| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC hängt wiedermal...Kann das jemand anschauen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2015, 10:40
| #1 |
 |  PC hängt wiedermal...Kann das jemand anschauen? Kann mir jemand mal kurz durchschauen, ob da was drauf ist? Irgendwie hängt mein PC seit längerem wieder und die Internetleistung lässt leider seither auch ziemlich nach. Auch beim Aufstarten kommt es öfters dazu, dass sich der PC kurz aufhängt. Soll ich ein FRST-Log posten? Danke im Voraus!
__________________ Gruss  R4BBIT  9 von 10 Personen mögen Bier...die 10. lügt |
|
05.06.2015, 10:47
| #2 |
| /// TB-Ausbilder   | PC hängt wiedermal...Kann das jemand anschauen? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
05.06.2015, 11:28
| #3 |
| | PC hängt wiedermal...Kann das jemand anschauen? Hier FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by AdminFabian (administrator) on PC_FABIAN on 05-06-2015 12:20:42
Running from C:\Users\Fabian.PC_Fabian\Desktop\Bereinigung
Loaded Profiles: AdminFabian & Fabian (Available Profiles: AdminFabian & Fabian)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Fabian.PC_Fabian\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\0a5626b7-54ff-490c-9d25-22eeb56b74c5.exe [183232 2015-05-25] (AVAST Software)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\Run: [SkyDrive] => C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\MountPoints2: {3c35e8d1-db21-11e2-be85-4c72b97327ec} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\MountPoints2: {75e0df4f-7aae-11e2-be79-4c72b97327ec} - "K:\laucher.exe"
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.janosch-nietlispach.ch/news
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> DefaultScope {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1392978341-1441607686-3862372307-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1855064 2012-11-23] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 12:20 - 2015-06-05 12:20 - 00000000 ____D C:\Users\Fabian.PC_Fabian\Desktop\Bereinigung
2015-06-03 10:08 - 2015-06-03 10:08 - 00280008 _____ C:\windows\Minidump\060315-21078-01.dmp
2015-06-01 20:46 - 2015-06-01 20:46 - 00280008 _____ C:\windows\Minidump\060115-21750-01.dmp
2015-05-19 17:31 - 2015-05-19 17:31 - 00280008 _____ C:\windows\Minidump\051915-21312-01.dmp
2015-05-19 11:58 - 2015-05-19 11:58 - 00016676 _____ C:\Users\Fabian.PC_Fabian\Desktop\Feedbackfragen Jubla Cham.dat
2015-05-13 20:26 - 2015-05-13 20:26 - 00280008 _____ C:\windows\Minidump\051315-20593-01.dmp
2015-05-12 17:27 - 2015-05-12 17:27 - 00280008 _____ C:\windows\Minidump\051215-17562-01.dmp
2015-05-07 17:33 - 2015-05-07 17:34 - 00280008 _____ C:\windows\Minidump\050715-27140-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 12:20 - 2015-04-30 19:45 - 00000000 ____D C:\FRST
2015-06-05 11:23 - 2015-03-16 21:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-05 11:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2015-06-05 11:08 - 2013-02-02 17:50 - 01095225 _____ C:\windows\WindowsUpdate.log
2015-06-05 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2015-06-05 10:53 - 2013-02-05 21:31 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1392978341-1441607686-3862372307-1006
2015-06-04 18:36 - 2012-07-26 09:59 - 00000000 ____D C:\windows\CbsTemp
2015-06-04 18:04 - 2013-08-11 19:48 - 00000000 ____D C:\windows\system32\MRT
2015-06-04 18:02 - 2013-02-02 19:33 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-04 17:17 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-06-03 10:13 - 2012-10-23 19:37 - 00724412 _____ C:\windows\system32\perfh007.dat
2015-06-03 10:13 - 2012-10-23 19:37 - 00163214 _____ C:\windows\system32\perfc007.dat
2015-06-03 10:13 - 2012-07-26 09:28 - 01734152 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-03 10:09 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security
2015-06-03 10:09 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-03 10:08 - 2013-10-31 21:06 - 668381772 _____ C:\windows\MEMORY.DMP
2015-06-03 10:08 - 2013-10-23 21:17 - 00000000 ____D C:\windows\Minidump
2015-05-25 20:30 - 2013-12-09 21:11 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Roaming\TS3Client
2015-05-19 18:04 - 2013-02-16 21:06 - 00549888 ___SH C:\Users\Fabian.PC_Fabian\Desktop\Thumbs.db
2015-05-19 17:32 - 2013-02-06 22:21 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-05-19 12:08 - 2013-02-05 21:25 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Local\Packages
2015-05-07 17:33 - 2012-08-01 19:02 - 00737506 _____ C:\windows\PFRO.log
==================== Files in the root of some directories =======
2013-02-02 18:13 - 2013-02-02 18:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\AdminFabian\AppData\Local\Temp\Quarantine.exe
C:\Users\AdminFabian\AppData\Local\Temp\sqlite3.dll
C:\Users\Fabian.PC_Fabian\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 21:01
==================== End of log ============================
Addition: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by AdminFabian at 2015-06-05 12:21:16
Running from C:\Users\Fabian.PC_Fabian\Desktop\Bereinigung
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AdminFabian (S-1-5-21-1392978341-1441607686-3862372307-1005 - Administrator - Enabled) => C:\Users\AdminFabian
Administrator (S-1-5-21-1392978341-1441607686-3862372307-500 - Administrator - Disabled)
Fabian (S-1-5-21-1392978341-1441607686-3862372307-1006 - Limited - Enabled) => C:\Users\Fabian.PC_Fabian
Gast (S-1-5-21-1392978341-1441607686-3862372307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1392978341-1441607686-3862372307-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Internet Security (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
eTax.zug 2014 nP 1.3.0 (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\8452-4068-1171-2815) (Version: 1.3.0 - Information Factory AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RecImgManager (HKLM-x32\...\{1ECC3992-5E46-4A3B-823F-4228D5B05A83}) (Version: 2.0.26222 - SlimWare Utilities, Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-05-2015 20:58:43 Geplanter Prüfpunkt
04-06-2015 17:03:23 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2015-03-23 19:52 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E1975F3-5D81-4CA8-8E07-168E2CD1DF5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5F63D142-E881-4C1E-A6BB-D4956C70E5A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {74BEDB4E-487E-4F08-808D-3CD98A22F124} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {97A056F4-107F-4DB8-8E61-3264A3A8DDBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-04] (Microsoft Corporation)
Task: {E0CF2BA3-882C-4D8E-9580-68B42A1AA8D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F6E24018-619A-4763-9815-BEF6CF60CD7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F7C59E27-327A-406B-8FAB-A1B6132D4BA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
==================== Loaded Modules (Whitelisted) ==============
2013-02-05 23:21 - 2012-11-10 11:28 - 00382544 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00513600 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00607296 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-10 17:46 - 2015-02-06 20:08 - 00076152 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-12-19 05:22 - 2014-12-19 05:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2012-07-04 22:37 - 2012-07-04 22:37 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-05-04 17:42 - 2012-05-04 17:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-01 20:47 - 2015-06-01 20:47 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060101\algo.dll
2015-06-05 11:52 - 2015-06-05 11:52 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060500\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-23 10:52 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-23 10:58 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-23 10:59 - 2009-02-19 18:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2015-04-22 18:20 - 2015-04-22 18:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-29 23:26 - 2014-11-26 04:12 - 40622592 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-19 05:22 - 2014-12-19 05:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2015-01-29 23:26 - 2014-11-26 04:12 - 00911360 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-01-29 23:26 - 2014-11-26 04:12 - 00134144 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "SkyDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBB1C137-790B-486B-A9C9-27B435B298F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{293ABFA0-F8E4-4BEE-989D-E9F5BB71FA8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF3D2D61-C87A-4D43-9E52-1D6ABDD4012F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F2898FF-636E-494A-A285-C5E36AF9CFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C008179C-4E73-43B3-AE1F-761536965182}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D559845D-EA90-49AC-AA22-87A9048E0C3F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B90066BF-D10D-4365-B161-3D91EABEC775}] => (Allow) C:\Users\AdminFabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2DFB5855-1A34-43A2-BA35-A329FC85E85C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18FCFA59-65A8-4E08-AFF7-D175F3A69EB5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DEA5977-AAE4-4705-9CBE-A522CEDE88E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89579F59-EFB0-4DCB-9C86-C2F2213A110A}] => (Allow) LPort=2869
FirewallRules: [{5F8EE66C-73FF-4440-ACC8-26DEF876E66E}] => (Allow) LPort=1900
FirewallRules: [{DB8A88AE-0600-4295-88EC-70C0BC252A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05F57B78-2520-4FA8-AE37-EED4AA648917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7E4CE3E0-E0A1-4ADF-BB67-48FEF13A388F}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{EAC1CAEE-90CA-4D75-A471-EF0E268AFF38}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{EF607449-0DA6-4A67-916B-36757CB05CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [{E5A994C9-B85E-42E6-BBFB-1BF6E259E16C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [TCP Query User{9A101C02-AFA2-4EE8-9018-012E365F5DE4}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{ED0CF3BB-BC4A-42C6-95CF-60F7B18D1A31}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [TCP Query User{46220C03-5BE5-4E16-87E1-4644B21A49CF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FF72C7FF-F4E0-47F5-A1E0-ED12B2EC0FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2516AA43-DAD4-47EE-9345-8B815227CA08}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{658CEDA9-859B-4117-8EA9-8DB4A7CE1EB4}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{25B7CD5D-C18C-429B-B8B9-BE64640530EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B433DBEC-8EA6-45B9-8863-060CE099D8CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8BDCF14-4299-4204-AF95-DC0772D6620B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E884CE-DB2E-45A7-A827-87BB7B549121}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B47B08A-E461-45C5-87F3-0A8F0F53A797}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CEEF249C-ED01-4EEE-81C3-0C4FF075B9AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB00654F-36F9-4054-A5FC-D3F89A90DE62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397D4BAD-B323-4520-A472-DE71F8919AAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{D5B95690-0429-4F20-9608-EC3E19DAFCFA}] => (Allow) LPort=53000
FirewallRules: [{17BE0B20-3434-447A-8B20-3C78433103F2}] => (Allow) LPort=52000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/04/2015 10:05:34 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 10:03:20 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 06:06:45 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (06/04/2015 06:04:31 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (06/04/2015 06:04:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/03/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: KERNEL32.dll, Version: 6.2.9200.16859, Zeitstempel: 0x53118550
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00026185
ID des fehlerhaften Prozesses: 0x17b4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (06/03/2015 10:09:35 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
System errors:
=============
Error: (06/03/2015 00:07:10 PM) (Source: DCOM) (EventID: 10016) (User: PC_Fabian)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC_FabianFabianS-1-5-21-1392978341-1441607686-3862372307-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/03/2015 10:09:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/03/2015 10:09:13 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (06/03/2015 10:08:47 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (06/03/2015 10:08:59 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xfffff880049d81e0, 0xfffff880049d8138, 0x0000000000000000)C:\windows\MEMORY.DMP060315-21078-01
Error: (06/03/2015 10:08:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.06.2015 um 21:19:13 unerwartet heruntergefahren.
Error: (06/03/2015 10:08:36 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212254731067200
Error: (06/01/2015 09:12:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC_BRIGITTE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A8851342-14E7-401D-B490-4A2FE92AFB41}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/01/2015 08:47:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/01/2015 08:46:45 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Microsoft Office:
=========================
Error: (06/04/2015 10:05:34 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 10:03:20 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 06:06:45 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (06/04/2015 06:04:31 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (06/04/2015 06:04:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/03/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156KERNEL32.dll6.2.9200.1685953118550c00000050002618517b401d09dd4b8abcf66C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNEL32.dll03bf193d-09c8-11e5-bee8-4c72b97327ec
Error: (06/03/2015 10:09:35 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
CodeIntegrity Errors:
===================================
Date: 2015-06-04 16:58:14.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:09.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:07.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:00.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:24.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:22.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:20.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:19.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:18.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16323.54 MB
Available physical RAM: 13579.67 MB
Total Pagefile: 32707.54 MB
Available Pagefile: 29232.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1000.11 GB) (Free:815.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.98 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Daten) (Fixed) (Total:849.45 GB) (Free:742.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0ABD2367)
Partition: GPT Partition Type.
==================== End of log ============================
__________________ |
|
05.06.2015, 11:29
| #4 |
| | PC hängt wiedermal...Kann das jemand anschauen? Und hier noch TDSS: TDSS: Code:
ATTFilter 12:23:45.0171 0x1894 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:23:45.0171 0x1894 UEFI system
12:23:49.0098 0x1894 ============================================================
12:23:49.0098 0x1894 Current date / time: 2015/06/05 12:23:49.0098
12:23:49.0098 0x1894 SystemInfo:
12:23:49.0098 0x1894
12:23:49.0098 0x1894 OS Version: 6.2.9200 ServicePack: 0.0
12:23:49.0098 0x1894 Product type: Workstation
12:23:49.0098 0x1894 ComputerName: PC_FABIAN
12:23:49.0098 0x1894 UserName: AdminFabian
12:23:49.0098 0x1894 Windows directory: C:\windows
12:23:49.0098 0x1894 System windows directory: C:\windows
12:23:49.0098 0x1894 Running under WOW64
12:23:49.0098 0x1894 Processor architecture: Intel x64
12:23:49.0098 0x1894 Number of processors: 8
12:23:49.0098 0x1894 Page size: 0x1000
12:23:49.0098 0x1894 Boot type: Normal boot
12:23:49.0098 0x1894 ============================================================
12:23:49.0826 0x1894 KLMD registered as C:\windows\system32\drivers\84679185.sys
12:23:50.0045 0x1894 System UUID: {83CE8489-8F97-CC38-5DD8-4E9939A49D5C}
12:23:50.0432 0x1894 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:23:50.0451 0x1894 ============================================================
12:23:50.0451 0x1894 \Device\Harddisk0\DR0:
12:23:50.0451 0x1894 GPT partitions:
12:23:50.0452 0x1894 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BED31882-643C-4352-B77F-C687397A3BE2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
12:23:50.0452 0x1894 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B50EB2F0-5FDC-463D-83C3-63561A00B356}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
12:23:50.0452 0x1894 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D6A7DE4A-1193-4266-B231-8667AD6C5D81}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
12:23:50.0452 0x1894 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {74381645-92D0-4AD3-A3C4-BD6607EEEA62}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x7D039000
12:23:50.0452 0x1894 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {735E67CD-C6AC-494E-91BA-655C8F24CE3F}, Name: Basic data partition, StartLBA 0x7D32D000, BlocksNum 0x6A2E7000
12:23:50.0452 0x1894 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F99BCA9C-5D3D-4C24-981D-E53B267E60B0}, Name: Basic data partition, StartLBA 0xE7614800, BlocksNum 0x17F4000
12:23:50.0452 0x1894 MBR partitions:
12:23:50.0452 0x1894 ============================================================
12:23:50.0469 0x1894 C: <-> \Device\Harddisk0\DR0\Partition4
12:23:50.0514 0x1894 D: <-> \Device\Harddisk0\DR0\Partition6
12:23:50.0576 0x1894 J: <-> \Device\Harddisk0\DR0\Partition5
12:23:50.0577 0x1894 ============================================================
12:23:50.0577 0x1894 Initialize success
12:23:50.0577 0x1894 ============================================================
12:23:55.0698 0x2508 ============================================================
12:23:55.0698 0x2508 Scan started
12:23:55.0698 0x2508 Mode: Manual;
12:23:55.0698 0x2508 ============================================================
12:23:55.0698 0x2508 KSN ping started
12:23:58.0024 0x2508 KSN ping finished: true
12:23:58.0970 0x2508 ================ Scan system memory ========================
12:23:58.0970 0x2508 System memory - ok
12:23:58.0970 0x2508 ================ Scan services =============================
12:23:59.0076 0x2508 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
12:23:59.0083 0x2508 1394ohci - ok
12:23:59.0100 0x2508 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\windows\system32\drivers\3ware.sys
12:23:59.0102 0x2508 3ware - ok
12:23:59.0250 0x2508 [ BFC9B9FDFDEA8DFA86239ED8F961528E, 98795D536710199752859FFA623F823EA5690DBC66A711EAA30995C27B45D0EC ] a2AntiMalware C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
12:23:59.0303 0x2508 a2AntiMalware - ok
12:23:59.0325 0x2508 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\windows\system32\drivers\ACPI.sys
12:23:59.0330 0x2508 ACPI - ok
12:23:59.0342 0x2508 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\windows\system32\Drivers\acpiex.sys
12:23:59.0343 0x2508 acpiex - ok
12:23:59.0353 0x2508 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
12:23:59.0353 0x2508 acpipagr - ok
12:23:59.0356 0x2508 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
12:23:59.0356 0x2508 AcpiPmi - ok
12:23:59.0362 0x2508 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\windows\System32\drivers\acpitime.sys
12:23:59.0362 0x2508 acpitime - ok
12:23:59.0391 0x2508 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\windows\system32\drivers\adp94xx.sys
12:23:59.0404 0x2508 adp94xx - ok
12:23:59.0424 0x2508 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\windows\system32\drivers\adpahci.sys
12:23:59.0429 0x2508 adpahci - ok
12:23:59.0443 0x2508 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\windows\system32\drivers\adpu320.sys
12:23:59.0446 0x2508 adpu320 - ok
12:23:59.0471 0x2508 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:23:59.0475 0x2508 AeLookupSvc - ok
12:23:59.0504 0x2508 [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD C:\windows\system32\drivers\afd.sys
12:23:59.0512 0x2508 AFD - ok
12:23:59.0527 0x2508 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\windows\system32\drivers\agp440.sys
12:23:59.0528 0x2508 agp440 - ok
12:23:59.0552 0x2508 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\windows\System32\alg.exe
12:23:59.0554 0x2508 ALG - ok
12:23:59.0574 0x2508 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
12:23:59.0576 0x2508 AllUserInstallAgent - ok
12:23:59.0596 0x2508 [ E14F7B22FD0BD5FAA8C885C64690965D, B50217D1C23AF191389B9A335270A2B6254B8A3035BFCAFE4A5F7DB0FDBD7DF6 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
12:23:59.0599 0x2508 AMD External Events Utility - ok
12:23:59.0628 0x2508 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\windows\System32\drivers\amdk8.sys
12:23:59.0630 0x2508 AmdK8 - ok
12:23:59.0840 0x2508 [ F931C2ED6C8294909C10657DCB9A9A4E, 7A9CEA4ADF31C5C93F0FE433A78817FAEE57DB737D8FC4F6A0E53F1D527EA10F ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
12:23:59.0949 0x2508 amdkmdag - ok
12:23:59.0971 0x2508 [ 0D481A7FE3A66724DC11AD8A4E417A9A, 85726C7AC933ABD5ADE7A508E7C114BA512795F6BDC53663521AE66C27231527 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
12:23:59.0975 0x2508 amdkmdap - ok
12:23:59.0988 0x2508 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\windows\System32\drivers\amdppm.sys
12:23:59.0989 0x2508 AmdPPM - ok
12:24:00.0004 0x2508 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\windows\system32\drivers\amdsata.sys
12:24:00.0007 0x2508 amdsata - ok
12:24:00.0026 0x2508 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
12:24:00.0033 0x2508 amdsbs - ok
12:24:00.0043 0x2508 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:24:00.0045 0x2508 amdxata - ok
12:24:00.0076 0x2508 [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
12:24:00.0077 0x2508 AppHostSvc - ok
12:24:00.0093 0x2508 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\windows\system32\drivers\appid.sys
12:24:00.0095 0x2508 AppID - ok
12:24:00.0117 0x2508 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\windows\System32\appidsvc.dll
12:24:00.0119 0x2508 AppIDSvc - ok
12:24:00.0150 0x2508 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\windows\System32\appinfo.dll
12:24:00.0153 0x2508 Appinfo - ok
12:24:00.0207 0x2508 [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:00.0210 0x2508 Apple Mobile Device - ok
12:24:00.0226 0x2508 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\windows\system32\drivers\arc.sys
12:24:00.0229 0x2508 arc - ok
12:24:00.0245 0x2508 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\windows\system32\drivers\arcsas.sys
12:24:00.0249 0x2508 arcsas - ok
12:24:00.0316 0x2508 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:24:00.0328 0x2508 aspnet_state - ok
12:24:00.0342 0x2508 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\windows\system32\drivers\aswHwid.sys
12:24:00.0344 0x2508 aswHwid - ok
12:24:00.0357 0x2508 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
12:24:00.0360 0x2508 aswMonFlt - ok
12:24:00.0371 0x2508 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
12:24:00.0374 0x2508 aswRdr - ok
12:24:00.0383 0x2508 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
12:24:00.0385 0x2508 aswRvrt - ok
12:24:00.0417 0x2508 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
12:24:00.0428 0x2508 aswSnx - ok
12:24:00.0444 0x2508 [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP C:\windows\system32\drivers\aswSP.sys
12:24:00.0449 0x2508 aswSP - ok
12:24:00.0462 0x2508 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\windows\system32\drivers\aswStm.sys
12:24:00.0464 0x2508 aswStm - ok
12:24:00.0473 0x2508 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
12:24:00.0477 0x2508 aswVmm - ok
12:24:00.0489 0x2508 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:24:00.0490 0x2508 AsyncMac - ok
12:24:00.0507 0x2508 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\windows\system32\drivers\atapi.sys
12:24:00.0507 0x2508 atapi - ok
12:24:00.0533 0x2508 [ 98A9D78AF74B2C7D27465029D389F567, 12EF8D3A7A9F27230A965D44DA4BD5692CF3F0A4183A822E226AC6722A35F4C4 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW86.sys
12:24:00.0534 0x2508 AtiHDAudioService - ok
12:24:00.0573 0x2508 [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
12:24:00.0575 0x2508 AudioEndpointBuilder - ok
12:24:00.0607 0x2508 [ 463E7457227E970CB249031AEAE7902C, 2F627BC558E5764592B08269F3EE4C6ECD544904963312A60F5B0C0B9C8C5D32 ] Audiosrv C:\windows\System32\Audiosrv.dll
12:24:00.0616 0x2508 Audiosrv - ok
12:24:00.0682 0x2508 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:24:00.0691 0x2508 avast! Antivirus - ok
12:24:00.0700 0x2508 AvastVBoxSvc - ok
12:24:00.0724 0x2508 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\windows\System32\AxInstSV.dll
12:24:00.0729 0x2508 AxInstSV - ok
12:24:00.0768 0x2508 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
12:24:00.0779 0x2508 b06bdrv - ok
12:24:00.0787 0x2508 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
12:24:00.0788 0x2508 BasicDisplay - ok
12:24:00.0796 0x2508 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
12:24:00.0797 0x2508 BasicRender - ok
12:24:00.0823 0x2508 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\windows\System32\bdesvc.dll
12:24:00.0825 0x2508 BDESVC - ok
12:24:00.0832 0x2508 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\windows\system32\drivers\Beep.sys
12:24:00.0833 0x2508 Beep - ok
12:24:00.0871 0x2508 [ C72AB32F7EFCA677AF079F4336BC1609, 90FF653027709ADB674B2D4240E398E7A64D2079CBF56E3983008D92FA12EA0D ] BFE C:\windows\System32\bfe.dll
12:24:00.0879 0x2508 BFE - ok
12:24:00.0914 0x2508 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\windows\System32\qmgr.dll
12:24:00.0925 0x2508 BITS - ok
12:24:00.0956 0x2508 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:24:00.0961 0x2508 Bonjour Service - ok
12:24:00.0972 0x2508 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:24:00.0973 0x2508 bowser - ok
12:24:00.0997 0x2508 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
12:24:01.0003 0x2508 BrokerInfrastructure - ok
12:24:01.0022 0x2508 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\windows\System32\browser.dll
12:24:01.0027 0x2508 Browser - ok
12:24:01.0042 0x2508 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
12:24:01.0044 0x2508 BthAvrcpTg - ok
12:24:01.0069 0x2508 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
12:24:01.0071 0x2508 BthHFEnum - ok
12:24:01.0091 0x2508 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
12:24:01.0093 0x2508 bthhfhid - ok
12:24:01.0107 0x2508 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
12:24:01.0109 0x2508 BTHMODEM - ok
12:24:01.0126 0x2508 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\windows\system32\bthserv.dll
12:24:01.0130 0x2508 bthserv - ok
12:24:01.0145 0x2508 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:24:01.0149 0x2508 cdfs - ok
12:24:01.0170 0x2508 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\windows\System32\drivers\cdrom.sys
12:24:01.0175 0x2508 cdrom - ok
12:24:01.0189 0x2508 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\windows\System32\certprop.dll
12:24:01.0194 0x2508 CertPropSvc - ok
12:24:01.0207 0x2508 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\windows\System32\drivers\circlass.sys
12:24:01.0208 0x2508 circlass - ok
12:24:01.0237 0x2508 [ 94250D5AE3E7269DB29BCF96E07F21A6, 538C6CDCD193AABDE40CC25220528F8F80AEF828C46D8660234CB0E592B607CB ] CLFS C:\windows\system32\drivers\CLFS.sys
12:24:01.0243 0x2508 CLFS - ok
12:24:01.0267 0x2508 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
12:24:01.0268 0x2508 CLVirtualDrive - ok
12:24:01.0282 0x2508 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\windows\System32\drivers\CmBatt.sys
12:24:01.0283 0x2508 CmBatt - ok
12:24:01.0309 0x2508 [ 711E2E14AF1FC883AA6251FCE196DC1E, AF1EF693C5C2F08C40CCC3C56F72F6840559CCFBC26F2235C20A3478A8CE95E6 ] CNG C:\windows\system32\Drivers\cng.sys
12:24:01.0316 0x2508 CNG - ok
12:24:01.0328 0x2508 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
12:24:01.0329 0x2508 CompositeBus - ok
12:24:01.0331 0x2508 COMSysApp - ok
12:24:01.0342 0x2508 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\windows\system32\drivers\condrv.sys
12:24:01.0342 0x2508 condrv - ok
12:24:01.0359 0x2508 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\windows\system32\cryptsvc.dll
12:24:01.0361 0x2508 CryptSvc - ok
12:24:01.0388 0x2508 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\windows\system32\drivers\dam.sys
12:24:01.0389 0x2508 dam - ok
12:24:01.0422 0x2508 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\windows\system32\rpcss.dll
12:24:01.0433 0x2508 DcomLaunch - ok
12:24:01.0460 0x2508 [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc C:\windows\System32\defragsvc.dll
12:24:01.0464 0x2508 defragsvc - ok
12:24:01.0496 0x2508 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
12:24:01.0501 0x2508 DeviceAssociationService - ok
12:24:01.0525 0x2508 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
12:24:01.0528 0x2508 DeviceInstall - ok
12:24:01.0553 0x2508 [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
12:24:01.0555 0x2508 Dfsc - ok
12:24:01.0579 0x2508 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\windows\system32\dhcpcore.dll
12:24:01.0583 0x2508 Dhcp - ok
12:24:01.0610 0x2508 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\windows\system32\drivers\discache.sys
12:24:01.0611 0x2508 discache - ok
12:24:01.0630 0x2508 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\windows\system32\drivers\disk.sys
12:24:01.0631 0x2508 disk - ok
12:24:01.0643 0x2508 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\windows\System32\drivers\dmvsc.sys
12:24:01.0644 0x2508 dmvsc - ok
12:24:01.0666 0x2508 [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:24:01.0669 0x2508 Dnscache - ok
12:24:01.0693 0x2508 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\windows\System32\dot3svc.dll
12:24:01.0697 0x2508 dot3svc - ok
12:24:01.0706 0x2508 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\windows\system32\dps.dll
12:24:01.0709 0x2508 DPS - ok
12:24:01.0735 0x2508 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:24:01.0736 0x2508 drmkaud - ok
12:24:01.0762 0x2508 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
12:24:01.0765 0x2508 DsmSvc - ok
12:24:01.0803 0x2508 [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:24:01.0818 0x2508 DXGKrnl - ok
12:24:01.0837 0x2508 [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys
12:24:01.0841 0x2508 e1iexpress - ok
12:24:01.0853 0x2508 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\windows\System32\eapsvc.dll
12:24:01.0856 0x2508 Eaphost - ok
12:24:01.0919 0x2508 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\windows\system32\drivers\evbda.sys
12:24:01.0953 0x2508 ebdrv - ok
12:24:01.0990 0x2508 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS C:\windows\System32\lsass.exe
12:24:01.0992 0x2508 EFS - ok
12:24:02.0004 0x2508 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
12:24:02.0007 0x2508 EhStorClass - ok
12:24:02.0024 0x2508 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
12:24:02.0028 0x2508 EhStorTcgDrv - ok
12:24:02.0059 0x2508 [ CA4ADE6C3929B70317BFDDF9ABBFE0CE, 824F3D26FDFBA38A5191C78E68379D48C915FB6F82BD353A1D5416537F8A0A42 ] epp64 C:\windows\system32\DRIVERS\epp64.sys
12:24:02.0061 0x2508 epp64 - ok
12:24:02.0087 0x2508 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\windows\System32\drivers\errdev.sys
12:24:02.0087 0x2508 ErrDev - ok
12:24:02.0132 0x2508 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\windows\system32\es.dll
12:24:02.0140 0x2508 EventSystem - ok
12:24:02.0154 0x2508 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\windows\system32\drivers\exfat.sys
12:24:02.0156 0x2508 exfat - ok
12:24:02.0173 0x2508 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\windows\system32\drivers\fastfat.sys
12:24:02.0175 0x2508 fastfat - ok
12:24:02.0197 0x2508 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\windows\system32\fxssvc.exe
12:24:02.0206 0x2508 Fax - ok
12:24:02.0217 0x2508 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\windows\System32\drivers\fdc.sys
12:24:02.0218 0x2508 fdc - ok
12:24:02.0241 0x2508 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\windows\system32\fdPHost.dll
12:24:02.0244 0x2508 fdPHost - ok
12:24:02.0251 0x2508 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\windows\system32\fdrespub.dll
12:24:02.0254 0x2508 FDResPub - ok
12:24:02.0274 0x2508 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\windows\system32\fhsvc.dll
12:24:02.0278 0x2508 fhsvc - ok
12:24:02.0301 0x2508 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:24:02.0303 0x2508 FileInfo - ok
12:24:02.0318 0x2508 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:24:02.0319 0x2508 Filetrace - ok
12:24:02.0332 0x2508 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\windows\System32\drivers\flpydisk.sys
12:24:02.0333 0x2508 flpydisk - ok
12:24:02.0351 0x2508 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:24:02.0358 0x2508 FltMgr - ok
12:24:02.0396 0x2508 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\windows\system32\FntCache.dll
12:24:02.0411 0x2508 FontCache - ok
12:24:02.0447 0x2508 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:24:02.0448 0x2508 FontCache3.0.0.0 - ok
12:24:02.0461 0x2508 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:24:02.0462 0x2508 FsDepends - ok
12:24:02.0476 0x2508 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:24:02.0477 0x2508 Fs_Rec - ok
12:24:02.0505 0x2508 [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:24:02.0511 0x2508 fvevol - ok
12:24:02.0539 0x2508 [ 155871C89E9FA12B3668D457A22311B8, 3B3255DF79A1BB1D6CD2D03DAED028FC825565192523AD92D2445CAB3300D2C9 ] fwndis C:\windows\system32\DRIVERS\fwndis64.sys
12:24:02.0544 0x2508 fwndis - ok
12:24:02.0572 0x2508 [ 879C4DA34219BA4F83456E6F7876A6BC, 3CBEF4142A27E66807CCBEF61A2730E3F9B83857A78D0CF8A7D99BF4AF152380 ] fwwfp C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys
12:24:02.0577 0x2508 fwwfp - ok
12:24:02.0595 0x2508 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\windows\System32\drivers\fxppm.sys
12:24:02.0596 0x2508 FxPPM - ok
12:24:02.0605 0x2508 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
12:24:02.0606 0x2508 gagp30kx - ok
12:24:02.0634 0x2508 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:02.0635 0x2508 GEARAspiWDM - ok
12:24:02.0646 0x2508 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
12:24:02.0647 0x2508 gencounter - ok
12:24:02.0669 0x2508 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
12:24:02.0671 0x2508 GPIOClx0101 - ok
12:24:02.0709 0x2508 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\windows\System32\gpsvc.dll
12:24:02.0725 0x2508 gpsvc - ok
12:24:02.0753 0x2508 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:24:02.0757 0x2508 HdAudAddService - ok
12:24:02.0778 0x2508 [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
12:24:02.0779 0x2508 HDAudBus - ok
12:24:02.0797 0x2508 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\windows\System32\drivers\HidBatt.sys
12:24:02.0798 0x2508 HidBatt - ok
12:24:02.0816 0x2508 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\windows\System32\drivers\hidbth.sys
12:24:02.0818 0x2508 HidBth - ok
12:24:02.0839 0x2508 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
12:24:02.0840 0x2508 hidi2c - ok
12:24:02.0852 0x2508 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\windows\System32\drivers\hidir.sys
12:24:02.0852 0x2508 HidIr - ok
12:24:02.0860 0x2508 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\windows\system32\hidserv.dll
12:24:02.0861 0x2508 hidserv - ok
12:24:02.0886 0x2508 [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb C:\windows\System32\drivers\hidusb.sys
12:24:02.0887 0x2508 HidUsb - ok
12:24:02.0910 0x2508 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\windows\system32\kmsvc.dll
12:24:02.0912 0x2508 hkmsvc - ok
12:24:02.0941 0x2508 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:24:02.0945 0x2508 HomeGroupListener - ok
12:24:02.0973 0x2508 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:24:02.0980 0x2508 HomeGroupProvider - ok
12:24:03.0029 0x2508 [ E1C037A7E05FD39E6C1AF93CEEFDC53A, D20B056BE5CEB5D471170D6627157D8848376FF319BFE12C7331B0F2C0EBB4A4 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:24:03.0032 0x2508 HP Support Assistant Service - ok
12:24:03.0061 0x2508 [ E2550FBBBA31E2D4F9757E0A533689F0, 0AE6B0D89E74E57F87A6431D005BFF4213AC4C98A74A7C796894FC2A8D42E0DD ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
12:24:03.0063 0x2508 HPConnectedRemote - ok
12:24:03.0099 0x2508 [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:24:03.0115 0x2508 hpqwmiex - ok
12:24:03.0131 0x2508 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
12:24:03.0132 0x2508 HpSAMD - ok
12:24:03.0162 0x2508 [ DF2D5FB7E9964C7E626ABE86ADA8C108, A0229405777513A6A1C5BDAA19C9FB837671B7BDA8DE2E4BA54443D041E297C4 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
12:24:03.0163 0x2508 HPSupportSolutionsFrameworkService - ok
12:24:03.0200 0x2508 [ 258A9103842E36CD27D07D5A1F6D2A23, 883E797263DB0A971C5FDDB588AAE041DD1021F079A891E8AA4525799C795B04 ] HTTP C:\windows\system32\drivers\HTTP.sys
12:24:03.0218 0x2508 HTTP - ok
12:24:03.0241 0x2508 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:24:03.0241 0x2508 hwpolicy - ok
12:24:03.0251 0x2508 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
12:24:03.0251 0x2508 hyperkbd - ok
12:24:03.0268 0x2508 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
12:24:03.0269 0x2508 HyperVideo - ok
12:24:03.0301 0x2508 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\windows\System32\drivers\i8042prt.sys
12:24:03.0303 0x2508 i8042prt - ok
12:24:03.0335 0x2508 [ 459016E8A4FA6426EDB5A9456A6E5E58, 92B73EE5559ABD8783EC5AF8A2B6EBDE0D937745B4BEDBEA6DF06DD8606AE56C ] iaStorA C:\windows\system32\drivers\iaStorA.sys
12:24:03.0343 0x2508 iaStorA - ok
12:24:03.0358 0x2508 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:24:03.0363 0x2508 iaStorV - ok
12:24:03.0571 0x2508 [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
12:24:03.0686 0x2508 igfx - ok
12:24:03.0710 0x2508 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\windows\system32\drivers\iirsp.sys
12:24:03.0711 0x2508 iirsp - ok
12:24:03.0756 0x2508 [ 644D7E4EAC8D5CE757435FA98A7BDA50, 7C91F6E75B148E69BF701F0152CDBF8FB94009935EE97F5208560E1E8FEDA4DB ] IKEEXT C:\windows\System32\ikeext.dll
12:24:03.0779 0x2508 IKEEXT - ok
12:24:03.0831 0x2508 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
12:24:03.0846 0x2508 Intel(R) Capability Licensing Service Interface - ok
12:24:03.0870 0x2508 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
12:24:03.0873 0x2508 Intel(R) ME Service - ok
12:24:03.0883 0x2508 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\windows\system32\drivers\intelide.sys
12:24:03.0884 0x2508 intelide - ok
12:24:03.0910 0x2508 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\windows\System32\drivers\intelppm.sys
12:24:03.0912 0x2508 intelppm - ok
12:24:03.0931 0x2508 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:24:03.0933 0x2508 IpFilterDriver - ok
12:24:03.0977 0x2508 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\windows\System32\iphlpsvc.dll
12:24:03.0990 0x2508 iphlpsvc - ok
12:24:04.0007 0x2508 [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
12:24:04.0009 0x2508 IPMIDRV - ok
12:24:04.0018 0x2508 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:24:04.0020 0x2508 IPNAT - ok
12:24:04.0052 0x2508 [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:24:04.0059 0x2508 iPod Service - ok
12:24:04.0077 0x2508 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\windows\system32\drivers\irenum.sys
12:24:04.0077 0x2508 IRENUM - ok
12:24:04.0085 0x2508 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\windows\system32\drivers\isapnp.sys
12:24:04.0085 0x2508 isapnp - ok
12:24:04.0111 0x2508 [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
12:24:04.0115 0x2508 iScsiPrt - ok
12:24:04.0125 0x2508 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:24:04.0127 0x2508 jhi_service - ok
12:24:04.0140 0x2508 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
12:24:04.0141 0x2508 kbdclass - ok
12:24:04.0155 0x2508 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\windows\System32\drivers\kbdhid.sys
12:24:04.0156 0x2508 kbdhid - ok
12:24:04.0164 0x2508 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
12:24:04.0165 0x2508 kdnic - ok
12:24:04.0173 0x2508 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso C:\windows\system32\lsass.exe
12:24:04.0174 0x2508 KeyIso - ok
12:24:04.0192 0x2508 [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:24:04.0193 0x2508 KSecDD - ok
12:24:04.0214 0x2508 [ 0EB535ADDC065F2D0CBFC089630A6065, F6DD544227A5B7A0C80E401EB5461963567A24834C60AF520FBABC1A9FB4E631 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:24:04.0217 0x2508 KSecPkg - ok
12:24:04.0231 0x2508 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
12:24:04.0232 0x2508 ksthunk - ok
12:24:04.0255 0x2508 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\windows\system32\msdtckrm.dll
12:24:04.0260 0x2508 KtmRm - ok
12:24:04.0283 0x2508 [ CBD16721541EE334F6D623CE0B4003BF, DE2C6345B2051AD4C3A3F3AB89AB63AE58A0BA6AB0BCB6B0DFCE6BCD0E8E9519 ] L1C C:\windows\system32\DRIVERS\L1C63x64.sys
12:24:04.0285 0x2508 L1C - ok
12:24:04.0307 0x2508 [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\windows\system32\DRIVERS\ladfGSCamd64.sys
12:24:04.0311 0x2508 LADF_CaptureOnly - ok
12:24:04.0327 0x2508 [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\windows\system32\DRIVERS\ladfGSRamd64.sys
12:24:04.0328 0x2508 LADF_RenderOnly - ok
12:24:04.0357 0x2508 [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer C:\windows\system32\srvsvc.dll
12:24:04.0362 0x2508 LanmanServer - ok
12:24:04.0388 0x2508 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:24:04.0393 0x2508 LanmanWorkstation - ok
12:24:04.0422 0x2508 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\windows\system32\drivers\LGBusEnum.sys
12:24:04.0422 0x2508 LGBusEnum - ok
12:24:04.0444 0x2508 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\windows\system32\drivers\LGVirHid.sys
12:24:04.0445 0x2508 LGVirHid - ok
12:24:04.0449 0x2508 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:24:04.0451 0x2508 lltdio - ok
12:24:04.0465 0x2508 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\windows\System32\lltdsvc.dll
12:24:04.0470 0x2508 lltdsvc - ok
12:24:04.0477 0x2508 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\windows\System32\lmhsvc.dll
12:24:04.0479 0x2508 lmhosts - ok
12:24:04.0500 0x2508 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:24:04.0504 0x2508 LMS - ok
12:24:04.0526 0x2508 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
12:24:04.0527 0x2508 LSI_SAS - ok
12:24:04.0539 0x2508 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
12:24:04.0541 0x2508 LSI_SAS2 - ok
12:24:04.0555 0x2508 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
12:24:04.0557 0x2508 LSI_SCSI - ok
12:24:04.0568 0x2508 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
12:24:04.0570 0x2508 LSI_SSS - ok
12:24:04.0626 0x2508 [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM C:\windows\System32\lsm.dll
12:24:04.0641 0x2508 LSM - ok
12:24:04.0658 0x2508 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\windows\system32\drivers\luafv.sys
12:24:04.0660 0x2508 luafv - ok
12:24:04.0663 0x2508 MBAMSwissArmy - ok
12:24:04.0679 0x2508 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\windows\system32\drivers\megasas.sys
12:24:04.0680 0x2508 megasas - ok
12:24:04.0696 0x2508 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
12:24:04.0700 0x2508 MegaSR - ok
12:24:04.0723 0x2508 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\windows\System32\drivers\HECIx64.sys
12:24:04.0724 0x2508 MEIx64 - ok
12:24:04.0747 0x2508 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\windows\system32\mmcss.dll
12:24:04.0749 0x2508 MMCSS - ok
12:24:04.0761 0x2508 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\windows\system32\drivers\modem.sys
12:24:04.0762 0x2508 Modem - ok
12:24:04.0778 0x2508 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\windows\System32\drivers\monitor.sys
12:24:04.0779 0x2508 monitor - ok
12:24:04.0793 0x2508 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\windows\System32\drivers\mouclass.sys
12:24:04.0794 0x2508 mouclass - ok
12:24:04.0812 0x2508 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\windows\System32\drivers\mouhid.sys
12:24:04.0813 0x2508 mouhid - ok
12:24:04.0825 0x2508 [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:24:04.0827 0x2508 mountmgr - ok
12:24:04.0850 0x2508 [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:24:04.0851 0x2508 mpsdrv - ok
12:24:04.0878 0x2508 [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc C:\windows\system32\mpssvc.dll
12:24:04.0899 0x2508 MpsSvc - ok
12:24:04.0942 0x2508 [ 25560C1656DC7F0723A0CC0B0E1C6BED, 17E8565B833ED58CCB6F85B90A42553464C4408C54006E019AA5641EDB682E31 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:24:04.0946 0x2508 MRxDAV - ok
12:24:04.0987 0x2508 [ 14EE56050E1637926F5CFA65B1F4209B, C654280B4BB461898B43DF350B5BB76C2FDEBD6B49A19D08B2F28D92E2FA3D0D ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:24:04.0998 0x2508 mrxsmb - ok
12:24:05.0026 0x2508 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:24:05.0030 0x2508 mrxsmb10 - ok
12:24:05.0046 0x2508 [ 0AA400AB21745F1153ECE75E0186509A, E26696A00008BB8D88ABED6F379FFFAE21ACE9AA7108D9E89A7D99CAF2F23FEF ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:24:05.0049 0x2508 mrxsmb20 - ok
12:24:05.0059 0x2508 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
12:24:05.0061 0x2508 MsBridge - ok
12:24:05.0085 0x2508 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\windows\System32\msdtc.exe
12:24:05.0089 0x2508 MSDTC - ok
12:24:05.0108 0x2508 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\windows\system32\drivers\Msfs.sys
12:24:05.0109 0x2508 Msfs - ok
12:24:05.0130 0x2508 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
12:24:05.0130 0x2508 msgpiowin32 - ok
12:24:05.0138 0x2508 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:24:05.0139 0x2508 mshidkmdf - ok
12:24:05.0149 0x2508 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
12:24:05.0150 0x2508 mshidumdf - ok
12:24:05.0165 0x2508 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\windows\system32\drivers\msisadrv.sys
12:24:05.0166 0x2508 msisadrv - ok
12:24:05.0196 0x2508 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:24:05.0200 0x2508 MSiSCSI - ok
12:24:05.0205 0x2508 msiserver - ok
12:24:05.0217 0x2508 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:24:05.0217 0x2508 MSKSSRV - ok
12:24:05.0233 0x2508 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
12:24:05.0234 0x2508 MsLldp - ok
12:24:05.0248 0x2508 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:24:05.0249 0x2508 MSPCLOCK - ok
12:24:05.0255 0x2508 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:24:05.0255 0x2508 MSPQM - ok
12:24:05.0277 0x2508 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:24:05.0283 0x2508 MsRPC - ok
12:24:05.0302 0x2508 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\windows\System32\drivers\mssmbios.sys
12:24:05.0303 0x2508 mssmbios - ok
12:24:05.0317 0x2508 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:24:05.0318 0x2508 MSTEE - ok
12:24:05.0327 0x2508 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\windows\System32\drivers\MTConfig.sys
12:24:05.0327 0x2508 MTConfig - ok
12:24:05.0339 0x2508 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\windows\system32\Drivers\mup.sys
12:24:05.0341 0x2508 Mup - ok
12:24:05.0350 0x2508 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\windows\system32\drivers\mvumis.sys
12:24:05.0351 0x2508 mvumis - ok
12:24:05.0377 0x2508 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\windows\system32\qagentRT.dll
12:24:05.0384 0x2508 napagent - ok
12:24:05.0407 0x2508 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:24:05.0412 0x2508 NativeWifiP - ok
12:24:05.0434 0x2508 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\windows\System32\ncasvc.dll
12:24:05.0438 0x2508 NcaSvc - ok
12:24:05.0447 0x2508 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
12:24:05.0450 0x2508 NcdAutoSetup - ok
12:24:05.0492 0x2508 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\windows\system32\drivers\ndis.sys
12:24:05.0503 0x2508 NDIS - ok
12:24:05.0523 0x2508 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:24:05.0525 0x2508 NdisCap - ok
12:24:05.0537 0x2508 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
12:24:05.0538 0x2508 NdisImPlatform - ok
12:24:05.0566 0x2508 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:24:05.0568 0x2508 NdisTapi - ok
12:24:05.0588 0x2508 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:24:05.0591 0x2508 Ndisuio - ok
12:24:05.0611 0x2508 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:24:05.0615 0x2508 NdisWan - ok
12:24:05.0623 0x2508 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
12:24:05.0627 0x2508 NDISWANLEGACY - ok
12:24:05.0648 0x2508 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:24:05.0649 0x2508 NDProxy - ok
12:24:05.0659 0x2508 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\windows\system32\drivers\Ndu.sys
12:24:05.0661 0x2508 Ndu - ok
12:24:05.0672 0x2508 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:24:05.0673 0x2508 NetBIOS - ok
12:24:05.0689 0x2508 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:24:05.0693 0x2508 NetBT - ok
12:24:05.0706 0x2508 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon C:\windows\system32\lsass.exe
12:24:05.0708 0x2508 Netlogon - ok
12:24:05.0727 0x2508 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\windows\System32\netman.dll
12:24:05.0732 0x2508 Netman - ok
12:24:05.0766 0x2508 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\windows\System32\netprofmsvc.dll
12:24:05.0773 0x2508 netprofm - ok
12:24:05.0855 0x2508 [ 735E4E58539FA0F0B96B7D9599C6C041, 43B603C7EF5B1819FC99776984326C5AA6D2915BA70E12E5366BB456D1F2B7E3 ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
12:24:05.0882 0x2508 netr28x - ok
12:24:05.0931 0x2508 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:24:05.0963 0x2508 NetTcpPortSharing - ok
12:24:05.0988 0x2508 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
12:24:05.0990 0x2508 nfrd960 - ok
12:24:06.0035 0x2508 [ 5177E35B186D2DED6F1EFF57BA61B975, B48C2E0FE2E95C37697107BDB8E0843D3E56200D2E242BF02E205C53978655D9 ] NlaSvc C:\windows\System32\nlasvc.dll
12:24:06.0048 0x2508 NlaSvc - ok
12:24:06.0078 0x2508 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\windows\system32\drivers\Npfs.sys
12:24:06.0079 0x2508 Npfs - ok
12:24:06.0091 0x2508 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
12:24:06.0092 0x2508 npsvctrig - ok
12:24:06.0122 0x2508 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\windows\system32\nsisvc.dll
12:24:06.0125 0x2508 nsi - ok
12:24:06.0137 0x2508 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:24:06.0138 0x2508 nsiproxy - ok
12:24:06.0199 0x2508 [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:24:06.0225 0x2508 Ntfs - ok
12:24:06.0245 0x2508 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\windows\system32\drivers\Null.sys
12:24:06.0245 0x2508 Null - ok
12:24:06.0254 0x2508 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
12:24:06.0256 0x2508 nvraid - ok
12:24:06.0267 0x2508 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\windows\system32\drivers\nvstor.sys
12:24:06.0269 0x2508 nvstor - ok
12:24:06.0282 0x2508 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
12:24:06.0284 0x2508 nv_agp - ok
12:24:06.0365 0x2508 [ 4E5989A0033E9805BC626A3B660362F6, E156AEB635D5ECB21B3906C5B49ADCA8212F677B1E447B4C97F4AB76E5A601EF ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
12:24:06.0389 0x2508 OfficeSvc - ok
12:24:06.0437 0x2508 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:06.0439 0x2508 ose - ok
12:24:06.0453 0x2508 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:24:06.0459 0x2508 p2pimsvc - ok
12:24:06.0478 0x2508 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\windows\system32\p2psvc.dll
12:24:06.0485 0x2508 p2psvc - ok
12:24:06.0504 0x2508 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\windows\System32\drivers\parport.sys
12:24:06.0506 0x2508 Parport - ok
12:24:06.0524 0x2508 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\windows\system32\drivers\partmgr.sys
12:24:06.0525 0x2508 partmgr - ok
12:24:06.0549 0x2508 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\windows\System32\pcasvc.dll
12:24:06.0555 0x2508 PcaSvc - ok
12:24:06.0570 0x2508 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\windows\system32\drivers\pci.sys
12:24:06.0573 0x2508 pci - ok
12:24:06.0586 0x2508 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\windows\system32\drivers\pciide.sys
12:24:06.0586 0x2508 pciide - ok
12:24:06.0605 0x2508 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
12:24:06.0608 0x2508 pcmcia - ok
12:24:06.0619 0x2508 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\windows\system32\drivers\pcw.sys
12:24:06.0620 0x2508 pcw - ok
12:24:06.0642 0x2508 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\windows\system32\drivers\pdc.sys
12:24:06.0643 0x2508 pdc - ok
12:24:06.0682 0x2508 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:24:06.0701 0x2508 PEAUTH - ok
12:24:06.0782 0x2508 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\windows\SysWow64\perfhost.exe
12:24:06.0784 0x2508 PerfHost - ok
12:24:06.0838 0x2508 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\windows\system32\pla.dll
12:24:06.0855 0x2508 pla - ok
12:24:06.0883 0x2508 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:24:06.0886 0x2508 PlugPlay - ok
12:24:06.0911 0x2508 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\windows\system32\PnkBstrA.exe
12:24:06.0914 0x2508 PnkBstrA - ok
12:24:06.0922 0x2508 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:24:06.0924 0x2508 PNRPAutoReg - ok
12:24:06.0945 0x2508 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:24:06.0951 0x2508 PNRPsvc - ok
12:24:06.0977 0x2508 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:24:06.0984 0x2508 PolicyAgent - ok
12:24:07.0031 0x2508 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\windows\system32\umpo.dll
12:24:07.0039 0x2508 Power - ok
12:24:07.0071 0x2508 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:24:07.0075 0x2508 PptpMiniport - ok
12:24:07.0190 0x2508 [ 3D312AC13CB8D05822E9EFD234766BA7, 5914CAA563FAE4E21AD58A262369657135D320788A56ABF15C9D77E9ADC4CA36 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:24:07.0219 0x2508 PrintNotify - ok
12:24:07.0241 0x2508 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\windows\System32\drivers\processr.sys
12:24:07.0242 0x2508 Processor - ok
12:24:07.0266 0x2508 [ 1D7127048413309629233B50BF2DD9A6, 918322AFDD576D9966961B111F5E38BDDB4278F9456E7AA1A3453EC8CAF4B8A8 ] ProfSvc C:\windows\system32\profsvc.dll
12:24:07.0270 0x2508 ProfSvc - ok
12:24:07.0284 0x2508 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:24:07.0287 0x2508 Psched - ok
12:24:07.0305 0x2508 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\windows\system32\qwave.dll
12:24:07.0310 0x2508 QWAVE - ok
12:24:07.0324 0x2508 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:24:07.0326 0x2508 QWAVEdrv - ok
12:24:07.0347 0x2508 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:24:07.0349 0x2508 RasAcd - ok
12:24:07.0382 0x2508 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:24:07.0385 0x2508 RasAgileVpn - ok
12:24:07.0412 0x2508 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\windows\System32\rasauto.dll
12:24:07.0420 0x2508 RasAuto - ok
12:24:07.0442 0x2508 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:24:07.0444 0x2508 Rasl2tp - ok
12:24:07.0466 0x2508 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\windows\System32\rasmans.dll
12:24:07.0474 0x2508 RasMan - ok
12:24:07.0492 0x2508 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:24:07.0493 0x2508 RasPppoe - ok
12:24:07.0504 0x2508 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:24:07.0506 0x2508 RasSstp - ok
12:24:07.0581 0x2508 [ 71FF75BAE3D6E362BE3AD07E26C2D00A, 33F82F817AAAD585D47112A88BCC9DC2FB1B7AB8448EE140FA00FA520D8647A7 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
12:24:07.0587 0x2508 Razer Game Scanner Service - ok
12:24:07.0627 0x2508 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:24:07.0639 0x2508 rdbss - ok
12:24:07.0661 0x2508 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
12:24:07.0661 0x2508 rdpbus - ok
12:24:07.0678 0x2508 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
12:24:07.0680 0x2508 RDPDR - ok
12:24:07.0704 0x2508 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
12:24:07.0705 0x2508 RdpVideoMiniport - ok
12:24:07.0723 0x2508 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:24:07.0726 0x2508 RDPWD - ok
12:24:07.0745 0x2508 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:24:07.0747 0x2508 rdyboost - ok
12:24:07.0775 0x2508 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\windows\System32\mprdim.dll
12:24:07.0778 0x2508 RemoteAccess - ok
12:24:07.0790 0x2508 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:24:07.0794 0x2508 RemoteRegistry - ok
12:24:07.0817 0x2508 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:24:07.0820 0x2508 RpcEptMapper - ok
12:24:07.0839 0x2508 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\windows\system32\locator.exe
12:24:07.0841 0x2508 RpcLocator - ok
12:24:07.0879 0x2508 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\windows\system32\rpcss.dll
12:24:07.0890 0x2508 RpcSs - ok
12:24:07.0916 0x2508 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:24:07.0918 0x2508 rspndr - ok
12:24:07.0939 0x2508 [ 8295DB01432C1D1F3D0F4A27AB349730, 7FE8CC442829B8136A96E19F17070C29DA2C5F1B9EA2B5EBACCB965783F96356 ] rzendpt C:\windows\System32\drivers\rzendpt.sys
12:24:07.0940 0x2508 rzendpt - ok
12:24:07.0965 0x2508 [ F17F84511E7DFDEEAB646F0699A006D7, 5237937841FBD1F99A5D6161DEBA26182DDAF617CA98946EE7DB0AB67FC149EA ] rzpmgrk C:\windows\system32\drivers\rzpmgrk.sys
12:24:07.0966 0x2508 rzpmgrk - ok
12:24:07.0991 0x2508 [ FEF60A37301E1F5A3020FA3487FB2CD7, 0C925468C3376458D0E1EC65E097BD1A81A03901035C0195E8F6EF904EF3F901 ] rzpnk C:\windows\system32\drivers\rzpnk.sys
12:24:07.0993 0x2508 rzpnk - ok
12:24:08.0022 0x2508 [ 77C5AB228FE307C55FEF0C575E218771, 73C9D4593DA694B2D52817F608E749296D9CC1C44906C97204595476B68AD50F ] rzudd C:\windows\System32\drivers\rzudd.sys
12:24:08.0024 0x2508 rzudd - ok
12:24:08.0040 0x2508 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\windows\System32\drivers\vms3cap.sys
12:24:08.0040 0x2508 s3cap - ok
12:24:08.0072 0x2508 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs C:\windows\system32\lsass.exe
12:24:08.0074 0x2508 SamSs - ok
12:24:08.0090 0x2508 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
12:24:08.0092 0x2508 sbp2port - ok
12:24:08.0109 0x2508 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\windows\System32\SCardSvr.dll
12:24:08.0114 0x2508 SCardSvr - ok
12:24:08.0123 0x2508 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:24:08.0124 0x2508 scfilter - ok
12:24:08.0172 0x2508 [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule C:\windows\system32\schedsvc.dll
12:24:08.0188 0x2508 Schedule - ok
12:24:08.0212 0x2508 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\windows\System32\certprop.dll
12:24:08.0215 0x2508 SCPolicySvc - ok
12:24:08.0246 0x2508 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\windows\System32\drivers\sdbus.sys
12:24:08.0248 0x2508 sdbus - ok
12:24:08.0263 0x2508 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:24:08.0267 0x2508 SDRSVC - ok
12:24:08.0287 0x2508 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\windows\System32\drivers\sdstor.sys
12:24:08.0288 0x2508 sdstor - ok
12:24:08.0298 0x2508 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
12:24:08.0299 0x2508 secdrv - ok
12:24:08.0306 0x2508 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\windows\system32\seclogon.dll
12:24:08.0309 0x2508 seclogon - ok
12:24:08.0325 0x2508 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\windows\System32\sens.dll
12:24:08.0328 0x2508 SENS - ok
12:24:08.0343 0x2508 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\windows\system32\sensrsvc.dll
12:24:08.0347 0x2508 SensrSvc - ok
12:24:08.0360 0x2508 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\windows\system32\drivers\SerCx.sys
12:24:08.0361 0x2508 SerCx - ok
12:24:08.0374 0x2508 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\windows\System32\drivers\serenum.sys
12:24:08.0374 0x2508 Serenum - ok
12:24:08.0386 0x2508 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\windows\System32\drivers\serial.sys
12:24:08.0387 0x2508 Serial - ok
12:24:08.0402 0x2508 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\windows\System32\drivers\sermouse.sys
12:24:08.0403 0x2508 sermouse - ok
12:24:08.0440 0x2508 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\windows\system32\sessenv.dll
12:24:08.0445 0x2508 SessionEnv - ok
12:24:08.0465 0x2508 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\windows\System32\drivers\sfloppy.sys
12:24:08.0465 0x2508 sfloppy - ok
12:24:08.0497 0x2508 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\windows\System32\ipnathlp.dll
12:24:08.0503 0x2508 SharedAccess - ok
12:24:08.0586 0x2508 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:24:08.0604 0x2508 ShellHWDetection - ok
12:24:08.0614 0x2508 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
12:24:08.0615 0x2508 SiSRaid2 - ok
12:24:08.0632 0x2508 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
12:24:08.0633 0x2508 SiSRaid4 - ok
12:24:08.0656 0x2508 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:24:08.0658 0x2508 SNMPTRAP - ok
12:24:08.0686 0x2508 [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport C:\windows\system32\drivers\spaceport.sys
12:24:08.0690 0x2508 spaceport - ok
12:24:08.0701 0x2508 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\windows\system32\drivers\SpbCx.sys
12:24:08.0702 0x2508 SpbCx - ok
12:24:08.0732 0x2508 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\windows\System32\spoolsv.exe
12:24:08.0742 0x2508 Spooler - ok
12:24:08.0873 0x2508 [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc C:\windows\system32\sppsvc.exe
12:24:08.0927 0x2508 sppsvc - ok
12:24:08.0951 0x2508 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\windows\system32\DRIVERS\srv.sys
12:24:08.0956 0x2508 srv - ok
12:24:08.0994 0x2508 [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:24:09.0004 0x2508 srv2 - ok
12:24:09.0021 0x2508 [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:24:09.0024 0x2508 srvnet - ok
12:24:09.0058 0x2508 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:24:09.0063 0x2508 SSDPSRV - ok
12:24:09.0074 0x2508 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\windows\system32\sstpsvc.dll
12:24:09.0078 0x2508 SstpSvc - ok
12:24:09.0145 0x2508 [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
12:24:09.0154 0x2508 STacSV - ok
12:24:09.0183 0x2508 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\windows\system32\drivers\stexstor.sys
12:24:09.0184 0x2508 stexstor - ok
12:24:09.0208 0x2508 [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
12:24:09.0216 0x2508 STHDA - ok
12:24:09.0233 0x2508 [ F38F79114380246B6D40CD53FB2CA28D, 5F4001F6D97903DCBB2399B3AC36329A515823D44CDEE784613F2976398DB950 ] StillCam C:\windows\System32\drivers\serscan.sys
12:24:09.0233 0x2508 StillCam - ok
12:24:09.0269 0x2508 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\windows\System32\wiaservc.dll
12:24:09.0278 0x2508 stisvc - ok
12:24:09.0298 0x2508 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\windows\system32\drivers\storahci.sys
12:24:09.0299 0x2508 storahci - ok
12:24:09.0308 0x2508 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
12:24:09.0309 0x2508 storflt - ok
12:24:09.0319 0x2508 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\windows\system32\storsvc.dll
12:24:09.0321 0x2508 StorSvc - ok
12:24:09.0330 0x2508 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\windows\system32\drivers\storvsc.sys
12:24:09.0331 0x2508 storvsc - ok
12:24:09.0356 0x2508 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\windows\system32\svsvc.dll
12:24:09.0359 0x2508 svsvc - ok
12:24:09.0376 0x2508 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\windows\System32\drivers\swenum.sys
12:24:09.0377 0x2508 swenum - ok
12:24:09.0408 0x2508 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\windows\System32\swprv.dll
12:24:09.0418 0x2508 swprv - ok
12:24:09.0472 0x2508 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\windows\system32\sysmain.dll
12:24:09.0488 0x2508 SysMain - ok
12:24:09.0520 0x2508 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
12:24:09.0524 0x2508 SystemEventsBroker - ok
12:24:09.0552 0x2508 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
12:24:09.0555 0x2508 TabletInputService - ok
12:24:09.0576 0x2508 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\windows\System32\tapisrv.dll
12:24:09.0581 0x2508 TapiSrv - ok
12:24:09.0643 0x2508 [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:24:09.0667 0x2508 Tcpip - ok
12:24:09.0706 0x2508 [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:24:09.0730 0x2508 TCPIP6 - ok
12:24:09.0759 0x2508 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:24:09.0760 0x2508 tcpipreg - ok
12:24:09.0775 0x2508 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:24:09.0777 0x2508 tdx - ok
12:24:09.0790 0x2508 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\windows\System32\drivers\terminpt.sys
12:24:09.0791 0x2508 terminpt - ok
12:24:09.0820 0x2508 [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService C:\windows\System32\termsrv.dll
12:24:09.0830 0x2508 TermService - ok
12:24:09.0859 0x2508 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\windows\system32\themeservice.dll
12:24:09.0862 0x2508 Themes - ok
12:24:09.0887 0x2508 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\windows\system32\mmcss.dll
12:24:09.0890 0x2508 THREADORDER - ok
12:24:09.0920 0x2508 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
12:24:09.0925 0x2508 TimeBroker - ok
12:24:09.0948 0x2508 [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM C:\windows\system32\drivers\tpm.sys
12:24:09.0950 0x2508 TPM - ok
12:24:09.0963 0x2508 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\windows\System32\trkwks.dll
12:24:09.0967 0x2508 TrkWks - ok
12:24:10.0018 0x2508 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:24:10.0019 0x2508 TrustedInstaller - ok
12:24:10.0042 0x2508 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
12:24:10.0043 0x2508 TsUsbFlt - ok
12:24:10.0056 0x2508 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
12:24:10.0057 0x2508 TsUsbGD - ok
12:24:10.0072 0x2508 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:24:10.0074 0x2508 tunnel - ok
12:24:10.0086 0x2508 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\windows\system32\drivers\uagp35.sys
12:24:10.0087 0x2508 uagp35 - ok
12:24:10.0107 0x2508 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\windows\System32\drivers\uaspstor.sys
12:24:10.0108 0x2508 UASPStor - ok
12:24:10.0137 0x2508 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
12:24:10.0139 0x2508 UCX01000 - ok
12:24:10.0173 0x2508 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:24:10.0177 0x2508 udfs - ok
12:24:10.0200 0x2508 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\windows\system32\UI0Detect.exe
12:24:10.0203 0x2508 UI0Detect - ok
12:24:10.0213 0x2508 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
12:24:10.0215 0x2508 uliagpkx - ok
12:24:10.0227 0x2508 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\windows\System32\drivers\umbus.sys
12:24:10.0228 0x2508 umbus - ok
12:24:10.0240 0x2508 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\windows\System32\drivers\umpass.sys
12:24:10.0240 0x2508 UmPass - ok
12:24:10.0253 0x2508 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\windows\System32\umrdp.dll
12:24:10.0259 0x2508 UmRdpService - ok
12:24:10.0301 0x2508 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:24:10.0305 0x2508 UNS - ok
12:24:10.0332 0x2508 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\windows\System32\upnphost.dll
12:24:10.0340 0x2508 upnphost - ok
12:24:10.0367 0x2508 [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64 C:\windows\System32\Drivers\usbaapl64.sys
12:24:10.0368 0x2508 USBAAPL64 - ok
12:24:10.0396 0x2508 [ 9E9F21FF91D7ECC0BCCB94D3FE52A959, 85461393D62ED939F6741C2D0A90C8AB34F4415173223BB4CFC119715D10E7A7 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
12:24:10.0398 0x2508 usbaudio - ok
12:24:10.0429 0x2508 [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp C:\windows\System32\drivers\usbccgp.sys
12:24:10.0430 0x2508 usbccgp - ok
12:24:10.0448 0x2508 [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir C:\windows\System32\drivers\usbcir.sys
12:24:10.0449 0x2508 usbcir - ok
12:24:10.0461 0x2508 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci C:\windows\System32\drivers\usbehci.sys
12:24:10.0462 0x2508 usbehci - ok
12:24:10.0496 0x2508 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub C:\windows\System32\drivers\usbhub.sys
12:24:10.0503 0x2508 usbhub - ok
12:24:10.0537 0x2508 [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
12:24:10.0542 0x2508 USBHUB3 - ok
12:24:10.0563 0x2508 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\windows\System32\drivers\usbohci.sys
12:24:10.0564 0x2508 usbohci - ok
12:24:10.0579 0x2508 [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint C:\windows\System32\drivers\usbprint.sys
12:24:10.0580 0x2508 usbprint - ok
12:24:10.0604 0x2508 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
12:24:10.0605 0x2508 USBSTOR - ok
12:24:10.0623 0x2508 [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci C:\windows\System32\drivers\usbuhci.sys
12:24:10.0624 0x2508 usbuhci - ok
12:24:10.0646 0x2508 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
12:24:10.0650 0x2508 USBXHCI - ok
12:24:10.0664 0x2508 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc C:\windows\system32\lsass.exe
12:24:10.0666 0x2508 VaultSvc - ok
12:24:10.0700 0x2508 VBoxAswDrv - ok
12:24:10.0725 0x2508 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
12:24:10.0726 0x2508 vdrvroot - ok
12:24:10.0757 0x2508 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\windows\System32\vds.exe
12:24:10.0771 0x2508 vds - ok
12:24:10.0793 0x2508 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
12:24:10.0795 0x2508 VerifierExt - ok
12:24:10.0828 0x2508 [ D4051AA2ACD38AABF9DEC24B8A331EB1, 377D5DD98E4E09F3CCC330852F9FD9E4CC2069AE1A1C1AFBC90002FE3101708B ] vhdmp C:\windows\System32\drivers\vhdmp.sys
12:24:10.0835 0x2508 vhdmp - ok
12:24:10.0851 0x2508 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\windows\system32\drivers\viaide.sys
12:24:10.0851 0x2508 viaide - ok
12:24:10.0866 0x2508 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\windows\system32\drivers\vmbus.sys
12:24:10.0869 0x2508 vmbus - ok
12:24:10.0880 0x2508 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
12:24:10.0881 0x2508 VMBusHID - ok
12:24:10.0914 0x2508 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\windows\System32\ICSvc.dll
12:24:10.0919 0x2508 vmicheartbeat - ok
12:24:10.0929 0x2508 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
12:24:10.0934 0x2508 vmickvpexchange - ok
12:24:10.0944 0x2508 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\windows\System32\ICSvc.dll
12:24:10.0949 0x2508 vmicrdv - ok
12:24:10.0959 0x2508 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\windows\System32\ICSvc.dll
12:24:10.0964 0x2508 vmicshutdown - ok
12:24:10.0973 0x2508 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\windows\System32\ICSvc.dll
12:24:10.0978 0x2508 vmictimesync - ok
12:24:10.0988 0x2508 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\windows\System32\ICSvc.dll
12:24:10.0993 0x2508 vmicvss - ok
12:24:11.0005 0x2508 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\windows\system32\drivers\volmgr.sys
12:24:11.0006 0x2508 volmgr - ok
12:24:11.0029 0x2508 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:24:11.0034 0x2508 volmgrx - ok
12:24:11.0070 0x2508 [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap C:\windows\system32\drivers\volsnap.sys
12:24:11.0074 0x2508 volsnap - ok
12:24:11.0092 0x2508 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\windows\System32\drivers\vpci.sys
12:24:11.0094 0x2508 vpci - ok
12:24:11.0109 0x2508 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\windows\system32\drivers\vsmraid.sys
12:24:11.0112 0x2508 vsmraid - ok
12:24:11.0164 0x2508 [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS C:\windows\system32\vssvc.exe
12:24:11.0182 0x2508 VSS - ok
12:24:11.0203 0x2508 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
12:24:11.0207 0x2508 VSTXRAID - ok
12:24:11.0225 0x2508 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
12:24:11.0226 0x2508 vwifibus - ok
12:24:11.0250 0x2508 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:24:11.0251 0x2508 vwififlt - ok
12:24:11.0264 0x2508 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
12:24:11.0265 0x2508 vwifimp - ok
12:24:11.0292 0x2508 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\windows\system32\w32time.dll
12:24:11.0298 0x2508 W32Time - ok
12:24:11.0310 0x2508 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\windows\System32\drivers\wacompen.sys
12:24:11.0311 0x2508 WacomPen - ok
12:24:11.0344 0x2508 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
12:24:11.0346 0x2508 Wanarp - ok
12:24:11.0353 0x2508 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:24:11.0354 0x2508 Wanarpv6 - ok
12:24:11.0396 0x2508 [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
12:24:11.0409 0x2508 WAS - ok
12:24:11.0463 0x2508 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\windows\system32\wbengine.exe
12:24:11.0488 0x2508 wbengine - ok
12:24:11.0511 0x2508 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:24:11.0517 0x2508 WbioSrvc - ok
12:24:11.0552 0x2508 [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc C:\windows\System32\wcmsvc.dll
12:24:11.0564 0x2508 Wcmsvc - ok
12:24:11.0604 0x2508 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\windows\System32\wcncsvc.dll
12:24:11.0612 0x2508 wcncsvc - ok
12:24:11.0625 0x2508 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:24:11.0628 0x2508 WcsPlugInService - ok
12:24:11.0643 0x2508 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\windows\system32\drivers\wd.sys
12:24:11.0644 0x2508 Wd - ok
12:24:11.0668 0x2508 [ 5A416C253D2C50327928ABC4A1D8A0F2, A3A41F3E6229D86F85F68062BBEA38290FB78B3D3F0D8DF3B6C01FF5B93A9F16 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
12:24:11.0669 0x2508 WdBoot - ok
12:24:11.0713 0x2508 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:24:11.0722 0x2508 Wdf01000 - ok
12:24:11.0742 0x2508 [ 6FBA6CD2348DEC440D0C6D511C55F3FE, 0CB50B57D9C6E56B20FA8777540E2C8C5702753758075DA4C310A7B2B2F8A352 ] WdFilter C:\windows\system32\drivers\WdFilter.sys
12:24:11.0746 0x2508 WdFilter - ok
12:24:11.0766 0x2508 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\windows\system32\wdi.dll
12:24:11.0770 0x2508 WdiServiceHost - ok
12:24:11.0777 0x2508 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\windows\system32\wdi.dll
12:24:11.0780 0x2508 WdiSystemHost - ok
12:24:11.0809 0x2508 [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient C:\windows\System32\webclnt.dll
12:24:11.0816 0x2508 WebClient - ok
12:24:11.0837 0x2508 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\windows\system32\wecsvc.dll
12:24:11.0845 0x2508 Wecsvc - ok
12:24:11.0865 0x2508 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\windows\System32\wercplsupport.dll
12:24:11.0868 0x2508 wercplsupport - ok
12:24:11.0886 0x2508 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\windows\System32\WerSvc.dll
12:24:11.0890 0x2508 WerSvc - ok
12:24:11.0913 0x2508 [ 8FDA12E934C7BB7CC317F90FC70DC4FC, AA0DA063BCE5692DFD46F0AAE07727B38D4AA87A9BAEBAFF137F9CAAF2808EC0 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
12:24:11.0915 0x2508 WFPLWFS - ok
12:24:11.0928 0x2508 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\windows\System32\wiarpc.dll
12:24:11.0932 0x2508 WiaRpc - ok
12:24:11.0960 0x2508 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:24:11.0961 0x2508 WIMMount - ok
12:24:11.0984 0x2508 WinDefend - ok
12:24:12.0021 0x2508 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
12:24:12.0031 0x2508 WinHttpAutoProxySvc - ok
12:24:12.0081 0x2508 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:24:12.0086 0x2508 Winmgmt - ok
12:24:12.0182 0x2508 [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM C:\windows\system32\WsmSvc.dll
12:24:12.0216 0x2508 WinRM - ok
12:24:12.0257 0x2508 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
12:24:12.0258 0x2508 WinUsb - ok
12:24:12.0324 0x2508 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\windows\System32\wlansvc.dll
12:24:12.0342 0x2508 WlanSvc - ok
12:24:12.0420 0x2508 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\windows\system32\wlidsvc.dll
12:24:12.0443 0x2508 wlidsvc - ok
12:24:12.0468 0x2508 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
12:24:12.0469 0x2508 WmiAcpi - ok
12:24:12.0499 0x2508 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:24:12.0501 0x2508 wmiApSrv - ok
12:24:12.0524 0x2508 WMPNetworkSvc - ok
12:24:12.0543 0x2508 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
12:24:12.0544 0x2508 wpcfltr - ok
12:24:12.0569 0x2508 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\windows\System32\wpcsvc.dll
12:24:12.0572 0x2508 WPCSvc - ok
12:24:12.0597 0x2508 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:24:12.0605 0x2508 WPDBusEnum - ok
12:24:12.0626 0x2508 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
12:24:12.0627 0x2508 WpdUpFltr - ok
12:24:12.0650 0x2508 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:24:12.0651 0x2508 ws2ifsl - ok
12:24:12.0673 0x2508 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\windows\System32\wscsvc.dll
12:24:12.0676 0x2508 wscsvc - ok
12:24:12.0683 0x2508 WSearch - ok
12:24:12.0756 0x2508 [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService C:\windows\System32\WSService.dll
12:24:12.0783 0x2508 WSService - ok
12:24:12.0908 0x2508 [ C5B45464B98F211FE58AEE62CFF21F05, A0AB6142F35707102B75C9C29A749C7EB12CB6F5E85E6BA67C5B961AF7EB3BE8 ] wuauserv C:\windows\system32\wuaueng.dll
12:24:12.0945 0x2508 wuauserv - ok
12:24:12.0972 0x2508 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:24:12.0974 0x2508 WudfPf - ok
12:24:13.0001 0x2508 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
12:24:13.0007 0x2508 WUDFRd - ok
12:24:13.0049 0x2508 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:24:13.0057 0x2508 wudfsvc - ok
12:24:13.0075 0x2508 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
12:24:13.0078 0x2508 WUDFWpdFs - ok
12:24:13.0087 0x2508 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\windows\system32\DRIVERS\WUDFRd.sys
12:24:13.0090 0x2508 WUDFWpdMtp - ok
12:24:13.0126 0x2508 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\windows\System32\wwansvc.dll
12:24:13.0134 0x2508 WwanSvc - ok
12:24:13.0162 0x2508 ================ Scan global ===============================
12:24:13.0191 0x2508 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
12:24:13.0215 0x2508 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
12:24:13.0242 0x2508 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
12:24:13.0267 0x2508 [ B6AEF1771CCA54B67DA4932753F74124, 83A353CAC6111C16EB880345E7D89DC9D56F0A3C79F854A4BB7DBABF7270C29F ] C:\windows\system32\services.exe
12:24:13.0273 0x2508 [ Global ] - ok
12:24:13.0274 0x2508 ================ Scan MBR ==================================
12:24:13.0281 0x2508 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:24:13.0283 0x2508 \Device\Harddisk0\DR0 - ok
12:24:13.0284 0x2508 ================ Scan VBR ==================================
12:24:13.0286 0x2508 [ 36D5C98962745F35CC55B36A48BBEFBF ] \Device\Harddisk0\DR0\Partition1
12:24:13.0331 0x2508 \Device\Harddisk0\DR0\Partition1 - ok
12:24:13.0339 0x2508 [ 0CEC52DD76835EA0C696771235B75171 ] \Device\Harddisk0\DR0\Partition2
12:24:13.0373 0x2508 \Device\Harddisk0\DR0\Partition2 - ok
12:24:13.0387 0x2508 [ 7D4B560A7CFC88364DB6B6DBC55CAE70 ] \Device\Harddisk0\DR0\Partition3
12:24:13.0387 0x2508 \Device\Harddisk0\DR0\Partition3 - ok
12:24:13.0398 0x2508 [ D03002DD977159F500A3D2220140CFB5 ] \Device\Harddisk0\DR0\Partition4
12:24:13.0444 0x2508 \Device\Harddisk0\DR0\Partition4 - ok
12:24:13.0463 0x2508 [ B7221BE3E4FCACBC1D021C80858C5AAF ] \Device\Harddisk0\DR0\Partition5
12:24:13.0497 0x2508 \Device\Harddisk0\DR0\Partition5 - ok
12:24:13.0517 0x2508 [ 21FA2730E96401AC3336B7407B6FCF25 ] \Device\Harddisk0\DR0\Partition6
12:24:13.0519 0x2508 \Device\Harddisk0\DR0\Partition6 - ok
12:24:13.0519 0x2508 ================ Scan generic autorun ======================
12:24:13.0549 0x2508 [ 49BD5663071AA799AC0B1E6B48EB9257, 39364B7E08C87545B4E48264509D73800FE5B0A76E34E0B169DA489895820B22 ] C:\Program Files\IDT\WDM\beats64.exe
12:24:13.0551 0x2508 BeatsOSDApp - ok
12:24:13.0596 0x2508 [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
12:24:13.0616 0x2508 SysTrayApp - ok
12:24:13.0804 0x2508 [ 1539331FFDB2D977BFF14F5737F5063E, 29C6CDEDA01D406BEE2B6E06CC42491A9EA89E45751D92DB4A2E9C017527B44A ] C:\Program Files\Logitech Gaming Software\LCore.exe
12:24:13.0890 0x2508 Launch LCore - ok
12:24:13.0921 0x2508 [ C89FAB42CD5FD672506031D941529A74, EAB2BC06BBA552A9506F9E1B537E95AC0A839616764C0F9D5ADCD7527DC7AA4B ] C:\windows\SYSTEM32\WerFault.exe
12:24:13.0929 0x2508 *WerKernelReporting - ok
12:24:13.0992 0x2508 [ BDF02FD9CE2760046F7021D73E795FDE, 5A505A88F88C1D142C1509BE7A2492A0EA51F92D91B683EF53DFE192BF03A8B3 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
12:24:14.0005 0x2508 StartCCC - ok
12:24:14.0071 0x2508 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
12:24:14.0074 0x2508 CLMLServer_For_P2G8 - ok
12:24:14.0096 0x2508 [ B35B97FC934A9A7D02232094128CD636, 08F9E36F7DB86325986712210DF1B235DAC4F76FB599D2756E863A9FAFEBD57B ] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
12:24:14.0103 0x2508 CLVirtualDrive - ok
12:24:14.0205 0x2508 [ 82E9ECACEA799EDD4FD554E14A1838F3, E9E99D387C0204671F36317B812FA97D277B3BC1F7281B907040963C685968E4 ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
12:24:14.0229 0x2508 BATINDICATOR - ok
12:24:14.0253 0x2508 [ F0DC5AFA79FB54A6B5425735E3FFBBE2, 16D161C4D54FC49E6C175FC0292D78AA37131CF11290135829DF1447C6B52BB4 ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
12:24:14.0260 0x2508 BATINDICATORHL - ok
12:24:14.0342 0x2508 [ 547DD95D50865FD628FEF018B9B2E878, 62305BD8EB58505E9669C47D2BECB20E004C8078BAC4B3B44C3141D4839981DC ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
12:24:14.0364 0x2508 OSDTool - ok
12:24:14.0412 0x2508 [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:24:14.0414 0x2508 APSDaemon - ok
12:24:14.0459 0x2508 [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
12:24:14.0463 0x2508 iTunesHelper - ok
12:24:14.0594 0x2508 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
12:24:14.0663 0x2508 AvastUI.exe - ok
12:24:14.0731 0x2508 [ 8AC10EC7431ABCB52A74CC9236907EB7, 40C1354165EDE1503D078C1274A9BA0B02C80B2628EB8BF663A23A87760B9C17 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
12:24:14.0744 0x2508 CanonQuickMenu - ok
12:24:14.0779 0x2508 [ 6B53177248AC5327FFB5CB2D5C500C94, 2F03DA955BF63BDCA979B76B263FBE4EB1BA2A76476EF0D9145E66CAB781C67C ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
12:24:14.0786 0x2508 IJNetworkScannerSelectorEX - ok
12:24:14.0790 0x2508 GrpConv - ok
12:24:14.0848 0x2508 [ 9DECF401AE4CB834D89957BDBF484068, 084056EAA068F88B6168566F14D315F2AD35F2202B18CFC5F88A466C154210A3 ] C:\Program Files\AVAST Software\Avast\setup\emupdate\0a5626b7-54ff-490c-9d25-22eeb56b74c5.exe
12:24:14.0854 0x2508 20150107 - ok
12:24:14.0861 0x2508 Report - ok
12:24:14.0948 0x2508 [ D213F06AE294341F3503FD74E22E7DDA, 57CD0D08BADAA0CAB4FA7BB2ABEEF1AADCB87A798937696B9E3431C1B793B869 ] C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
12:24:14.0955 0x2508 SkyDrive - ok
12:24:14.0992 0x2508 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
12:24:14.0998 0x2508 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64 - ok
12:24:15.0011 0x2508 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
12:24:15.0018 0x2508 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828 - ok
12:24:15.0030 0x2508 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
12:24:15.0035 0x2508 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64 - ok
12:24:15.0044 0x2508 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
12:24:15.0049 0x2508 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314 - ok
12:24:15.0050 0x2508 Waiting for KSN requests completion. In queue: 58
12:24:16.0051 0x2508 Waiting for KSN requests completion. In queue: 58
12:24:17.0051 0x2508 Waiting for KSN requests completion. In queue: 58
12:24:18.0080 0x2508 AV detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe ( 9.0.0.5066 ), 0x40010 ( disabled : outofdate )
12:24:18.0088 0x2508 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
12:24:18.0090 0x2508 FW detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe ( 9.0.0.5066 ), 0x40010 ( disabled )
12:24:18.0102 0x2508 Win FW state via NFP2: enabled
12:24:20.0475 0x2508 ============================================================
12:24:20.0475 0x2508 Scan finished
12:24:20.0475 0x2508 ============================================================
12:24:20.0487 0x1240 Detected object count: 0
12:24:20.0487 0x1240 Actual detected object count: 0
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
05.06.2015, 11:44
| #5 | |
| /// TB-Ausbilder | PC hängt wiedermal...Kann das jemand anschauen? Servus, Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. |
|
05.06.2015, 12:33
| #6 |
| | PC hängt wiedermal...Kann das jemand anschauen? Oh sorry... Hab dir hier nochmals die Logs: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by AdminFabian (administrator) on PC_FABIAN on 05-06-2015 13:32:30
Running from C:\Users\Fabian.PC_Fabian\Desktop
Loaded Profiles: AdminFabian & Fabian (Available Profiles: AdminFabian & Fabian)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Fabian.PC_Fabian\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\0a5626b7-54ff-490c-9d25-22eeb56b74c5.exe [183232 2015-05-25] (AVAST Software)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S2].txt
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\Run: [SkyDrive] => C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\MountPoints2: {3c35e8d1-db21-11e2-be85-4c72b97327ec} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\MountPoints2: {75e0df4f-7aae-11e2-be79-4c72b97327ec} - "K:\laucher.exe"
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.janosch-nietlispach.ch/news
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> DefaultScope {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1392978341-1441607686-3862372307-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1855064 2012-11-23] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 12:23 - 2015-06-05 12:23 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fabian.PC_Fabian\Desktop\tdsskiller.exe
2015-06-05 12:20 - 2015-06-05 13:32 - 00021396 _____ C:\Users\Fabian.PC_Fabian\Desktop\FRST.txt
2015-06-05 12:20 - 2015-06-05 12:20 - 02108928 _____ (Farbar) C:\Users\Fabian.PC_Fabian\Desktop\FRST64.exe
2015-06-03 10:08 - 2015-06-03 10:08 - 00280008 _____ C:\windows\Minidump\060315-21078-01.dmp
2015-06-01 20:46 - 2015-06-01 20:46 - 00280008 _____ C:\windows\Minidump\060115-21750-01.dmp
2015-05-19 17:31 - 2015-05-19 17:31 - 00280008 _____ C:\windows\Minidump\051915-21312-01.dmp
2015-05-19 11:58 - 2015-05-19 11:58 - 00016676 _____ C:\Users\Fabian.PC_Fabian\Desktop\Feedbackfragen Jubla Cham.dat
2015-05-13 20:26 - 2015-05-13 20:26 - 00280008 _____ C:\windows\Minidump\051315-20593-01.dmp
2015-05-12 17:27 - 2015-05-12 17:27 - 00280008 _____ C:\windows\Minidump\051215-17562-01.dmp
2015-05-07 17:33 - 2015-05-07 17:34 - 00280008 _____ C:\windows\Minidump\050715-27140-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 13:32 - 2015-04-30 19:45 - 00000000 ____D C:\FRST
2015-06-05 13:30 - 2013-02-02 17:50 - 01153292 _____ C:\windows\WindowsUpdate.log
2015-06-05 13:29 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2015-06-05 13:29 - 2012-07-26 09:59 - 00000000 ____D C:\windows\CbsTemp
2015-06-05 11:23 - 2015-03-16 21:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-05 11:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2015-06-05 10:53 - 2013-02-05 21:31 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1392978341-1441607686-3862372307-1006
2015-06-04 18:04 - 2013-08-11 19:48 - 00000000 ____D C:\windows\system32\MRT
2015-06-04 18:02 - 2013-02-02 19:33 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-04 17:17 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-06-03 10:13 - 2012-10-23 19:37 - 00724412 _____ C:\windows\system32\perfh007.dat
2015-06-03 10:13 - 2012-10-23 19:37 - 00163214 _____ C:\windows\system32\perfc007.dat
2015-06-03 10:13 - 2012-07-26 09:28 - 01734152 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-03 10:09 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security
2015-06-03 10:09 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-03 10:08 - 2013-10-31 21:06 - 668381772 _____ C:\windows\MEMORY.DMP
2015-06-03 10:08 - 2013-10-23 21:17 - 00000000 ____D C:\windows\Minidump
2015-05-25 20:30 - 2013-12-09 21:11 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Roaming\TS3Client
2015-05-19 18:04 - 2013-02-16 21:06 - 00549888 ___SH C:\Users\Fabian.PC_Fabian\Desktop\Thumbs.db
2015-05-19 17:32 - 2013-02-06 22:21 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-05-19 12:08 - 2013-02-05 21:25 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Local\Packages
2015-05-07 17:33 - 2012-08-01 19:02 - 00737506 _____ C:\windows\PFRO.log
==================== Files in the root of some directories =======
2013-02-02 18:13 - 2013-02-02 18:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\AdminFabian\AppData\Local\Temp\Quarantine.exe
C:\Users\AdminFabian\AppData\Local\Temp\sqlite3.dll
C:\Users\Fabian.PC_Fabian\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 21:01
==================== End of log ============================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by AdminFabian at 2015-06-05 13:33:01
Running from C:\Users\Fabian.PC_Fabian\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AdminFabian (S-1-5-21-1392978341-1441607686-3862372307-1005 - Administrator - Enabled) => C:\Users\AdminFabian
Administrator (S-1-5-21-1392978341-1441607686-3862372307-500 - Administrator - Disabled)
Fabian (S-1-5-21-1392978341-1441607686-3862372307-1006 - Limited - Enabled) => C:\Users\Fabian.PC_Fabian
Gast (S-1-5-21-1392978341-1441607686-3862372307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1392978341-1441607686-3862372307-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Internet Security (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
eTax.zug 2014 nP 1.3.0 (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\8452-4068-1171-2815) (Version: 1.3.0 - Information Factory AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RecImgManager (HKLM-x32\...\{1ECC3992-5E46-4A3B-823F-4228D5B05A83}) (Version: 2.0.26222 - SlimWare Utilities, Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-05-2015 20:58:43 Geplanter Prüfpunkt
04-06-2015 17:03:23 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2015-03-23 19:52 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E1975F3-5D81-4CA8-8E07-168E2CD1DF5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5F63D142-E881-4C1E-A6BB-D4956C70E5A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {74BEDB4E-487E-4F08-808D-3CD98A22F124} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {97A056F4-107F-4DB8-8E61-3264A3A8DDBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-04] (Microsoft Corporation)
Task: {E0CF2BA3-882C-4D8E-9580-68B42A1AA8D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F6E24018-619A-4763-9815-BEF6CF60CD7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F7C59E27-327A-406B-8FAB-A1B6132D4BA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
==================== Loaded Modules (Whitelisted) ==============
2013-02-05 23:21 - 2012-11-10 11:28 - 00382544 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00513600 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00607296 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-10 17:46 - 2015-02-06 20:08 - 00076152 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-12-19 05:22 - 2014-12-19 05:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-04-22 18:20 - 2015-04-22 18:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-01 20:47 - 2015-06-01 20:47 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060101\algo.dll
2015-06-05 11:52 - 2015-06-05 11:52 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060500\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-23 10:52 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-23 10:58 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-23 10:59 - 2009-02-19 18:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2015-04-22 18:20 - 2015-04-22 18:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-29 23:26 - 2014-11-26 04:12 - 40622592 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-19 05:22 - 2014-12-19 05:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2015-01-29 23:26 - 2014-11-26 04:12 - 00911360 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-01-29 23:26 - 2014-11-26 04:12 - 00134144 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "SkyDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBB1C137-790B-486B-A9C9-27B435B298F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{293ABFA0-F8E4-4BEE-989D-E9F5BB71FA8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF3D2D61-C87A-4D43-9E52-1D6ABDD4012F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F2898FF-636E-494A-A285-C5E36AF9CFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C008179C-4E73-43B3-AE1F-761536965182}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D559845D-EA90-49AC-AA22-87A9048E0C3F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B90066BF-D10D-4365-B161-3D91EABEC775}] => (Allow) C:\Users\AdminFabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2DFB5855-1A34-43A2-BA35-A329FC85E85C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18FCFA59-65A8-4E08-AFF7-D175F3A69EB5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DEA5977-AAE4-4705-9CBE-A522CEDE88E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89579F59-EFB0-4DCB-9C86-C2F2213A110A}] => (Allow) LPort=2869
FirewallRules: [{5F8EE66C-73FF-4440-ACC8-26DEF876E66E}] => (Allow) LPort=1900
FirewallRules: [{DB8A88AE-0600-4295-88EC-70C0BC252A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05F57B78-2520-4FA8-AE37-EED4AA648917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7E4CE3E0-E0A1-4ADF-BB67-48FEF13A388F}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{EAC1CAEE-90CA-4D75-A471-EF0E268AFF38}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{EF607449-0DA6-4A67-916B-36757CB05CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [{E5A994C9-B85E-42E6-BBFB-1BF6E259E16C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [TCP Query User{9A101C02-AFA2-4EE8-9018-012E365F5DE4}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{ED0CF3BB-BC4A-42C6-95CF-60F7B18D1A31}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [TCP Query User{46220C03-5BE5-4E16-87E1-4644B21A49CF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FF72C7FF-F4E0-47F5-A1E0-ED12B2EC0FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2516AA43-DAD4-47EE-9345-8B815227CA08}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{658CEDA9-859B-4117-8EA9-8DB4A7CE1EB4}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{25B7CD5D-C18C-429B-B8B9-BE64640530EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B433DBEC-8EA6-45B9-8863-060CE099D8CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8BDCF14-4299-4204-AF95-DC0772D6620B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E884CE-DB2E-45A7-A827-87BB7B549121}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B47B08A-E461-45C5-87F3-0A8F0F53A797}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CEEF249C-ED01-4EEE-81C3-0C4FF075B9AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB00654F-36F9-4054-A5FC-D3F89A90DE62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397D4BAD-B323-4520-A472-DE71F8919AAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{D5B95690-0429-4F20-9608-EC3E19DAFCFA}] => (Allow) LPort=53000
FirewallRules: [{17BE0B20-3434-447A-8B20-3C78433103F2}] => (Allow) LPort=52000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/04/2015 10:05:34 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 10:03:20 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 06:06:45 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (06/04/2015 06:04:31 PM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (06/04/2015 06:04:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/03/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17267, Zeitstempel: 0x54e7f156
Name des fehlerhaften Moduls: KERNEL32.dll, Version: 6.2.9200.16859, Zeitstempel: 0x53118550
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00026185
ID des fehlerhaften Prozesses: 0x17b4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (06/03/2015 10:09:35 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
System errors:
=============
Error: (06/03/2015 00:07:10 PM) (Source: DCOM) (EventID: 10016) (User: PC_Fabian)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC_FabianFabianS-1-5-21-1392978341-1441607686-3862372307-1006LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/03/2015 10:09:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/03/2015 10:09:13 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Error: (06/03/2015 10:08:47 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (06/03/2015 10:08:59 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000139 (0x0000000000000003, 0xfffff880049d81e0, 0xfffff880049d8138, 0x0000000000000000)C:\windows\MEMORY.DMP060315-21078-01
Error: (06/03/2015 10:08:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.06.2015 um 21:19:13 unerwartet heruntergefahren.
Error: (06/03/2015 10:08:36 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212254731067200
Error: (06/01/2015 09:12:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "PC_BRIGITTE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{A8851342-14E7-401D-B490-4A2FE92AFB41}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/01/2015 08:47:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/01/2015 08:46:45 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.
Microsoft Office:
=========================
Error: (06/04/2015 10:05:34 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 10:03:20 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 06:06:45 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (06/04/2015 06:04:31 PM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Spooler8
Error: (06/04/2015 06:04:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (06/04/2015 06:04:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/03/2015 10:10:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1726754e7f156KERNEL32.dll6.2.9200.1685953118550c00000050002618517b401d09dd4b8abcf66C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNEL32.dll03bf193d-09c8-11e5-bee8-4c72b97327ec
Error: (06/03/2015 10:09:35 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
CodeIntegrity Errors:
===================================
Date: 2015-06-04 16:58:14.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:09.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:07.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:00.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:24.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:22.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:20.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:19.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:18.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16323.54 MB
Available physical RAM: 14054 MB
Total Pagefile: 32707.54 MB
Available Pagefile: 29740.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1000.11 GB) (Free:815.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.98 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Daten) (Fixed) (Total:849.45 GB) (Free:742.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0ABD2367)
Partition: GPT Partition Type.
==================== End of log ============================
__________________ --> PC hängt wiedermal...Kann das jemand anschauen? |
|
05.06.2015, 12:34
| #7 |
| | PC hängt wiedermal...Kann das jemand anschauen?Code:
ATTFilter 13:34:15.0405 0x28c8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:34:15.0405 0x28c8 UEFI system
13:34:18.0188 0x28c8 ============================================================
13:34:18.0188 0x28c8 Current date / time: 2015/06/05 13:34:18.0188
13:34:18.0188 0x28c8 SystemInfo:
13:34:18.0188 0x28c8
13:34:18.0188 0x28c8 OS Version: 6.2.9200 ServicePack: 0.0
13:34:18.0188 0x28c8 Product type: Workstation
13:34:18.0188 0x28c8 ComputerName: PC_FABIAN
13:34:18.0188 0x28c8 UserName: AdminFabian
13:34:18.0188 0x28c8 Windows directory: C:\windows
13:34:18.0188 0x28c8 System windows directory: C:\windows
13:34:18.0188 0x28c8 Running under WOW64
13:34:18.0188 0x28c8 Processor architecture: Intel x64
13:34:18.0188 0x28c8 Number of processors: 8
13:34:18.0188 0x28c8 Page size: 0x1000
13:34:18.0188 0x28c8 Boot type: Normal boot
13:34:18.0188 0x28c8 ============================================================
13:34:19.0011 0x28c8 KLMD registered as C:\windows\system32\drivers\37421580.sys
13:34:19.0274 0x28c8 System UUID: {83CE8489-8F97-CC38-5DD8-4E9939A49D5C}
13:34:19.0634 0x28c8 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:34:19.0657 0x28c8 ============================================================
13:34:19.0657 0x28c8 \Device\Harddisk0\DR0:
13:34:19.0658 0x28c8 GPT partitions:
13:34:19.0658 0x28c8 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BED31882-643C-4352-B77F-C687397A3BE2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1FF800
13:34:19.0658 0x28c8 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B50EB2F0-5FDC-463D-83C3-63561A00B356}, Name: EFI system partition, StartLBA 0x200000, BlocksNum 0xB4000
13:34:19.0658 0x28c8 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D6A7DE4A-1193-4266-B231-8667AD6C5D81}, Name: Microsoft reserved partition, StartLBA 0x2B4000, BlocksNum 0x40000
13:34:19.0658 0x28c8 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {74381645-92D0-4AD3-A3C4-BD6607EEEA62}, Name: Basic data partition, StartLBA 0x2F4000, BlocksNum 0x7D039000
13:34:19.0658 0x28c8 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {735E67CD-C6AC-494E-91BA-655C8F24CE3F}, Name: Basic data partition, StartLBA 0x7D32D000, BlocksNum 0x6A2E7000
13:34:19.0658 0x28c8 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F99BCA9C-5D3D-4C24-981D-E53B267E60B0}, Name: Basic data partition, StartLBA 0xE7614800, BlocksNum 0x17F4000
13:34:19.0658 0x28c8 MBR partitions:
13:34:19.0658 0x28c8 ============================================================
13:34:19.0678 0x28c8 C: <-> \Device\Harddisk0\DR0\Partition4
13:34:19.0724 0x28c8 D: <-> \Device\Harddisk0\DR0\Partition6
13:34:19.0761 0x28c8 J: <-> \Device\Harddisk0\DR0\Partition5
13:34:19.0761 0x28c8 ============================================================
13:34:19.0761 0x28c8 Initialize success
13:34:19.0761 0x28c8 ============================================================
13:34:20.0907 0x22c0 ============================================================
13:34:20.0907 0x22c0 Scan started
13:34:20.0907 0x22c0 Mode: Manual;
13:34:20.0907 0x22c0 ============================================================
13:34:20.0907 0x22c0 KSN ping started
13:34:23.0359 0x22c0 KSN ping finished: true
13:34:24.0396 0x22c0 ================ Scan system memory ========================
13:34:24.0396 0x22c0 System memory - ok
13:34:24.0397 0x22c0 ================ Scan services =============================
13:34:24.0519 0x22c0 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
13:34:24.0526 0x22c0 1394ohci - ok
13:34:24.0560 0x22c0 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\windows\system32\drivers\3ware.sys
13:34:24.0562 0x22c0 3ware - ok
13:34:24.0700 0x22c0 [ BFC9B9FDFDEA8DFA86239ED8F961528E, 98795D536710199752859FFA623F823EA5690DBC66A711EAA30995C27B45D0EC ] a2AntiMalware C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
13:34:24.0754 0x22c0 a2AntiMalware - ok
13:34:24.0777 0x22c0 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\windows\system32\drivers\ACPI.sys
13:34:24.0781 0x22c0 ACPI - ok
13:34:24.0793 0x22c0 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\windows\system32\Drivers\acpiex.sys
13:34:24.0794 0x22c0 acpiex - ok
13:34:24.0804 0x22c0 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
13:34:24.0805 0x22c0 acpipagr - ok
13:34:24.0810 0x22c0 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
13:34:24.0811 0x22c0 AcpiPmi - ok
13:34:24.0821 0x22c0 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\windows\System32\drivers\acpitime.sys
13:34:24.0822 0x22c0 acpitime - ok
13:34:24.0850 0x22c0 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\windows\system32\drivers\adp94xx.sys
13:34:24.0862 0x22c0 adp94xx - ok
13:34:24.0880 0x22c0 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\windows\system32\drivers\adpahci.sys
13:34:24.0886 0x22c0 adpahci - ok
13:34:24.0901 0x22c0 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\windows\system32\drivers\adpu320.sys
13:34:24.0904 0x22c0 adpu320 - ok
13:34:24.0922 0x22c0 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:34:24.0924 0x22c0 AeLookupSvc - ok
13:34:24.0952 0x22c0 [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD C:\windows\system32\drivers\afd.sys
13:34:24.0959 0x22c0 AFD - ok
13:34:24.0978 0x22c0 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\windows\system32\drivers\agp440.sys
13:34:24.0979 0x22c0 agp440 - ok
13:34:25.0013 0x22c0 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\windows\System32\alg.exe
13:34:25.0014 0x22c0 ALG - ok
13:34:25.0050 0x22c0 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
13:34:25.0052 0x22c0 AllUserInstallAgent - ok
13:34:25.0117 0x22c0 [ E14F7B22FD0BD5FAA8C885C64690965D, B50217D1C23AF191389B9A335270A2B6254B8A3035BFCAFE4A5F7DB0FDBD7DF6 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
13:34:25.0124 0x22c0 AMD External Events Utility - ok
13:34:25.0155 0x22c0 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\windows\System32\drivers\amdk8.sys
13:34:25.0157 0x22c0 AmdK8 - ok
13:34:25.0655 0x22c0 [ F931C2ED6C8294909C10657DCB9A9A4E, 7A9CEA4ADF31C5C93F0FE433A78817FAEE57DB737D8FC4F6A0E53F1D527EA10F ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
13:34:25.0763 0x22c0 amdkmdag - ok
13:34:25.0781 0x22c0 [ 0D481A7FE3A66724DC11AD8A4E417A9A, 85726C7AC933ABD5ADE7A508E7C114BA512795F6BDC53663521AE66C27231527 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
13:34:25.0785 0x22c0 amdkmdap - ok
13:34:25.0798 0x22c0 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\windows\System32\drivers\amdppm.sys
13:34:25.0799 0x22c0 AmdPPM - ok
13:34:25.0813 0x22c0 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\windows\system32\drivers\amdsata.sys
13:34:25.0814 0x22c0 amdsata - ok
13:34:25.0823 0x22c0 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
13:34:25.0826 0x22c0 amdsbs - ok
13:34:25.0836 0x22c0 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:34:25.0836 0x22c0 amdxata - ok
13:34:25.0868 0x22c0 [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
13:34:25.0869 0x22c0 AppHostSvc - ok
13:34:25.0877 0x22c0 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\windows\system32\drivers\appid.sys
13:34:25.0879 0x22c0 AppID - ok
13:34:25.0885 0x22c0 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\windows\System32\appidsvc.dll
13:34:25.0886 0x22c0 AppIDSvc - ok
13:34:25.0918 0x22c0 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\windows\System32\appinfo.dll
13:34:25.0919 0x22c0 Appinfo - ok
13:34:25.0966 0x22c0 [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:34:25.0967 0x22c0 Apple Mobile Device - ok
13:34:25.0976 0x22c0 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\windows\system32\drivers\arc.sys
13:34:25.0977 0x22c0 arc - ok
13:34:25.0987 0x22c0 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\windows\system32\drivers\arcsas.sys
13:34:25.0988 0x22c0 arcsas - ok
13:34:26.0041 0x22c0 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:34:26.0042 0x22c0 aspnet_state - ok
13:34:26.0060 0x22c0 [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid C:\windows\system32\drivers\aswHwid.sys
13:34:26.0061 0x22c0 aswHwid - ok
13:34:26.0074 0x22c0 [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
13:34:26.0075 0x22c0 aswMonFlt - ok
13:34:26.0087 0x22c0 [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
13:34:26.0088 0x22c0 aswRdr - ok
13:34:26.0100 0x22c0 [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
13:34:26.0101 0x22c0 aswRvrt - ok
13:34:26.0132 0x22c0 [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
13:34:26.0143 0x22c0 aswSnx - ok
13:34:26.0162 0x22c0 [ B1368BE5F6BA529E0886F4DA2361BD2D, B95F430B4E4EFE9D257870722AA8F0507FB96FBE3AAB12068C662CCB6A180FE2 ] aswSP C:\windows\system32\drivers\aswSP.sys
13:34:26.0167 0x22c0 aswSP - ok
13:34:26.0179 0x22c0 [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm C:\windows\system32\drivers\aswStm.sys
13:34:26.0181 0x22c0 aswStm - ok
13:34:26.0201 0x22c0 [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
13:34:26.0205 0x22c0 aswVmm - ok
13:34:26.0216 0x22c0 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:34:26.0216 0x22c0 AsyncMac - ok
13:34:26.0241 0x22c0 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\windows\system32\drivers\atapi.sys
13:34:26.0242 0x22c0 atapi - ok
13:34:26.0267 0x22c0 [ 98A9D78AF74B2C7D27465029D389F567, 12EF8D3A7A9F27230A965D44DA4BD5692CF3F0A4183A822E226AC6722A35F4C4 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW86.sys
13:34:26.0268 0x22c0 AtiHDAudioService - ok
13:34:26.0308 0x22c0 [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
13:34:26.0310 0x22c0 AudioEndpointBuilder - ok
13:34:26.0425 0x22c0 [ 463E7457227E970CB249031AEAE7902C, 2F627BC558E5764592B08269F3EE4C6ECD544904963312A60F5B0C0B9C8C5D32 ] Audiosrv C:\windows\System32\Audiosrv.dll
13:34:26.0435 0x22c0 Audiosrv - ok
13:34:26.0504 0x22c0 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:34:26.0508 0x22c0 avast! Antivirus - ok
13:34:26.0518 0x22c0 AvastVBoxSvc - ok
13:34:26.0532 0x22c0 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\windows\System32\AxInstSV.dll
13:34:26.0534 0x22c0 AxInstSV - ok
13:34:26.0571 0x22c0 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
13:34:26.0578 0x22c0 b06bdrv - ok
13:34:26.0588 0x22c0 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
13:34:26.0589 0x22c0 BasicDisplay - ok
13:34:26.0597 0x22c0 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
13:34:26.0598 0x22c0 BasicRender - ok
13:34:26.0633 0x22c0 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\windows\System32\bdesvc.dll
13:34:26.0636 0x22c0 BDESVC - ok
13:34:26.0650 0x22c0 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\windows\system32\drivers\Beep.sys
13:34:26.0651 0x22c0 Beep - ok
13:34:26.0689 0x22c0 [ C72AB32F7EFCA677AF079F4336BC1609, 90FF653027709ADB674B2D4240E398E7A64D2079CBF56E3983008D92FA12EA0D ] BFE C:\windows\System32\bfe.dll
13:34:26.0697 0x22c0 BFE - ok
13:34:26.0732 0x22c0 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\windows\System32\qmgr.dll
13:34:26.0743 0x22c0 BITS - ok
13:34:26.0774 0x22c0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:34:26.0779 0x22c0 Bonjour Service - ok
13:34:26.0790 0x22c0 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:34:26.0791 0x22c0 bowser - ok
13:34:26.0813 0x22c0 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
13:34:26.0815 0x22c0 BrokerInfrastructure - ok
13:34:26.0829 0x22c0 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\windows\System32\browser.dll
13:34:26.0831 0x22c0 Browser - ok
13:34:26.0843 0x22c0 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
13:34:26.0844 0x22c0 BthAvrcpTg - ok
13:34:26.0869 0x22c0 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
13:34:26.0870 0x22c0 BthHFEnum - ok
13:34:26.0892 0x22c0 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
13:34:26.0893 0x22c0 bthhfhid - ok
13:34:26.0907 0x22c0 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
13:34:26.0908 0x22c0 BTHMODEM - ok
13:34:26.0926 0x22c0 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\windows\system32\bthserv.dll
13:34:26.0928 0x22c0 bthserv - ok
13:34:26.0936 0x22c0 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:34:26.0938 0x22c0 cdfs - ok
13:34:26.0952 0x22c0 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\windows\System32\drivers\cdrom.sys
13:34:26.0954 0x22c0 cdrom - ok
13:34:27.0024 0x22c0 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\windows\System32\certprop.dll
13:34:27.0030 0x22c0 CertPropSvc - ok
13:34:27.0051 0x22c0 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\windows\System32\drivers\circlass.sys
13:34:27.0052 0x22c0 circlass - ok
13:34:27.0084 0x22c0 [ 94250D5AE3E7269DB29BCF96E07F21A6, 538C6CDCD193AABDE40CC25220528F8F80AEF828C46D8660234CB0E592B607CB ] CLFS C:\windows\system32\drivers\CLFS.sys
13:34:27.0094 0x22c0 CLFS - ok
13:34:27.0126 0x22c0 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
13:34:27.0128 0x22c0 CLVirtualDrive - ok
13:34:27.0142 0x22c0 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\windows\System32\drivers\CmBatt.sys
13:34:27.0142 0x22c0 CmBatt - ok
13:34:27.0169 0x22c0 [ 711E2E14AF1FC883AA6251FCE196DC1E, AF1EF693C5C2F08C40CCC3C56F72F6840559CCFBC26F2235C20A3478A8CE95E6 ] CNG C:\windows\system32\Drivers\cng.sys
13:34:27.0176 0x22c0 CNG - ok
13:34:27.0188 0x22c0 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
13:34:27.0189 0x22c0 CompositeBus - ok
13:34:27.0191 0x22c0 COMSysApp - ok
13:34:27.0201 0x22c0 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\windows\system32\drivers\condrv.sys
13:34:27.0202 0x22c0 condrv - ok
13:34:27.0219 0x22c0 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\windows\system32\cryptsvc.dll
13:34:27.0221 0x22c0 CryptSvc - ok
13:34:27.0247 0x22c0 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\windows\system32\drivers\dam.sys
13:34:27.0249 0x22c0 dam - ok
13:34:27.0272 0x22c0 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\windows\system32\rpcss.dll
13:34:27.0284 0x22c0 DcomLaunch - ok
13:34:27.0310 0x22c0 [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc C:\windows\System32\defragsvc.dll
13:34:27.0315 0x22c0 defragsvc - ok
13:34:27.0330 0x22c0 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\windows\system32\das.dll
13:34:27.0335 0x22c0 DeviceAssociationService - ok
13:34:27.0359 0x22c0 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
13:34:27.0363 0x22c0 DeviceInstall - ok
13:34:27.0387 0x22c0 [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
13:34:27.0389 0x22c0 Dfsc - ok
13:34:27.0414 0x22c0 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\windows\system32\dhcpcore.dll
13:34:27.0419 0x22c0 Dhcp - ok
13:34:27.0427 0x22c0 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\windows\system32\drivers\discache.sys
13:34:27.0428 0x22c0 discache - ok
13:34:27.0447 0x22c0 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\windows\system32\drivers\disk.sys
13:34:27.0449 0x22c0 disk - ok
13:34:27.0460 0x22c0 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\windows\System32\drivers\dmvsc.sys
13:34:27.0461 0x22c0 dmvsc - ok
13:34:27.0483 0x22c0 [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:34:27.0486 0x22c0 Dnscache - ok
13:34:27.0502 0x22c0 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\windows\System32\dot3svc.dll
13:34:27.0506 0x22c0 dot3svc - ok
13:34:27.0523 0x22c0 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\windows\system32\dps.dll
13:34:27.0526 0x22c0 DPS - ok
13:34:27.0552 0x22c0 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:34:27.0553 0x22c0 drmkaud - ok
13:34:27.0580 0x22c0 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
13:34:27.0583 0x22c0 DsmSvc - ok
13:34:27.0623 0x22c0 [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:34:27.0654 0x22c0 DXGKrnl - ok
13:34:27.0680 0x22c0 [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys
13:34:27.0684 0x22c0 e1iexpress - ok
13:34:27.0706 0x22c0 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\windows\System32\eapsvc.dll
13:34:27.0708 0x22c0 Eaphost - ok
13:34:27.0769 0x22c0 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\windows\system32\drivers\evbda.sys
13:34:27.0803 0x22c0 ebdrv - ok
13:34:27.0833 0x22c0 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS C:\windows\System32\lsass.exe
13:34:27.0835 0x22c0 EFS - ok
13:34:27.0846 0x22c0 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
13:34:27.0848 0x22c0 EhStorClass - ok
13:34:27.0857 0x22c0 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
13:34:27.0859 0x22c0 EhStorTcgDrv - ok
13:34:27.0876 0x22c0 [ CA4ADE6C3929B70317BFDDF9ABBFE0CE, 824F3D26FDFBA38A5191C78E68379D48C915FB6F82BD353A1D5416537F8A0A42 ] epp64 C:\windows\system32\DRIVERS\epp64.sys
13:34:27.0878 0x22c0 epp64 - ok
13:34:27.0888 0x22c0 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\windows\System32\drivers\errdev.sys
13:34:27.0888 0x22c0 ErrDev - ok
13:34:27.0922 0x22c0 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\windows\system32\es.dll
13:34:27.0929 0x22c0 EventSystem - ok
13:34:27.0947 0x22c0 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\windows\system32\drivers\exfat.sys
13:34:27.0949 0x22c0 exfat - ok
13:34:27.0957 0x22c0 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\windows\system32\drivers\fastfat.sys
13:34:27.0959 0x22c0 fastfat - ok
13:34:27.0990 0x22c0 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\windows\system32\fxssvc.exe
13:34:27.0998 0x22c0 Fax - ok
13:34:28.0010 0x22c0 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\windows\System32\drivers\fdc.sys
13:34:28.0011 0x22c0 fdc - ok
13:34:28.0018 0x22c0 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\windows\system32\fdPHost.dll
13:34:28.0019 0x22c0 fdPHost - ok
13:34:28.0023 0x22c0 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\windows\system32\fdrespub.dll
13:34:28.0025 0x22c0 FDResPub - ok
13:34:28.0042 0x22c0 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\windows\system32\fhsvc.dll
13:34:28.0044 0x22c0 fhsvc - ok
13:34:28.0069 0x22c0 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:34:28.0070 0x22c0 FileInfo - ok
13:34:28.0077 0x22c0 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:34:28.0078 0x22c0 Filetrace - ok
13:34:28.0091 0x22c0 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\windows\System32\drivers\flpydisk.sys
13:34:28.0091 0x22c0 flpydisk - ok
13:34:28.0109 0x22c0 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:34:28.0113 0x22c0 FltMgr - ok
13:34:28.0154 0x22c0 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\windows\system32\FntCache.dll
13:34:28.0169 0x22c0 FontCache - ok
13:34:28.0206 0x22c0 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:34:28.0207 0x22c0 FontCache3.0.0.0 - ok
13:34:28.0221 0x22c0 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:34:28.0222 0x22c0 FsDepends - ok
13:34:28.0237 0x22c0 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:34:28.0237 0x22c0 Fs_Rec - ok
13:34:28.0265 0x22c0 [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:34:28.0270 0x22c0 fvevol - ok
13:34:28.0298 0x22c0 [ 155871C89E9FA12B3668D457A22311B8, 3B3255DF79A1BB1D6CD2D03DAED028FC825565192523AD92D2445CAB3300D2C9 ] fwndis C:\windows\system32\DRIVERS\fwndis64.sys
13:34:28.0304 0x22c0 fwndis - ok
13:34:28.0332 0x22c0 [ 879C4DA34219BA4F83456E6F7876A6BC, 3CBEF4142A27E66807CCBEF61A2730E3F9B83857A78D0CF8A7D99BF4AF152380 ] fwwfp C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys
13:34:28.0337 0x22c0 fwwfp - ok
13:34:28.0355 0x22c0 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\windows\System32\drivers\fxppm.sys
13:34:28.0355 0x22c0 FxPPM - ok
13:34:28.0364 0x22c0 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
13:34:28.0365 0x22c0 gagp30kx - ok
13:34:28.0395 0x22c0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:34:28.0396 0x22c0 GEARAspiWDM - ok
13:34:28.0407 0x22c0 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
13:34:28.0407 0x22c0 gencounter - ok
13:34:28.0429 0x22c0 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
13:34:28.0431 0x22c0 GPIOClx0101 - ok
13:34:28.0459 0x22c0 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\windows\System32\gpsvc.dll
13:34:28.0475 0x22c0 gpsvc - ok
13:34:28.0504 0x22c0 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:34:28.0508 0x22c0 HdAudAddService - ok
13:34:28.0531 0x22c0 [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
13:34:28.0534 0x22c0 HDAudBus - ok
13:34:28.0557 0x22c0 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\windows\System32\drivers\HidBatt.sys
13:34:28.0559 0x22c0 HidBatt - ok
13:34:28.0586 0x22c0 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\windows\System32\drivers\hidbth.sys
13:34:28.0589 0x22c0 HidBth - ok
13:34:28.0616 0x22c0 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
13:34:28.0618 0x22c0 hidi2c - ok
13:34:28.0637 0x22c0 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\windows\System32\drivers\hidir.sys
13:34:28.0639 0x22c0 HidIr - ok
13:34:28.0670 0x22c0 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\windows\system32\hidserv.dll
13:34:28.0674 0x22c0 hidserv - ok
13:34:28.0696 0x22c0 [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb C:\windows\System32\drivers\hidusb.sys
13:34:28.0697 0x22c0 HidUsb - ok
13:34:28.0720 0x22c0 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\windows\system32\kmsvc.dll
13:34:28.0726 0x22c0 hkmsvc - ok
13:34:28.0762 0x22c0 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:34:28.0772 0x22c0 HomeGroupListener - ok
13:34:28.0811 0x22c0 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:34:28.0820 0x22c0 HomeGroupProvider - ok
13:34:28.0871 0x22c0 [ E1C037A7E05FD39E6C1AF93CEEFDC53A, D20B056BE5CEB5D471170D6627157D8848376FF319BFE12C7331B0F2C0EBB4A4 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:34:28.0874 0x22c0 HP Support Assistant Service - ok
13:34:28.0904 0x22c0 [ E2550FBBBA31E2D4F9757E0A533689F0, 0AE6B0D89E74E57F87A6431D005BFF4213AC4C98A74A7C796894FC2A8D42E0DD ] HPConnectedRemote c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
13:34:28.0905 0x22c0 HPConnectedRemote - ok
13:34:28.0936 0x22c0 [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:34:28.0947 0x22c0 hpqwmiex - ok
13:34:28.0965 0x22c0 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:34:28.0966 0x22c0 HpSAMD - ok
13:34:28.0996 0x22c0 [ DF2D5FB7E9964C7E626ABE86ADA8C108, A0229405777513A6A1C5BDAA19C9FB837671B7BDA8DE2E4BA54443D041E297C4 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
13:34:28.0997 0x22c0 HPSupportSolutionsFrameworkService - ok
13:34:29.0035 0x22c0 [ 258A9103842E36CD27D07D5A1F6D2A23, 883E797263DB0A971C5FDDB588AAE041DD1021F079A891E8AA4525799C795B04 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:34:29.0045 0x22c0 HTTP - ok
13:34:29.0059 0x22c0 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:34:29.0059 0x22c0 hwpolicy - ok
13:34:29.0069 0x22c0 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
13:34:29.0070 0x22c0 hyperkbd - ok
13:34:29.0087 0x22c0 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
13:34:29.0087 0x22c0 HyperVideo - ok
13:34:29.0102 0x22c0 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\windows\System32\drivers\i8042prt.sys
13:34:29.0103 0x22c0 i8042prt - ok
13:34:29.0135 0x22c0 [ 459016E8A4FA6426EDB5A9456A6E5E58, 92B73EE5559ABD8783EC5AF8A2B6EBDE0D937745B4BEDBEA6DF06DD8606AE56C ] iaStorA C:\windows\system32\drivers\iaStorA.sys
13:34:29.0142 0x22c0 iaStorA - ok
13:34:29.0160 0x22c0 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:34:29.0165 0x22c0 iaStorV - ok
13:34:29.0371 0x22c0 [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
13:34:29.0482 0x22c0 igfx - ok
13:34:29.0511 0x22c0 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\windows\system32\drivers\iirsp.sys
13:34:29.0512 0x22c0 iirsp - ok
13:34:29.0550 0x22c0 [ 644D7E4EAC8D5CE757435FA98A7BDA50, 7C91F6E75B148E69BF701F0152CDBF8FB94009935EE97F5208560E1E8FEDA4DB ] IKEEXT C:\windows\System32\ikeext.dll
13:34:29.0564 0x22c0 IKEEXT - ok
13:34:29.0616 0x22c0 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
13:34:29.0631 0x22c0 Intel(R) Capability Licensing Service Interface - ok
13:34:29.0655 0x22c0 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
13:34:29.0657 0x22c0 Intel(R) ME Service - ok
13:34:29.0668 0x22c0 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\windows\system32\drivers\intelide.sys
13:34:29.0668 0x22c0 intelide - ok
13:34:29.0694 0x22c0 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\windows\System32\drivers\intelppm.sys
13:34:29.0695 0x22c0 intelppm - ok
13:34:29.0715 0x22c0 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:34:29.0717 0x22c0 IpFilterDriver - ok
13:34:29.0748 0x22c0 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:34:29.0759 0x22c0 iphlpsvc - ok
13:34:29.0784 0x22c0 [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
13:34:29.0786 0x22c0 IPMIDRV - ok
13:34:29.0794 0x22c0 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:34:29.0796 0x22c0 IPNAT - ok
13:34:29.0829 0x22c0 [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:34:29.0836 0x22c0 iPod Service - ok
13:34:29.0853 0x22c0 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\windows\system32\drivers\irenum.sys
13:34:29.0853 0x22c0 IRENUM - ok
13:34:29.0862 0x22c0 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\windows\system32\drivers\isapnp.sys
13:34:29.0862 0x22c0 isapnp - ok
13:34:29.0887 0x22c0 [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
13:34:29.0891 0x22c0 iScsiPrt - ok
13:34:29.0901 0x22c0 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:34:29.0903 0x22c0 jhi_service - ok
13:34:29.0916 0x22c0 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
13:34:29.0917 0x22c0 kbdclass - ok
13:34:29.0931 0x22c0 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\windows\System32\drivers\kbdhid.sys
13:34:29.0932 0x22c0 kbdhid - ok
13:34:29.0941 0x22c0 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
13:34:29.0941 0x22c0 kdnic - ok
13:34:29.0949 0x22c0 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso C:\windows\system32\lsass.exe
13:34:29.0951 0x22c0 KeyIso - ok
13:34:29.0968 0x22c0 [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:34:29.0969 0x22c0 KSecDD - ok
13:34:29.0991 0x22c0 [ 0EB535ADDC065F2D0CBFC089630A6065, F6DD544227A5B7A0C80E401EB5461963567A24834C60AF520FBABC1A9FB4E631 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:34:29.0993 0x22c0 KSecPkg - ok
13:34:30.0007 0x22c0 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:34:30.0007 0x22c0 ksthunk - ok
13:34:30.0032 0x22c0 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\windows\system32\msdtckrm.dll
13:34:30.0037 0x22c0 KtmRm - ok
13:34:30.0060 0x22c0 [ CBD16721541EE334F6D623CE0B4003BF, DE2C6345B2051AD4C3A3F3AB89AB63AE58A0BA6AB0BCB6B0DFCE6BCD0E8E9519 ] L1C C:\windows\system32\DRIVERS\L1C63x64.sys
13:34:30.0061 0x22c0 L1C - ok
13:34:30.0083 0x22c0 [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\windows\system32\DRIVERS\ladfGSCamd64.sys
13:34:30.0088 0x22c0 LADF_CaptureOnly - ok
13:34:30.0103 0x22c0 [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\windows\system32\DRIVERS\ladfGSRamd64.sys
13:34:30.0104 0x22c0 LADF_RenderOnly - ok
13:34:30.0133 0x22c0 [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer C:\windows\system32\srvsvc.dll
13:34:30.0138 0x22c0 LanmanServer - ok
13:34:30.0156 0x22c0 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:34:30.0161 0x22c0 LanmanWorkstation - ok
13:34:30.0190 0x22c0 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\windows\system32\drivers\LGBusEnum.sys
13:34:30.0191 0x22c0 LGBusEnum - ok
13:34:30.0213 0x22c0 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\windows\system32\drivers\LGVirHid.sys
13:34:30.0213 0x22c0 LGVirHid - ok
13:34:30.0218 0x22c0 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:34:30.0219 0x22c0 lltdio - ok
13:34:30.0233 0x22c0 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\windows\System32\lltdsvc.dll
13:34:30.0238 0x22c0 lltdsvc - ok
13:34:30.0245 0x22c0 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\windows\System32\lmhsvc.dll
13:34:30.0247 0x22c0 lmhosts - ok
13:34:30.0268 0x22c0 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:34:30.0271 0x22c0 LMS - ok
13:34:30.0302 0x22c0 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
13:34:30.0303 0x22c0 LSI_SAS - ok
13:34:30.0315 0x22c0 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
13:34:30.0317 0x22c0 LSI_SAS2 - ok
13:34:30.0332 0x22c0 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
13:34:30.0333 0x22c0 LSI_SCSI - ok
13:34:30.0344 0x22c0 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
13:34:30.0346 0x22c0 LSI_SSS - ok
13:34:30.0397 0x22c0 [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM C:\windows\System32\lsm.dll
13:34:30.0403 0x22c0 LSM - ok
13:34:30.0418 0x22c0 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\windows\system32\drivers\luafv.sys
13:34:30.0420 0x22c0 luafv - ok
13:34:30.0424 0x22c0 MBAMSwissArmy - ok
13:34:30.0439 0x22c0 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\windows\system32\drivers\megasas.sys
13:34:30.0440 0x22c0 megasas - ok
13:34:30.0455 0x22c0 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
13:34:30.0459 0x22c0 MegaSR - ok
13:34:30.0509 0x22c0 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\windows\System32\drivers\HECIx64.sys
13:34:30.0512 0x22c0 MEIx64 - ok
13:34:30.0541 0x22c0 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\windows\system32\mmcss.dll
13:34:30.0546 0x22c0 MMCSS - ok
13:34:30.0580 0x22c0 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\windows\system32\drivers\modem.sys
13:34:30.0582 0x22c0 Modem - ok
13:34:30.0630 0x22c0 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\windows\System32\drivers\monitor.sys
13:34:30.0632 0x22c0 monitor - ok
13:34:30.0662 0x22c0 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\windows\System32\drivers\mouclass.sys
13:34:30.0664 0x22c0 mouclass - ok
13:34:30.0697 0x22c0 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\windows\System32\drivers\mouhid.sys
13:34:30.0698 0x22c0 mouhid - ok
13:34:30.0740 0x22c0 [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:34:30.0743 0x22c0 mountmgr - ok
13:34:30.0786 0x22c0 [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:34:30.0789 0x22c0 mpsdrv - ok
13:34:30.0925 0x22c0 [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc C:\windows\system32\mpssvc.dll
13:34:30.0950 0x22c0 MpsSvc - ok
13:34:31.0007 0x22c0 [ 25560C1656DC7F0723A0CC0B0E1C6BED, 17E8565B833ED58CCB6F85B90A42553464C4408C54006E019AA5641EDB682E31 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:34:31.0009 0x22c0 MRxDAV - ok
13:34:31.0033 0x22c0 [ 14EE56050E1637926F5CFA65B1F4209B, C654280B4BB461898B43DF350B5BB76C2FDEBD6B49A19D08B2F28D92E2FA3D0D ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:34:31.0037 0x22c0 mrxsmb - ok
13:34:31.0052 0x22c0 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:34:31.0056 0x22c0 mrxsmb10 - ok
13:34:31.0109 0x22c0 [ 0AA400AB21745F1153ECE75E0186509A, E26696A00008BB8D88ABED6F379FFFAE21ACE9AA7108D9E89A7D99CAF2F23FEF ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:34:31.0115 0x22c0 mrxsmb20 - ok
13:34:31.0162 0x22c0 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
13:34:31.0166 0x22c0 MsBridge - ok
13:34:31.0206 0x22c0 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\windows\System32\msdtc.exe
13:34:31.0213 0x22c0 MSDTC - ok
13:34:31.0251 0x22c0 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:34:31.0253 0x22c0 Msfs - ok
13:34:31.0306 0x22c0 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
13:34:31.0308 0x22c0 msgpiowin32 - ok
13:34:31.0340 0x22c0 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:34:31.0341 0x22c0 mshidkmdf - ok
13:34:31.0367 0x22c0 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
13:34:31.0369 0x22c0 mshidumdf - ok
13:34:31.0400 0x22c0 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:34:31.0402 0x22c0 msisadrv - ok
13:34:31.0450 0x22c0 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:34:31.0457 0x22c0 MSiSCSI - ok
13:34:31.0465 0x22c0 msiserver - ok
13:34:31.0493 0x22c0 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:34:31.0494 0x22c0 MSKSSRV - ok
13:34:31.0526 0x22c0 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
13:34:31.0527 0x22c0 MsLldp - ok
13:34:31.0542 0x22c0 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:34:31.0542 0x22c0 MSPCLOCK - ok
13:34:31.0564 0x22c0 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:34:31.0565 0x22c0 MSPQM - ok
13:34:31.0588 0x22c0 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:34:31.0605 0x22c0 MsRPC - ok
13:34:31.0629 0x22c0 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\windows\System32\drivers\mssmbios.sys
13:34:31.0629 0x22c0 mssmbios - ok
13:34:31.0652 0x22c0 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:34:31.0652 0x22c0 MSTEE - ok
13:34:31.0662 0x22c0 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\windows\System32\drivers\MTConfig.sys
13:34:31.0662 0x22c0 MTConfig - ok
13:34:31.0673 0x22c0 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\windows\system32\Drivers\mup.sys
13:34:31.0675 0x22c0 Mup - ok
13:34:31.0701 0x22c0 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\windows\system32\drivers\mvumis.sys
13:34:31.0702 0x22c0 mvumis - ok
13:34:31.0833 0x22c0 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\windows\system32\qagentRT.dll
13:34:31.0848 0x22c0 napagent - ok
13:34:31.0931 0x22c0 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:34:31.0941 0x22c0 NativeWifiP - ok
13:34:31.0979 0x22c0 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\windows\System32\ncasvc.dll
13:34:31.0984 0x22c0 NcaSvc - ok
13:34:32.0008 0x22c0 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
13:34:32.0012 0x22c0 NcdAutoSetup - ok
13:34:32.0139 0x22c0 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\windows\system32\drivers\ndis.sys
13:34:32.0156 0x22c0 NDIS - ok
13:34:32.0175 0x22c0 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:34:32.0176 0x22c0 NdisCap - ok
13:34:32.0205 0x22c0 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
13:34:32.0207 0x22c0 NdisImPlatform - ok
13:34:32.0259 0x22c0 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:34:32.0261 0x22c0 NdisTapi - ok
13:34:32.0298 0x22c0 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:34:32.0300 0x22c0 Ndisuio - ok
13:34:32.0322 0x22c0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:34:32.0327 0x22c0 NdisWan - ok
13:34:32.0350 0x22c0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
13:34:32.0353 0x22c0 NDISWANLEGACY - ok
13:34:32.0383 0x22c0 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:34:32.0385 0x22c0 NDProxy - ok
13:34:32.0419 0x22c0 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\windows\system32\drivers\Ndu.sys
13:34:32.0421 0x22c0 Ndu - ok
13:34:32.0448 0x22c0 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:34:32.0449 0x22c0 NetBIOS - ok
13:34:32.0496 0x22c0 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:34:32.0501 0x22c0 NetBT - ok
13:34:32.0515 0x22c0 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon C:\windows\system32\lsass.exe
13:34:32.0517 0x22c0 Netlogon - ok
13:34:32.0545 0x22c0 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\windows\System32\netman.dll
13:34:32.0550 0x22c0 Netman - ok
13:34:32.0617 0x22c0 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\windows\System32\netprofmsvc.dll
13:34:32.0631 0x22c0 netprofm - ok
13:34:32.0884 0x22c0 [ 735E4E58539FA0F0B96B7D9599C6C041, 43B603C7EF5B1819FC99776984326C5AA6D2915BA70E12E5366BB456D1F2B7E3 ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
13:34:32.0911 0x22c0 netr28x - ok
13:34:33.0069 0x22c0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:34:33.0105 0x22c0 NetTcpPortSharing - ok
13:34:33.0130 0x22c0 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
13:34:33.0132 0x22c0 nfrd960 - ok
13:34:33.0201 0x22c0 [ 5177E35B186D2DED6F1EFF57BA61B975, B48C2E0FE2E95C37697107BDB8E0843D3E56200D2E242BF02E205C53978655D9 ] NlaSvc C:\windows\System32\nlasvc.dll
13:34:33.0207 0x22c0 NlaSvc - ok
13:34:33.0253 0x22c0 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:34:33.0254 0x22c0 Npfs - ok
13:34:33.0283 0x22c0 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
13:34:33.0284 0x22c0 npsvctrig - ok
13:34:33.0340 0x22c0 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\windows\system32\nsisvc.dll
13:34:33.0342 0x22c0 nsi - ok
13:34:33.0364 0x22c0 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:34:33.0365 0x22c0 nsiproxy - ok
13:34:33.0448 0x22c0 [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:34:33.0474 0x22c0 Ntfs - ok
13:34:33.0488 0x22c0 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\windows\system32\drivers\Null.sys
13:34:33.0489 0x22c0 Null - ok
13:34:33.0514 0x22c0 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
13:34:33.0516 0x22c0 nvraid - ok
13:34:33.0527 0x22c0 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\windows\system32\drivers\nvstor.sys
13:34:33.0529 0x22c0 nvstor - ok
13:34:33.0542 0x22c0 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:34:33.0544 0x22c0 nv_agp - ok
13:34:33.0611 0x22c0 [ 4E5989A0033E9805BC626A3B660362F6, E156AEB635D5ECB21B3906C5B49ADCA8212F677B1E447B4C97F4AB76E5A601EF ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
13:34:33.0631 0x22c0 OfficeSvc - ok
13:34:33.0672 0x22c0 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:34:33.0674 0x22c0 ose - ok
13:34:33.0697 0x22c0 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:34:33.0702 0x22c0 p2pimsvc - ok
13:34:33.0722 0x22c0 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\windows\system32\p2psvc.dll
13:34:33.0728 0x22c0 p2psvc - ok
13:34:33.0739 0x22c0 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\windows\System32\drivers\parport.sys
13:34:33.0741 0x22c0 Parport - ok
13:34:33.0759 0x22c0 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\windows\system32\drivers\partmgr.sys
13:34:33.0760 0x22c0 partmgr - ok
13:34:33.0831 0x22c0 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\windows\System32\pcasvc.dll
13:34:33.0846 0x22c0 PcaSvc - ok
13:34:33.0880 0x22c0 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\windows\system32\drivers\pci.sys
13:34:33.0884 0x22c0 pci - ok
13:34:33.0912 0x22c0 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\windows\system32\drivers\pciide.sys
13:34:33.0913 0x22c0 pciide - ok
13:34:33.0951 0x22c0 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
13:34:33.0958 0x22c0 pcmcia - ok
13:34:33.0979 0x22c0 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\windows\system32\drivers\pcw.sys
13:34:33.0981 0x22c0 pcw - ok
13:34:34.0010 0x22c0 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\windows\system32\drivers\pdc.sys
13:34:34.0012 0x22c0 pdc - ok
13:34:34.0126 0x22c0 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:34:34.0139 0x22c0 PEAUTH - ok
13:34:34.0525 0x22c0 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\windows\SysWow64\perfhost.exe
13:34:34.0529 0x22c0 PerfHost - ok
13:34:34.0704 0x22c0 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\windows\system32\pla.dll
13:34:34.0720 0x22c0 pla - ok
13:34:34.0758 0x22c0 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:34:34.0762 0x22c0 PlugPlay - ok
13:34:34.0804 0x22c0 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\windows\system32\PnkBstrA.exe
13:34:34.0811 0x22c0 PnkBstrA - ok
13:34:34.0840 0x22c0 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:34:34.0843 0x22c0 PNRPAutoReg - ok
13:34:34.0891 0x22c0 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:34:34.0904 0x22c0 PNRPsvc - ok
13:34:35.0010 0x22c0 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:34:35.0027 0x22c0 PolicyAgent - ok
13:34:35.0090 0x22c0 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\windows\system32\umpo.dll
13:34:35.0098 0x22c0 Power - ok
13:34:35.0154 0x22c0 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:34:35.0156 0x22c0 PptpMiniport - ok
13:34:35.0555 0x22c0 [ 3D312AC13CB8D05822E9EFD234766BA7, 5914CAA563FAE4E21AD58A262369657135D320788A56ABF15C9D77E9ADC4CA36 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
13:34:35.0584 0x22c0 PrintNotify - ok
13:34:35.0635 0x22c0 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\windows\System32\drivers\processr.sys
13:34:35.0638 0x22c0 Processor - ok
13:34:35.0692 0x22c0 [ 1D7127048413309629233B50BF2DD9A6, 918322AFDD576D9966961B111F5E38BDDB4278F9456E7AA1A3453EC8CAF4B8A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:34:35.0702 0x22c0 ProfSvc - ok
13:34:35.0777 0x22c0 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:34:35.0782 0x22c0 Psched - ok
13:34:35.0868 0x22c0 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\windows\system32\qwave.dll
13:34:35.0880 0x22c0 QWAVE - ok
13:34:35.0908 0x22c0 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:34:35.0910 0x22c0 QWAVEdrv - ok
13:34:35.0932 0x22c0 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:34:35.0933 0x22c0 RasAcd - ok
13:34:35.0966 0x22c0 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:34:35.0967 0x22c0 RasAgileVpn - ok
13:34:35.0996 0x22c0 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\windows\System32\rasauto.dll
13:34:36.0001 0x22c0 RasAuto - ok
13:34:36.0026 0x22c0 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:34:36.0029 0x22c0 Rasl2tp - ok
13:34:36.0078 0x22c0 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\windows\System32\rasmans.dll
13:34:36.0087 0x22c0 RasMan - ok
13:34:36.0110 0x22c0 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:34:36.0111 0x22c0 RasPppoe - ok
13:34:36.0139 0x22c0 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:34:36.0141 0x22c0 RasSstp - ok
13:34:36.0312 0x22c0 [ 71FF75BAE3D6E362BE3AD07E26C2D00A, 33F82F817AAAD585D47112A88BCC9DC2FB1B7AB8448EE140FA00FA520D8647A7 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
13:34:36.0317 0x22c0 Razer Game Scanner Service - ok
13:34:36.0388 0x22c0 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:34:36.0399 0x22c0 rdbss - ok
13:34:36.0437 0x22c0 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
13:34:36.0437 0x22c0 rdpbus - ok
13:34:36.0454 0x22c0 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
13:34:36.0457 0x22c0 RDPDR - ok
13:34:36.0488 0x22c0 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
13:34:36.0489 0x22c0 RdpVideoMiniport - ok
13:34:36.0509 0x22c0 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:34:36.0516 0x22c0 RDPWD - ok
13:34:36.0546 0x22c0 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:34:36.0550 0x22c0 rdyboost - ok
13:34:36.0584 0x22c0 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\windows\System32\mprdim.dll
13:34:36.0587 0x22c0 RemoteAccess - ok
13:34:36.0609 0x22c0 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:34:36.0613 0x22c0 RemoteRegistry - ok
13:34:36.0644 0x22c0 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:34:36.0647 0x22c0 RpcEptMapper - ok
13:34:36.0690 0x22c0 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\windows\system32\locator.exe
13:34:36.0692 0x22c0 RpcLocator - ok
13:34:36.0810 0x22c0 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\windows\system32\rpcss.dll
13:34:36.0821 0x22c0 RpcSs - ok
13:34:36.0842 0x22c0 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:34:36.0844 0x22c0 rspndr - ok
13:34:36.0882 0x22c0 [ 8295DB01432C1D1F3D0F4A27AB349730, 7FE8CC442829B8136A96E19F17070C29DA2C5F1B9EA2B5EBACCB965783F96356 ] rzendpt C:\windows\System32\drivers\rzendpt.sys
13:34:36.0883 0x22c0 rzendpt - ok
13:34:36.0908 0x22c0 [ F17F84511E7DFDEEAB646F0699A006D7, 5237937841FBD1F99A5D6161DEBA26182DDAF617CA98946EE7DB0AB67FC149EA ] rzpmgrk C:\windows\system32\drivers\rzpmgrk.sys
13:34:36.0909 0x22c0 rzpmgrk - ok
13:34:36.0933 0x22c0 [ FEF60A37301E1F5A3020FA3487FB2CD7, 0C925468C3376458D0E1EC65E097BD1A81A03901035C0195E8F6EF904EF3F901 ] rzpnk C:\windows\system32\drivers\rzpnk.sys
13:34:36.0935 0x22c0 rzpnk - ok
13:34:36.0964 0x22c0 [ 77C5AB228FE307C55FEF0C575E218771, 73C9D4593DA694B2D52817F608E749296D9CC1C44906C97204595476B68AD50F ] rzudd C:\windows\System32\drivers\rzudd.sys
13:34:36.0966 0x22c0 rzudd - ok
13:34:36.0990 0x22c0 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\windows\System32\drivers\vms3cap.sys
13:34:36.0991 0x22c0 s3cap - ok
13:34:37.0015 0x22c0 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs C:\windows\system32\lsass.exe
13:34:37.0017 0x22c0 SamSs - ok
13:34:37.0034 0x22c0 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:34:37.0036 0x22c0 sbp2port - ok
13:34:37.0052 0x22c0 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\windows\System32\SCardSvr.dll
13:34:37.0057 0x22c0 SCardSvr - ok
13:34:37.0066 0x22c0 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:34:37.0067 0x22c0 scfilter - ok
13:34:37.0116 0x22c0 [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule C:\windows\system32\schedsvc.dll
13:34:37.0132 0x22c0 Schedule - ok
13:34:37.0163 0x22c0 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\windows\System32\certprop.dll
13:34:37.0166 0x22c0 SCPolicySvc - ok
13:34:37.0197 0x22c0 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\windows\System32\drivers\sdbus.sys
13:34:37.0200 0x22c0 sdbus - ok
13:34:37.0223 0x22c0 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:34:37.0227 0x22c0 SDRSVC - ok
13:34:37.0247 0x22c0 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\windows\System32\drivers\sdstor.sys
13:34:37.0248 0x22c0 sdstor - ok
13:34:37.0258 0x22c0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
13:34:37.0259 0x22c0 secdrv - ok
13:34:37.0283 0x22c0 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\windows\system32\seclogon.dll
13:34:37.0285 0x22c0 seclogon - ok
13:34:37.0310 0x22c0 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\windows\System32\sens.dll
13:34:37.0313 0x22c0 SENS - ok
13:34:37.0349 0x22c0 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:34:37.0353 0x22c0 SensrSvc - ok
13:34:37.0370 0x22c0 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\windows\system32\drivers\SerCx.sys
13:34:37.0371 0x22c0 SerCx - ok
13:34:37.0391 0x22c0 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\windows\System32\drivers\serenum.sys
13:34:37.0392 0x22c0 Serenum - ok
13:34:37.0412 0x22c0 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\windows\System32\drivers\serial.sys
13:34:37.0414 0x22c0 Serial - ok
13:34:37.0428 0x22c0 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\windows\System32\drivers\sermouse.sys
13:34:37.0429 0x22c0 sermouse - ok
13:34:37.0477 0x22c0 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\windows\system32\sessenv.dll
13:34:37.0482 0x22c0 SessionEnv - ok
13:34:37.0500 0x22c0 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\windows\System32\drivers\sfloppy.sys
13:34:37.0500 0x22c0 sfloppy - ok
13:34:37.0563 0x22c0 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\windows\System32\ipnathlp.dll
13:34:37.0576 0x22c0 SharedAccess - ok
13:34:37.0621 0x22c0 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:34:37.0629 0x22c0 ShellHWDetection - ok
13:34:37.0640 0x22c0 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
13:34:37.0641 0x22c0 SiSRaid2 - ok
13:34:37.0683 0x22c0 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
13:34:37.0685 0x22c0 SiSRaid4 - ok
13:34:37.0707 0x22c0 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:34:37.0709 0x22c0 SNMPTRAP - ok
13:34:37.0753 0x22c0 [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport C:\windows\system32\drivers\spaceport.sys
13:34:37.0757 0x22c0 spaceport - ok
13:34:37.0769 0x22c0 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\windows\system32\drivers\SpbCx.sys
13:34:37.0770 0x22c0 SpbCx - ok
13:34:37.0834 0x22c0 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\windows\System32\spoolsv.exe
13:34:37.0854 0x22c0 Spooler - ok
13:34:38.0244 0x22c0 [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc C:\windows\system32\sppsvc.exe
13:34:38.0298 0x22c0 sppsvc - ok
13:34:38.0351 0x22c0 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\windows\system32\DRIVERS\srv.sys
13:34:38.0362 0x22c0 srv - ok
13:34:38.0471 0x22c0 [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:34:38.0483 0x22c0 srv2 - ok
13:34:38.0504 0x22c0 [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:34:38.0507 0x22c0 srvnet - ok
13:34:38.0580 0x22c0 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:34:38.0592 0x22c0 SSDPSRV - ok
13:34:38.0617 0x22c0 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\windows\system32\sstpsvc.dll
13:34:38.0620 0x22c0 SstpSvc - ok
13:34:38.0700 0x22c0 [ 97F839E8AEC48EE271509BF4BC764C24, 7B9B791E987ADC8991C128CD52CB253F295E41DF502BF8933DF388994E84560D ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:34:38.0704 0x22c0 STacSV - ok
13:34:38.0734 0x22c0 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\windows\system32\drivers\stexstor.sys
13:34:38.0735 0x22c0 stexstor - ok
13:34:38.0799 0x22c0 [ 7E89F65EB250463EE8665CFE19566FC3, 45849BAFA62E72A97103C5F02962D346D3F79DE9DB07297D1073FF355A506D9C ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
13:34:38.0806 0x22c0 STHDA - ok
13:34:38.0843 0x22c0 [ F38F79114380246B6D40CD53FB2CA28D, 5F4001F6D97903DCBB2399B3AC36329A515823D44CDEE784613F2976398DB950 ] StillCam C:\windows\System32\drivers\serscan.sys
13:34:38.0844 0x22c0 StillCam - ok
13:34:38.0894 0x22c0 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\windows\System32\wiaservc.dll
13:34:38.0907 0x22c0 stisvc - ok
13:34:38.0940 0x22c0 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\windows\system32\drivers\storahci.sys
13:34:38.0942 0x22c0 storahci - ok
13:34:38.0959 0x22c0 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
13:34:38.0960 0x22c0 storflt - ok
13:34:38.0978 0x22c0 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\windows\system32\storsvc.dll
13:34:38.0980 0x22c0 StorSvc - ok
13:34:38.0989 0x22c0 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\windows\system32\drivers\storvsc.sys
13:34:38.0990 0x22c0 storvsc - ok
13:34:39.0007 0x22c0 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\windows\system32\svsvc.dll
13:34:39.0010 0x22c0 svsvc - ok
13:34:39.0027 0x22c0 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\windows\System32\drivers\swenum.sys
13:34:39.0028 0x22c0 swenum - ok
13:34:39.0050 0x22c0 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\windows\System32\swprv.dll
13:34:39.0059 0x22c0 swprv - ok
13:34:39.0110 0x22c0 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\windows\system32\sysmain.dll
13:34:39.0127 0x22c0 SysMain - ok
13:34:39.0185 0x22c0 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
13:34:39.0195 0x22c0 SystemEventsBroker - ok
13:34:39.0237 0x22c0 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\windows\System32\TabSvc.dll
13:34:39.0244 0x22c0 TabletInputService - ok
13:34:39.0297 0x22c0 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\windows\System32\tapisrv.dll
13:34:39.0310 0x22c0 TapiSrv - ok
13:34:39.0452 0x22c0 [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:34:39.0475 0x22c0 Tcpip - ok
13:34:39.0532 0x22c0 [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:34:39.0556 0x22c0 TCPIP6 - ok
13:34:39.0601 0x22c0 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:34:39.0602 0x22c0 tcpipreg - ok
13:34:39.0635 0x22c0 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:34:39.0636 0x22c0 tdx - ok
13:34:39.0658 0x22c0 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\windows\System32\drivers\terminpt.sys
13:34:39.0659 0x22c0 terminpt - ok
13:34:39.0752 0x22c0 [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService C:\windows\System32\termsrv.dll
13:34:39.0773 0x22c0 TermService - ok
13:34:39.0802 0x22c0 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\windows\system32\themeservice.dll
13:34:39.0805 0x22c0 Themes - ok
13:34:39.0830 0x22c0 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\windows\system32\mmcss.dll
13:34:39.0833 0x22c0 THREADORDER - ok
13:34:39.0881 0x22c0 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
13:34:39.0885 0x22c0 TimeBroker - ok
13:34:39.0927 0x22c0 [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM C:\windows\system32\drivers\tpm.sys
13:34:39.0932 0x22c0 TPM - ok
13:34:39.0965 0x22c0 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\windows\System32\trkwks.dll
13:34:39.0970 0x22c0 TrkWks - ok
13:34:40.0054 0x22c0 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:34:40.0057 0x22c0 TrustedInstaller - ok
13:34:40.0085 0x22c0 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:34:40.0087 0x22c0 TsUsbFlt - ok
13:34:40.0108 0x22c0 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
13:34:40.0109 0x22c0 TsUsbGD - ok
13:34:40.0133 0x22c0 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:34:40.0136 0x22c0 tunnel - ok
13:34:40.0163 0x22c0 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\windows\system32\drivers\uagp35.sys
13:34:40.0165 0x22c0 uagp35 - ok
13:34:40.0184 0x22c0 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\windows\System32\drivers\uaspstor.sys
13:34:40.0186 0x22c0 UASPStor - ok
13:34:40.0232 0x22c0 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
13:34:40.0234 0x22c0 UCX01000 - ok
13:34:40.0282 0x22c0 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:34:40.0286 0x22c0 udfs - ok
13:34:40.0334 0x22c0 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\windows\system32\UI0Detect.exe
13:34:40.0337 0x22c0 UI0Detect - ok
13:34:40.0356 0x22c0 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:34:40.0357 0x22c0 uliagpkx - ok
13:34:40.0378 0x22c0 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\windows\System32\drivers\umbus.sys
13:34:40.0379 0x22c0 umbus - ok
13:34:40.0399 0x22c0 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\windows\System32\drivers\umpass.sys
13:34:40.0400 0x22c0 UmPass - ok
13:34:40.0446 0x22c0 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\windows\System32\umrdp.dll
13:34:40.0451 0x22c0 UmRdpService - ok
13:34:40.0507 0x22c0 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:34:40.0517 0x22c0 UNS - ok
13:34:40.0542 0x22c0 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\windows\System32\upnphost.dll
13:34:40.0552 0x22c0 upnphost - ok
13:34:40.0592 0x22c0 [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64 C:\windows\System32\Drivers\usbaapl64.sys
13:34:40.0593 0x22c0 USBAAPL64 - ok
13:34:40.0622 0x22c0 [ 9E9F21FF91D7ECC0BCCB94D3FE52A959, 85461393D62ED939F6741C2D0A90C8AB34F4415173223BB4CFC119715D10E7A7 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
13:34:40.0624 0x22c0 usbaudio - ok
13:34:40.0654 0x22c0 [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp C:\windows\System32\drivers\usbccgp.sys
13:34:40.0656 0x22c0 usbccgp - ok
13:34:40.0673 0x22c0 [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir C:\windows\System32\drivers\usbcir.sys
13:34:40.0675 0x22c0 usbcir - ok
13:34:40.0687 0x22c0 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci C:\windows\System32\drivers\usbehci.sys
13:34:40.0689 0x22c0 usbehci - ok
13:34:40.0764 0x22c0 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub C:\windows\System32\drivers\usbhub.sys
13:34:40.0780 0x22c0 usbhub - ok
13:34:40.0838 0x22c0 [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
13:34:40.0850 0x22c0 USBHUB3 - ok
13:34:40.0872 0x22c0 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\windows\System32\drivers\usbohci.sys
13:34:40.0873 0x22c0 usbohci - ok
13:34:40.0902 0x22c0 [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint C:\windows\System32\drivers\usbprint.sys
13:34:40.0902 0x22c0 usbprint - ok
13:34:40.0938 0x22c0 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
13:34:40.0939 0x22c0 USBSTOR - ok
13:34:40.0966 0x22c0 [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci C:\windows\System32\drivers\usbuhci.sys
13:34:40.0967 0x22c0 usbuhci - ok
13:34:41.0027 0x22c0 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
13:34:41.0036 0x22c0 USBXHCI - ok
13:34:41.0065 0x22c0 [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc C:\windows\system32\lsass.exe
13:34:41.0069 0x22c0 VaultSvc - ok
13:34:41.0209 0x22c0 VBoxAswDrv - ok
13:34:41.0260 0x22c0 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:34:41.0262 0x22c0 vdrvroot - ok
13:34:41.0325 0x22c0 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\windows\System32\vds.exe
13:34:41.0338 0x22c0 vds - ok
13:34:41.0359 0x22c0 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
13:34:41.0361 0x22c0 VerifierExt - ok
13:34:41.0412 0x22c0 [ D4051AA2ACD38AABF9DEC24B8A331EB1, 377D5DD98E4E09F3CCC330852F9FD9E4CC2069AE1A1C1AFBC90002FE3101708B ] vhdmp C:\windows\System32\drivers\vhdmp.sys
13:34:41.0420 0x22c0 vhdmp - ok
13:34:41.0444 0x22c0 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\windows\system32\drivers\viaide.sys
13:34:41.0445 0x22c0 viaide - ok
13:34:41.0479 0x22c0 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\windows\system32\drivers\vmbus.sys
13:34:41.0481 0x22c0 vmbus - ok
13:34:41.0498 0x22c0 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
13:34:41.0499 0x22c0 VMBusHID - ok
13:34:41.0532 0x22c0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\windows\System32\ICSvc.dll
13:34:41.0538 0x22c0 vmicheartbeat - ok
13:34:41.0549 0x22c0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\windows\System32\ICSvc.dll
13:34:41.0555 0x22c0 vmickvpexchange - ok
13:34:41.0577 0x22c0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\windows\System32\ICSvc.dll
13:34:41.0582 0x22c0 vmicrdv - ok
13:34:41.0619 0x22c0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\windows\System32\ICSvc.dll
13:34:41.0624 0x22c0 vmicshutdown - ok
13:34:41.0635 0x22c0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\windows\System32\ICSvc.dll
13:34:41.0640 0x22c0 vmictimesync - ok
13:34:41.0670 0x22c0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\windows\System32\ICSvc.dll
13:34:41.0675 0x22c0 vmicvss - ok
13:34:41.0690 0x22c0 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:34:41.0691 0x22c0 volmgr - ok
13:34:41.0715 0x22c0 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:34:41.0719 0x22c0 volmgrx - ok
13:34:41.0764 0x22c0 [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:34:41.0768 0x22c0 volsnap - ok
13:34:41.0809 0x22c0 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\windows\System32\drivers\vpci.sys
13:34:41.0811 0x22c0 vpci - ok
13:34:41.0852 0x22c0 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\windows\system32\drivers\vsmraid.sys
13:34:41.0854 0x22c0 vsmraid - ok
13:34:41.0948 0x22c0 [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS C:\windows\system32\vssvc.exe
13:34:41.0966 0x22c0 VSS - ok
13:34:42.0003 0x22c0 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
13:34:42.0007 0x22c0 VSTXRAID - ok
13:34:42.0034 0x22c0 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
13:34:42.0035 0x22c0 vwifibus - ok
13:34:42.0059 0x22c0 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:34:42.0061 0x22c0 vwififlt - ok
13:34:42.0073 0x22c0 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:34:42.0074 0x22c0 vwifimp - ok
13:34:42.0134 0x22c0 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\windows\system32\w32time.dll
13:34:42.0140 0x22c0 W32Time - ok
13:34:42.0161 0x22c0 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\windows\System32\drivers\wacompen.sys
13:34:42.0162 0x22c0 WacomPen - ok
13:34:42.0195 0x22c0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
13:34:42.0197 0x22c0 Wanarp - ok
13:34:42.0207 0x22c0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:34:42.0209 0x22c0 Wanarpv6 - ok
13:34:42.0259 0x22c0 [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
13:34:42.0264 0x22c0 WAS - ok
13:34:42.0440 0x22c0 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\windows\system32\wbengine.exe
13:34:42.0460 0x22c0 wbengine - ok
13:34:42.0487 0x22c0 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:34:42.0493 0x22c0 WbioSrvc - ok
13:34:42.0548 0x22c0 [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc C:\windows\System32\wcmsvc.dll
13:34:42.0560 0x22c0 Wcmsvc - ok
13:34:42.0610 0x22c0 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\windows\System32\wcncsvc.dll
13:34:42.0621 0x22c0 wcncsvc - ok
13:34:42.0659 0x22c0 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:34:42.0664 0x22c0 WcsPlugInService - ok
13:34:42.0710 0x22c0 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\windows\system32\drivers\wd.sys
13:34:42.0712 0x22c0 Wd - ok
13:34:42.0753 0x22c0 [ 5A416C253D2C50327928ABC4A1D8A0F2, A3A41F3E6229D86F85F68062BBEA38290FB78B3D3F0D8DF3B6C01FF5B93A9F16 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
13:34:42.0755 0x22c0 WdBoot - ok
13:34:42.0824 0x22c0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:34:42.0836 0x22c0 Wdf01000 - ok
13:34:42.0864 0x22c0 [ 6FBA6CD2348DEC440D0C6D511C55F3FE, 0CB50B57D9C6E56B20FA8777540E2C8C5702753758075DA4C310A7B2B2F8A352 ] WdFilter C:\windows\system32\drivers\WdFilter.sys
13:34:42.0868 0x22c0 WdFilter - ok
13:34:42.0891 0x22c0 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\windows\system32\wdi.dll
13:34:42.0894 0x22c0 WdiServiceHost - ok
13:34:42.0903 0x22c0 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\windows\system32\wdi.dll
13:34:42.0906 0x22c0 WdiSystemHost - ok
13:34:42.0955 0x22c0 [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient C:\windows\System32\webclnt.dll
13:34:42.0967 0x22c0 WebClient - ok
13:34:42.0998 0x22c0 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\windows\system32\wecsvc.dll
13:34:43.0003 0x22c0 Wecsvc - ok
13:34:43.0032 0x22c0 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:34:43.0036 0x22c0 wercplsupport - ok
13:34:43.0079 0x22c0 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\windows\System32\WerSvc.dll
13:34:43.0083 0x22c0 WerSvc - ok
13:34:43.0122 0x22c0 [ 8FDA12E934C7BB7CC317F90FC70DC4FC, AA0DA063BCE5692DFD46F0AAE07727B38D4AA87A9BAEBAFF137F9CAAF2808EC0 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
13:34:43.0124 0x22c0 WFPLWFS - ok
13:34:43.0137 0x22c0 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\windows\System32\wiarpc.dll
13:34:43.0141 0x22c0 WiaRpc - ok
13:34:43.0168 0x22c0 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:34:43.0169 0x22c0 WIMMount - ok
13:34:43.0210 0x22c0 WinDefend - ok
13:34:43.0282 0x22c0 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
13:34:43.0292 0x22c0 WinHttpAutoProxySvc - ok
13:34:43.0462 0x22c0 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:34:43.0469 0x22c0 Winmgmt - ok
13:34:43.0778 0x22c0 [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM C:\windows\system32\WsmSvc.dll
13:34:43.0812 0x22c0 WinRM - ok
13:34:43.0858 0x22c0 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
13:34:43.0859 0x22c0 WinUsb - ok
13:34:43.0974 0x22c0 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\windows\System32\wlansvc.dll
13:34:43.0991 0x22c0 WlanSvc - ok
13:34:44.0157 0x22c0 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\windows\system32\wlidsvc.dll
13:34:44.0180 0x22c0 wlidsvc - ok
13:34:44.0211 0x22c0 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
13:34:44.0211 0x22c0 WmiAcpi - ok
13:34:44.0257 0x22c0 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:34:44.0260 0x22c0 wmiApSrv - ok
13:34:44.0300 0x22c0 WMPNetworkSvc - ok
13:34:44.0335 0x22c0 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
13:34:44.0336 0x22c0 wpcfltr - ok
13:34:44.0362 0x22c0 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\windows\System32\wpcsvc.dll
13:34:44.0365 0x22c0 WPCSvc - ok
13:34:44.0388 0x22c0 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:34:44.0391 0x22c0 WPDBusEnum - ok
13:34:44.0410 0x22c0 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
13:34:44.0411 0x22c0 WpdUpFltr - ok
13:34:44.0443 0x22c0 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:34:44.0444 0x22c0 ws2ifsl - ok
13:34:44.0474 0x22c0 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\windows\System32\wscsvc.dll
13:34:44.0477 0x22c0 wscsvc - ok
13:34:44.0484 0x22c0 WSearch - ok
13:34:44.0606 0x22c0 [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService C:\windows\System32\WSService.dll
13:34:44.0634 0x22c0 WSService - ok
13:34:44.0900 0x22c0 [ C5B45464B98F211FE58AEE62CFF21F05, A0AB6142F35707102B75C9C29A749C7EB12CB6F5E85E6BA67C5B961AF7EB3BE8 ] wuauserv C:\windows\system32\wuaueng.dll
13:34:44.0938 0x22c0 wuauserv - ok
13:34:44.0972 0x22c0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:34:44.0974 0x22c0 WudfPf - ok
13:34:45.0007 0x22c0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
13:34:45.0009 0x22c0 WUDFRd - ok
13:34:45.0031 0x22c0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:34:45.0035 0x22c0 wudfsvc - ok
13:34:45.0046 0x22c0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
13:34:45.0048 0x22c0 WUDFWpdFs - ok
13:34:45.0065 0x22c0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\windows\system32\DRIVERS\WUDFRd.sys
13:34:45.0067 0x22c0 WUDFWpdMtp - ok
13:34:45.0125 0x22c0 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\windows\System32\wwansvc.dll
13:34:45.0141 0x22c0 WwanSvc - ok
13:34:45.0169 0x22c0 ================ Scan global ===============================
13:34:45.0209 0x22c0 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\windows\system32\basesrv.dll
13:34:45.0232 0x22c0 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\windows\system32\winsrv.dll
13:34:45.0259 0x22c0 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\windows\system32\sxssrv.dll
13:34:45.0284 0x22c0 [ B6AEF1771CCA54B67DA4932753F74124, 83A353CAC6111C16EB880345E7D89DC9D56F0A3C79F854A4BB7DBABF7270C29F ] C:\windows\system32\services.exe
13:34:45.0291 0x22c0 [ Global ] - ok
13:34:45.0292 0x22c0 ================ Scan MBR ==================================
13:34:45.0306 0x22c0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:34:45.0317 0x22c0 \Device\Harddisk0\DR0 - ok
13:34:45.0318 0x22c0 ================ Scan VBR ==================================
13:34:45.0321 0x22c0 [ 36D5C98962745F35CC55B36A48BBEFBF ] \Device\Harddisk0\DR0\Partition1
13:34:45.0371 0x22c0 \Device\Harddisk0\DR0\Partition1 - ok
13:34:45.0381 0x22c0 [ 0CEC52DD76835EA0C696771235B75171 ] \Device\Harddisk0\DR0\Partition2
13:34:45.0432 0x22c0 \Device\Harddisk0\DR0\Partition2 - ok
13:34:45.0445 0x22c0 [ 7D4B560A7CFC88364DB6B6DBC55CAE70 ] \Device\Harddisk0\DR0\Partition3
13:34:45.0446 0x22c0 \Device\Harddisk0\DR0\Partition3 - ok
13:34:45.0466 0x22c0 [ D03002DD977159F500A3D2220140CFB5 ] \Device\Harddisk0\DR0\Partition4
13:34:45.0545 0x22c0 \Device\Harddisk0\DR0\Partition4 - ok
13:34:45.0581 0x22c0 [ B7221BE3E4FCACBC1D021C80858C5AAF ] \Device\Harddisk0\DR0\Partition5
13:34:45.0636 0x22c0 \Device\Harddisk0\DR0\Partition5 - ok
13:34:45.0667 0x22c0 [ 21FA2730E96401AC3336B7407B6FCF25 ] \Device\Harddisk0\DR0\Partition6
13:34:45.0689 0x22c0 \Device\Harddisk0\DR0\Partition6 - ok
13:34:45.0690 0x22c0 ================ Scan generic autorun ======================
13:34:45.0725 0x22c0 [ 49BD5663071AA799AC0B1E6B48EB9257, 39364B7E08C87545B4E48264509D73800FE5B0A76E34E0B169DA489895820B22 ] C:\Program Files\IDT\WDM\beats64.exe
13:34:45.0727 0x22c0 BeatsOSDApp - ok
13:34:45.0862 0x22c0 [ 94BFCE236D6340011721470E394056E3, 42A7808F6C53C268354E9E47F0689FE2B4717F61E97CBAA0ABF33E0275B908EF ] C:\Program Files\IDT\WDM\sttray64.exe
13:34:45.0877 0x22c0 SysTrayApp - ok
13:34:46.0409 0x22c0 [ 1539331FFDB2D977BFF14F5737F5063E, 29C6CDEDA01D406BEE2B6E06CC42491A9EA89E45751D92DB4A2E9C017527B44A ] C:\Program Files\Logitech Gaming Software\LCore.exe
13:34:46.0493 0x22c0 Launch LCore - ok
13:34:46.0530 0x22c0 [ C89FAB42CD5FD672506031D941529A74, EAB2BC06BBA552A9506F9E1B537E95AC0A839616764C0F9D5ADCD7527DC7AA4B ] C:\windows\SYSTEM32\WerFault.exe
13:34:46.0539 0x22c0 *WerKernelReporting - ok
13:34:46.0619 0x22c0 [ BDF02FD9CE2760046F7021D73E795FDE, 5A505A88F88C1D142C1509BE7A2492A0EA51F92D91B683EF53DFE192BF03A8B3 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
13:34:46.0636 0x22c0 StartCCC - ok
13:34:46.0738 0x22c0 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
13:34:46.0741 0x22c0 CLMLServer_For_P2G8 - ok
13:34:46.0816 0x22c0 [ B35B97FC934A9A7D02232094128CD636, 08F9E36F7DB86325986712210DF1B235DAC4F76FB599D2756E863A9FAFEBD57B ] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
13:34:46.0829 0x22c0 CLVirtualDrive - ok
13:34:47.0066 0x22c0 [ 82E9ECACEA799EDD4FD554E14A1838F3, E9E99D387C0204671F36317B812FA97D277B3BC1F7281B907040963C685968E4 ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
13:34:47.0087 0x22c0 BATINDICATOR - ok
13:34:47.0149 0x22c0 [ F0DC5AFA79FB54A6B5425735E3FFBBE2, 16D161C4D54FC49E6C175FC0292D78AA37131CF11290135829DF1447C6B52BB4 ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
13:34:47.0163 0x22c0 BATINDICATORHL - ok
13:34:47.0376 0x22c0 [ 547DD95D50865FD628FEF018B9B2E878, 62305BD8EB58505E9669C47D2BECB20E004C8078BAC4B3B44C3141D4839981DC ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
13:34:47.0402 0x22c0 OSDTool - ok
13:34:47.0480 0x22c0 [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:34:47.0482 0x22c0 APSDaemon - ok
13:34:47.0561 0x22c0 [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:34:47.0565 0x22c0 iTunesHelper - ok
13:34:48.0039 0x22c0 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:34:48.0153 0x22c0 AvastUI.exe - ok
13:34:48.0339 0x22c0 [ 8AC10EC7431ABCB52A74CC9236907EB7, 40C1354165EDE1503D078C1274A9BA0B02C80B2628EB8BF663A23A87760B9C17 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
13:34:48.0358 0x22c0 CanonQuickMenu - ok
13:34:48.0456 0x22c0 [ 6B53177248AC5327FFB5CB2D5C500C94, 2F03DA955BF63BDCA979B76B263FBE4EB1BA2A76476EF0D9145E66CAB781C67C ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
13:34:48.0468 0x22c0 IJNetworkScannerSelectorEX - ok
13:34:48.0471 0x22c0 GrpConv - ok
13:34:48.0549 0x22c0 [ 9DECF401AE4CB834D89957BDBF484068, 084056EAA068F88B6168566F14D315F2AD35F2202B18CFC5F88A466C154210A3 ] C:\Program Files\AVAST Software\Avast\setup\emupdate\0a5626b7-54ff-490c-9d25-22eeb56b74c5.exe
13:34:48.0559 0x22c0 20150107 - ok
13:34:48.0570 0x22c0 Report - ok
13:34:48.0690 0x22c0 [ D213F06AE294341F3503FD74E22E7DDA, 57CD0D08BADAA0CAB4FA7BB2ABEEF1AADCB87A798937696B9E3431C1B793B869 ] C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
13:34:48.0700 0x22c0 SkyDrive - ok
13:34:48.0734 0x22c0 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
13:34:48.0740 0x22c0 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64 - ok
13:34:48.0762 0x22c0 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
13:34:48.0768 0x22c0 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828 - ok
13:34:48.0793 0x22c0 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
13:34:48.0797 0x22c0 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64 - ok
13:34:48.0810 0x22c0 [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\windows\system32\cmd.exe
13:34:48.0814 0x22c0 Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314 - ok
13:34:48.0815 0x22c0 Waiting for KSN requests completion. In queue: 58
13:34:49.0815 0x22c0 Waiting for KSN requests completion. In queue: 58
13:34:50.0816 0x22c0 Waiting for KSN requests completion. In queue: 58
13:34:51.0880 0x22c0 AV detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe ( 9.0.0.5066 ), 0x40010 ( disabled : outofdate )
13:34:51.0889 0x22c0 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
13:34:51.0892 0x22c0 FW detected via SS2: Emsisoft Internet Security, C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe ( 9.0.0.5066 ), 0x40010 ( disabled )
13:34:51.0918 0x22c0 Win FW state via NFP2: enabled
13:34:54.0308 0x22c0 ============================================================
13:34:54.0308 0x22c0 Scan finished
13:34:54.0308 0x22c0 ============================================================
13:34:54.0318 0x0628 Detected object count: 0
13:34:54.0318 0x0628 Actual detected object count: 0
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
05.06.2015, 12:39
| #8 | |
| /// TB-Ausbilder | PC hängt wiedermal...Kann das jemand anschauen? Servus, Zitat:
Dann poste doch bitte mal folgende Logdateien: C:\AdwCleaner\AdwCleaner[S1].txt C:\AdwCleaner\AdwCleaner[S2].txt Poste außerdem bitte alle anderen Logdateien von Tools, die du in den letzten 3 Tagen ausgeführt hast. Mehrere Anti-Virus-Programme Code:
ATTFilter Avast
Emsisoft
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. |
|
05.06.2015, 13:38
| #9 |
| | PC hängt wiedermal...Kann das jemand anschauen? Hallo Matthias, Dass der AdwCleaner noch drauf ist, wusste ich gar nicht. Ich dachte den habe ich eigentlich deinstalliert. Also nach meiner letzten "Behandlung"... Und die beiden Logs die da anscheinend noch sein sollten, sind da nicht ^^ In den letzten Tagen hatte ich eigentlich nie ein Tool am laufen... Das mit Emsisoft/Avast ist so ne Sache: Aktiv momentan bei mir ist Avast. Das mit Emsisoft war erst mal die Trial-Version und die Voll-Version habe ich bis jetzt noch nicht gekauft (hatte ich aber eigentlich vor). Also das Programm läuft bei mir nicht aktiv...für das wäre dann vorerst Avast.
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
05.06.2015, 16:33
| #10 |
| /// TB-Ausbilder | PC hängt wiedermal...Kann das jemand anschauen? Servus, Scan mit Combofix
|
|
06.06.2015, 19:00
| #11 |
| | PC hängt wiedermal...Kann das jemand anschauen? Hab dir hier das Combofix-Log: Code:
ATTFilter ComboFix 15-05-31.01 - AdminFabian 06.06.2015 19:45:42.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1252.41.1031.18.16324.14425 [GMT 2:00]
ausgeführt von:: c:\users\Fabian.PC_Fabian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Emsisoft Internet Security *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: Emsisoft Internet Security *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Emsisoft Internet Security *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AdminFabian\AppData\Local\assembly\tmp
c:\users\Fabian.PC_Fabian\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-05-06 bis 2015-06-06 ))))))))))))))))))))))))))))))
.
.
2015-06-06 17:54 . 2015-06-06 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-06 17:54 . 2015-06-06 17:54 -------- d-----w- c:\users\AdminFabian\AppData\Local\temp
2015-06-04 16:01 . 2015-04-30 13:07 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 16:01 . 2015-04-30 13:07 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 15:16 . 2015-04-13 05:32 417280 ----a-w- c:\windows\system32\services.exe
2015-06-04 15:16 . 2015-03-12 05:31 1688576 ----a-w- c:\windows\system32\wevtsvc.dll
2015-06-04 15:16 . 2015-04-13 05:30 1280512 ----a-w- c:\windows\system32\FntCache.dll
2015-06-04 15:16 . 2015-04-13 05:30 1839616 ----a-w- c:\windows\system32\DWrite.dll
2015-06-04 15:16 . 2015-04-13 04:05 1416192 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-06-04 15:16 . 2015-04-13 03:25 4063744 ----a-w- c:\windows\system32\win32k.sys
2015-06-04 15:12 . 2015-04-07 23:20 1624064 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-06-04 15:12 . 2015-04-07 23:20 1312768 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-06-04 15:12 . 2015-04-07 23:20 1278464 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-06-04 15:12 . 2015-04-07 23:43 1032192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2015-06-04 15:12 . 2015-04-07 23:43 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2015-06-04 15:12 . 2015-04-07 23:21 2190336 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-06-04 15:12 . 2015-04-07 23:20 627712 ----a-w- c:\program files\Windows Journal\MSPVWCTL.DLL
2015-06-04 15:12 . 2015-04-07 23:20 1325056 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-06-04 15:12 . 2015-04-07 23:20 881152 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2015-06-04 15:12 . 2015-04-21 13:52 19291136 ----a-w- c:\windows\system32\mshtml.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-04 16:02 . 2013-02-02 17:33 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-05 17:49 . 2015-04-19 10:37 177632 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-05 17:49 . 2015-04-19 10:37 792032 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-22 16:20 . 2015-04-22 16:20 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-22 16:20 . 2014-04-24 19:48 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-22 16:20 . 2014-02-14 18:58 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-22 16:20 . 2013-04-25 18:02 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-22 16:20 . 2013-04-25 18:02 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-22 16:20 . 2013-02-06 20:21 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-22 16:20 . 2013-02-06 20:21 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-22 16:20 . 2013-02-06 20:21 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-22 16:20 . 2015-04-22 16:20 43112 ----a-w- c:\windows\avastSS.scr
2015-04-22 16:19 . 2013-02-06 20:21 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-08 17:42 . 2014-04-10 15:46 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-04-08 17:42 . 2013-03-02 16:47 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-04-08 17:42 . 2014-04-10 15:46 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-03-23 22:17 . 2015-03-31 18:10 135800 ----a-w- c:\windows\system32\drivers\epp64.sys
2015-03-23 05:19 . 2015-04-16 18:09 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 05:17 . 2015-04-16 18:09 769024 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 05:17 . 2015-04-16 18:09 419328 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 05:17 . 2015-04-16 18:09 957440 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 05:17 . 2015-04-16 18:09 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 05:17 . 2015-04-16 18:09 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-22 22:04 . 2015-04-16 18:09 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 07:00 . 2015-04-16 18:09 6971712 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 06:52 . 2015-04-16 18:09 1822696 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:45 . 2015-04-16 18:09 1409496 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-14 08:07 . 2015-04-16 18:09 1120256 ----a-w- c:\windows\system32\msctf.dll
2015-03-14 06:33 . 2015-04-16 18:09 891904 ----a-w- c:\windows\SysWow64\msctf.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 642728]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-02 491120]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" [2011-12-14 2068992]
"BATINDICATORHL"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe" [2010-07-23 557056]
"OSDTool"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe" [2012-06-13 2101248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-02 1282120]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2013-02-19 453736]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-01-06 585536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"20150107"="c:\program files\AVAST Software\Avast\setup\emupdate\0a5626b7-54ff-490c-9d25-22eeb56b74c5.exe" [2015-05-25 183232]
.
c:\users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\onenotem.exe /tsr [2013-2-6 158808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 epp64;epp64;c:\windows\system32\DRIVERS\epp64.sys;c:\windows\SYSNATIVE\DRIVERS\epp64.sys [x]
S1 fwwfp;Emsisoft Firewall WFP Filter;c:\program files (x86)\Emsisoft Internet Security\fwwfp764.sys;c:\program files (x86)\Emsisoft Internet Security\fwwfp764.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Internet Security\a2service.exe;c:\program files (x86)\Emsisoft Internet Security\a2service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 fwndis;Emsisoft Firewall NDIS driver;c:\windows\system32\DRIVERS\fwndis64.sys;c:\windows\SYSNATIVE\DRIVERS\fwndis64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rzendpt;rzendpt;c:\windows\System32\drivers\rzendpt.sys;c:\windows\SYSNATIVE\drivers\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\System32\drivers\rzudd.sys;c:\windows\SYSNATIVE\drivers\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-06 20:06 2323040 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-06 20:06 2323040 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-06 20:06 2323040 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-22 16:20 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-08-09 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-09 1425408]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2013-07-09 439488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{FF27F674-821E-4BA2-985B-DDF539C2CD03} - c:\program files (x86)\InstallShield Installation Information\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@SACL=(02 0000)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@SACL=(02 0000)
@="\"c:\\windows\\System32\\Macromed\\Flash\\FlashUtil_ActiveX.exe\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@SACL=(02 0000)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@SACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@SACL=(02 0000)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@SACL=(02 0000)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@SACL=(02 0000)
@="\"c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil_ActiveX.exe\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@SACL=(02 0000)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=(02 0000)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=(02 0000)
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=(02 0000)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=(02 0000)
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=(02 0000)
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=(02 0000)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=(02 0000)
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=(02 0000)
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=(02 0000)
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=(02 0000)
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=(02 0000)
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@SACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@SACL=(02 0000)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
@SACL=
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
@SACL=
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2015-06-06 19:58:49
ComboFix-quarantined-files.txt 2015-06-06 17:58
.
Vor Suchlauf: 14 Verzeichnis(se), 874'403'938'304 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 874'211'188'736 Bytes frei
.
- - End Of File - - A71A4EDA1344F74C0963FC0E5FCB4563
-> Alles wieder ok 
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt Geändert von R4BBIT (06.06.2015 um 19:05 Uhr) Grund: Update |
|
06.06.2015, 21:01
| #12 |
| /// TB-Ausbilder | PC hängt wiedermal...Kann das jemand anschauen? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
07.06.2015, 10:33
| #13 |
| | PC hängt wiedermal...Kann das jemand anschauen? AdwCleaner: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 07/06/2015 um 10:48:54
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : AdminFabian - PC_FABIAN
# Gestarted von : C:\Users\Fabian.PC_Fabian\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.17267
*************************
AdwCleaner[R0].txt - [757 Bytes] - [30/04/2015 19:57:02]
AdwCleaner[R1].txt - [799 Bytes] - [07/06/2015 10:47:16]
AdwCleaner[S0].txt - [720 Bytes] - [07/06/2015 10:48:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [778 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.06.2015 Suchlauf-Zeit: 10:54:32 Logdatei: Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.07.01 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: AdminFabian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 442878 Verstrichene Zeit: 9 Min, 25 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows 8 x64
Ran by AdminFabian on 07.06.2015 at 11:09:37.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\AdminFabian\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\search.lnk
Successfully deleted: [File] C:\Users\AdminFabian\desktop\search.lnk
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.06.2015 at 11:20:51.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows 8 x64
Ran by AdminFabian on 07.06.2015 at 11:09:37.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\AdminFabian\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\search.lnk
Successfully deleted: [File] C:\Users\AdminFabian\desktop\search.lnk
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.06.2015 at 11:20:51.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by AdminFabian (administrator) on PC_FABIAN on 07-06-2015 11:29:15
Running from C:\Users\Fabian.PC_Fabian\Desktop
Loaded Profiles: AdminFabian & Fabian (Available Profiles: AdminFabian & Fabian)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\0a5626b7-54ff-490c-9d25-22eeb56b74c5.exe [183232 2015-05-25] (AVAST Software)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\Run: [SkyDrive] => C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-12-07] (Microsoft Corporation)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\RunOnce: [Uninstall C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\MountPoints2: {3c35e8d1-db21-11e2-be85-4c72b97327ec} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\MountPoints2: {75e0df4f-7aae-11e2-be79-4c72b97327ec} - "K:\laucher.exe"
Startup: C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2013-03-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.janosch-nietlispach.ch/news
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/35
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> DefaultScope {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {622E8319-E326-408F-826B-3134D29BE474} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-29882-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {F7DD2BAC-CB4E-4503-BA16-78C70DB4B011} URL = https://www.google.ch/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2013-02-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2013-02-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-02-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1392978341-1441607686-3862372307-1005 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1392978341-1441607686-3862372307-1006: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Internet Security\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1855064 2012-11-23] (Microsoft Corporation)
S2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
S2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 fwndis; C:\Windows\system32\DRIVERS\fwndis64.sys [491632 2015-01-01] ()
R1 fwwfp; C:\Program Files (x86)\Emsisoft Internet Security\fwwfp764.sys [414936 2015-01-01] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 11:28 - 2015-06-07 11:29 - 00020056 _____ C:\Users\Fabian.PC_Fabian\Desktop\FRST.txt
2015-06-07 11:27 - 2015-06-07 11:27 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Fabian.PC_Fabian\Desktop\sc-cleaner.exe
2015-06-07 11:27 - 2015-06-07 11:27 - 00001856 _____ C:\Users\AdminFabian\Desktop\sc-cleaner.txt
2015-06-07 11:20 - 2015-06-07 11:22 - 00000804 _____ C:\Users\Fabian.PC_Fabian\Desktop\JRT.txt
2015-06-07 11:09 - 2015-06-07 11:09 - 02942406 _____ (Thisisu) C:\Users\Fabian.PC_Fabian\Desktop\JRT.exe
2015-06-07 11:07 - 2015-06-07 11:08 - 00001193 _____ C:\Users\Fabian.PC_Fabian\Desktop\mbam.txt
2015-06-07 11:05 - 2015-06-07 11:05 - 00001201 _____ C:\Users\AdminFabian\Desktop\mbam.txt
2015-06-07 10:53 - 2015-06-07 10:53 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 10:53 - 2015-06-07 10:53 - 00001108 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-07 10:53 - 2015-06-07 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-07 10:53 - 2015-06-07 10:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-07 10:53 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-07 10:53 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-07 10:53 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-07 10:52 - 2015-06-07 10:52 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Fabian.PC_Fabian\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-07 10:48 - 2015-06-07 10:48 - 00000857 _____ C:\Users\Fabian.PC_Fabian\Desktop\AdwCleaner[S0].txt
2015-06-07 10:46 - 2015-06-07 10:46 - 02231296 _____ C:\Users\Fabian.PC_Fabian\Desktop\AdwCleaner_4.206.exe
2015-06-06 19:58 - 2015-06-06 19:58 - 00022454 _____ C:\ComboFix.txt
2015-06-06 19:42 - 2015-06-06 19:59 - 00000000 ____D C:\Qoobox
2015-06-06 19:42 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-06-06 19:42 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-06-06 19:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-06-06 19:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-06-06 19:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-06-06 19:42 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2015-06-06 19:42 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-06-06 19:42 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-06-06 19:42 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-06-06 19:41 - 2015-06-06 19:56 - 00000000 ____D C:\windows\erdnt
2015-06-06 19:41 - 2015-06-06 19:41 - 05628238 ____R (Swearware) C:\Users\Fabian.PC_Fabian\Desktop\ComboFix.exe
2015-06-05 13:33 - 2015-06-07 11:28 - 00035445 _____ C:\Users\Fabian.PC_Fabian\Desktop\Addition.txt
2015-06-05 12:23 - 2015-06-05 12:23 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Fabian.PC_Fabian\Desktop\tdsskiller.exe
2015-06-05 12:20 - 2015-06-05 12:20 - 02108928 _____ (Farbar) C:\Users\Fabian.PC_Fabian\Desktop\FRST64.exe
2015-06-04 18:01 - 2015-04-30 15:07 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 18:01 - 2015-04-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-04 17:16 - 2015-04-13 07:32 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-06-04 17:16 - 2015-04-13 07:30 - 01839616 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-06-04 17:16 - 2015-04-13 07:30 - 01280512 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-06-04 17:16 - 2015-04-13 06:05 - 01416192 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-06-04 17:16 - 2015-04-13 05:25 - 04063744 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-04 17:16 - 2015-03-12 07:31 - 01688576 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-06-04 17:12 - 2015-04-21 15:52 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-04 17:11 - 2015-05-02 08:28 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-06-04 17:11 - 2015-05-02 05:59 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-06-04 17:11 - 2015-05-02 05:36 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 14374400 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 13771776 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-04 17:11 - 2015-04-21 16:33 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-04 17:11 - 2015-04-21 16:32 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-04 17:11 - 2015-04-21 15:53 - 02237440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-04 17:11 - 2015-04-21 15:53 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-04 17:11 - 2015-04-21 15:53 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-04 17:11 - 2015-04-21 15:52 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-04 17:11 - 2015-04-21 15:52 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-04 17:11 - 2015-04-18 04:37 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-04 17:11 - 2015-04-18 04:34 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-04 17:11 - 2015-04-14 00:09 - 00570248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-06-04 17:11 - 2015-04-06 07:36 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-06-04 17:11 - 2015-04-06 06:08 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
2015-06-04 17:11 - 2015-03-14 02:55 - 00410017 _____ C:\windows\system32\ApnDatabase.xml
2015-06-04 17:11 - 2015-03-12 07:31 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-06-04 17:11 - 2015-03-12 07:31 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\WPDShServiceObj.dll
2015-06-04 17:11 - 2015-03-12 05:52 - 01933312 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-06-04 17:11 - 2015-03-04 08:41 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-06-04 17:11 - 2015-03-04 08:39 - 00632832 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-06-04 17:11 - 2015-03-04 08:39 - 00204288 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-06-04 17:11 - 2015-03-04 06:53 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-06-04 17:11 - 2015-03-04 06:52 - 00676864 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-06-04 17:11 - 2015-02-18 09:39 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-06-04 17:11 - 2015-02-18 09:38 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2015-06-03 10:08 - 2015-06-03 10:08 - 00280008 _____ C:\windows\Minidump\060315-21078-01.dmp
2015-06-01 20:46 - 2015-06-01 20:46 - 00280008 _____ C:\windows\Minidump\060115-21750-01.dmp
2015-05-19 17:31 - 2015-05-19 17:31 - 00280008 _____ C:\windows\Minidump\051915-21312-01.dmp
2015-05-19 11:58 - 2015-05-19 11:58 - 00016676 _____ C:\Users\Fabian.PC_Fabian\Desktop\Feedbackfragen Jubla Cham.dat
2015-05-13 20:26 - 2015-05-13 20:26 - 00280008 _____ C:\windows\Minidump\051315-20593-01.dmp
2015-05-12 17:27 - 2015-05-12 17:27 - 00280008 _____ C:\windows\Minidump\051215-17562-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 11:29 - 2015-04-30 19:45 - 00000000 ____D C:\FRST
2015-06-07 11:16 - 2013-02-05 21:31 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1392978341-1441607686-3862372307-1006
2015-06-07 11:12 - 2015-03-31 20:10 - 00000000 ____D C:\Program Files (x86)\Emsisoft Internet Security
2015-06-07 11:02 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2015-06-07 11:01 - 2013-02-02 17:50 - 01428639 _____ C:\windows\WindowsUpdate.log
2015-06-07 10:54 - 2012-10-23 19:37 - 00724412 _____ C:\windows\system32\perfh007.dat
2015-06-07 10:54 - 2012-10-23 19:37 - 00163214 _____ C:\windows\system32\perfc007.dat
2015-06-07 10:54 - 2012-07-26 09:28 - 01734152 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-07 10:51 - 2015-04-30 19:57 - 00000000 ____D C:\AdwCleaner
2015-06-07 10:49 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-06 20:03 - 2012-08-01 19:02 - 00739102 _____ C:\windows\PFRO.log
2015-06-06 19:55 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2015-06-05 19:20 - 2015-03-12 20:24 - 00332744 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-05 18:47 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-05 18:47 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-05 18:46 - 2012-07-26 09:59 - 00000000 ____D C:\windows\CbsTemp
2015-06-05 17:46 - 2013-12-09 21:11 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Roaming\TS3Client
2015-06-05 11:23 - 2015-03-16 21:16 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-05 11:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2015-06-04 18:04 - 2013-08-11 19:48 - 00000000 ____D C:\windows\system32\MRT
2015-06-04 18:02 - 2013-02-02 19:33 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-04 17:17 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-06-03 10:08 - 2013-10-31 21:06 - 668381772 _____ C:\windows\MEMORY.DMP
2015-06-03 10:08 - 2013-10-23 21:17 - 00000000 ____D C:\windows\Minidump
2015-05-19 18:04 - 2013-02-16 21:06 - 00549888 ___SH C:\Users\Fabian.PC_Fabian\Desktop\Thumbs.db
2015-05-19 17:32 - 2013-02-06 22:21 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-05-19 12:08 - 2013-02-05 21:25 - 00000000 ____D C:\Users\Fabian.PC_Fabian\AppData\Local\Packages
==================== Files in the root of some directories =======
2013-02-02 18:13 - 2013-02-02 18:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\AdminFabian\AppData\Local\temp\Quarantine.exe
C:\Users\AdminFabian\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 21:01
==================== End of log ============================
Addition: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by AdminFabian at 2015-06-07 11:29:32
Running from C:\Users\Fabian.PC_Fabian\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AdminFabian (S-1-5-21-1392978341-1441607686-3862372307-1005 - Administrator - Enabled) => C:\Users\AdminFabian
Administrator (S-1-5-21-1392978341-1441607686-3862372307-500 - Administrator - Disabled)
Fabian (S-1-5-21-1392978341-1441607686-3862372307-1006 - Limited - Enabled) => C:\Users\Fabian.PC_Fabian
Gast (S-1-5-21-1392978341-1441607686-3862372307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1392978341-1441607686-3862372307-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Internet Security (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Internet Security (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Emsisoft Internet Security (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{BF821093-CFD3-EC1B-B357-6817EE34E5C7}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG7100 series Benutzerregistrierung (HKLM-x32\...\Canon MG7100 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Internet Security (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
eTax.zug 2014 nP 1.3.0 (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\8452-4068-1171-2815) (Version: 1.3.0 - Information Factory AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NWZ-E450 WALKMAN Guide (HKLM-x32\...\{0A6C2811-AD29-473F-8086-F0B401276DEC}) (Version: 2.1.0.17210 - Sony Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1004 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
RecImgManager (HKLM-x32\...\{1ECC3992-5E46-4A3B-823F-4228D5B05A83}) (Version: 2.0.26222 - SlimWare Utilities, Inc.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Fabian.PC_Fabian\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
04-05-2015 20:58:43 Geplanter Prüfpunkt
04-06-2015 17:03:23 Geplanter Prüfpunkt
06-06-2015 19:42:42 ComboFix created restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2015-03-23 19:52 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E1975F3-5D81-4CA8-8E07-168E2CD1DF5D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-08-15] (Hewlett-Packard Company)
Task: {5F63D142-E881-4C1E-A6BB-D4956C70E5A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {611B2DEB-5632-43C5-BA63-01B47A70F7E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-04] (Microsoft Corporation)
Task: {74BEDB4E-487E-4F08-808D-3CD98A22F124} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {E0CF2BA3-882C-4D8E-9580-68B42A1AA8D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F6E24018-619A-4763-9815-BEF6CF60CD7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {F7C59E27-327A-406B-8FAB-A1B6132D4BA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
==================== Loaded Modules (Whitelisted) ==============
2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-02-05 23:21 - 2012-11-10 11:28 - 00382544 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00513600 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-05 23:21 - 2012-11-23 19:07 - 00607296 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-02-05 21:26 - 2013-02-05 21:26 - 00120224 _____ () C:\Users\Fabian.PC_Fabian\AppData\Local\assembly\dl3\4N352QBH.B7X\6QC7E4AH.0L4\6719f2df\00af4ffb_c485cd01\HPItunesModule.DLL
2015-04-22 18:20 - 2015-04-22 18:20 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-06 19:44 - 2015-06-06 19:44 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060601\algo.dll
2015-06-07 10:50 - 2015-06-07 10:50 - 02952192 _____ () C:\Program Files\AVAST Software\Avast\defs\15060700\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-22 18:20 - 2015-04-22 18:20 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\sony.com -> sony.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Fabian.PC_Fabian\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\...\StartupApproved\Run: => "SkyDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FBB1C137-790B-486B-A9C9-27B435B298F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{293ABFA0-F8E4-4BEE-989D-E9F5BB71FA8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF3D2D61-C87A-4D43-9E52-1D6ABDD4012F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F2898FF-636E-494A-A285-C5E36AF9CFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C008179C-4E73-43B3-AE1F-761536965182}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D559845D-EA90-49AC-AA22-87A9048E0C3F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B90066BF-D10D-4365-B161-3D91EABEC775}] => (Allow) C:\Users\AdminFabian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2DFB5855-1A34-43A2-BA35-A329FC85E85C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18FCFA59-65A8-4E08-AFF7-D175F3A69EB5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5DEA5977-AAE4-4705-9CBE-A522CEDE88E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89579F59-EFB0-4DCB-9C86-C2F2213A110A}] => (Allow) LPort=2869
FirewallRules: [{5F8EE66C-73FF-4440-ACC8-26DEF876E66E}] => (Allow) LPort=1900
FirewallRules: [{DB8A88AE-0600-4295-88EC-70C0BC252A00}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05F57B78-2520-4FA8-AE37-EED4AA648917}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{7E4CE3E0-E0A1-4ADF-BB67-48FEF13A388F}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{EAC1CAEE-90CA-4D75-A471-EF0E268AFF38}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{EF607449-0DA6-4A67-916B-36757CB05CD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [{E5A994C9-B85E-42E6-BBFB-1BF6E259E16C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Future Soldier\Future Soldier.exe
FirewallRules: [TCP Query User{9A101C02-AFA2-4EE8-9018-012E365F5DE4}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [UDP Query User{ED0CF3BB-BC4A-42C6-95CF-60F7B18D1A31}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon future soldier\future soldier dx11.exe
FirewallRules: [TCP Query User{46220C03-5BE5-4E16-87E1-4644B21A49CF}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{FF72C7FF-F4E0-47F5-A1E0-ED12B2EC0FEE}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{2516AA43-DAD4-47EE-9345-8B815227CA08}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{658CEDA9-859B-4117-8EA9-8DB4A7CE1EB4}] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{25B7CD5D-C18C-429B-B8B9-BE64640530EC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B433DBEC-8EA6-45B9-8863-060CE099D8CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A8BDCF14-4299-4204-AF95-DC0772D6620B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{56E884CE-DB2E-45A7-A827-87BB7B549121}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B47B08A-E461-45C5-87F3-0A8F0F53A797}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CEEF249C-ED01-4EEE-81C3-0C4FF075B9AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB00654F-36F9-4054-A5FC-D3F89A90DE62}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{397D4BAD-B323-4520-A472-DE71F8919AAF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6C4BE36F-3A33-479B-95F7-5CE48CC4AFE9}] => (Allow) LPort=53000
FirewallRules: [{065E3887-F668-4AF3-B835-E74C2E44D709}] => (Allow) LPort=52000
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/07/2015 11:19:18 AM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/07/2015 11:17:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (06/07/2015 11:17:03 AM) (Source: usbperf) (EventID: 2001) (User: )
Description: Der Wert von "First Counter" unter dem Schlüssel "usbperf\Performance" kann nicht gelesen werden. Statuscodes wurden in den Daten zurückgegeben.
Error: (06/07/2015 11:17:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (06/07/2015 11:17:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/07/2015 10:50:17 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (06/07/2015 10:50:15 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (06/07/2015 10:50:11 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (06/06/2015 08:04:23 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (06/06/2015 08:04:22 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
System errors:
=============
Error: (06/07/2015 11:12:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2015 11:12:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2015 11:12:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2015 11:12:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2015 11:12:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2015 11:12:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2015 11:12:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2015 11:12:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/07/2015 11:12:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/07/2015 11:12:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/07/2015 11:19:18 AM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/07/2015 11:17:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: usbhubC:\windows\system32\usbperf.dll8
Error: (06/07/2015 11:17:03 AM) (Source: usbperf) (EventID: 2001) (User: )
Description:
Error: (06/07/2015 11:17:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: RemoteAccessC:\Windows\System32\rasctrs.dll8
Error: (06/07/2015 11:17:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/07/2015 10:50:17 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (06/07/2015 10:50:15 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (06/07/2015 10:50:11 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:
Error: (06/06/2015 08:04:23 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (06/06/2015 08:04:22 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
CodeIntegrity Errors:
===================================
Date: 2015-06-04 16:58:14.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:10.789
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:09.252
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:07.802
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-04 16:58:00.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:24.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:22.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:20.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:19.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
Date: 2015-06-01 22:19:18.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Emsisoft Internet Security\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16323.54 MB
Available physical RAM: 13283.27 MB
Total Pagefile: 32707.54 MB
Available Pagefile: 29591.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1000.11 GB) (Free:814.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.98 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Daten) (Fixed) (Total:849.45 GB) (Free:742.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 0ABD2367)
Partition: GPT Partition Type.
==================== End of log ============================
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
07.06.2015, 11:25
| #14 |
| /// TB-Ausbilder | PC hängt wiedermal...Kann das jemand anschauen? Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
08.06.2015, 18:44
| #15 |
| | PC hängt wiedermal...Kann das jemand anschauen? Hier mal die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by AdminFabian at 2015-06-08 18:35:26 Run:1
Running from C:\Users\Fabian.PC_Fabian\Desktop
Loaded Profiles: AdminFabian & Fabian (Available Profiles: AdminFabian & Fabian)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1392978341-1441607686-3862372307-1006 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1392978341-1441607686-3862372307-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1392978341-1441607686-3862372307-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => 959.2 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 18:35:52 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3355f07cb663174ab64ba1cf3ea0ede2
# end=init
# utc_time=2015-06-08 04:40:32
# local_time=2015-06-08 06:40:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24230
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3355f07cb663174ab64ba1cf3ea0ede2
# end=updated
# utc_time=2015-06-08 04:43:55
# local_time=2015-06-08 06:43:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3355f07cb663174ab64ba1cf3ea0ede2
# engine=24230
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-08 05:29:22
# local_time=2015-06-08 07:29:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 2340132 198208652 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 82 7679801 35411197 0 0
# scanned=254740
# found=0
# cleaned=0
# scan_time=2727
Hier noch der Teil vom SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Emsisoft Internet Security
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
__________________ Gruss R4BBIT 9 von 10 Personen mögen Bier...die 10. lügt |
|
| Themen zu PC hängt wiedermal...Kann das jemand anschauen? |
| anschauen, arten, aufstarten, durchschauen, hängt, inter, interne, leistung, längerem, pc hängt, poste, posten, ziemlich, öfters |
Linear-Darstellung
