:11
| #6 |
| /// the machine /// TB-Ausbilder | Windows7: PDF von DHL Mail geöffnet sieht so aus 
__________________ --> Windows7: PDF von DHL Mail geöffnet |
|
05.06.2015, 14:32
| #7 |
| | Windows7: PDF von DHL Mail geöffnet Danke für deine schnelle Hilfe. mfg ulmi |
|
06.06.2015, 14:58
| #8 |
| /// the machine /// TB-Ausbilder | Windows7: PDF von DHL Mail geöffnet Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows7: PDF von DHL Mail geöffnet |
| anhang, anhänge, anhängen, bereits, erhalte, erhalten, erstell, erstellt, feststellen, files, gen, gestern, hänge, hängen, log, mail, nichts, pdf, stelle, troja, trojaner, versteckt, windows, windows7, ähnliches |
Linear-Darstellung
