Sophos findet mookie1.com - Infektion auf allen Webseiten

Kansas · 11.06.2015, 18:10

Hallo Leute,

seit 2 Tagen findet Sophos auf jeder Webseite Elemente von mookie1.com. Dies betrifft auch "eigentlich seriöse" Seiten wie der-postillon.com, msn.de, stern.de etc. Auf msn.de sieht dies z.B. so aus:

Das Sophos-Protokoll meldet für heute folgendes:

Code:

ATTFilter

****************** Sophos Anti-Virus Protokoll - 11.06.2015 16:50:44 **************

    ...
20150611 153119	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 162339	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 162347	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 162953	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 163817	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 163834	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 163852	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com/tagr/v1/sync" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 163852	Web-Anfrage an "t.mookie1.com/rsp" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 163852	Web-Anfrage an "gmtdmp.mookie1.com/tagr/v1/sync" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 163927	Web-Anfrage an "ibeu2.mookie1.com/image.sbmx" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 164309	Web-Anfrage an "t.mookie1.com/rsp" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 164309	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com/tagr/v1/sync" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 164309	Web-Anfrage an "gmtdmp.mookie1.com/tagr/v1/sync" (verlinkt von "www.msn.com/de-de") für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
20150611 164406	Web-Anfrage an "eu-gmtdmp.gd1.mookie1.com" für Benutzer MCPMOBIL\MariusC gesperrt. 'Mal/HTMLGen-A' wurde auf dieser Website gefunden, Verweiskennung 48326256.
      (14 Objekte)

Webrecherche zeigt, dass mookie1.com durch Adware mitinstalliert werden kann. In diese Richtung habe ich aber nichts gemacht, ist ein seriöses Arbeitsgerät...

Im Anhang die von euch gewünschten Logfiles. Muss ich mir Sorgen machen?

schrauber · 11.06.2015, 18:49

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Kansas · 11.06.2015, 22:00

Sorry!!

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:53 on 11/06/2015 (MariusC)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by MariusC (administrator) on MCPMOBIL on 11-06-2015 18:58:07
Running from C:\Users\MariusC\Desktop
Loaded Profiles: MariusC (Available Profiles: MariusC & MCP)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Schomäcker GmbH) C:\Program Files (x86)\Q-Pilot Client\Service\QPilot-Client-Service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
() C:\Program Files\Synergy\synergyd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Schomäcker GmbH) C:\Program Files (x86)\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Foxit Corporation) C:\Users\MariusC\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavMain.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\30.0.1835.59\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-03-25] (Sophos Limited)
HKLM-x32\...\Run: [QPilotClientGUI] => C:\Program Files (x86)\Q-Pilot Client\GUI\QPilot-Client-GUI.exe [18442752 2010-04-21] (Schomäcker GmbH)
HKU\S-1-5-21-3128210727-139179171-2814941069-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-01-13] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-13] (Sophos Limited)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-3128210727-139179171-2814941069-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4
HKU\S-1-5-21-3128210727-139179171-2814941069-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {D50DE083-28C1-4FFB-9736-99A82B011C41} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3128210727-139179171-2814941069-1002 -> {D50DE083-28C1-4FFB-9736-99A82B011C41} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 137.248.21.22 137.248.1.5 137.248.1.8

FireFox:
========
FF ProfilePath: C:\Users\MariusC\AppData\Roaming\Mozilla\Firefox\Profiles\967g5gnj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-04] (Microsoft Corporation)
FF Extension: Hide Tab Bar With One Tab - C:\Users\MariusC\AppData\Roaming\Mozilla\Firefox\Profiles\967g5gnj.default\Extensions\{e5bbc237-c99b-4ced-a061-0be27703295f}.xpi [2015-04-17]
FF Extension: Always on Top - C:\Users\MariusC\AppData\Roaming\Mozilla\Firefox\Profiles\967g5gnj.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-06] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 QPilotClientService; C:\Program Files (x86)\Q-Pilot Client\Service\QPilot-Client-Service.exe [10706432 2010-04-21] (Schomäcker GmbH) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-12-04] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-12-04] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-25] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-12-04] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300840 2015-01-13] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos Limited)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3468504 2014-05-23] (Realtek Semiconductor Corporation                           )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2014-12-04] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-12-04] (Sophos Limited)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-12-04] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2015-04-17] (Sophos Limited)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftDDED.tmp\amifldrv64.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 18:57 - 2015-06-11 18:58 - 00035589 _____ C:\Users\MariusC\Desktop\Addition.txt
2015-06-11 18:56 - 2015-06-11 18:56 - 00380416 _____ C:\Users\MariusC\Desktop\9q7yppg7.exe
2015-06-11 18:55 - 2015-06-11 18:58 - 00019438 _____ C:\Users\MariusC\Desktop\FRST.txt
2015-06-11 18:55 - 2015-06-11 18:58 - 00000000 ____D C:\FRST
2015-06-11 18:55 - 2015-06-11 18:55 - 02108928 _____ (Farbar) C:\Users\MariusC\Desktop\FRST64.exe
2015-06-11 15:18 - 2015-06-11 15:18 - 00000503 _____ C:\Users\MariusC\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2015-06-11 15:08 - 2015-06-11 15:08 - 00000000 ___HD C:\OneDriveTemp
2015-05-27 18:06 - 2015-04-17 15:34 - 00032512 _____ (Sophos Limited) C:\Windows\system32\Drivers\swi_callout.sys
2015-05-20 11:54 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 11:54 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 14:50 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-17 14:50 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-17 14:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-17 14:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-17 14:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-17 14:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-17 14:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-17 14:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-17 14:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-17 14:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-17 14:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-17 14:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-17 14:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-17 14:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-17 14:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-17 14:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-17 14:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-17 14:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-17 14:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-17 14:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-17 14:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-17 14:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-17 14:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-17 14:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-17 14:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-17 14:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-17 14:50 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-17 14:50 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-17 14:50 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-17 14:50 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-17 14:50 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-17 14:50 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-17 14:50 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-17 14:50 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-17 14:50 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-17 14:49 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-17 14:49 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-17 14:49 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-17 14:49 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-17 14:49 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-17 14:49 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-17 14:49 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-17 14:49 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-17 14:49 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-17 14:49 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-17 14:49 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-17 14:49 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-17 14:49 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-17 14:49 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-17 14:49 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-17 14:44 - 2015-05-27 20:44 - 00003176 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMariusC
2015-05-17 14:44 - 2015-05-27 20:44 - 00000358 _____ C:\Windows\Tasks\HPCeeScheduleForMariusC.job
2015-05-12 15:28 - 2015-05-12 15:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 18:47 - 2015-03-31 14:34 - 00132608 ___SH C:\Users\MariusC\Desktop\Thumbs.db
2015-06-11 18:46 - 2014-12-04 01:38 - 00000000 ____D C:\Users\MariusC\AppData\Roaming\ClassicShell
2015-06-11 18:16 - 2014-12-03 23:52 - 01058152 _____ C:\Windows\WindowsUpdate.log
2015-06-11 18:03 - 2014-12-19 23:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-11 17:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-11 17:03 - 2014-12-19 23:13 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 16:47 - 2014-12-04 00:01 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3128210727-139179171-2814941069-1002
2015-06-11 16:00 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 15:12 - 2015-01-12 19:48 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-11 15:10 - 2014-12-19 23:08 - 00001030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-11 15:10 - 2014-12-04 01:33 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417649608
2015-06-11 15:10 - 2014-12-04 01:30 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-11 15:07 - 2014-12-03 23:59 - 00000000 ____D C:\Users\MariusC\Documents\Youcam
2015-06-11 15:06 - 2014-12-04 00:00 - 00000000 ___DO C:\Users\MariusC\OneDrive
2015-05-27 15:52 - 2014-12-03 23:56 - 00000000 ____D C:\Users\MariusC\AppData\Local\Packages
2015-05-27 15:47 - 2014-12-27 02:40 - 00000000 _____ C:\Windows\system32\vireng.log
2015-05-27 15:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-21 15:19 - 2015-03-30 13:10 - 00005142 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MCPMOBIL-MariusC MCPmobil
2015-05-21 15:00 - 2014-07-11 10:54 - 00800954 _____ C:\Windows\system32\perfh007.dat
2015-05-21 15:00 - 2014-07-11 10:54 - 00174458 _____ C:\Windows\system32\perfc007.dat
2015-05-21 15:00 - 2014-03-18 11:53 - 01921090 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-21 14:55 - 2014-12-04 11:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-21 14:53 - 2013-08-22 16:46 - 00029104 _____ C:\Windows\setupact.log
2015-05-21 14:53 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-05-20 15:02 - 2014-08-20 06:26 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-05-20 15:02 - 2013-08-22 15:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-05-20 11:23 - 2013-08-22 16:44 - 00502080 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-20 11:22 - 2014-12-26 23:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-20 11:22 - 2014-12-26 23:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-20 11:22 - 2014-03-18 11:44 - 00029890 _____ C:\Windows\PFRO.log
2015-05-18 00:36 - 2014-12-08 12:59 - 00000000 ____D C:\Windows\system32\MRT
2015-05-18 00:32 - 2014-12-08 12:59 - 140425016 ____N (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-18 00:29 - 2014-12-26 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 00:24 - 2014-03-18 11:38 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-17 14:44 - 2014-12-03 23:58 - 00000000 ____D C:\Users\MariusC\AppData\Local\Hewlett-Packard

==================== Files in the root of some directories =======

2015-06-11 15:18 - 2015-06-11 15:18 - 0000503 _____ () C:\Users\MariusC\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2014-12-26 03:04 - 2015-03-31 11:53 - 0007600 _____ () C:\Users\MariusC\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\MariusC\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
C:\Users\MariusC\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\MCP\AppData\Local\Temp\Foxit PhantomPDF Updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-11 15:55

==================== End of log ============================

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by MariusC at 2015-06-11 18:58:41
Running from C:\Users\MariusC\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3128210727-139179171-2814941069-500 - Administrator - Disabled)
Gast (S-1-5-21-3128210727-139179171-2814941069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3128210727-139179171-2814941069-1012 - Limited - Enabled)
MariusC (S-1-5-21-3128210727-139179171-2814941069-1002 - Administrator - Enabled) => C:\Users\MariusC
MCP (S-1-5-21-3128210727-139179171-2814941069-1003 - Limited - Enabled) => C:\Users\MCP
SophosSAUMCPMOBIL0 (S-1-5-21-3128210727-139179171-2814941069-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5307 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5307 - Ihr Firmenname) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3018 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3018 - Ihr Firmenname) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
G*Power 3.0.10 (HKLM-x32\...\{A3344F3B-1226-4029-B7CE-EFD7EBB973F6}) (Version: 3.0.10 - Franz Faul, Uni Kiel, Germany)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9D7BFF2A-F810-4E35-BE2C-A6CB4B9202DB}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{2E88735F-0A9A-45B5-8B10-8330862343C5}) (Version: 1.1.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mplus Version 7.3 Demo (64-bit) (HKLM\...\{BA273660-8C9F-4835-A906-3B5686BE7AB4}) (Version: 7.3.0 - Muthen & Muthen)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Q-Pilot Client 4.0.0.5727 (HKLM-x32\...\{870126DA-33D5-4DA8-BB6D-6E3A61969072}) (Version: 4.0.0.5727 - Schomäcker GmbH)
Q-Pilot: Konfiguration der Druck-Queues und -Treiber (HKLM-x32\...\HRZQPilotQueues) (Version: 0.51 - Uni Marburg, HRZ)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.10 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.13 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.13 - Synaptics Incorporated)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version:  - )
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-05-2015 15:28:22 Geplanter Prüfpunkt
11-06-2015 15:54:51 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09881526-B073-4A74-8D22-E38E28992585} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {0F97C3BC-BE99-442D-B5D4-57E19CD53B15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {190944E6-4F3B-480C-826A-5E130EA32BD4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {35910043-E92A-4A4B-B23D-EB516B2AC57C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-18] (Microsoft Corporation)
Task: {3E380FC9-2230-46E1-A524-7FD7DB74CD9A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {497D022B-F767-48F9-98D9-58D078860E67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {52CCA26A-C64B-4F60-A081-7E7F074FD602} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {5E4D0A5B-3776-40F3-A052-D3825836E53C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {673BF328-A9BE-41B2-ABED-DA2F5B5B5446} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3128210727-139179171-2814941069-1003 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6E5670A4-B2FB-4C48-BD23-1E9D326D5700} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-20] (Microsoft Corporation)
Task: {702C5FEA-5ECF-4FC7-BF0B-D8F7DB4A7BC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {79D91D1C-1982-4183-A0E9-71B4123B65BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-11] (Adobe Systems Incorporated)
Task: {99C368A7-75E8-4EED-B666-4CCC97DE679F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A6180325-C7AE-41B6-9154-0F8946D4D4BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {C3F4E428-84DC-4EA6-9DDC-1FBDEDB1FE3A} - System32\Tasks\HPCeeScheduleForMariusC => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C8C63281-D878-46AF-9314-0FD67B858981} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MCPMOBIL-MariusC MCPmobil => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {F2105C60-3614-452D-8BB9-B5C86F61248F} - System32\Tasks\Opera scheduled Autoupdate 1417649608 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMariusC.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-04-06 22:38 - 2014-04-06 22:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-20 06:23 - 2014-03-05 18:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-08-20 06:56 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-23 18:02 - 2014-05-23 18:02 - 00298496 _____ () C:\Program Files\Synergy\synergyd.exe
2014-12-04 11:19 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2009-12-12 17:40 - 2009-12-12 17:40 - 00020480 _____ () C:\Program Files (x86)\Q-Pilot Client\Common\Java\bin\jetvm\jvm.dll
2009-12-12 17:40 - 2009-12-12 17:40 - 00069632 _____ () C:\Program Files (x86)\Q-Pilot Client\Common\Java\bin\java.dll
2010-03-10 19:21 - 2010-03-10 19:21 - 00126976 _____ () C:\Program Files (x86)\Q-Pilot Client\Common\Java\bin\zip.dll
2009-12-12 17:35 - 2009-12-12 17:35 - 00155648 _____ () C:\Program Files (x86)\Q-Pilot Client\Common\Java\jetrt\baseline700.dll
2015-06-11 15:10 - 2015-06-10 11:45 - 00157304 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\message_center_win8.dll
2015-06-11 15:10 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll
2015-06-11 15:10 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll
2014-12-04 11:19 - 2014-12-04 15:03 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-06 14:29 - 2015-04-14 14:42 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\MariusC\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3128210727-139179171-2814941069-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\MariusC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 137.248.21.22 - 137.248.1.5

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D7674007-06E4-422B-895F-DDBA6A9A5B6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CECD86B-F7D7-4B92-BBFB-C695FA3FB475}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1A4F3650-4759-4ABD-9AE1-C0C5B9926564}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69D625C8-387F-4494-9436-311B310B7E37}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{255640E5-E288-406C-85C9-3960B0B79DB9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B351C368-CD45-42DB-81C5-1E5970A739E5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{A48B239A-1F63-4B5C-897B-AEC2CA7B8B21}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{7960D09F-D0BA-4CA4-8E8B-00590C32F90C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AF02B330-6199-4804-84C7-883528BF83C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{9D9FFAF0-BCD2-4464-97C5-C0FB47AB6E3B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F1D8D515-F14E-4106-A8CD-F974874DCD19}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D4FFB831-D4F2-4DA7-B4CA-49D6DB299557}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{32C9AA9B-5434-463C-A262-A72D2B94F6F4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C1542DEB-C59E-4649-9225-8C15E8E64C90}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{3E2F4D4A-6250-4452-9ACA-3363A42DB152}] => (Allow) C:\Users\MariusC\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{02F76F96-7AC3-4137-9102-CA84B4CB1598}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{75EA887E-E12B-41A6-B517-E6E8A1339159}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{B314B1CA-9F64-40D4-B1E3-DBDE31B9C69A}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{A15768AA-693A-4CE1-81AE-8BF4412E6572}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{2FC2407C-7CC9-42E6-9C27-9EA587BD30B5}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{922836C4-3A86-4BCC-B2AF-C53F0B7E037C}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [TCP Query User{45726FFE-4080-493B-944B-C205003AD183}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{95F5B3A1-135A-41B0-9F74-8B53B68F42A8}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{F5E2BFD6-54DD-42AB-B3F0-42B6B40BD299}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{931E81C7-43EE-481A-B156-E6ACBC0EA365}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B626DB87-5F00-4E70-A88F-624C7159BD94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81D53786-A566-45F5-BB06-B5E99953E111}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B1BCB0BE-685D-4CB8-A89D-58531309A9F5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{092A9C67-A5EF-42B6-91D8-B1686BD1A4FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DFABA408-F32D-406B-AA51-343B1AF57F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{59D24F29-AD65-43C5-8732-78E401EA95ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{08B22432-367E-4D10-9457-7AE19C791EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{04DE8148-5337-423F-AF1D-6CDDBEDE1493}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{9CE7B52E-3C3A-4ED6-8BE0-DBF23D33DE53}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [UDP Query User{DDB66BCC-51D6-4A58-BC88-C3636EF53BAF}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [TCP Query User{C5074512-A2D2-41E4-9A29-EB187B50F73E}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [UDP Query User{1E11CD47-79FF-485B-941E-BB2D995D6F8B}C:\program files (x86)\xmind\xmind.exe] => (Allow) C:\program files (x86)\xmind\xmind.exe
FirewallRules: [{B32BDE1D-164A-4452-A2DA-ED0D972A73DA}] => (Allow) C:\Program Files\Synergy\synergys.exe
FirewallRules: [TCP Query User{399FB9A2-DF36-4603-84EA-651B49F15F74}C:\program files (x86)\ibm\spss\statistics\20\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\stats.exe
FirewallRules: [UDP Query User{42848FB0-0701-4ABA-A15D-802B7948529D}C:\program files (x86)\ibm\spss\statistics\20\stats.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\stats.exe
FirewallRules: [TCP Query User{7E36EC01-0FDE-4D23-A7E3-AC18EB97A79E}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B09DB69C-7914-4C99-A812-0B87B5886785}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [{056BDFD5-EF42-4AD4-B668-AE19DA6D845E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2015 03:57:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/11/2015 03:57:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 11:55:58 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/27/2015 11:55:58 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {85166E88-6395-4F57-A0F3-34A9D12D757E}

Error: (05/27/2015 03:39:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/27/2015 03:39:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "PDR.X,type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "PDR.X,type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/26/2015 11:20:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/26/2015 11:20:02 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {89706248-BC9E-4276-AF6F-457BCFBADD57}

Error: (05/26/2015 11:16:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.3.1, Zeitstempel: 0x5202c98c
Name des fehlerhaften Moduls: hpasset.exe, Version: 3.0.3.1, Zeitstempel: 0x5202c98c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002b78a
ID des fehlerhaften Prozesses: 0x1160
Startzeit der fehlerhaften Anwendung: 0xhpasset.exe0
Pfad der fehlerhaften Anwendung: hpasset.exe1
Pfad des fehlerhaften Moduls: hpasset.exe2
Berichtskennung: hpasset.exe3
Vollständiger Name des fehlerhaften Pakets: hpasset.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: hpasset.exe5

Error: (05/21/2015 03:35:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 941546


System errors:
=============
Error: (05/27/2015 06:06:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: 
%%1

Error: (05/20/2015 03:02:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%1062

Error: (05/20/2015 03:02:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/18/2015 00:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3021910)

Error: (05/18/2015 00:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5 unter Windows 8.1 und Windows Server 2012 R2 für x64-basierte Systeme (KB3023219)

Error: (05/18/2015 00:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8.1 für x64-Systeme (KB3061904)

Error: (05/18/2015 00:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3061518)

Error: (05/18/2015 00:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 3.5 unter Windows 8.1 und Windows Server 2012 R2 für x64-basierte Systeme (KB3048072)

Error: (05/12/2015 03:11:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingWeather

Error: (05/11/2015 01:03:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070002 fehlgeschlagen: Microsoft.BingSports


Microsoft Office:
=========================
Error: (06/11/2015 03:57:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (06/11/2015 03:57:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (05/27/2015 11:55:58 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/27/2015 11:55:58 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {85166E88-6395-4F57-A0F3-34A9D12D757E}

Error: (05/27/2015 03:39:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest

Error: (05/27/2015 03:39:37 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: PDR.X,type="win32",version="1.0.0.0"c:\program files\cyberlink\photodirector\Kernel\CES\CES_CacheAgent.exe.Manifest

Error: (05/26/2015 11:20:02 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485933

Error: (05/26/2015 11:20:02 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {89706248-BC9E-4276-AF6F-457BCFBADD57}

Error: (05/26/2015 11:16:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc00000050002b78a116001d097f944e91953C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe88289075-03ec-11e5-8286-38b1db79eff2

Error: (05/21/2015 03:35:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 941546


==================== Memory info =========================== 

Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 35%
Total physical RAM: 7364.87 MB
Available physical RAM: 4727.25 MB
Total Pagefile: 8516.87 MB
Available Pagefile: 5488.16 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:443.75 GB) (Free:389.96 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.99 GB) (Free:2.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1119D06D)

Partition: GPT Partition Type.

==================== End of log ============================

--- --- ---

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-11 19:07:10
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000024 TOSHIBA_MQ01ABF050 rev.AM0P2C 465,76GB
Running: 9q7yppg7.exe; Driver: C:\Users\MariusC\AppData\Local\Temp\uwdyypoc.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                fffff96000140900 15 bytes [00, 57, F4, 01, 40, 8F, 6E, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                           fffff96000140910 11 bytes [00, 41, FC, FF, 00, 79, C7, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE[7624] C:\Program Files\Microsoft Office 15\Root\Office15\outlrpc.dll!MAPIRevokeMoniker@4 + 657                                  00000000589a287c 4 bytes [8E, F0, C8, 2A]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [4752:2724]                                                                                                                                                      fffff960009422d0
---- Processes - GMER 2.1 ----

Library  C:\Users\MariusC\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [4804] (FILE NOT FOUND)  0000000000e10000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [7624]                             0000000065430000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [7624]                        000000005dcc0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [7624]                          0000000069ee0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----

Anmerkung zum Ursprungsposting: Ein "faules Signaturupdate" von Sophos ist unwahrscheinlich. Ich verwende am Desktop-PC (Windows 7 x64) und auf dem Tablet (Windows 8.1 x64) dieselbe Sophos-Version und -Signaturen ohne Probleme.

Noch ein Nachtrag:

Für die Analysen habe ich Sophos über das Kontrollzentrum deaktiviert. Mir ist bewusst, dass er im GMER-Log noch als "aktiv" auftaucht; die Echtzeitüberwachung lässt sich nicht völlig abstellen, wohl aber deren Eingreifen. Für mehr müsste ich das Programm deinstallieren, was leider nicht geht (Volumenlizenz mit begrenzter Zahl an Installationen pro Gerät/Nutzer)

schrauber · 12.06.2015, 17:50

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Kansas · 15.06.2015, 15:22

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17842

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.096000 GHz
Memory total: 7722622976, free: 5606486016

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17842

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.096000 GHz
Memory total: 7722622976, free: 6085758976

Downloaded database version: v2015.06.15.03
Downloaded database version: v2015.06.02.01
Downloaded database version: v2015.05.13.01
=======================================
Initializing...
------------ Kernel report ------------
     06/15/2015 15:25:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\amdkmpfd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\savonaccess.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\swi_callout.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AtihdWB6.sys
\SystemRoot\system32\drivers\AMDACPKSL.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\RtkBtfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.06.15.03
  rootkit: v2015.06.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000551b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000551b5b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000551b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000551b6040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe000551d0b30, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xffffe00055179390, DeviceName: \Device\00000024\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1119D06D

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 801849377
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid ba0ca050-ff2-4457-973d-43f8ff62c6f7
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 801849377
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid ba0ca050-ff2-4457-973d-43f8ff62c6f7
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f52aa0b3-d5f5-4b10-9c1c-df61f6e198d7
    FirstLBA 2048  Last LBA 1333247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID d7a5f57a-21f3-4af4-90bd-e74eb0d8f5c
    FirstLBA 1333248  Last LBA 1865727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 765be3d7-fbdf-48c2-9880-f8f22be82bdd
    FirstLBA 1865728  Last LBA 2127871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID da3940e0-dd79-4779-9e6d-d668dbe26f4
    FirstLBA 2127872  Last LBA 932749311
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID cc6251ad-e4d2-4c60-a391-f164a84c2592
    FirstLBA 932749312  Last LBA 976762879
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Kansas · 15.06.2015, 15:25

Code:

ATTFilter

16:17:42.0250 0x0928  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:17:42.0250 0x0928  UEFI system
16:17:44.0750 0x0928  ============================================================
16:17:44.0750 0x0928  Current date / time: 2015/06/15 16:17:44.0750
16:17:44.0750 0x0928  SystemInfo:
16:17:44.0750 0x0928  
16:17:44.0750 0x0928  OS Version: 6.3.9600 ServicePack: 0.0
16:17:44.0750 0x0928  Product type: Workstation
16:17:44.0750 0x0928  ComputerName: MCPMOBIL
16:17:44.0750 0x0928  UserName: MariusC
16:17:44.0750 0x0928  Windows directory: C:\Windows
16:17:44.0750 0x0928  System windows directory: C:\Windows
16:17:44.0750 0x0928  Running under WOW64
16:17:44.0750 0x0928  Processor architecture: Intel x64
16:17:44.0750 0x0928  Number of processors: 4
16:17:44.0750 0x0928  Page size: 0x1000
16:17:44.0750 0x0928  Boot type: Normal boot
16:17:44.0750 0x0928  ============================================================
16:17:44.0922 0x0928  System UUID: {AAD286FA-464A-9A23-EA31-2B66F9626C4E}
16:17:45.0469 0x0928  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:17:45.0484 0x0928  ============================================================
16:17:45.0484 0x0928  \Device\Harddisk0\DR0:
16:17:45.0484 0x0928  GPT partitions:
16:17:45.0484 0x0928  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F52AA0B3-D5F5-4B10-9C1C-DF61F6E198D7}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x145000
16:17:45.0484 0x0928  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D7A5F57A-21F3-4AF4-90BD-E74EB0D8F50C}, Name: EFI system partition, StartLBA 0x145800, BlocksNum 0x82000
16:17:45.0484 0x0928  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {765BE3D7-FBDF-48C2-9880-F8F22BE82BDD}, Name: Microsoft reserved partition, StartLBA 0x1C7800, BlocksNum 0x40000
16:17:45.0484 0x0928  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA3940E0-DD79-4779-9E6D-D6680DBE26F4}, Name: Basic data partition, StartLBA 0x207800, BlocksNum 0x37782800
16:17:45.0484 0x0928  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CC6251AD-E4D2-4C60-A391-F164A84C2592}, Name: Basic data partition, StartLBA 0x3798A000, BlocksNum 0x29F9800
16:17:45.0484 0x0928  MBR partitions:
16:17:45.0484 0x0928  ============================================================
16:17:45.0500 0x0928  C: <-> \Device\Harddisk0\DR0\Partition4
16:17:45.0547 0x0928  D: <-> \Device\Harddisk0\DR0\Partition5
16:17:45.0547 0x0928  ============================================================
16:17:45.0547 0x0928  Initialize success
16:17:45.0547 0x0928  ============================================================
16:17:52.0641 0x0cd4  ============================================================
16:17:52.0641 0x0cd4  Scan started
16:17:52.0641 0x0cd4  Mode: Manual; SigCheck; TDLFS; 
16:17:52.0641 0x0cd4  ============================================================
16:17:52.0641 0x0cd4  KSN ping started
16:17:54.0962 0x0cd4  KSN ping finished: true
16:17:56.0212 0x0cd4  ================ Scan system memory ========================
16:17:56.0212 0x0cd4  System memory - ok
16:17:56.0212 0x0cd4  ================ Scan services =============================
16:17:56.0587 0x0cd4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:17:56.0947 0x0cd4  1394ohci - ok
16:17:56.0978 0x0cd4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:17:57.0009 0x0cd4  3ware - ok
16:17:57.0040 0x0cd4  [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
16:17:57.0072 0x0cd4  Accelerometer - ok
16:17:57.0134 0x0cd4  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:17:57.0181 0x0cd4  ACPI - ok
16:17:57.0212 0x0cd4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:17:57.0228 0x0cd4  acpiex - ok
16:17:57.0259 0x0cd4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:17:57.0306 0x0cd4  acpipagr - ok
16:17:57.0322 0x0cd4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:17:57.0400 0x0cd4  AcpiPmi - ok
16:17:57.0431 0x0cd4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:17:57.0447 0x0cd4  acpitime - ok
16:17:57.0712 0x0cd4  [ 7CACE2FDB10EADF21EDFBA7BF7238076, AB4A9CAF8866DBE24520272613F7727360FC7CBE27A43C4E50185B5C18E2E333 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:17:57.0806 0x0cd4  AdobeFlashPlayerUpdateSvc - ok
16:17:57.0853 0x0cd4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
16:17:57.0915 0x0cd4  ADP80XX - ok
16:17:57.0978 0x0cd4  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:17:58.0056 0x0cd4  AeLookupSvc - ok
16:17:58.0118 0x0cd4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
16:17:58.0228 0x0cd4  AFD - ok
16:17:58.0275 0x0cd4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:17:58.0290 0x0cd4  agp440 - ok
16:17:58.0337 0x0cd4  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
16:17:58.0400 0x0cd4  ahcache - ok
16:17:58.0447 0x0cd4  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
16:17:58.0525 0x0cd4  ALG - ok
16:17:58.0572 0x0cd4  [ 6EF9DB99793BC3494EDA6C2B1DA7FA32, 5EDA9068E84070445A0585D27727D1ED74E17E87584A6661D08E394544E14E34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:17:58.0665 0x0cd4  AMD External Events Utility - ok
16:17:58.0728 0x0cd4  AMD FUEL Service - ok
16:17:58.0775 0x0cd4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:17:58.0853 0x0cd4  AmdK8 - ok
16:17:59.0587 0x0cd4  [ EA20992B6D899437F844F796325F42D7, A7671D1154841BE8D9B6E59C527F64D5790ACBE18F1CE033CC58C080AC7D8BC2 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:18:00.0181 0x0cd4  amdkmdag - ok
16:18:00.0275 0x0cd4  [ 3FC5DEC11E6B595EAF80537B3A7827AA, 5AEE9D8931BA9D0C2D9FAB66874501B7138CAACB5588D7D08349AE9CA0D66D35 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:18:00.0337 0x0cd4  amdkmdap - ok
16:18:00.0384 0x0cd4  [ C04F35935BF6274F5593B78C7B295760, 29BC36696B3D5C75DEF9C9D96D3C06E5C6D964A00B4D5CD354CB08002E085191 ] amdkmpfd        C:\Windows\system32\drivers\amdkmpfd.sys
16:18:00.0478 0x0cd4  amdkmpfd - ok
16:18:00.0509 0x0cd4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:18:00.0540 0x0cd4  AmdPPM - ok
16:18:00.0556 0x0cd4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:18:00.0572 0x0cd4  amdsata - ok
16:18:00.0603 0x0cd4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:18:00.0634 0x0cd4  amdsbs - ok
16:18:00.0650 0x0cd4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:18:00.0665 0x0cd4  amdxata - ok
16:18:00.0697 0x0cd4  [ 10378ADFA7F832B68616C3B8C6470DBB, 4738F81C40BF3B75612E983AC0DADCA8B4A7D3A5B3FBB5058B93D421A32979AC ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:18:00.0728 0x0cd4  AODDriver4.3 - ok
16:18:00.0806 0x0cd4  [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
16:18:00.0868 0x0cd4  AppHostSvc - ok
16:18:00.0931 0x0cd4  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
16:18:00.0978 0x0cd4  AppID - ok
16:18:01.0040 0x0cd4  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:18:01.0087 0x0cd4  AppIDSvc - ok
16:18:01.0134 0x0cd4  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\Windows\System32\appinfo.dll
16:18:01.0181 0x0cd4  Appinfo - ok
16:18:01.0228 0x0cd4  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
16:18:01.0290 0x0cd4  AppReadiness - ok
16:18:01.0384 0x0cd4  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
16:18:01.0509 0x0cd4  AppXSvc - ok
16:18:01.0572 0x0cd4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:18:01.0587 0x0cd4  arcsas - ok
16:18:01.0712 0x0cd4  [ AA2E8C6B8D7EA7BAF04C988801927F48, 4B82043F1B9C67CDCDC71102F7AEE05EEA8F9775A5CB33AE80F4DCDB42521C40 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:18:01.0759 0x0cd4  aspnet_state - ok
16:18:01.0790 0x0cd4  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:18:01.0947 0x0cd4  AsyncMac - ok
16:18:01.0962 0x0cd4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:18:01.0993 0x0cd4  atapi - ok
16:18:02.0040 0x0cd4  [ 8645A198090288F4C5FD998903736216, 720B37BEE126E708E70ECA51770670E5DE389C0E48AEA191DCBCB08A8A1655F1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
16:18:02.0150 0x0cd4  AtiHDAudioService - ok
16:18:02.0197 0x0cd4  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:18:02.0259 0x0cd4  AudioEndpointBuilder - ok
16:18:02.0322 0x0cd4  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:18:02.0478 0x0cd4  Audiosrv - ok
16:18:02.0509 0x0cd4  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:18:02.0572 0x0cd4  AxInstSV - ok
16:18:02.0634 0x0cd4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:18:02.0681 0x0cd4  b06bdrv - ok
16:18:02.0697 0x0cd4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:18:02.0759 0x0cd4  BasicDisplay - ok
16:18:02.0775 0x0cd4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:18:02.0853 0x0cd4  BasicRender - ok
16:18:02.0900 0x0cd4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
16:18:02.0915 0x0cd4  bcmfn2 - ok
16:18:02.0978 0x0cd4  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
16:18:03.0072 0x0cd4  BDESVC - ok
16:18:03.0087 0x0cd4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
16:18:03.0134 0x0cd4  Beep - ok
16:18:03.0228 0x0cd4  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\Windows\System32\bfe.dll
16:18:03.0322 0x0cd4  BFE - ok
16:18:03.0400 0x0cd4  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
16:18:03.0540 0x0cd4  BITS - ok
16:18:03.0603 0x0cd4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:18:03.0665 0x0cd4  Bonjour Service - ok
16:18:03.0712 0x0cd4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:18:03.0759 0x0cd4  bowser - ok
16:18:03.0806 0x0cd4  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:18:03.0900 0x0cd4  BrokerInfrastructure - ok
16:18:03.0931 0x0cd4  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
16:18:04.0009 0x0cd4  Browser - ok
16:18:04.0150 0x0cd4  [ 0D78CF518DDED441E22663A9C8F74D57, 1704F37002EC290A0F2365E93D02B5F009AEEEECAFF3636B8220370F0DFE7125 ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
16:18:04.0165 0x0cd4  BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )
16:18:06.0525 0x0cd4  Detect skipped due to KSN trusted
16:18:06.0525 0x0cd4  BTDevManager - ok
16:18:06.0556 0x0cd4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:18:06.0587 0x0cd4  BthAvrcpTg - ok
16:18:06.0665 0x0cd4  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
16:18:06.0712 0x0cd4  BthEnum - ok
16:18:06.0744 0x0cd4  [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:18:06.0806 0x0cd4  BthHFEnum - ok
16:18:06.0837 0x0cd4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:18:06.0869 0x0cd4  bthhfhid - ok
16:18:06.0931 0x0cd4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
16:18:06.0993 0x0cd4  BthHFSrv - ok
16:18:07.0040 0x0cd4  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
16:18:07.0087 0x0cd4  BthLEEnum - ok
16:18:07.0134 0x0cd4  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:18:07.0165 0x0cd4  BTHMODEM - ok
16:18:07.0228 0x0cd4  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
16:18:07.0290 0x0cd4  BthPan - ok
16:18:07.0415 0x0cd4  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:18:07.0572 0x0cd4  BTHPORT - ok
16:18:07.0634 0x0cd4  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
16:18:07.0712 0x0cd4  bthserv - ok
16:18:07.0790 0x0cd4  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:18:07.0837 0x0cd4  BTHUSB - ok
16:18:07.0869 0x0cd4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:18:07.0915 0x0cd4  cdfs - ok
16:18:07.0962 0x0cd4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:18:08.0025 0x0cd4  cdrom - ok
16:18:08.0072 0x0cd4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:18:08.0119 0x0cd4  CertPropSvc - ok
16:18:08.0150 0x0cd4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
16:18:08.0197 0x0cd4  circlass - ok
16:18:08.0244 0x0cd4  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:18:08.0290 0x0cd4  CLFS - ok
16:18:08.0462 0x0cd4  [ 42C5B8010D47EF3F4BAE6D1B427E80F4, 721C24522C43D50081EA01FD521D68EB365B91561CCF2E7AD1F091FBD61E67FB ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
16:18:08.0587 0x0cd4  ClickToRunSvc - ok
16:18:08.0650 0x0cd4  [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
16:18:08.0681 0x0cd4  CLVirtualDrive - ok
16:18:08.0712 0x0cd4  [ 9731DAFDC7B690B2C7752FDFF045BFD8, 9DDBDC4FE519AF38993EAB2F16602B2B71CF8675BDD1F651F22DFA8C5C2C80F7 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
16:18:08.0744 0x0cd4  clwvd - ok
16:18:08.0759 0x0cd4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:18:08.0806 0x0cd4  CmBatt - ok
16:18:08.0869 0x0cd4  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:18:08.0915 0x0cd4  CNG - ok
16:18:08.0962 0x0cd4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:18:08.0978 0x0cd4  CompositeBus - ok
16:18:08.0994 0x0cd4  COMSysApp - ok
16:18:09.0025 0x0cd4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
16:18:09.0072 0x0cd4  condrv - ok
16:18:09.0119 0x0cd4  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:18:09.0228 0x0cd4  CryptSvc - ok
16:18:09.0244 0x0cd4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
16:18:09.0275 0x0cd4  dam - ok
16:18:09.0353 0x0cd4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:18:09.0447 0x0cd4  DcomLaunch - ok
16:18:09.0509 0x0cd4  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
16:18:09.0587 0x0cd4  defragsvc - ok
16:18:09.0650 0x0cd4  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
16:18:09.0697 0x0cd4  DeviceAssociationService - ok
16:18:09.0759 0x0cd4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:18:09.0853 0x0cd4  DeviceInstall - ok
16:18:09.0900 0x0cd4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:18:09.0962 0x0cd4  Dfsc - ok
16:18:10.0009 0x0cd4  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:18:10.0103 0x0cd4  Dhcp - ok
16:18:10.0150 0x0cd4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
16:18:10.0181 0x0cd4  disk - ok
16:18:10.0197 0x0cd4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:18:10.0259 0x0cd4  dmvsc - ok
16:18:10.0306 0x0cd4  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:18:10.0400 0x0cd4  Dnscache - ok
16:18:10.0462 0x0cd4  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:18:10.0525 0x0cd4  dot3svc - ok
16:18:10.0556 0x0cd4  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
16:18:10.0619 0x0cd4  DPS - ok
16:18:10.0650 0x0cd4  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:18:10.0681 0x0cd4  drmkaud - ok
16:18:10.0728 0x0cd4  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:18:10.0790 0x0cd4  DsmSvc - ok
16:18:10.0884 0x0cd4  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:18:10.0978 0x0cd4  DXGKrnl - ok
16:18:11.0040 0x0cd4  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
16:18:11.0119 0x0cd4  Eaphost - ok
16:18:11.0290 0x0cd4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:18:11.0462 0x0cd4  ebdrv - ok
16:18:11.0494 0x0cd4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
16:18:11.0525 0x0cd4  EFS - ok
16:18:11.0540 0x0cd4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:18:11.0572 0x0cd4  EhStorClass - ok
16:18:11.0603 0x0cd4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:18:11.0634 0x0cd4  EhStorTcgDrv - ok
16:18:11.0650 0x0cd4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:18:11.0681 0x0cd4  ErrDev - ok
16:18:11.0759 0x0cd4  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
16:18:11.0837 0x0cd4  EventSystem - ok
16:18:11.0869 0x0cd4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:18:11.0978 0x0cd4  exfat - ok
16:18:12.0009 0x0cd4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:18:12.0040 0x0cd4  fastfat - ok
16:18:12.0087 0x0cd4  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
16:18:12.0197 0x0cd4  Fax - ok
16:18:12.0197 0x0cd4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:18:12.0228 0x0cd4  fdc - ok
16:18:12.0275 0x0cd4  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:18:12.0353 0x0cd4  fdPHost - ok
16:18:12.0400 0x0cd4  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:18:12.0447 0x0cd4  FDResPub - ok
16:18:12.0494 0x0cd4  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
16:18:12.0587 0x0cd4  fhsvc - ok
16:18:12.0603 0x0cd4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:18:12.0619 0x0cd4  FileInfo - ok
16:18:12.0650 0x0cd4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:18:12.0697 0x0cd4  Filetrace - ok
16:18:12.0728 0x0cd4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:18:12.0744 0x0cd4  flpydisk - ok
16:18:12.0806 0x0cd4  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:18:12.0837 0x0cd4  FltMgr - ok
16:18:12.0931 0x0cd4  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\Windows\system32\FntCache.dll
16:18:13.0040 0x0cd4  FontCache - ok
16:18:13.0103 0x0cd4  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:18:13.0181 0x0cd4  FontCache3.0.0.0 - ok
16:18:13.0228 0x0cd4  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:18:13.0244 0x0cd4  FsDepends - ok
16:18:13.0275 0x0cd4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:18:13.0306 0x0cd4  Fs_Rec - ok
16:18:13.0353 0x0cd4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:18:13.0400 0x0cd4  fvevol - ok
16:18:13.0415 0x0cd4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:18:13.0462 0x0cd4  FxPPM - ok
16:18:13.0509 0x0cd4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:18:13.0525 0x0cd4  gagp30kx - ok
16:18:13.0556 0x0cd4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:18:13.0587 0x0cd4  gencounter - ok
16:18:13.0619 0x0cd4  GENERICDRV - ok
16:18:13.0650 0x0cd4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:18:13.0681 0x0cd4  GPIOClx0101 - ok
16:18:13.0759 0x0cd4  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:18:14.0025 0x0cd4  gpsvc - ok
16:18:14.0103 0x0cd4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:18:14.0150 0x0cd4  HdAudAddService - ok
16:18:14.0197 0x0cd4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:18:14.0244 0x0cd4  HDAudBus - ok
16:18:14.0266 0x0cd4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:18:14.0282 0x0cd4  HidBatt - ok
16:18:14.0329 0x0cd4  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:18:14.0375 0x0cd4  HidBth - ok
16:18:14.0391 0x0cd4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:18:14.0422 0x0cd4  hidi2c - ok
16:18:14.0454 0x0cd4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:18:14.0485 0x0cd4  HidIr - ok
16:18:14.0532 0x0cd4  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
16:18:14.0625 0x0cd4  hidserv - ok
16:18:14.0657 0x0cd4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:18:14.0735 0x0cd4  HidUsb - ok
16:18:14.0766 0x0cd4  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:18:14.0829 0x0cd4  hkmsvc - ok
16:18:14.0876 0x0cd4  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:18:14.0985 0x0cd4  HomeGroupListener - ok
16:18:15.0016 0x0cd4  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:18:15.0079 0x0cd4  HomeGroupProvider - ok
16:18:15.0172 0x0cd4  [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:18:15.0235 0x0cd4  HP Support Assistant Service - ok
16:18:15.0266 0x0cd4  [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
16:18:15.0282 0x0cd4  hpdskflt - ok
16:18:15.0375 0x0cd4  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:18:15.0516 0x0cd4  hpqwmiex - ok
16:18:15.0547 0x0cd4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:18:15.0579 0x0cd4  HpSAMD - ok
16:18:15.0610 0x0cd4  [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv           C:\Windows\system32\Hpservice.exe
16:18:15.0625 0x0cd4  hpsrv - ok
16:18:15.0672 0x0cd4  [ E2C5982A07AEB52A18A66BA1A06CFCD8, DAC0E2BAFF24A72FD28426D17DD30D9B8B7DB410A3A5E912C9581EDF1665A447 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
16:18:15.0829 0x0cd4  HPWMISVC - ok
16:18:15.0907 0x0cd4  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:18:15.0954 0x0cd4  HTTP - ok
16:18:16.0016 0x0cd4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:18:16.0032 0x0cd4  hwpolicy - ok
16:18:16.0063 0x0cd4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:18:16.0094 0x0cd4  hyperkbd - ok
16:18:16.0141 0x0cd4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:18:16.0172 0x0cd4  HyperVideo - ok
16:18:16.0219 0x0cd4  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:18:16.0266 0x0cd4  i8042prt - ok
16:18:16.0282 0x0cd4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:18:16.0297 0x0cd4  iaLPSSi_GPIO - ok
16:18:16.0360 0x0cd4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:18:16.0375 0x0cd4  iaLPSSi_I2C - ok
16:18:16.0422 0x0cd4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
16:18:16.0454 0x0cd4  iaStorAV - ok
16:18:16.0516 0x0cd4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:18:16.0547 0x0cd4  iaStorV - ok
16:18:16.0547 0x0cd4  IEEtwCollectorService - ok
16:18:16.0625 0x0cd4  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:18:16.0735 0x0cd4  IKEEXT - ok
16:18:16.0938 0x0cd4  [ 01262E2BE97708F54666E700482027DE, 7643FCFB6EBFABDD7D1A914C40FADE97DDC633C5D75BE2CADBAC61675564E5CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:18:17.0094 0x0cd4  IntcAzAudAddService - ok
16:18:17.0141 0x0cd4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:18:17.0157 0x0cd4  intelide - ok
16:18:17.0204 0x0cd4  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
16:18:17.0219 0x0cd4  intelpep - ok
16:18:17.0251 0x0cd4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:18:17.0297 0x0cd4  intelppm - ok
16:18:17.0329 0x0cd4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:18:17.0360 0x0cd4  IpFilterDriver - ok
16:18:17.0422 0x0cd4  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:18:17.0485 0x0cd4  iphlpsvc - ok
16:18:17.0532 0x0cd4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:18:17.0610 0x0cd4  IPMIDRV - ok
16:18:17.0657 0x0cd4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:18:17.0719 0x0cd4  IPNAT - ok
16:18:17.0751 0x0cd4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:18:17.0797 0x0cd4  IRENUM - ok
16:18:17.0813 0x0cd4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:18:17.0829 0x0cd4  isapnp - ok
16:18:17.0891 0x0cd4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:18:17.0922 0x0cd4  iScsiPrt - ok
16:18:17.0969 0x0cd4  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:18:17.0985 0x0cd4  kbdclass - ok
16:18:18.0047 0x0cd4  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:18:18.0079 0x0cd4  kbdhid - ok
16:18:18.0110 0x0cd4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:18:18.0172 0x0cd4  kdnic - ok
16:18:18.0204 0x0cd4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
16:18:18.0219 0x0cd4  KeyIso - ok
16:18:18.0266 0x0cd4  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:18:18.0282 0x0cd4  KSecDD - ok
16:18:18.0329 0x0cd4  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:18:18.0360 0x0cd4  KSecPkg - ok
16:18:18.0407 0x0cd4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:18:18.0469 0x0cd4  ksthunk - ok
16:18:18.0501 0x0cd4  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:18:18.0579 0x0cd4  KtmRm - ok
16:18:18.0626 0x0cd4  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:18:18.0704 0x0cd4  LanmanServer - ok
16:18:18.0751 0x0cd4  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:18:18.0813 0x0cd4  LanmanWorkstation - ok
16:18:18.0876 0x0cd4  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
16:18:18.0954 0x0cd4  lfsvc - ok
16:18:18.0985 0x0cd4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:18:19.0001 0x0cd4  lltdio - ok
16:18:19.0079 0x0cd4  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:18:19.0126 0x0cd4  lltdsvc - ok
16:18:19.0172 0x0cd4  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:18:19.0219 0x0cd4  lmhosts - ok
16:18:19.0251 0x0cd4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:18:19.0266 0x0cd4  LSI_SAS - ok
16:18:19.0297 0x0cd4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:18:19.0313 0x0cd4  LSI_SAS2 - ok
16:18:19.0344 0x0cd4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
16:18:19.0360 0x0cd4  LSI_SAS3 - ok
16:18:19.0391 0x0cd4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:18:19.0422 0x0cd4  LSI_SSS - ok
16:18:19.0485 0x0cd4  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
16:18:19.0579 0x0cd4  LSM - ok
16:18:19.0610 0x0cd4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:18:19.0672 0x0cd4  luafv - ok
16:18:19.0704 0x0cd4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
16:18:19.0735 0x0cd4  megasas - ok
16:18:19.0782 0x0cd4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
16:18:19.0829 0x0cd4  megasr - ok
16:18:19.0876 0x0cd4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
16:18:19.0954 0x0cd4  MMCSS - ok
16:18:19.0985 0x0cd4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
16:18:20.0016 0x0cd4  Modem - ok
16:18:20.0047 0x0cd4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
16:18:20.0141 0x0cd4  monitor - ok
16:18:20.0204 0x0cd4  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:18:20.0219 0x0cd4  mouclass - ok
16:18:20.0297 0x0cd4  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:18:20.0344 0x0cd4  mouhid - ok
16:18:20.0391 0x0cd4  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:18:20.0407 0x0cd4  mountmgr - ok
16:18:20.0532 0x0cd4  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:18:20.0579 0x0cd4  MozillaMaintenance - ok
16:18:20.0672 0x0cd4  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:18:20.0735 0x0cd4  mpsdrv - ok
16:18:20.0876 0x0cd4  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:18:20.0938 0x0cd4  MpsSvc - ok
16:18:21.0157 0x0cd4  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:18:21.0219 0x0cd4  MRxDAV - ok
16:18:21.0391 0x0cd4  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:18:21.0469 0x0cd4  mrxsmb - ok
16:18:21.0547 0x0cd4  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:18:21.0657 0x0cd4  mrxsmb10 - ok
16:18:21.0719 0x0cd4  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:18:21.0750 0x0cd4  mrxsmb20 - ok
16:18:21.0813 0x0cd4  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:18:21.0844 0x0cd4  MsBridge - ok
16:18:21.0907 0x0cd4  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
16:18:21.0938 0x0cd4  MSDTC - ok
16:18:22.0047 0x0cd4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:18:22.0079 0x0cd4  Msfs - ok
16:18:22.0126 0x0cd4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:18:22.0141 0x0cd4  msgpiowin32 - ok
16:18:22.0204 0x0cd4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:18:22.0219 0x0cd4  mshidkmdf - ok
16:18:22.0282 0x0cd4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:18:22.0329 0x0cd4  mshidumdf - ok
16:18:22.0360 0x0cd4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:18:22.0391 0x0cd4  msisadrv - ok
16:18:22.0579 0x0cd4  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:18:22.0672 0x0cd4  MSiSCSI - ok
16:18:22.0672 0x0cd4  msiserver - ok
16:18:22.0719 0x0cd4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:18:22.0766 0x0cd4  MSKSSRV - ok
16:18:22.0813 0x0cd4  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:18:22.0938 0x0cd4  MsLldp - ok
16:18:22.0954 0x0cd4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:18:23.0016 0x0cd4  MSPCLOCK - ok
16:18:23.0032 0x0cd4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:18:23.0063 0x0cd4  MSPQM - ok
16:18:23.0110 0x0cd4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:18:23.0157 0x0cd4  MsRPC - ok
16:18:23.0172 0x0cd4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:18:23.0188 0x0cd4  mssmbios - ok
16:18:23.0219 0x0cd4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:18:23.0235 0x0cd4  MSTEE - ok
16:18:23.0266 0x0cd4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:18:23.0297 0x0cd4  MTConfig - ok
16:18:23.0313 0x0cd4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
16:18:23.0344 0x0cd4  Mup - ok
16:18:23.0360 0x0cd4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:18:23.0391 0x0cd4  mvumis - ok
16:18:23.0454 0x0cd4  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
16:18:23.0516 0x0cd4  napagent - ok
16:18:23.0579 0x0cd4  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:18:23.0672 0x0cd4  NativeWifiP - ok
16:18:23.0719 0x0cd4  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:18:23.0782 0x0cd4  NcaSvc - ok
16:18:23.0813 0x0cd4  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
16:18:23.0876 0x0cd4  NcbService - ok
16:18:23.0922 0x0cd4  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:18:23.0969 0x0cd4  NcdAutoSetup - ok
16:18:24.0032 0x0cd4  [ 21FE65E2E67C4E31EE95CBD1F91C4B24, 6558F2BC10E6B09F7EE5264722FCF572B861EDB60A1433B58A4F4625EC0ABF63 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:18:24.0110 0x0cd4  NDIS - ok
16:18:24.0157 0x0cd4  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:18:24.0188 0x0cd4  NdisCap - ok
16:18:24.0219 0x0cd4  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:18:24.0282 0x0cd4  NdisImPlatform - ok
16:18:24.0297 0x0cd4  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:18:24.0344 0x0cd4  NdisTapi - ok
16:18:24.0376 0x0cd4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:18:24.0407 0x0cd4  Ndisuio - ok
16:18:24.0422 0x0cd4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
16:18:24.0454 0x0cd4  NdisVirtualBus - ok
16:18:24.0485 0x0cd4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:18:24.0516 0x0cd4  NdisWan - ok
16:18:24.0532 0x0cd4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
16:18:24.0563 0x0cd4  NdisWanLegacy - ok
16:18:24.0594 0x0cd4  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:18:24.0610 0x0cd4  NDProxy - ok
16:18:24.0657 0x0cd4  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:18:24.0719 0x0cd4  Ndu - ok
16:18:24.0766 0x0cd4  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:18:24.0829 0x0cd4  NetBIOS - ok
16:18:24.0891 0x0cd4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:18:24.0938 0x0cd4  NetBT - ok
16:18:24.0969 0x0cd4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
16:18:24.0985 0x0cd4  Netlogon - ok
16:18:25.0047 0x0cd4  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
16:18:25.0094 0x0cd4  Netman - ok
16:18:25.0141 0x0cd4  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:18:25.0204 0x0cd4  netprofm - ok
16:18:25.0235 0x0cd4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:18:25.0376 0x0cd4  NetTcpPortSharing - ok
16:18:25.0438 0x0cd4  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
16:18:25.0469 0x0cd4  netvsc - ok
16:18:25.0516 0x0cd4  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:18:25.0672 0x0cd4  NlaSvc - ok
16:18:25.0688 0x0cd4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:18:25.0735 0x0cd4  Npfs - ok
16:18:25.0751 0x0cd4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:18:25.0813 0x0cd4  npsvctrig - ok
16:18:25.0876 0x0cd4  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
16:18:25.0938 0x0cd4  nsi - ok
16:18:25.0985 0x0cd4  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:18:26.0016 0x0cd4  nsiproxy - ok
16:18:26.0157 0x0cd4  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:18:26.0266 0x0cd4  Ntfs - ok
16:18:26.0313 0x0cd4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
16:18:26.0376 0x0cd4  Null - ok
16:18:26.0407 0x0cd4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:18:26.0422 0x0cd4  nvraid - ok
16:18:26.0454 0x0cd4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:18:26.0469 0x0cd4  nvstor - ok
16:18:26.0501 0x0cd4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:18:26.0532 0x0cd4  nv_agp - ok
16:18:26.0594 0x0cd4  [ 8DD366F3B9F16ED722A6A66D956DA27F, 3A61B3D7B0D60CAA801FFDA086BFDDCF9C820CB11114DC60FDC9B30F828CC04F ] omniserv        C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
16:18:26.0626 0x0cd4  omniserv - detected UnsignedFile.Multi.Generic ( 1 )
16:18:29.0233 0x0cd4  Detect skipped due to KSN trusted
16:18:29.0233 0x0cd4  omniserv - ok
16:18:29.0327 0x0cd4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:18:29.0467 0x0cd4  ose - ok
16:18:29.0514 0x0cd4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:18:29.0608 0x0cd4  p2pimsvc - ok
16:18:29.0670 0x0cd4  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
16:18:29.0764 0x0cd4  p2psvc - ok
16:18:29.0811 0x0cd4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
16:18:29.0842 0x0cd4  Parport - ok
16:18:29.0873 0x0cd4  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:18:29.0920 0x0cd4  partmgr - ok
16:18:29.0998 0x0cd4  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:18:30.0045 0x0cd4  PcaSvc - ok
16:18:30.0186 0x0cd4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
16:18:30.0233 0x0cd4  pci - ok
16:18:30.0280 0x0cd4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:18:30.0311 0x0cd4  pciide - ok
16:18:30.0342 0x0cd4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:18:30.0373 0x0cd4  pcmcia - ok
16:18:30.0389 0x0cd4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:18:30.0405 0x0cd4  pcw - ok
16:18:30.0452 0x0cd4  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
16:18:30.0467 0x0cd4  pdc - ok
16:18:30.0530 0x0cd4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:18:30.0639 0x0cd4  PEAUTH - ok
16:18:30.0748 0x0cd4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:18:30.0873 0x0cd4  PerfHost - ok
16:18:31.0014 0x0cd4  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
16:18:31.0108 0x0cd4  pla - ok
16:18:31.0155 0x0cd4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:18:31.0170 0x0cd4  PlugPlay - ok
16:18:31.0233 0x0cd4  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:18:31.0264 0x0cd4  PNRPAutoReg - ok
16:18:31.0280 0x0cd4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:18:31.0311 0x0cd4  PNRPsvc - ok
16:18:31.0358 0x0cd4  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:18:31.0420 0x0cd4  PolicyAgent - ok
16:18:31.0514 0x0cd4  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
16:18:31.0592 0x0cd4  Power - ok
16:18:31.0608 0x0cd4  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:18:31.0639 0x0cd4  PptpMiniport - ok
16:18:31.0795 0x0cd4  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:18:32.0092 0x0cd4  PrintNotify - ok
16:18:32.0155 0x0cd4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
16:18:32.0202 0x0cd4  Processor - ok
16:18:32.0248 0x0cd4  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:18:32.0405 0x0cd4  ProfSvc - ok
16:18:32.0452 0x0cd4  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:18:32.0498 0x0cd4  Psched - ok
16:18:33.0030 0x0cd4  [ CDF369E6D50477F171CE9A91C7D3D2E6, 9ACD051BDC58A35B9310C9A9A95C86C4130EF0924569900EB9E5E05BC4FC1555 ] QPilotClientService C:\Program Files (x86)\Q-Pilot Client\Service\QPilot-Client-Service.exe
16:18:33.0702 0x0cd4  QPilotClientService - detected UnsignedFile.Multi.Generic ( 1 )
16:18:36.0123 0x0cd4  QPilotClientService ( UnsignedFile.Multi.Generic ) - warning
16:18:36.0123 0x0cd4  Force sending object to P2P due to detect: QPilotClientService
16:18:38.0795 0x0cd4  Object send P2P result: true
16:18:41.0217 0x0cd4  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
16:18:41.0311 0x0cd4  QWAVE - ok
16:18:41.0358 0x0cd4  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:18:41.0389 0x0cd4  QWAVEdrv - ok
16:18:41.0420 0x0cd4  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:18:41.0467 0x0cd4  RasAcd - ok
16:18:41.0499 0x0cd4  [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:18:41.0530 0x0cd4  RasAgileVpn - ok
16:18:41.0577 0x0cd4  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
16:18:41.0608 0x0cd4  RasAuto - ok
16:18:41.0623 0x0cd4  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:18:41.0686 0x0cd4  Rasl2tp - ok
16:18:41.0733 0x0cd4  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
16:18:41.0842 0x0cd4  RasMan - ok
16:18:41.0858 0x0cd4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:18:41.0905 0x0cd4  RasPppoe - ok
16:18:41.0936 0x0cd4  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:18:41.0967 0x0cd4  RasSstp - ok
16:18:42.0030 0x0cd4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:18:42.0155 0x0cd4  rdbss - ok
16:18:42.0170 0x0cd4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:18:42.0248 0x0cd4  rdpbus - ok
16:18:42.0264 0x0cd4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:18:42.0358 0x0cd4  RDPDR - ok
16:18:42.0436 0x0cd4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:18:42.0467 0x0cd4  RdpVideoMiniport - ok
16:18:42.0514 0x0cd4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:18:42.0545 0x0cd4  rdyboost - ok
16:18:42.0608 0x0cd4  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
16:18:42.0686 0x0cd4  ReFS - ok
16:18:42.0764 0x0cd4  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:18:42.0827 0x0cd4  RemoteAccess - ok
16:18:42.0889 0x0cd4  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:18:42.0983 0x0cd4  RemoteRegistry - ok
16:18:43.0045 0x0cd4  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
16:18:43.0077 0x0cd4  RFCOMM - ok
16:18:43.0217 0x0cd4  [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
16:18:43.0248 0x0cd4  RichVideo64 - ok
16:18:43.0295 0x0cd4  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:18:43.0373 0x0cd4  RpcEptMapper - ok
16:18:43.0420 0x0cd4  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
16:18:43.0498 0x0cd4  RpcLocator - ok
16:18:43.0577 0x0cd4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\Windows\system32\rpcss.dll
16:18:43.0639 0x0cd4  RpcSs - ok
16:18:43.0702 0x0cd4  [ 6A940599A059C6C9D6E54D7A3EF356B8, 3C3B7706197CD4A43369C639BB8F4A101EC0B159ABADA91373824B06615D4411 ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
16:18:43.0733 0x0cd4  RSP2STOR - ok
16:18:43.0780 0x0cd4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:18:43.0858 0x0cd4  rspndr - ok
16:18:43.0983 0x0cd4  [ F1D20C2B36F78863530B251DF504CC51, A3C71BDB45B1DB321BC2D9889CB25CF7840E145DFB769882748B7D507A605A42 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:18:43.0998 0x0cd4  RtkAudioService - ok
16:18:44.0092 0x0cd4  [ 453DDFFB29FE8C453034F5FA2963CA48, 4492E98A92F7CBA0185E0F55236736DBFD64BE1B50D77CB0F1ED5E21C9EF9B2D ] RtkBtFilter     C:\Windows\system32\DRIVERS\RtkBtfilter.sys
16:18:44.0124 0x0cd4  RtkBtFilter - ok
16:18:44.0202 0x0cd4  [ 7CC0D898D00675F14BA0C4BF056C1CF4, E9203DD2A201AEF206C1A4177FD564DDFC8E7468DC268BD99389626A2C6593D3 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
16:18:44.0248 0x0cd4  RTL8168 - ok
16:18:44.0498 0x0cd4  [ 261D4841C2D7DE6CF1D5F5350FB4753A, A8892C48858F2EF5FF30B9171A2BFC338A63E807E42C33A9E27630AE2DF0DEAF ] RTWlanE         C:\Windows\system32\DRIVERS\rtwlane.sys
16:18:44.0639 0x0cd4  RTWlanE - ok
16:18:44.0702 0x0cd4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:18:44.0733 0x0cd4  s3cap - ok
16:18:44.0811 0x0cd4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
16:18:44.0827 0x0cd4  SamSs - ok
16:18:45.0264 0x0cd4  [ 791EE9F4A82FC4E13133F107C1C4C286, F7B9E57D08EF68B17ADF70C2D1F7623EAE13CAADE5ACFF4CD54FB89DFDEAD9C6 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:18:45.0327 0x0cd4  SAVAdminService - ok
16:18:45.0405 0x0cd4  [ 389609560D81988DA2B78F7AFE1384F0, 3AE26F2E4018D45027AA0DE09A0E58BF5F93A7E036AB73188B57C530869B0189 ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
16:18:45.0420 0x0cd4  SAVOnAccess - ok
16:18:45.0499 0x0cd4  [ D99F39D77432D1E979C1D918597C8A3E, 738740DB028B9A9838466714914A844AF72A669BAE1243123780F2C2FCD132CC ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
16:18:45.0561 0x0cd4  SAVService - ok
16:18:45.0639 0x0cd4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:18:45.0686 0x0cd4  sbp2port - ok
16:18:45.0748 0x0cd4  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:18:45.0920 0x0cd4  SCardSvr - ok
16:18:45.0983 0x0cd4  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
16:18:46.0045 0x0cd4  ScDeviceEnum - ok
16:18:46.0108 0x0cd4  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:18:46.0155 0x0cd4  scfilter - ok
16:18:46.0280 0x0cd4  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\Windows\system32\schedsvc.dll
16:18:46.0405 0x0cd4  Schedule - ok
16:18:46.0452 0x0cd4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:18:46.0467 0x0cd4  SCPolicySvc - ok
16:18:46.0561 0x0cd4  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:18:46.0592 0x0cd4  sdbus - ok
16:18:46.0623 0x0cd4  [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
16:18:46.0639 0x0cd4  sdcfilter - ok
16:18:46.0670 0x0cd4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:18:46.0702 0x0cd4  sdstor - ok
16:18:46.0717 0x0cd4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:18:46.0748 0x0cd4  secdrv - ok
16:18:46.0795 0x0cd4  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
16:18:46.0827 0x0cd4  seclogon - ok
16:18:46.0889 0x0cd4  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
16:18:46.0905 0x0cd4  SENS - ok
16:18:46.0952 0x0cd4  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:18:47.0045 0x0cd4  SensrSvc - ok
16:18:47.0077 0x0cd4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:18:47.0108 0x0cd4  SerCx - ok
16:18:47.0123 0x0cd4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
16:18:47.0155 0x0cd4  SerCx2 - ok
16:18:47.0155 0x0cd4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:18:47.0207 0x0cd4  Serenum - ok
16:18:47.0216 0x0cd4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
16:18:47.0247 0x0cd4  Serial - ok
16:18:47.0279 0x0cd4  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:18:47.0310 0x0cd4  sermouse - ok
16:18:47.0373 0x0cd4  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
16:18:47.0482 0x0cd4  SessionEnv - ok
16:18:47.0497 0x0cd4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:18:47.0544 0x0cd4  sfloppy - ok
16:18:47.0607 0x0cd4  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:18:47.0685 0x0cd4  SharedAccess - ok
16:18:47.0763 0x0cd4  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:18:47.0904 0x0cd4  ShellHWDetection - ok
16:18:47.0935 0x0cd4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:18:47.0951 0x0cd4  SiSRaid2 - ok
16:18:47.0982 0x0cd4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:18:47.0997 0x0cd4  SiSRaid4 - ok
16:18:48.0044 0x0cd4  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:18:48.0076 0x0cd4  SkypeUpdate - ok
16:18:48.0107 0x0cd4  [ 326909AB6E2C3269C7CCAE0EEB941072, C87FC4E2BB265252B7B27A08C1883B397E161299CCDF5346F6A594DFFB69254F ] SmbDrv          C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys
16:18:48.0122 0x0cd4  SmbDrv - ok
16:18:48.0169 0x0cd4  [ 1F7AF7DC78C8137332ABBBBAA7D83D7C, 8DB0A2E6B7DF29E418D9B6E8A369C6409295E61CDE52BB76979864C1CF05ADF6 ] SmbDrvI         C:\Windows\System32\drivers\Smb_driver_Intel.sys
16:18:48.0185 0x0cd4  SmbDrvI - ok
16:18:48.0248 0x0cd4  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
16:18:48.0279 0x0cd4  smphost - ok
16:18:48.0326 0x0cd4  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:18:48.0388 0x0cd4  SNMPTRAP - ok
16:18:48.0513 0x0cd4  [ BEBFF064A8DC3C2FF634B7CFDCF6778B, DB49FDBB625112EFABC9E893DB61DD2E92F1BD06191450C33BF95FCEF0F415AA ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
16:18:48.0560 0x0cd4  Sophos AutoUpdate Service - ok
16:18:48.0654 0x0cd4  [ E26625A4A22E5BADF495B8FB613F27AD, C040328B0838A1DD2F5E12863611B3755681697D1ADA2F0C014694762B4F8F72 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
16:18:48.0748 0x0cd4  Sophos Web Control Service - ok
16:18:48.0779 0x0cd4  [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
16:18:48.0794 0x0cd4  SophosBootDriver - ok
16:18:48.0857 0x0cd4  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:18:48.0904 0x0cd4  spaceport - ok
16:18:48.0935 0x0cd4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:18:48.0951 0x0cd4  SpbCx - ok
16:18:48.0997 0x0cd4  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
16:18:49.0185 0x0cd4  Spooler - ok
16:18:49.0498 0x0cd4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
16:18:49.0966 0x0cd4  sppsvc - ok
16:18:50.0029 0x0cd4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:18:50.0154 0x0cd4  srv - ok
16:18:50.0232 0x0cd4  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:18:50.0326 0x0cd4  srv2 - ok
16:18:50.0373 0x0cd4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:18:50.0451 0x0cd4  srvnet - ok
16:18:50.0529 0x0cd4  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:18:50.0560 0x0cd4  SSDPSRV - ok
16:18:50.0607 0x0cd4  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:18:50.0654 0x0cd4  SstpSvc - ok
16:18:50.0732 0x0cd4  [ EBAA82F7C9B97C0E450449178E007340, D470927CC216C4E3EA23236E6C6464187CD3A49C3A4A456F488FEC8E713EA31B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:18:50.0826 0x0cd4  Steam Client Service - ok
16:18:50.0857 0x0cd4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:18:50.0888 0x0cd4  stexstor - ok
16:18:51.0013 0x0cd4  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
16:18:51.0185 0x0cd4  stisvc - ok
16:18:51.0201 0x0cd4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:18:51.0232 0x0cd4  storahci - ok
16:18:51.0279 0x0cd4  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:18:51.0294 0x0cd4  storflt - ok
16:18:51.0341 0x0cd4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
16:18:51.0357 0x0cd4  stornvme - ok
16:18:51.0388 0x0cd4  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
16:18:51.0451 0x0cd4  StorSvc - ok
16:18:51.0482 0x0cd4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:18:51.0498 0x0cd4  storvsc - ok
16:18:51.0560 0x0cd4  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
16:18:51.0669 0x0cd4  svsvc - ok
16:18:51.0716 0x0cd4  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
16:18:51.0763 0x0cd4  swenum - ok
16:18:51.0810 0x0cd4  [ 6E08BD408572E27A6BD1ED615A2AFA84, FACA5D621F34B6DA9B18096D817531A268EC1DC07B03B68D740BC8095EB1083C ] swi_callout     C:\Windows\system32\DRIVERS\swi_callout.sys
16:18:51.0841 0x0cd4  swi_callout - ok
16:18:51.0951 0x0cd4  [ 924EB991407B4628D176749A94241E66, F34EDBE913ACFAAD66093CB78D68996BC1205A9B68F3A834F65304F2508770C7 ] swi_filter      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
16:18:52.0232 0x0cd4  swi_filter - ok
16:18:52.0498 0x0cd4  [ C21DC9916D355CAE580D61080BDAB2B0, 87CD569B97311B69972A8FC7BD56F54D2E49AE2D3805FE379FF29E7D74DA09C9 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:18:52.0669 0x0cd4  swi_service - ok
16:18:52.0748 0x0cd4  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
16:18:52.0841 0x0cd4  swprv - ok
16:18:52.0966 0x0cd4  [ 6843FF634C373DE7F150E144054ABE1C, 33CA8155A32A174B446FDE08F3F57A69DC928F3BFCBEE1C1DA569BACB541975C ] Synergy         C:\Program Files\Synergy\synergyd.exe
16:18:52.0998 0x0cd4  Synergy - detected UnsignedFile.Multi.Generic ( 1 )
16:18:55.0419 0x0cd4  Detect skipped due to KSN trusted
16:18:55.0419 0x0cd4  Synergy - ok
16:18:55.0498 0x0cd4  [ DDA4B552BA383E7F412F943494C2304B, 61A39C2F5AFA17701CAC3D6981F199EE134263B2E0F3FDE1FDB05F4A6FD0A17A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:18:55.0560 0x0cd4  SynTP - ok
16:18:55.0623 0x0cd4  [ F3D82C9C54F220F1B4F72D3C1B52F29F, EE748878E0822C1085BD9DCD760814DBB1EAA4A475B7D6921A4722FE48EB6F4B ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
16:18:55.0638 0x0cd4  SynTPEnhService - ok
16:18:55.0748 0x0cd4  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\Windows\system32\sysmain.dll
16:18:55.0935 0x0cd4  SysMain - ok
16:18:55.0998 0x0cd4  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:18:56.0169 0x0cd4  SystemEventsBroker - ok
16:18:56.0232 0x0cd4  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:18:56.0357 0x0cd4  TabletInputService - ok
16:18:56.0419 0x0cd4  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:18:56.0482 0x0cd4  TapiSrv - ok
16:18:56.0623 0x0cd4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:18:56.0763 0x0cd4  Tcpip - ok
16:18:56.0919 0x0cd4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:18:57.0029 0x0cd4  TCPIP6 - ok
16:18:57.0060 0x0cd4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:18:57.0138 0x0cd4  tcpipreg - ok
16:18:57.0201 0x0cd4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:18:57.0232 0x0cd4  tdx - ok
16:18:57.0248 0x0cd4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:18:57.0279 0x0cd4  terminpt - ok
16:18:57.0373 0x0cd4  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
16:18:57.0451 0x0cd4  TermService - ok
16:18:57.0482 0x0cd4  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
16:18:57.0529 0x0cd4  Themes - ok
16:18:57.0576 0x0cd4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:18:57.0607 0x0cd4  THREADORDER - ok
16:18:57.0654 0x0cd4  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:18:57.0748 0x0cd4  TimeBroker - ok
16:18:57.0794 0x0cd4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
16:18:57.0841 0x0cd4  TPM - ok
16:18:57.0919 0x0cd4  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
16:18:57.0998 0x0cd4  TrkWks - ok
16:18:58.0107 0x0cd4  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:18:58.0248 0x0cd4  TrustedInstaller - ok
16:18:58.0294 0x0cd4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:18:58.0341 0x0cd4  TsUsbFlt - ok
16:18:58.0419 0x0cd4  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:18:58.0544 0x0cd4  TsUsbGD - ok
16:18:58.0654 0x0cd4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:18:58.0685 0x0cd4  tunnel - ok
16:18:58.0857 0x0cd4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:18:58.0888 0x0cd4  uagp35 - ok
16:18:58.0966 0x0cd4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:18:58.0982 0x0cd4  UASPStor - ok
16:18:59.0091 0x0cd4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:18:59.0123 0x0cd4  UCX01000 - ok
16:19:00.0406 0x0cd4  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:19:00.0453 0x0cd4  udfs - ok
16:19:00.0531 0x0cd4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
16:19:00.0547 0x0cd4  UEFI - ok
16:19:00.0609 0x0cd4  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:19:01.0062 0x0cd4  UI0Detect - ok
16:19:01.0172 0x0cd4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:19:01.0203 0x0cd4  uliagpkx - ok
16:19:01.0218 0x0cd4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:19:01.0250 0x0cd4  umbus - ok
16:19:01.0312 0x0cd4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:19:01.0515 0x0cd4  UmPass - ok
16:19:01.0609 0x0cd4  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:19:01.0937 0x0cd4  UmRdpService - ok
16:19:02.0015 0x0cd4  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
16:19:02.0062 0x0cd4  upnphost - ok
16:19:02.0203 0x0cd4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:19:02.0234 0x0cd4  usbccgp - ok
16:19:02.0312 0x0cd4  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:19:02.0437 0x0cd4  usbcir - ok
16:19:02.0547 0x0cd4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:19:02.0578 0x0cd4  usbehci - ok
16:19:02.0625 0x0cd4  [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:19:02.0640 0x0cd4  usbfilter - ok
16:19:02.0765 0x0cd4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:19:02.0797 0x0cd4  usbhub - ok
16:19:02.0953 0x0cd4  [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:19:03.0000 0x0cd4  USBHUB3 - ok
16:19:03.0109 0x0cd4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:19:03.0250 0x0cd4  usbohci - ok
16:19:03.0281 0x0cd4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:19:03.0328 0x0cd4  usbprint - ok
16:19:03.0375 0x0cd4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:19:03.0390 0x0cd4  USBSTOR - ok
16:19:03.0437 0x0cd4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:19:03.0484 0x0cd4  usbuhci - ok
16:19:03.0531 0x0cd4  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:19:03.0625 0x0cd4  usbvideo - ok
16:19:03.0718 0x0cd4  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:19:03.0750 0x0cd4  USBXHCI - ok
16:19:03.0765 0x0cd4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
16:19:03.0797 0x0cd4  VaultSvc - ok
16:19:03.0843 0x0cd4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:19:03.0875 0x0cd4  vdrvroot - ok
16:19:03.0968 0x0cd4  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
16:19:04.0078 0x0cd4  vds - ok
16:19:04.0140 0x0cd4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:19:04.0172 0x0cd4  VerifierExt - ok
16:19:04.0390 0x0cd4  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:19:04.0437 0x0cd4  vhdmp - ok
16:19:04.0484 0x0cd4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:19:04.0500 0x0cd4  viaide - ok
16:19:04.0578 0x0cd4  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:19:04.0609 0x0cd4  vmbus - ok
16:19:04.0656 0x0cd4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:19:04.0703 0x0cd4  VMBusHID - ok
16:19:04.0781 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:19:04.0922 0x0cd4  vmicguestinterface - ok
16:19:04.0968 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:19:05.0015 0x0cd4  vmicheartbeat - ok
16:19:05.0062 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:19:05.0109 0x0cd4  vmickvpexchange - ok
16:19:05.0156 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:19:05.0187 0x0cd4  vmicrdv - ok
16:19:05.0250 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:19:05.0297 0x0cd4  vmicshutdown - ok
16:19:05.0328 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:19:05.0375 0x0cd4  vmictimesync - ok
16:19:05.0406 0x0cd4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:19:05.0453 0x0cd4  vmicvss - ok
16:19:05.0515 0x0cd4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:19:05.0547 0x0cd4  volmgr - ok
16:19:05.0593 0x0cd4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:19:05.0625 0x0cd4  volmgrx - ok
16:19:05.0765 0x0cd4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:19:05.0797 0x0cd4  volsnap - ok
16:19:05.0828 0x0cd4  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
16:19:05.0843 0x0cd4  vpci - ok
16:19:05.0906 0x0cd4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:19:05.0922 0x0cd4  vsmraid - ok
16:19:06.0062 0x0cd4  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\Windows\system32\vssvc.exe
16:19:06.0218 0x0cd4  VSS - ok
16:19:06.0296 0x0cd4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:19:06.0328 0x0cd4  VSTXRAID - ok
16:19:06.0375 0x0cd4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:19:06.0484 0x0cd4  vwifibus - ok
16:19:06.0562 0x0cd4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:19:06.0687 0x0cd4  vwififlt - ok
16:19:06.0734 0x0cd4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:19:06.0812 0x0cd4  vwifimp - ok
16:19:06.0890 0x0cd4  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
16:19:07.0125 0x0cd4  W32Time - ok
16:19:07.0265 0x0cd4  [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc        C:\Windows\system32\inetsrv\w3logsvc.dll
16:19:07.0468 0x0cd4  w3logsvc - ok
16:19:07.0515 0x0cd4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:19:07.0578 0x0cd4  WacomPen - ok
16:19:07.0656 0x0cd4  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:19:07.0687 0x0cd4  Wanarp - ok
16:19:07.0703 0x0cd4  [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:19:07.0718 0x0cd4  Wanarpv6 - ok
16:19:07.0828 0x0cd4  [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
16:19:08.0078 0x0cd4  WAS - ok
16:19:08.0218 0x0cd4  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
16:19:08.0406 0x0cd4  wbengine - ok
16:19:08.0484 0x0cd4  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:19:08.0609 0x0cd4  WbioSrvc - ok
16:19:08.0734 0x0cd4  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:19:08.0781 0x0cd4  Wcmsvc - ok
16:19:08.0843 0x0cd4  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:19:08.0890 0x0cd4  wcncsvc - ok
16:19:08.0984 0x0cd4  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:19:09.0078 0x0cd4  WcsPlugInService - ok
16:19:09.0172 0x0cd4  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:19:09.0218 0x0cd4  WdBoot - ok
16:19:09.0297 0x0cd4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:19:09.0343 0x0cd4  Wdf01000 - ok
16:19:09.0375 0x0cd4  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:19:09.0406 0x0cd4  WdFilter - ok
16:19:09.0468 0x0cd4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:19:09.0500 0x0cd4  WdiServiceHost - ok
16:19:09.0531 0x0cd4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:19:09.0562 0x0cd4  WdiSystemHost - ok
16:19:09.0656 0x0cd4  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
16:19:09.0687 0x0cd4  WdNisDrv - ok
16:19:09.0781 0x0cd4  WdNisSvc - ok
16:19:09.0859 0x0cd4  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\Windows\System32\webclnt.dll
16:19:10.0031 0x0cd4  WebClient - ok
16:19:10.0125 0x0cd4  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:19:10.0187 0x0cd4  Wecsvc - ok
16:19:10.0250 0x0cd4  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
16:19:10.0359 0x0cd4  WEPHOSTSVC - ok
16:19:10.0437 0x0cd4  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:19:10.0562 0x0cd4  wercplsupport - ok
16:19:10.0640 0x0cd4  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
16:19:10.0703 0x0cd4  WerSvc - ok
16:19:10.0781 0x0cd4  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:19:10.0812 0x0cd4  WFPLWFS - ok
16:19:10.0890 0x0cd4  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:19:10.0937 0x0cd4  WiaRpc - ok
16:19:11.0015 0x0cd4  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:19:11.0031 0x0cd4  WIMMount - ok
16:19:11.0047 0x0cd4  WinDefend - ok
16:19:11.0156 0x0cd4  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:19:11.0234 0x0cd4  WinHttpAutoProxySvc - ok
16:19:11.0531 0x0cd4  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:19:11.0672 0x0cd4  Winmgmt - ok
16:19:11.0859 0x0cd4  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:19:12.0156 0x0cd4  WinRM - ok
16:19:12.0234 0x0cd4  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:19:12.0265 0x0cd4  WinUsb - ok
16:19:12.0343 0x0cd4  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
16:19:12.0375 0x0cd4  WirelessButtonDriver - ok
16:19:12.0531 0x0cd4  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:19:12.0890 0x0cd4  WlanSvc - ok
16:19:13.0047 0x0cd4  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:19:13.0343 0x0cd4  wlidsvc - ok
16:19:13.0390 0x0cd4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:19:13.0484 0x0cd4  WmiAcpi - ok
16:19:13.0547 0x0cd4  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:19:13.0593 0x0cd4  wmiApSrv - ok
16:19:13.0672 0x0cd4  WMPNetworkSvc - ok
16:19:13.0734 0x0cd4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
16:19:13.0765 0x0cd4  Wof - ok
16:19:13.0922 0x0cd4  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
16:19:14.0140 0x0cd4  workfolderssvc - ok
16:19:14.0203 0x0cd4  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:19:14.0218 0x0cd4  wpcfltr - ok
16:19:14.0265 0x0cd4  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:19:14.0359 0x0cd4  WPCSvc - ok
16:19:14.0422 0x0cd4  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:19:14.0562 0x0cd4  WPDBusEnum - ok
16:19:14.0593 0x0cd4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:19:14.0625 0x0cd4  WpdUpFltr - ok
16:19:14.0703 0x0cd4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:19:14.0750 0x0cd4  ws2ifsl - ok
16:19:14.0812 0x0cd4  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:19:14.0875 0x0cd4  wscsvc - ok
16:19:14.0875 0x0cd4  WSearch - ok
16:19:15.0375 0x0cd4  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
16:19:15.0593 0x0cd4  WSService - ok
16:19:15.0843 0x0cd4  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:19:16.0125 0x0cd4  wuauserv - ok
16:19:16.0265 0x0cd4  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:19:16.0390 0x0cd4  WudfPf - ok
16:19:16.0468 0x0cd4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:19:16.0500 0x0cd4  WUDFRd - ok
16:19:16.0547 0x0cd4  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:19:16.0609 0x0cd4  wudfsvc - ok
16:19:16.0640 0x0cd4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
16:19:16.0656 0x0cd4  WUDFWpdFs - ok
16:19:16.0672 0x0cd4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
16:19:16.0703 0x0cd4  WUDFWpdMtp - ok
16:19:16.0765 0x0cd4  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:19:16.0875 0x0cd4  WwanSvc - ok
16:19:16.0953 0x0cd4  [ F3D7F968E6A4A37F6BBC1F4B737E6C41, 92B39BEB51BC38EE19B8A3D8DBC67AEFA71EFF6642B6338FF0749053A939E4DB ] XFDriver64      C:\Program Files (x86)\Xfire2\XFDriver64.sys
16:19:16.0968 0x0cd4  XFDriver64 - ok
16:19:16.0984 0x0cd4  ================ Scan global ===============================
16:19:17.0071 0x0cd4  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
16:19:17.0125 0x0cd4  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
16:19:17.0172 0x0cd4  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
16:19:17.0235 0x0cd4  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:19:17.0235 0x0cd4  [ Global ] - ok
16:19:17.0235 0x0cd4  ================ Scan MBR ==================================
16:19:17.0266 0x0cd4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:19:17.0516 0x0cd4  \Device\Harddisk0\DR0 - ok
16:19:17.0516 0x0cd4  ================ Scan VBR ==================================
16:19:17.0578 0x0cd4  [ CBC29FA30B5C97E5115ABBBED092A6A3 ] \Device\Harddisk0\DR0\Partition1
16:19:17.0594 0x0cd4  \Device\Harddisk0\DR0\Partition1 - ok
16:19:17.0625 0x0cd4  [ 447E4F363FE9107CE44E2AB2C22023F7 ] \Device\Harddisk0\DR0\Partition2
16:19:17.0641 0x0cd4  \Device\Harddisk0\DR0\Partition2 - ok
16:19:17.0657 0x0cd4  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
16:19:17.0672 0x0cd4  \Device\Harddisk0\DR0\Partition3 - ok
16:19:17.0703 0x0cd4  [ 4E7FCACC069501C2F918449A1640AEE0 ] \Device\Harddisk0\DR0\Partition4
16:19:17.0766 0x0cd4  \Device\Harddisk0\DR0\Partition4 - ok
16:19:17.0797 0x0cd4  [ E93B3FF6DF4605EE1E12AC2257F35EA8 ] \Device\Harddisk0\DR0\Partition5
16:19:17.0844 0x0cd4  \Device\Harddisk0\DR0\Partition5 - ok
16:19:17.0844 0x0cd4  ================ Scan generic autorun ======================
16:19:18.0172 0x0cd4  [ 074B2C777090821E020B404AF5BF97AD, 26DF9B3A153B2BCB6ED4DBB66CC9429790854095439119A618B05ECEBFB31F12 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:19:18.0500 0x0cd4  RTHDVCPL - ok
16:19:18.0781 0x0cd4  [ DE9938F17D9B173B1CA83E218F03CCC0, BC007746535036743640A17E4AB495114F1370A7522BA6391309266C0B7789A2 ] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
16:19:18.0985 0x0cd4  SimplePass - ok
16:19:19.0031 0x0cd4  [ 9159063E3EF84A832DB5251447BACE9C, EE1DD20A5176816F484DD6945674750F43EC37B13355815FD20459097028EAA5 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
16:19:19.0063 0x0cd4  OPBHOBroker - ok
16:19:19.0078 0x0cd4  [ AC382EA1AA21E592C808E46D95E6533D, B2941B6AAB48C245B47E94C74F0A1149A66428586ED3747C74C45BBFDA03741E ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
16:19:19.0110 0x0cd4  OPBHOBrokerDesktop - ok
16:19:19.0110 0x0cd4  SynTPEnh - ok
16:19:19.0188 0x0cd4  [ 690EB331346D7ADFDA18E50042DEA4B4, 0C219D7A5FCD4E0252C815373E67F843DBD7356FAE7AB836C451068B51438FE7 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
16:19:19.0266 0x0cd4  Classic Start Menu - detected UnsignedFile.Multi.Generic ( 1 )
16:19:21.0632 0x0cd4  Detect skipped due to KSN trusted
16:19:21.0632 0x0cd4  Classic Start Menu - ok
16:19:21.0789 0x0cd4  [ 1E41BAC800ABEF1DA2C42EB843D0077D, FBD05FF7442E4880183E736E1D000011FD791EDDED796AC8234CF4D4A6905636 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
16:19:21.0851 0x0cd4  StartCCC - ok
16:19:21.0960 0x0cd4  [ FD8635F0976F6538C43CD306AF4A3BE5, 6108A2B39DEF7947317F2BEC881153939A1122391AEEE85356C3915AF2FFE9AC ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
16:19:22.0007 0x0cd4  AccelerometerSysTrayApplet - ok
16:19:22.0101 0x0cd4  [ 09754C6F49A08D94CBB828E125F179FD, A3DE2F2B2245FF198D517AB60174C386F28F456A528D0EAF2124B1C97C2D324C ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
16:19:22.0273 0x0cd4  HPMessageService - ok
16:19:22.0429 0x0cd4  [ FABF67C8EC45DB0D5874B191BAEC0E2F, 031BF0540DFE35A3D587105F210081B610CC33E1495E529F5EF45FC80FC7684E ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
16:19:22.0632 0x0cd4  Sophos AutoUpdate Monitor - ok
16:19:23.0851 0x0cd4  [ 8CE446C0CF4EBD684DE6F4609E62B782, ECA1B11CE63FC297532FF217A9AA4AF06A4A6366B29A4B64A9D61084E750E9A7 ] C:\Program Files (x86)\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
16:19:25.0351 0x0cd4  QPilotClientGUI - detected UnsignedFile.Multi.Generic ( 1 )
16:19:27.0773 0x0cd4  QPilotClientGUI ( UnsignedFile.Multi.Generic ) - warning
16:19:27.0773 0x0cd4  Force sending object to P2P due to detect: C:\Program Files (x86)\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
16:19:30.0710 0x0cd4  Object send P2P result: true
16:19:33.0218 0x0cd4  AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.3.6.0 ), 0x51000 ( enabled : updated )
16:19:33.0375 0x0cd4  Win FW state via NFP2: enabled
16:19:35.0859 0x0cd4  ============================================================
16:19:35.0859 0x0cd4  Scan finished
16:19:35.0859 0x0cd4  ============================================================
16:19:35.0875 0x0970  Detected object count: 2
16:19:35.0875 0x0970  Actual detected object count: 2
16:19:41.0905 0x0970  QPilotClientService ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:41.0905 0x0970  QPilotClientService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:19:41.0905 0x0970  QPilotClientGUI ( UnsignedFile.Multi.Generic ) - skipped by user
16:19:41.0905 0x0970  QPilotClientGUI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:20:31.0221 0x0c04  Deinitialize success

Das mit Q-Pilot im TDSS-Killer halt ich für Quatsch. Es handelt sich dabei um eine (gewollte) Software zur Ansteuerung unseres Netzwerkdruckers

Schomäcker GmbH Card Solutions

schrauber · 16.06.2015, 11:25

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Sophos findet mookie1.com - Infektion auf allen Webseiten

Plagegeister aller Art und deren Bekämpfung: Sophos findet mookie1.com - Infektion auf allen Webseiten