| |
| |||||||
Log-Analyse und Auswertung: Vermutete Virus-InfektionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.08.2015, 19:47
| #1 |
| |  Vermutete Virus-Infektion Hallo zusammen, ich vermute eine Infizierung meines Rechners und würde ich daher gerne mal drauf schauen lassen. Ich danke euch! FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
durchgeführt von Acer (Administrator) auf ACER-PC (16-08-2015 20:37:09)
Gestartet von C:\Users\Acer\Downloads
Geladene Profile: Acer (Verfügbare Profile: Acer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [877600 2010-02-22] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-09] (Google Inc.)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\Run: [Dropbox Update] => C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ACHTUNG
AutoConfigURL: [S-1-5-21-4176456405-1835366957-2564523001-1000] => file://C:\Program Files (x86)\ToggleMark\bin\Pac9064.js
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FC5CEC63-D0C7-4970-A918-A0A30B9B4AC2}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q5xhenuy.default-1412876105243
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Video DownloadHelper - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q5xhenuy.default-1412876105243\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q5xhenuy.default-1412876105243\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-03-07]
Chrome:
=======
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-31]
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Google Sheets) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-31]
CHR Extension: (Avira Browser Safety) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Citavi Picker) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-08-31]
CHR Extension: (Gmail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files (x86)\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-30] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-23] (Microsoft Corporation)
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ACHTUNG
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [25144 2013-04-11] () [Datei ist nicht signiert]
S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-16 20:37 - 2015-08-16 20:37 - 00017139 _____ C:\Users\Acer\Downloads\FRST.txt
2015-08-16 20:36 - 2015-08-16 20:36 - 02173440 _____ (Farbar) C:\Users\Acer\Downloads\FRST64.exe
2015-08-16 20:33 - 2015-08-16 20:33 - 00050477 _____ C:\Users\Acer\Downloads\Defogger.exe
2015-08-16 20:33 - 2015-08-16 20:33 - 00000470 _____ C:\Users\Acer\Downloads\defogger_disable.log
2015-08-16 19:54 - 2015-08-16 20:35 - 00000000 ____D C:\Users\Acer\AppData\Roaming\FreshDiagnose
2015-08-16 19:52 - 2015-08-16 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
2015-08-16 19:52 - 2015-08-16 19:52 - 00000000 ____D C:\Program Files (x86)\FreshDevices
2015-08-16 19:49 - 2015-08-16 19:49 - 01260832 _____ C:\Users\Acer\Downloads\Fresh Diagnose - CHIP-Installer.exe
2015-08-16 19:47 - 2015-08-16 19:47 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-16 19:45 - 2015-08-16 19:45 - 05375464 _____ (Piriform Ltd) C:\Users\Acer\Downloads\ccsetup508_slim.exe
2015-08-16 18:22 - 2015-08-16 18:22 - 00145379 _____ C:\Users\Acer\Desktop\url_link-2.04.3-tb+fx.xpi
2015-08-15 12:39 - 2015-08-16 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-13 08:23 - 2015-08-13 08:23 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-11 23:39 - 2015-08-11 23:41 - 00000000 ____D C:\Users\Acer\Documents\OpenRA
2015-08-11 23:35 - 2015-08-12 14:37 - 00000000 ____D C:\Program Files (x86)\OpenRA
2015-08-11 23:35 - 2015-08-11 23:35 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenRA
2015-07-31 22:21 - 2015-08-01 12:20 - 00000000 ____D C:\Users\Acer\Desktop\Neuer Ordner
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-16 20:37 - 2014-08-31 13:00 - 00000000 ____D C:\FRST
2015-08-16 20:29 - 2014-02-09 15:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-16 20:07 - 2014-03-18 16:03 - 00000000 ____D C:\Users\Acer\Desktop\Dropbox
2015-08-16 20:05 - 2014-01-23 13:18 - 01605265 _____ C:\Windows\WindowsUpdate.log
2015-08-16 20:04 - 2014-02-09 15:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 19:55 - 2014-12-26 23:19 - 00000000 ____D C:\Users\Acer\AppData\Local\PokerStars.EU
2015-08-16 19:55 - 2014-12-26 23:18 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2015-08-16 19:54 - 2014-03-07 11:14 - 00000000 ____D C:\Program Files\PDFCreator
2015-08-16 19:54 - 2014-01-23 13:09 - 00000000 ____D C:\Windows\Panther
2015-08-16 19:50 - 2015-06-17 11:39 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000UA.job
2015-08-16 19:50 - 2015-06-17 11:39 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000Core.job
2015-08-16 19:47 - 2014-03-07 11:26 - 00000000 ____D C:\Program Files\CCleaner
2015-08-16 19:40 - 2009-07-14 06:45 - 00023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 19:40 - 2009-07-14 06:45 - 00023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 14:21 - 2014-02-09 15:21 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-14 16:08 - 2009-07-14 19:58 - 00702890 _____ C:\Windows\system32\perfh007.dat
2015-08-14 16:08 - 2009-07-14 19:58 - 00150498 _____ C:\Windows\system32\perfc007.dat
2015-08-14 16:08 - 2009-07-14 07:13 - 01628108 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-13 10:36 - 2014-01-24 09:49 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 10:29 - 2014-01-24 09:49 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 08:24 - 2014-03-07 11:07 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Dropbox
2015-08-13 08:22 - 2014-03-07 11:28 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize.job
2015-08-13 08:22 - 2014-02-09 15:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-13 08:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-13 00:55 - 2014-03-07 11:39 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2015-08-12 15:35 - 2014-02-09 15:59 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 15:35 - 2014-02-09 15:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 15:35 - 2014-02-09 15:59 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 14:37 - 2009-07-14 20:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-12 14:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-08-12 13:41 - 2014-01-23 14:20 - 00000000 ____D C:\Users\Acer
2015-08-07 12:30 - 2014-03-07 14:34 - 00000000 ____D C:\Users\Acer\Documents\Citavi 4
2015-08-06 13:25 - 2015-05-03 11:41 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430646105
2015-08-06 13:25 - 2015-05-03 11:41 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-31 14:41 - 2015-05-03 11:39 - 00000000 ____D C:\Program Files (x86)\CDex
2015-07-31 14:40 - 2015-05-03 11:37 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Ripper 2
2015-07-30 12:34 - 2014-10-09 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-30 12:33 - 2014-10-09 19:23 - 00162528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-07-30 12:33 - 2014-10-09 19:23 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-22 14:02 - 2014-10-18 22:32 - 00000000 ____D C:\Users\Acer\AppData\Roaming\vlc
2015-07-21 09:19 - 2014-02-09 21:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-18 22:28 - 2015-01-06 10:20 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-17 19:45 - 2015-06-17 11:39 - 00004188 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000UA
2015-07-17 19:45 - 2015-06-17 11:39 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000Core
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-03-05 18:24 - 2015-03-05 18:24 - 0000879 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2014-04-30 12:59 - 2014-04-30 12:59 - 0000017 _____ () C:\Users\Acer\AppData\Local\resmon.resmoncfg
2014-07-14 20:00 - 2014-07-14 20:00 - 0001534 _____ () C:\ProgramData\ss.ini
Einige Dateien in TEMP:
====================
C:\Users\Acer\AppData\Local\Temp\avgnt.exe
C:\Users\Acer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzi_ydk.dll
C:\Users\Acer\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-08-12 14:15
==================== Ende von Ergebnis ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-08-2015
durchgeführt von Acer (2015-08-16 20:38:05)
Gestartet von C:\Users\Acer\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Acer (S-1-5-21-4176456405-1835366957-2564523001-1000 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-4176456405-1835366957-2564523001-500 - Administrator - Disabled)
Gast (S-1-5-21-4176456405-1835366957-2564523001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4176456405-1835366957-2564523001-1003 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}) (Version: 1.3.17.05006 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.3.17.05006 - Alcor Micro Corp.) Hidden
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version: - )
Dropbox (HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.53.113 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.53.113 - DVDVideoSoft Ltd.)
FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.00.1005 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero CoverDesigner (HKLM-x32\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.9.1 - pdfforge)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
ZDATA (HKLM-x32\...\{52B97371-A2FA-4888-ACEB-EAE515226950}) (Version: 4.0 - Verlag Dieter Zimpel)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4176456405-1835366957-2564523001-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll Keine Datei
==================== Wiederherstellungspunkte =========================
13-08-2015 10:28:02 Windows Update
13-08-2015 10:36:47 Windows Update
14-08-2015 08:32:03 Windows Update
14-08-2015 08:40:40 Windows Update
15-08-2015 03:51:42 Windows Update
15-08-2015 03:55:32 Windows Update
15-08-2015 23:06:48 Windows Update
16-08-2015 03:00:13 Windows Update
16-08-2015 19:31:08 Windows Update
16-08-2015 19:56:35 Removed ATI Catalyst Install Manager
16-08-2015 20:04:00 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2014-08-31 17:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {067576B0-0021-4D2E-AF99-F5AC5D4C85E3} - System32\Tasks\Opera scheduled Autoupdate 1430646105 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)
Task: {1F7D6763-17C0-4AB2-943E-C67F50BE5F77} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {4A972885-A7BA-413E-9380-8F7DFAC1332C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {57E678CE-66B9-4E2F-A3A0-994B0CDA513D} - System32\Tasks\{CFBDA2A2-15A9-418B-BE86-5B0A8633C199} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain
Task: {6B6F7BBA-395B-49AB-BFE1-2FB21C10D148} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ACHTUNG
Task: {71F93557-C3EA-4EAA-BB0C-4ED7E1AB5F91} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7E1D1B4A-159E-45D8-A6D8-B94B7E7DFE0F} - System32\Tasks\{848824FA-99E2-4FC3-BB83-FCA2C1725AC6} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.64.104/de/abandoninstall?page=tsProgressBar
Task: {BA0BDBEA-5A03-451B-BFA3-F6010812A878} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {C910CC7B-1943-4F19-8BF2-BC3D60DF89FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000Core => C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {D1308DE7-A90C-49C4-A415-C2D27DF5003E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000UA => C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {E086AB0D-C464-47C8-BAB4-0BAD53D15441} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)
Task: {F8846281-9550-44D4-A922-278610359A23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {FC5E7C6A-B344-478F-B48E-1435F02C7761} - System32\Tasks\{3F7C2882-BA60-4B94-A526-2376DE9EB2F5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.64.104/de/abandoninstall?page=tsProgressBar
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000Core.job => C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000UA.job => C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-01-23 17:18 - 2009-12-23 18:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-08-13 08:24 - 2015-08-13 08:24 - 00071168 ____N () c:\users\acer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzi_ydk.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00012800 _____ () C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00779776 _____ () C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 13:53 - 2015-08-05 22:49 - 00056320 _____ () C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00012288 _____ () C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2006-10-26 14:56 - 2006-10-26 14:56 - 00757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4176456405-1835366957-2564523001-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{75F06FBE-37EC-4E66-857B-02DDA9980246}] => (Allow) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A16AAE08-A8D9-41B8-B4CD-CB35BC13D15B}] => (Allow) C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3D2B2587-AAF2-47AC-89D2-62B400F0BCD1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7F685641-57B0-4822-B999-D124AB1C257A}C:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{916A936E-08A6-4930-908B-C317570541BF}C:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\acer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{1E5278E8-C29D-4EBC-A3DF-3E8AAE398611}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [UDP Query User{1CB211BE-6A0B-4DEF-800E-1FE87B85E3E3}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [{8087AD9B-569A-4298-901D-23EFC41197D1}] => (Allow) LPort=80
FirewallRules: [{50C1C55E-F3B0-433B-B994-C3BF52759DDA}] => (Allow) LPort=2300
FirewallRules: [{4AAB9C05-BDFF-41AD-98D8-93BB01520F89}] => (Allow) C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe
FirewallRules: [{6D13E052-A84E-4EF3-AA8A-25538BC10854}] => (Allow) C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe
FirewallRules: [{C62824DB-A782-4EA1-A1C6-E56DC762A0C4}] => (Allow) C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe
FirewallRules: [{904F3CF1-C7A1-47E5-BF1B-FC84BCF4CF48}] => (Allow) C:\Program Files (x86)\ToggleMark\bin\ToggleMark.BRT.Helper.exe
FirewallRules: [{15AC2CC5-F2E6-4737-8179-026306DDFD94}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{DB4750B0-FAA6-4A69-A149-27A92A7B17D9}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{ABF70720-D8C0-4C44-A385-0B47E5D2970D}C:\users\acer\desktop\homeworld2\bin\release\homeworld2.exe] => (Allow) C:\users\acer\desktop\homeworld2\bin\release\homeworld2.exe
FirewallRules: [UDP Query User{E5EFC378-1EA0-410B-9B0A-3892A3401539}C:\users\acer\desktop\homeworld2\bin\release\homeworld2.exe] => (Allow) C:\users\acer\desktop\homeworld2\bin\release\homeworld2.exe
FirewallRules: [TCP Query User{2D02C7CD-9683-486E-BF5A-B547C0687B86}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{305582E4-FAF1-4364-91C9-D9F1C13C07A4}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{5CED1E4E-1BB9-4232-ADA9-F62C1EA55537}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{824091DE-B578-4B1B-879A-4893CBCB09A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{23C10E08-7333-4B85-85BB-EE5567B411EF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{078C7636-38B0-4A83-B54E-F808C3502A54}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7CF6A992-E89E-44DA-AD2B-EE2D031C745D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/16/2015 07:38:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.2.5702, Zeitstempel: 0x55cc03bd
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.2.5702, Zeitstempel: 0x55cbf190
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e631
ID des fehlerhaften Prozesses: 0x124c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/16/2015 07:37:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 40.0.2.5702 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1904
Startzeit: 01d0d77d2454aa4c
Endzeit: 2111
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error: (08/14/2015 07:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 40.0.0.5697 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11d8
Startzeit: 01d0d5907036ed60
Endzeit: 1238
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 1c52d0ae-42a6-11e5-a4bc-60eb69e20f15
Error: (08/14/2015 07:01:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.0.5697, Zeitstempel: 0x55c4fdca
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.0.5697, Zeitstempel: 0x55c4ec16
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e254
ID des fehlerhaften Prozesses: 0x1b08
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/13/2015 08:22:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
bei NLog.LogFactory.get_Configuration()
bei NLog.LogFactory.GetLogger(LoggerCacheKey)
bei NLog.LogFactory.GetLogger(System.String)
bei NLog.LogManager.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/13/2015 08:22:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
bei NLog.LogFactory.get_Configuration()
bei NLog.LogFactory.GetLogger(LoggerCacheKey)
bei NLog.LogFactory.GetLogger(System.String)
bei NLog.LogManager.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/13/2015 08:22:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.27.25537, Zeitstempel: 0x546de872
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e88ab
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x61c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3
Error: (08/13/2015 08:22:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
bei System.Configuration.ConfigurationManager.get_AppSettings()
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.Systray.Program.Main(System.String[])
Error: (08/13/2015 08:22:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
bei NLog.LogFactory.get_Configuration()
bei NLog.LogFactory.GetLogger(LoggerCacheKey)
bei NLog.LogFactory.GetLogger(System.String)
bei NLog.LogManager.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (08/12/2015 01:43:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
bei NLog.Common.InternalLogger.Debug(System.String, System.Object[])
bei NLog.LogFactory.get_Configuration()
bei NLog.LogFactory.GetLogger(LoggerCacheKey)
bei NLog.LogFactory.GetLogger(System.String)
bei NLog.LogManager.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
bei Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Systemfehler:
=============
Error: (08/16/2015 07:54:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FreshIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (08/16/2015 07:54:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.s nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/13/2015 08:22:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (08/13/2015 08:22:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/13/2015 08:22:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (08/13/2015 08:21:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.08.2015 um 01:06:39 unerwartet heruntergefahren.
Error: (08/12/2015 02:30:09 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{edd08d44-841e-11e3-b274-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6A37CCA2-352E-4CE6-BFC9-420ED2653FCD}
Error: (08/12/2015 02:28:21 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{edd08d44-841e-11e3-b274-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{758A9204-7D95-4384-932C-6B815C8A4BDB}
Error: (08/12/2015 02:27:14 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{edd08d44-841e-11e3-b274-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D603CFB9-CFFE-4661-83AE-8133D40EF650}
Error: (08/12/2015 02:25:53 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{edd08d44-841e-11e3-b274-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E8E5DEF8-F2E1-4E9A-99D1-A4845AE43901}
Microsoft Office:
=========================
Error: (05/18/2015 06:53:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/11/2015 03:07:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/11/2015 03:07:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/11/2015 02:05:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/11/2015 02:05:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1622 seconds with 960 seconds of active time. This session ended with a crash.
Error: (03/04/2015 08:44:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/04/2015 08:44:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 102 seconds with 60 seconds of active time. This session ended with a crash.
Error: (02/26/2015 10:25:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/26/2015 10:25:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6240 seconds with 300 seconds of active time. This session ended with a crash.
Error: (02/12/2015 11:09:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity:
===================================
Date: 2015-08-16 19:54:51.060
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-08-16 19:54:50.997
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-08-12 15:40:10.209
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-08 11:19:35.010
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-06 01:32:34.961
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-08-02 10:11:49.471
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-29 12:20:51.956
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-29 12:12:18.837
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-29 12:09:30.712
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-06-26 13:13:34.266
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 3764.48 MB
Verfügbarer physikalischer RAM: 2048.09 MB
Summe virtueller Speicher: 7721.84 MB
Verfügbarer virtueller Speicher: 4933.65 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:195.31 GB) (Free:131.35 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CDF7DE9A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=166 GB) - (Type=83)
Partition 4: (Not Active) - (Size=104.3 GB) - (Type=05)
==================== Ende von Ergebnis ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-16 20:46:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MH00 465,76GB
Running: Gmer-19357(1).exe; Driver: C:\Users\Acer\AppData\Local\Temp\kxldrpob.sys
---- Processes - GMER 2.1 ----
Library c:\users\acer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzi_ydk.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440](2015-08-13 06:24:02) 0000000074870000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006d6a0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\icuin55.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (ICU I18N DLL/The ICU Project)(2015-07-31 11:53:42) 000000004a900000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\icuuc55.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (ICU Common DLL/The ICU Project)(2015-07-31 11:53:42) 0000000005c90000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\icudt55.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (ICU Data DLL/The ICU Project)(2015-07-31 11:53:42) 0000000066e20000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000069620000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000669e0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006f3b0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000659c0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006afb0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000693b0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5WebChannel.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-31 11:53:42) 00000000748e0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000074840000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000074020000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000710a0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000071050000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:30) 000000006f5a0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:30) 0000000073e40000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440](2015-03-04 21:45:30) 0000000073fd0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440](2015-03-04 21:45:30) 000000006d2d0000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440](2015-07-31 11:53:42) 0000000073f90000
Library C:\Users\Acer\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [3440](2015-03-04 21:45:30) 0000000071040000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
16.08.2015, 19:48
| #2 |
| /// the machine /// TB-Ausbilder    | Vermutete Virus-Infektion Hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
17.08.2015, 19:11
| #3 |
| |  Vermutete Virus-Infektion Hallo schrauber, danke für deine Hilfe!
__________________mbar Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.08.17.07
rootkit: v2015.08.16.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Acer :: ACER-PC [administrator]
17.08.2015 19:27:46
mbar-log-2015-08-17 (19-27-46).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 387545
Time elapsed: 22 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:03:45.0204 0x0aa4 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
20:03:48.0196 0x0aa4 ============================================================
20:03:48.0196 0x0aa4 Current date / time: 2015/08/17 20:03:48.0196
20:03:48.0196 0x0aa4 SystemInfo:
20:03:48.0196 0x0aa4
20:03:48.0196 0x0aa4 OS Version: 6.1.7601 ServicePack: 1.0
20:03:48.0196 0x0aa4 Product type: Workstation
20:03:48.0196 0x0aa4 ComputerName: ACER-PC
20:03:48.0196 0x0aa4 UserName: Acer
20:03:48.0197 0x0aa4 Windows directory: C:\Windows
20:03:48.0197 0x0aa4 System windows directory: C:\Windows
20:03:48.0197 0x0aa4 Running under WOW64
20:03:48.0197 0x0aa4 Processor architecture: Intel x64
20:03:48.0197 0x0aa4 Number of processors: 4
20:03:48.0197 0x0aa4 Page size: 0x1000
20:03:48.0197 0x0aa4 Boot type: Normal boot
20:03:48.0197 0x0aa4 ============================================================
20:03:48.0639 0x0aa4 KLMD registered as C:\Windows\system32\drivers\57128778.sys
20:03:49.0420 0x0aa4 System UUID: {A92AD93B-3FE2-5BF4-D496-E3F06E8431A6}
20:03:50.0568 0x0aa4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:03:50.0572 0x0aa4 ============================================================
20:03:50.0572 0x0aa4 \Device\Harddisk0\DR0:
20:03:50.0573 0x0aa4 MBR partitions:
20:03:50.0573 0x0aa4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:03:50.0573 0x0aa4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x186A0000
20:03:50.0607 0x0aa4 ============================================================
20:03:50.0644 0x0aa4 C: <-> \Device\Harddisk0\DR0\Partition2
20:03:50.0753 0x0aa4 ============================================================
20:03:50.0753 0x0aa4 Initialize success
20:03:50.0753 0x0aa4 ============================================================
20:04:01.0775 0x12dc ============================================================
20:04:01.0775 0x12dc Scan started
20:04:01.0775 0x12dc Mode: Manual;
20:04:01.0775 0x12dc ============================================================
20:04:01.0775 0x12dc KSN ping started
20:04:04.0297 0x12dc KSN ping finished: true
20:04:04.0773 0x12dc ================ Scan system memory ========================
20:04:04.0773 0x12dc System memory - ok
20:04:04.0775 0x12dc ================ Scan services =============================
20:04:04.0969 0x12dc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:04:04.0975 0x12dc 1394ohci - ok
20:04:05.0019 0x12dc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:04:05.0027 0x12dc ACPI - ok
20:04:05.0062 0x12dc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:04:05.0064 0x12dc AcpiPmi - ok
20:04:05.0164 0x12dc [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:05.0166 0x12dc AdobeARMservice - ok
20:04:05.0306 0x12dc [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:04:05.0311 0x12dc AdobeFlashPlayerUpdateSvc - ok
20:04:05.0371 0x12dc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:05.0382 0x12dc adp94xx - ok
20:04:05.0421 0x12dc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:04:05.0429 0x12dc adpahci - ok
20:04:05.0460 0x12dc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:04:05.0465 0x12dc adpu320 - ok
20:04:05.0499 0x12dc [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:04:05.0502 0x12dc AeLookupSvc - ok
20:04:05.0556 0x12dc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:04:05.0568 0x12dc AFD - ok
20:04:05.0611 0x12dc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:04:05.0614 0x12dc agp440 - ok
20:04:05.0655 0x12dc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:04:05.0657 0x12dc ALG - ok
20:04:05.0701 0x12dc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:04:05.0703 0x12dc aliide - ok
20:04:05.0748 0x12dc [ 520A16454C60DBDCBFD0645AE509B89C, 933A96450090B68C9A907073952AA12580D9EBAB3D988F2D9E2B4B047D493B17 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:04:05.0753 0x12dc AMD External Events Utility - ok
20:04:05.0780 0x12dc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:04:05.0782 0x12dc amdide - ok
20:04:05.0812 0x12dc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:04:05.0815 0x12dc AmdK8 - ok
20:04:06.0094 0x12dc [ 046E2912A515A16DD6832371E573FF0C, 0E99689EBEDBAE9B18CA1D7826F50D6179534F7A2D21B6E7DB720DAB5F0B7832 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:04:06.0296 0x12dc amdkmdag - ok
20:04:06.0367 0x12dc [ B618489ABAE5F112BAFFAF6B077ADC54, F61B9F38F16BCE2B463DC7821AC2B0A04B47343F8070C94D2BB1EF58FFC04824 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:04:06.0375 0x12dc amdkmdap - ok
20:04:06.0398 0x12dc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:04:06.0400 0x12dc AmdPPM - ok
20:04:06.0445 0x12dc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:04:06.0449 0x12dc amdsata - ok
20:04:06.0478 0x12dc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:04:06.0484 0x12dc amdsbs - ok
20:04:06.0498 0x12dc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:04:06.0500 0x12dc amdxata - ok
20:04:06.0543 0x12dc [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
20:04:06.0545 0x12dc AmUStor - ok
20:04:06.0678 0x12dc [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
20:04:06.0697 0x12dc AntiVirMailService - ok
20:04:06.0764 0x12dc [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:04:06.0772 0x12dc AntiVirSchedulerService - ok
20:04:06.0828 0x12dc [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:04:06.0836 0x12dc AntiVirService - ok
20:04:06.0925 0x12dc [ F857D22CEC14854D310C5596C8CE6006, 67448C506D3171D327A6CE3952E41BDC65587FEB45F510160A1DAFCA9491711E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
20:04:06.0951 0x12dc AntiVirWebService - ok
20:04:06.0996 0x12dc [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
20:04:06.0998 0x12dc AppID - ok
20:04:07.0014 0x12dc [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:04:07.0016 0x12dc AppIDSvc - ok
20:04:07.0047 0x12dc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:04:07.0049 0x12dc Appinfo - ok
20:04:07.0090 0x12dc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:04:07.0092 0x12dc arc - ok
20:04:07.0120 0x12dc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:04:07.0123 0x12dc arcsas - ok
20:04:07.0238 0x12dc [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:04:07.0241 0x12dc aspnet_state - ok
20:04:07.0263 0x12dc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:07.0265 0x12dc AsyncMac - ok
20:04:07.0308 0x12dc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:04:07.0310 0x12dc atapi - ok
20:04:07.0389 0x12dc [ EBEAEAA0FCA29215F12B9646376ADE39, DAA425CCB27D9AAE4D2E78A1C06722B86797E27890A5EF4EB76A07A46F979B91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:04:07.0422 0x12dc athr - ok
20:04:07.0475 0x12dc [ CBD14F698DEF12EE3557604B726CB8EB, 45EDD88B18F2DE9024851BFDE9DC0CA943692DD306CB3A0822F4A5C0C3D7CDD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:04:07.0478 0x12dc AtiHDAudioService - ok
20:04:07.0541 0x12dc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:04:07.0557 0x12dc AudioEndpointBuilder - ok
20:04:07.0575 0x12dc [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:04:07.0587 0x12dc AudioSrv - ok
20:04:07.0640 0x12dc [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:04:07.0644 0x12dc avgntflt - ok
20:04:07.0680 0x12dc [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:04:07.0684 0x12dc avipbb - ok
20:04:07.0753 0x12dc [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:04:07.0759 0x12dc Avira.OE.ServiceHost - ok
20:04:07.0799 0x12dc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:04:07.0801 0x12dc avkmgr - ok
20:04:07.0856 0x12dc [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
20:04:07.0858 0x12dc avnetflt - ok
20:04:07.0904 0x12dc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:04:07.0908 0x12dc AxInstSV - ok
20:04:07.0943 0x12dc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:04:07.0954 0x12dc b06bdrv - ok
20:04:07.0998 0x12dc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:08.0004 0x12dc b57nd60a - ok
20:04:08.0072 0x12dc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:04:08.0075 0x12dc BDESVC - ok
20:04:08.0087 0x12dc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:04:08.0088 0x12dc Beep - ok
20:04:08.0135 0x12dc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:04:08.0150 0x12dc BFE - ok
20:04:08.0202 0x12dc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
20:04:08.0221 0x12dc BITS - ok
20:04:08.0250 0x12dc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:04:08.0252 0x12dc blbdrive - ok
20:04:08.0289 0x12dc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:04:08.0292 0x12dc bowser - ok
20:04:08.0309 0x12dc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:04:08.0311 0x12dc BrFiltLo - ok
20:04:08.0322 0x12dc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:04:08.0323 0x12dc BrFiltUp - ok
20:04:08.0352 0x12dc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:04:08.0355 0x12dc BridgeMP - ok
20:04:08.0389 0x12dc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:04:08.0393 0x12dc Browser - ok
20:04:08.0417 0x12dc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:04:08.0424 0x12dc Brserid - ok
20:04:08.0445 0x12dc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:08.0447 0x12dc BrSerWdm - ok
20:04:08.0473 0x12dc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:08.0475 0x12dc BrUsbMdm - ok
20:04:08.0481 0x12dc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:08.0482 0x12dc BrUsbSer - ok
20:04:08.0501 0x12dc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:04:08.0503 0x12dc BTHMODEM - ok
20:04:08.0534 0x12dc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:04:08.0537 0x12dc bthserv - ok
20:04:08.0557 0x12dc catchme - ok
20:04:08.0570 0x12dc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:04:08.0573 0x12dc cdfs - ok
20:04:08.0613 0x12dc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:04:08.0617 0x12dc cdrom - ok
20:04:08.0660 0x12dc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:04:08.0663 0x12dc CertPropSvc - ok
20:04:08.0692 0x12dc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:04:08.0694 0x12dc circlass - ok
20:04:08.0732 0x12dc [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
20:04:08.0740 0x12dc CLFS - ok
20:04:08.0797 0x12dc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:08.0800 0x12dc clr_optimization_v2.0.50727_32 - ok
20:04:08.0850 0x12dc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:04:08.0854 0x12dc clr_optimization_v2.0.50727_64 - ok
20:04:08.0949 0x12dc [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:08.0952 0x12dc clr_optimization_v4.0.30319_32 - ok
20:04:08.0967 0x12dc [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:04:08.0971 0x12dc clr_optimization_v4.0.30319_64 - ok
20:04:08.0988 0x12dc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:04:08.0989 0x12dc CmBatt - ok
20:04:09.0001 0x12dc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:04:09.0003 0x12dc cmdide - ok
20:04:09.0043 0x12dc [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
20:04:09.0053 0x12dc CNG - ok
20:04:09.0072 0x12dc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:04:09.0073 0x12dc Compbatt - ok
20:04:09.0102 0x12dc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:04:09.0104 0x12dc CompositeBus - ok
20:04:09.0117 0x12dc COMSysApp - ok
20:04:09.0131 0x12dc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:04:09.0133 0x12dc crcdisk - ok
20:04:09.0176 0x12dc [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:04:09.0181 0x12dc CryptSvc - ok
20:04:09.0221 0x12dc [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:04:09.0224 0x12dc dc3d - ok
20:04:09.0263 0x12dc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:04:09.0275 0x12dc DcomLaunch - ok
20:04:09.0301 0x12dc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:04:09.0308 0x12dc defragsvc - ok
20:04:09.0337 0x12dc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:04:09.0340 0x12dc DfsC - ok
20:04:09.0378 0x12dc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:04:09.0386 0x12dc Dhcp - ok
20:04:09.0470 0x12dc [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
20:04:09.0498 0x12dc DiagTrack - ok
20:04:09.0529 0x12dc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:04:09.0532 0x12dc discache - ok
20:04:09.0591 0x12dc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:04:09.0594 0x12dc Disk - ok
20:04:09.0631 0x12dc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:04:09.0637 0x12dc Dnscache - ok
20:04:09.0675 0x12dc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:04:09.0682 0x12dc dot3svc - ok
20:04:09.0716 0x12dc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:04:09.0722 0x12dc DPS - ok
20:04:09.0780 0x12dc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:04:09.0781 0x12dc drmkaud - ok
20:04:09.0833 0x12dc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:04:09.0854 0x12dc DXGKrnl - ok
20:04:09.0894 0x12dc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:04:09.0898 0x12dc EapHost - ok
20:04:10.0013 0x12dc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:04:10.0083 0x12dc ebdrv - ok
20:04:10.0132 0x12dc [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
20:04:10.0133 0x12dc EFS - ok
20:04:10.0214 0x12dc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:04:10.0230 0x12dc ehRecvr - ok
20:04:10.0257 0x12dc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:04:10.0260 0x12dc ehSched - ok
20:04:10.0306 0x12dc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:04:10.0317 0x12dc elxstor - ok
20:04:10.0347 0x12dc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:04:10.0348 0x12dc ErrDev - ok
20:04:10.0396 0x12dc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:04:10.0406 0x12dc EventSystem - ok
20:04:10.0425 0x12dc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:04:10.0430 0x12dc exfat - ok
20:04:10.0477 0x12dc [ 0EE1D766D9B671AB101978723FE3558B, 7144181AD870BBDD2CA1AAA9990ACE5760D35620A775713C27AAFD1D0245AA4C ] FARMNTIO c:\windows\system32\drivers\farmntio.sys
20:04:10.0479 0x12dc FARMNTIO - ok
20:04:10.0507 0x12dc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:04:10.0512 0x12dc fastfat - ok
20:04:10.0570 0x12dc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:04:10.0586 0x12dc Fax - ok
20:04:10.0603 0x12dc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:04:10.0605 0x12dc fdc - ok
20:04:10.0632 0x12dc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:04:10.0634 0x12dc fdPHost - ok
20:04:10.0649 0x12dc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:04:10.0651 0x12dc FDResPub - ok
20:04:10.0674 0x12dc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:04:10.0676 0x12dc FileInfo - ok
20:04:10.0689 0x12dc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:04:10.0691 0x12dc Filetrace - ok
20:04:10.0709 0x12dc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:04:10.0710 0x12dc flpydisk - ok
20:04:10.0743 0x12dc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:04:10.0750 0x12dc FltMgr - ok
20:04:10.0830 0x12dc [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
20:04:10.0856 0x12dc FontCache - ok
20:04:10.0907 0x12dc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:04:10.0909 0x12dc FontCache3.0.0.0 - ok
20:04:10.0932 0x12dc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:04:10.0935 0x12dc FsDepends - ok
20:04:10.0969 0x12dc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:04:10.0971 0x12dc Fs_Rec - ok
20:04:11.0016 0x12dc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:04:11.0021 0x12dc fvevol - ok
20:04:11.0048 0x12dc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:04:11.0051 0x12dc gagp30kx - ok
20:04:11.0065 0x12dc globalUpdatem - ok
20:04:11.0119 0x12dc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:04:11.0136 0x12dc gpsvc - ok
20:04:11.0225 0x12dc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:11.0228 0x12dc gupdate - ok
20:04:11.0233 0x12dc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:04:11.0235 0x12dc gupdatem - ok
20:04:11.0271 0x12dc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:04:11.0276 0x12dc gusvc - ok
20:04:11.0299 0x12dc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:04:11.0301 0x12dc hcw85cir - ok
20:04:11.0335 0x12dc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:04:11.0344 0x12dc HdAudAddService - ok
20:04:11.0384 0x12dc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:04:11.0387 0x12dc HDAudBus - ok
20:04:11.0421 0x12dc [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:04:11.0423 0x12dc HECIx64 - ok
20:04:11.0439 0x12dc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:04:11.0441 0x12dc HidBatt - ok
20:04:11.0461 0x12dc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:04:11.0464 0x12dc HidBth - ok
20:04:11.0496 0x12dc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:04:11.0498 0x12dc HidIr - ok
20:04:11.0526 0x12dc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
20:04:11.0528 0x12dc hidserv - ok
20:04:11.0573 0x12dc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:04:11.0597 0x12dc HidUsb - ok
20:04:11.0635 0x12dc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:04:11.0638 0x12dc hkmsvc - ok
20:04:11.0695 0x12dc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:04:11.0701 0x12dc HomeGroupListener - ok
20:04:11.0738 0x12dc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:04:11.0744 0x12dc HomeGroupProvider - ok
20:04:11.0777 0x12dc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:04:11.0780 0x12dc HpSAMD - ok
20:04:11.0840 0x12dc [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:04:11.0857 0x12dc HTTP - ok
20:04:11.0891 0x12dc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:04:11.0893 0x12dc hwpolicy - ok
20:04:11.0920 0x12dc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:04:11.0924 0x12dc i8042prt - ok
20:04:11.0995 0x12dc [ 42E00996DFC13C46366689C0EA8ABC5E, 1C73B7FADB3209D7C1CAA75531F789B47907129E418F91F23CBE9FC68B3056E4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:04:12.0004 0x12dc iaStor - ok
20:04:12.0069 0x12dc [ 48362E5DB5CB2C000C514EE1F3890ACD, 561FB7BE085A624770832B0138DA1B9859981BCC66540A8F98D9F7D5B8EE6707 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:04:12.0070 0x12dc IAStorDataMgrSvc - ok
20:04:12.0131 0x12dc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:04:12.0140 0x12dc iaStorV - ok
20:04:12.0248 0x12dc [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:04:12.0251 0x12dc IDriverT - ok
20:04:12.0355 0x12dc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:04:12.0376 0x12dc idsvc - ok
20:04:12.0393 0x12dc IEEtwCollectorService - ok
20:04:12.0419 0x12dc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:04:12.0420 0x12dc iirsp - ok
20:04:12.0478 0x12dc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:04:12.0501 0x12dc IKEEXT - ok
20:04:12.0551 0x12dc [ C48567D80AD357613CD0EEADE18780AE, AFFAB3C915C5B48A39F7F8F9438A3085DBEBA1E431DD35861A5A08EA1CBE4D37 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
20:04:12.0556 0x12dc Impcd - ok
20:04:12.0640 0x12dc [ A0EAB13A78CC5FB960EC76E3D6408DA3, F536B151EB1F284E8F352A7D8C9C0EBBC2E852E5EB6F0F6C6C313F272CE617FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:04:12.0686 0x12dc IntcAzAudAddService - ok
20:04:12.0727 0x12dc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:04:12.0729 0x12dc intelide - ok
20:04:13.0051 0x12dc [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
20:04:13.0344 0x12dc intelkmd - ok
20:04:13.0419 0x12dc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:04:13.0421 0x12dc intelppm - ok
20:04:13.0454 0x12dc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:04:13.0457 0x12dc IPBusEnum - ok
20:04:13.0488 0x12dc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:13.0491 0x12dc IpFilterDriver - ok
20:04:13.0547 0x12dc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:04:13.0559 0x12dc iphlpsvc - ok
20:04:13.0588 0x12dc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:04:13.0614 0x12dc IPMIDRV - ok
20:04:13.0631 0x12dc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:04:13.0634 0x12dc IPNAT - ok
20:04:13.0673 0x12dc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:04:13.0675 0x12dc IRENUM - ok
20:04:13.0716 0x12dc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:04:13.0718 0x12dc isapnp - ok
20:04:13.0765 0x12dc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:04:13.0771 0x12dc iScsiPrt - ok
20:04:13.0813 0x12dc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:04:13.0815 0x12dc kbdclass - ok
20:04:13.0852 0x12dc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:04:13.0854 0x12dc kbdhid - ok
20:04:13.0866 0x12dc [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
20:04:13.0869 0x12dc KeyIso - ok
20:04:13.0908 0x12dc [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:04:13.0911 0x12dc KSecDD - ok
20:04:13.0932 0x12dc [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:04:13.0936 0x12dc KSecPkg - ok
20:04:13.0966 0x12dc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:04:13.0968 0x12dc ksthunk - ok
20:04:14.0000 0x12dc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:04:14.0013 0x12dc KtmRm - ok
20:04:14.0036 0x12dc [ 6E0698CEA0901FD1A2B9CE0859E2D8FE, A9A2335948037ADE09EEEE17FEC37A55B8336715F52EFD49DEC4726A8C5169C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:04:14.0038 0x12dc L1C - ok
20:04:14.0088 0x12dc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:04:14.0095 0x12dc LanmanServer - ok
20:04:14.0133 0x12dc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:04:14.0138 0x12dc LanmanWorkstation - ok
20:04:14.0174 0x12dc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:04:14.0177 0x12dc lltdio - ok
20:04:14.0215 0x12dc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:04:14.0223 0x12dc lltdsvc - ok
20:04:14.0252 0x12dc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:04:14.0254 0x12dc lmhosts - ok
20:04:14.0347 0x12dc [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:04:14.0352 0x12dc LMS - ok
20:04:14.0389 0x12dc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:04:14.0392 0x12dc LSI_FC - ok
20:04:14.0408 0x12dc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:04:14.0412 0x12dc LSI_SAS - ok
20:04:14.0431 0x12dc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:04:14.0434 0x12dc LSI_SAS2 - ok
20:04:14.0453 0x12dc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:04:14.0456 0x12dc LSI_SCSI - ok
20:04:14.0482 0x12dc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:04:14.0486 0x12dc luafv - ok
20:04:14.0518 0x12dc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:04:14.0522 0x12dc Mcx2Svc - ok
20:04:14.0542 0x12dc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:04:14.0567 0x12dc megasas - ok
20:04:14.0592 0x12dc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:04:14.0598 0x12dc MegaSR - ok
20:04:14.0681 0x12dc [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:04:14.0684 0x12dc Microsoft Office Groove Audit Service - ok
20:04:14.0705 0x12dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:04:14.0708 0x12dc MMCSS - ok
20:04:14.0726 0x12dc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:04:14.0727 0x12dc Modem - ok
20:04:14.0758 0x12dc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:04:14.0760 0x12dc monitor - ok
20:04:14.0811 0x12dc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:04:14.0813 0x12dc mouclass - ok
20:04:14.0843 0x12dc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:04:14.0844 0x12dc mouhid - ok
20:04:14.0885 0x12dc [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:04:14.0888 0x12dc mountmgr - ok
20:04:14.0945 0x12dc [ 2E1F005987F6C31ADE25B67C2D172DF6, 7DDEA05F80158FECCF37A31F056D04E8E76115B178557450056DEC516D3027C8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:04:14.0949 0x12dc MozillaMaintenance - ok
20:04:14.0980 0x12dc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:04:14.0985 0x12dc mpio - ok
20:04:15.0012 0x12dc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:04:15.0014 0x12dc mpsdrv - ok
20:04:15.0078 0x12dc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:04:15.0097 0x12dc MpsSvc - ok
20:04:15.0132 0x12dc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:04:15.0135 0x12dc MRxDAV - ok
20:04:15.0171 0x12dc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:15.0176 0x12dc mrxsmb - ok
20:04:15.0195 0x12dc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:15.0203 0x12dc mrxsmb10 - ok
20:04:15.0224 0x12dc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:15.0228 0x12dc mrxsmb20 - ok
20:04:15.0258 0x12dc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:04:15.0260 0x12dc msahci - ok
20:04:15.0289 0x12dc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:04:15.0293 0x12dc msdsm - ok
20:04:15.0307 0x12dc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:04:15.0313 0x12dc MSDTC - ok
20:04:15.0332 0x12dc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:04:15.0334 0x12dc Msfs - ok
20:04:15.0350 0x12dc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:04:15.0351 0x12dc mshidkmdf - ok
20:04:15.0375 0x12dc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:04:15.0376 0x12dc msisadrv - ok
20:04:15.0412 0x12dc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:04:15.0416 0x12dc MSiSCSI - ok
20:04:15.0421 0x12dc msiserver - ok
20:04:15.0449 0x12dc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:04:15.0450 0x12dc MSKSSRV - ok
20:04:15.0468 0x12dc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:15.0469 0x12dc MSPCLOCK - ok
20:04:15.0480 0x12dc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:04:15.0481 0x12dc MSPQM - ok
20:04:15.0518 0x12dc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:04:15.0526 0x12dc MsRPC - ok
20:04:15.0554 0x12dc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:04:15.0556 0x12dc mssmbios - ok
20:04:15.0573 0x12dc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:04:15.0595 0x12dc MSTEE - ok
20:04:15.0616 0x12dc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:04:15.0618 0x12dc MTConfig - ok
20:04:15.0642 0x12dc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:04:15.0646 0x12dc Mup - ok
20:04:15.0701 0x12dc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:04:15.0712 0x12dc napagent - ok
20:04:15.0755 0x12dc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:04:15.0762 0x12dc NativeWifiP - ok
20:04:15.0869 0x12dc [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
20:04:15.0882 0x12dc NAUpdate - ok
20:04:15.0937 0x12dc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:04:15.0961 0x12dc NDIS - ok
20:04:15.0986 0x12dc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:15.0988 0x12dc NdisCap - ok
20:04:16.0021 0x12dc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:16.0023 0x12dc NdisTapi - ok
20:04:16.0068 0x12dc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:16.0070 0x12dc Ndisuio - ok
20:04:16.0088 0x12dc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:16.0093 0x12dc NdisWan - ok
20:04:16.0123 0x12dc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:04:16.0125 0x12dc NDProxy - ok
20:04:16.0147 0x12dc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:04:16.0149 0x12dc NetBIOS - ok
20:04:16.0199 0x12dc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:04:16.0205 0x12dc NetBT - ok
20:04:16.0224 0x12dc [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
20:04:16.0226 0x12dc Netlogon - ok
20:04:16.0255 0x12dc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:04:16.0264 0x12dc Netman - ok
20:04:16.0706 0x12dc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:16.0710 0x12dc NetMsmqActivator - ok
20:04:16.0717 0x12dc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:16.0720 0x12dc NetPipeActivator - ok
20:04:16.0761 0x12dc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:04:16.0775 0x12dc netprofm - ok
20:04:16.0782 0x12dc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:16.0785 0x12dc NetTcpActivator - ok
20:04:16.0792 0x12dc [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:04:16.0795 0x12dc NetTcpPortSharing - ok
20:04:16.0844 0x12dc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:04:16.0846 0x12dc nfrd960 - ok
20:04:16.0885 0x12dc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:04:16.0893 0x12dc NlaSvc - ok
20:04:16.0902 0x12dc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:04:16.0904 0x12dc Npfs - ok
20:04:16.0926 0x12dc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:04:16.0928 0x12dc nsi - ok
20:04:16.0932 0x12dc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:04:16.0934 0x12dc nsiproxy - ok
20:04:17.0008 0x12dc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:04:17.0044 0x12dc Ntfs - ok
20:04:17.0057 0x12dc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:04:17.0059 0x12dc Null - ok
20:04:17.0085 0x12dc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:04:17.0089 0x12dc nvraid - ok
20:04:17.0146 0x12dc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:04:17.0150 0x12dc nvstor - ok
20:04:17.0185 0x12dc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:04:17.0189 0x12dc nv_agp - ok
20:04:17.0262 0x12dc [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:04:17.0272 0x12dc odserv - ok
20:04:17.0296 0x12dc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:04:17.0299 0x12dc ohci1394 - ok
20:04:17.0349 0x12dc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:17.0354 0x12dc ose - ok
20:04:17.0392 0x12dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:04:17.0400 0x12dc p2pimsvc - ok
20:04:17.0429 0x12dc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:04:17.0440 0x12dc p2psvc - ok
20:04:17.0469 0x12dc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:04:17.0473 0x12dc Parport - ok
20:04:17.0512 0x12dc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:04:17.0514 0x12dc partmgr - ok
20:04:17.0549 0x12dc [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:04:17.0555 0x12dc PcaSvc - ok
20:04:17.0594 0x12dc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:04:17.0615 0x12dc pci - ok
20:04:17.0645 0x12dc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:04:17.0647 0x12dc pciide - ok
20:04:17.0672 0x12dc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:04:17.0677 0x12dc pcmcia - ok
20:04:17.0706 0x12dc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:04:17.0708 0x12dc pcw - ok
20:04:17.0744 0x12dc [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:04:17.0759 0x12dc PEAUTH - ok
20:04:17.0856 0x12dc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:04:17.0858 0x12dc PerfHost - ok
20:04:17.0942 0x12dc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:04:17.0974 0x12dc pla - ok
20:04:18.0017 0x12dc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:04:18.0027 0x12dc PlugPlay - ok
20:04:18.0047 0x12dc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:04:18.0050 0x12dc PNRPAutoReg - ok
20:04:18.0067 0x12dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:04:18.0074 0x12dc PNRPsvc - ok
20:04:18.0127 0x12dc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:04:18.0139 0x12dc PolicyAgent - ok
20:04:18.0166 0x12dc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:04:18.0171 0x12dc Power - ok
20:04:18.0212 0x12dc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:04:18.0215 0x12dc PptpMiniport - ok
20:04:18.0240 0x12dc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:04:18.0242 0x12dc Processor - ok
20:04:18.0289 0x12dc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:04:18.0296 0x12dc ProfSvc - ok
20:04:18.0308 0x12dc [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:04:18.0309 0x12dc ProtectedStorage - ok
20:04:18.0351 0x12dc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:04:18.0355 0x12dc Psched - ok
20:04:18.0412 0x12dc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:04:18.0445 0x12dc ql2300 - ok
20:04:18.0465 0x12dc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:04:18.0468 0x12dc ql40xx - ok
20:04:18.0497 0x12dc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:04:18.0504 0x12dc QWAVE - ok
20:04:18.0516 0x12dc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:04:18.0518 0x12dc QWAVEdrv - ok
20:04:18.0542 0x12dc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:04:18.0544 0x12dc RasAcd - ok
20:04:18.0581 0x12dc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:04:18.0583 0x12dc RasAgileVpn - ok
20:04:18.0601 0x12dc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:04:18.0605 0x12dc RasAuto - ok
20:04:18.0633 0x12dc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:18.0637 0x12dc Rasl2tp - ok
20:04:18.0665 0x12dc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:04:18.0674 0x12dc RasMan - ok
20:04:18.0693 0x12dc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:18.0697 0x12dc RasPppoe - ok
20:04:18.0707 0x12dc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:04:18.0710 0x12dc RasSstp - ok
20:04:18.0726 0x12dc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:04:18.0733 0x12dc rdbss - ok
20:04:18.0744 0x12dc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:04:18.0745 0x12dc rdpbus - ok
20:04:18.0767 0x12dc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:18.0769 0x12dc RDPCDD - ok
20:04:18.0784 0x12dc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:04:18.0785 0x12dc RDPENCDD - ok
20:04:18.0810 0x12dc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:04:18.0812 0x12dc RDPREFMP - ok
20:04:18.0875 0x12dc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:04:18.0877 0x12dc RdpVideoMiniport - ok
20:04:18.0914 0x12dc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:04:18.0919 0x12dc RDPWD - ok
20:04:18.0973 0x12dc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:04:18.0979 0x12dc rdyboost - ok
20:04:19.0011 0x12dc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:04:19.0015 0x12dc RemoteAccess - ok
20:04:19.0048 0x12dc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:04:19.0053 0x12dc RemoteRegistry - ok
20:04:19.0081 0x12dc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:04:19.0084 0x12dc RpcEptMapper - ok
20:04:19.0103 0x12dc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:04:19.0105 0x12dc RpcLocator - ok
20:04:19.0148 0x12dc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:04:19.0159 0x12dc RpcSs - ok
20:04:19.0188 0x12dc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:04:19.0190 0x12dc rspndr - ok
20:04:19.0199 0x12dc [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
20:04:19.0201 0x12dc SamSs - ok
20:04:19.0226 0x12dc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:04:19.0229 0x12dc sbp2port - ok
20:04:19.0261 0x12dc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:04:19.0267 0x12dc SCardSvr - ok
20:04:19.0301 0x12dc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:04:19.0303 0x12dc scfilter - ok
20:04:19.0360 0x12dc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:04:19.0386 0x12dc Schedule - ok
20:04:19.0402 0x12dc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:04:19.0404 0x12dc SCPolicySvc - ok
20:04:19.0441 0x12dc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:04:19.0447 0x12dc SDRSVC - ok
20:04:19.0476 0x12dc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:04:19.0478 0x12dc secdrv - ok
20:04:19.0492 0x12dc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:04:19.0494 0x12dc seclogon - ok
20:04:19.0525 0x12dc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
20:04:19.0528 0x12dc SENS - ok
20:04:19.0554 0x12dc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:04:19.0557 0x12dc SensrSvc - ok
20:04:19.0585 0x12dc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:04:19.0587 0x12dc Serenum - ok
20:04:19.0605 0x12dc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:04:19.0608 0x12dc Serial - ok
20:04:19.0642 0x12dc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:04:19.0644 0x12dc sermouse - ok
20:04:19.0690 0x12dc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:04:19.0696 0x12dc SessionEnv - ok
20:04:19.0716 0x12dc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:04:19.0717 0x12dc sffdisk - ok
20:04:19.0748 0x12dc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:04:19.0749 0x12dc sffp_mmc - ok
20:04:19.0767 0x12dc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:04:19.0792 0x12dc sffp_sd - ok
20:04:19.0827 0x12dc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:04:19.0829 0x12dc sfloppy - ok
20:04:19.0871 0x12dc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:04:19.0880 0x12dc SharedAccess - ok
20:04:19.0930 0x12dc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:04:19.0939 0x12dc ShellHWDetection - ok
20:04:19.0968 0x12dc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:04:19.0970 0x12dc SiSRaid2 - ok
20:04:19.0986 0x12dc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:04:19.0989 0x12dc SiSRaid4 - ok
20:04:20.0038 0x12dc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:04:20.0041 0x12dc Smb - ok
20:04:20.0081 0x12dc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:04:20.0083 0x12dc SNMPTRAP - ok
20:04:20.0097 0x12dc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:04:20.0099 0x12dc spldr - ok
20:04:20.0140 0x12dc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:04:20.0154 0x12dc Spooler - ok
20:04:20.0281 0x12dc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:04:20.0355 0x12dc sppsvc - ok
20:04:20.0377 0x12dc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:04:20.0381 0x12dc sppuinotify - ok
20:04:20.0426 0x12dc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:04:20.0437 0x12dc srv - ok
20:04:20.0455 0x12dc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:04:20.0465 0x12dc srv2 - ok
20:04:20.0478 0x12dc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:04:20.0482 0x12dc srvnet - ok
20:04:20.0514 0x12dc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:04:20.0520 0x12dc SSDPSRV - ok
20:04:20.0531 0x12dc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:04:20.0535 0x12dc SstpSvc - ok
20:04:20.0577 0x12dc [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
20:04:20.0581 0x12dc ss_bbus - ok
20:04:20.0594 0x12dc [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:04:20.0595 0x12dc ss_bmdfl - ok
20:04:20.0612 0x12dc [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:04:20.0617 0x12dc ss_bmdm - ok
20:04:20.0639 0x12dc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:04:20.0641 0x12dc stexstor - ok
20:04:20.0698 0x12dc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:04:20.0712 0x12dc stisvc - ok
20:04:20.0732 0x12dc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
20:04:20.0733 0x12dc swenum - ok
20:04:20.0769 0x12dc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:04:20.0782 0x12dc swprv - ok
20:04:20.0826 0x12dc [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:04:20.0833 0x12dc SynTP - ok
20:04:20.0915 0x12dc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:04:20.0953 0x12dc SysMain - ok
20:04:20.0992 0x12dc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:04:20.0996 0x12dc TabletInputService - ok
20:04:21.0038 0x12dc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:04:21.0046 0x12dc TapiSrv - ok
20:04:21.0078 0x12dc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:04:21.0081 0x12dc TBS - ok
20:04:21.0171 0x12dc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:04:21.0210 0x12dc Tcpip - ok
20:04:21.0267 0x12dc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:04:21.0300 0x12dc TCPIP6 - ok
20:04:21.0333 0x12dc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:04:21.0335 0x12dc tcpipreg - ok
20:04:21.0360 0x12dc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:04:21.0361 0x12dc TDPIPE - ok
20:04:21.0387 0x12dc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:04:21.0389 0x12dc TDTCP - ok
20:04:21.0436 0x12dc [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:04:21.0439 0x12dc tdx - ok
20:04:21.0463 0x12dc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
20:04:21.0466 0x12dc TermDD - ok
20:04:21.0515 0x12dc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:04:21.0533 0x12dc TermService - ok
20:04:21.0567 0x12dc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:04:21.0570 0x12dc Themes - ok
20:04:21.0600 0x12dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:04:21.0603 0x12dc THREADORDER - ok
20:04:21.0626 0x12dc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:04:21.0631 0x12dc TrkWks - ok
20:04:21.0679 0x12dc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:04:21.0684 0x12dc TrustedInstaller - ok
20:04:21.0724 0x12dc [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:21.0730 0x12dc tssecsrv - ok
20:04:21.0782 0x12dc [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:04:21.0785 0x12dc TsUsbFlt - ok
20:04:21.0819 0x12dc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:04:21.0823 0x12dc tunnel - ok
20:04:21.0850 0x12dc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:04:21.0852 0x12dc uagp35 - ok
20:04:21.0870 0x12dc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:04:21.0879 0x12dc udfs - ok
20:04:21.0914 0x12dc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:04:21.0917 0x12dc UI0Detect - ok
20:04:21.0955 0x12dc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:04:21.0958 0x12dc uliagpkx - ok
20:04:21.0996 0x12dc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
20:04:21.0998 0x12dc umbus - ok
20:04:22.0015 0x12dc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:04:22.0016 0x12dc UmPass - ok
20:04:22.0157 0x12dc [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:04:22.0196 0x12dc UNS - ok
20:04:22.0229 0x12dc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:04:22.0238 0x12dc upnphost - ok
20:04:22.0270 0x12dc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:04:22.0273 0x12dc usbccgp - ok
20:04:22.0315 0x12dc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:04:22.0318 0x12dc usbcir - ok
20:04:22.0337 0x12dc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:04:22.0339 0x12dc usbehci - ok
20:04:22.0373 0x12dc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:04:22.0381 0x12dc usbhub - ok
20:04:22.0410 0x12dc [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:04:22.0412 0x12dc usbohci - ok
20:04:22.0437 0x12dc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:04:22.0438 0x12dc usbprint - ok
20:04:22.0475 0x12dc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:04:22.0477 0x12dc usbscan - ok
20:04:22.0503 0x12dc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:04:22.0506 0x12dc USBSTOR - ok
20:04:22.0519 0x12dc [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:04:22.0521 0x12dc usbuhci - ok
20:04:22.0564 0x12dc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:04:22.0569 0x12dc usbvideo - ok
20:04:22.0599 0x12dc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:04:22.0601 0x12dc UxSms - ok
20:04:22.0624 0x12dc [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
20:04:22.0627 0x12dc VaultSvc - ok
20:04:22.0663 0x12dc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:04:22.0665 0x12dc vdrvroot - ok
20:04:22.0714 0x12dc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:04:22.0730 0x12dc vds - ok
20:04:22.0756 0x12dc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:04:22.0758 0x12dc vga - ok
20:04:22.0771 0x12dc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:04:22.0773 0x12dc VgaSave - ok
20:04:22.0800 0x12dc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:04:22.0806 0x12dc vhdmp - ok
20:04:22.0839 0x12dc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:04:22.0840 0x12dc viaide - ok
20:04:22.0861 0x12dc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:04:22.0864 0x12dc volmgr - ok
20:04:22.0885 0x12dc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:04:22.0894 0x12dc volmgrx - ok
20:04:22.0920 0x12dc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:04:22.0927 0x12dc volsnap - ok
20:04:22.0961 0x12dc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:04:22.0966 0x12dc vsmraid - ok
20:04:23.0036 0x12dc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:04:23.0070 0x12dc VSS - ok
20:04:23.0088 0x12dc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:04:23.0090 0x12dc vwifibus - ok
20:04:23.0112 0x12dc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:04:23.0116 0x12dc vwififlt - ok
20:04:23.0151 0x12dc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:04:23.0161 0x12dc W32Time - ok
20:04:23.0182 0x12dc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:04:23.0184 0x12dc WacomPen - ok
20:04:23.0230 0x12dc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:04:23.0233 0x12dc WANARP - ok
20:04:23.0244 0x12dc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:04:23.0246 0x12dc Wanarpv6 - ok
20:04:23.0324 0x12dc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:04:23.0360 0x12dc wbengine - ok
20:04:23.0382 0x12dc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:04:23.0388 0x12dc WbioSrvc - ok
20:04:23.0436 0x12dc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:04:23.0446 0x12dc wcncsvc - ok
20:04:23.0475 0x12dc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:04:23.0478 0x12dc WcsPlugInService - ok
20:04:23.0498 0x12dc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:04:23.0500 0x12dc Wd - ok
20:04:23.0549 0x12dc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:04:23.0568 0x12dc Wdf01000 - ok
20:04:23.0605 0x12dc [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:04:23.0609 0x12dc WdiServiceHost - ok
20:04:23.0614 0x12dc [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:04:23.0617 0x12dc WdiSystemHost - ok
20:04:23.0663 0x12dc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:04:23.0670 0x12dc WebClient - ok
20:04:23.0702 0x12dc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:04:23.0709 0x12dc Wecsvc - ok
20:04:23.0732 0x12dc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:04:23.0736 0x12dc wercplsupport - ok
20:04:23.0760 0x12dc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:04:23.0764 0x12dc WerSvc - ok
20:04:23.0788 0x12dc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:04:23.0789 0x12dc WfpLwf - ok
20:04:23.0805 0x12dc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:04:23.0807 0x12dc WIMMount - ok
20:04:23.0836 0x12dc WinDefend - ok
20:04:23.0854 0x12dc WinHttpAutoProxySvc - ok
20:04:23.0923 0x12dc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:04:23.0929 0x12dc Winmgmt - ok
20:04:24.0035 0x12dc [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:04:24.0079 0x12dc WinRM - ok
20:04:24.0173 0x12dc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:04:24.0174 0x12dc WinUsb - ok
20:04:24.0230 0x12dc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:04:24.0250 0x12dc Wlansvc - ok
20:04:24.0278 0x12dc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:04:24.0280 0x12dc WmiAcpi - ok
20:04:24.0320 0x12dc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:04:24.0325 0x12dc wmiApSrv - ok
20:04:24.0360 0x12dc WMPNetworkSvc - ok
20:04:24.0368 0x12dc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:04:24.0370 0x12dc WPCSvc - ok
20:04:24.0409 0x12dc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:04:24.0414 0x12dc WPDBusEnum - ok
20:04:24.0437 0x12dc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:04:24.0438 0x12dc ws2ifsl - ok
20:04:24.0462 0x12dc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
20:04:24.0467 0x12dc wscsvc - ok
20:04:24.0471 0x12dc WSearch - ok
20:04:24.0572 0x12dc [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
20:04:24.0630 0x12dc wuauserv - ok
20:04:24.0664 0x12dc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:04:24.0667 0x12dc WudfPf - ok
20:04:24.0710 0x12dc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:04:24.0716 0x12dc WUDFRd - ok
20:04:24.0747 0x12dc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:04:24.0751 0x12dc wudfsvc - ok
20:04:24.0787 0x12dc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:04:24.0794 0x12dc WwanSvc - ok
20:04:24.0804 0x12dc ================ Scan global ===============================
20:04:24.0831 0x12dc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:04:24.0863 0x12dc [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:04:24.0878 0x12dc [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:04:24.0911 0x12dc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:04:24.0955 0x12dc [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
|
|
17.08.2015, 19:43
| #4 |
| | Vermutete Virus-Infektion TDSS KILLER TEIL 2 Code:
ATTFilter 20:04:24.0963 0x12dc [ Global ] - ok
20:04:24.0963 0x12dc ================ Scan MBR ==================================
20:04:24.0978 0x12dc [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk0\DR0
20:04:25.0086 0x12dc \Device\Harddisk0\DR0 - ok
20:04:25.0089 0x12dc ================ Scan VBR ==================================
20:04:25.0091 0x12dc [ 86B47CAC986C0228B404334AFECDE13A ] \Device\Harddisk0\DR0\Partition1
20:04:25.0093 0x12dc \Device\Harddisk0\DR0\Partition1 - ok
20:04:25.0095 0x12dc [ AC18DEDE53E17638F34597878D3A3590 ] \Device\Harddisk0\DR0\Partition2
20:04:25.0097 0x12dc \Device\Harddisk0\DR0\Partition2 - ok
20:04:25.0097 0x12dc ================ Scan generic autorun ======================
20:04:25.0405 0x12dc [ 73E7DAFAA77FC23F8139F87BA96D7FC5, 6C6A1D81A87D475819901E213753E84DE0E5C5AB37DE5FF200A0C753015E091B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:04:25.0559 0x12dc RtHDVCpl - ok
20:04:25.0715 0x12dc [ 853521CB6320E741378DFD4B017CED22, C9818D5B1F5D056143C9FC6F7642093890658DDA2CB4CDC31C672A81F664E321 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:04:25.0729 0x12dc RtHDVBg - ok
20:04:25.0781 0x12dc [ 220BC54C446F88CFAAD689CCBDE591E3, C86E1B9E407E7C29B9977EBDE6CFA2BCB1E22BB88A51B5FD723A013E807B593C ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
20:04:25.0788 0x12dc AmIcoSinglun64 - ok
20:04:25.0789 0x12dc SynTPEnh - ok
20:04:25.0832 0x12dc [ 4D35E5C67696D308789D157F494BDD79, 0C50A1F1B7C4B96C9B25031AFA2490A359EDD2DF8ACC517372EAACF7AA57E043 ] C:\Windows\system32\igfxtray.exe
20:04:25.0837 0x12dc IgfxTray - ok
20:04:25.0869 0x12dc [ 1E67506218C44534A130DCC7B447EA46, F9061E666CF5938AE661A88DB842289530C88F2B7C6746C3BC25D1702935C077 ] C:\Windows\system32\hkcmd.exe
20:04:25.0879 0x12dc HotKeysCmds - ok
20:04:25.0914 0x12dc [ A32B96BBA65A4F41276D4E2308FE9CD5, DDA56F4C91D83DC3BAF602C5D6196C5A00958539DC0BC10FC4F30023238C99F0 ] C:\Windows\system32\igfxpers.exe
20:04:25.0921 0x12dc Persistence - ok
20:04:25.0958 0x12dc [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
20:04:25.0960 0x12dc Logitech Download Assistant - ok
20:04:26.0021 0x12dc [ DD7DAE4E8F169D1FF4511FC292FF6FF6, 23A6C639832EB769037EA3BF7365A90DB3D534C7113B48B0C7BC96C023100204 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
20:04:26.0026 0x12dc IAStorIcon - ok
20:04:26.0137 0x12dc [ 088DFDD458ADE1CF4BA7F8921ECA817A, DE53D38A49A6829D2C0CB83A698467FB69562F96A765DD65011960AD6C3B321B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:04:26.0175 0x12dc StartCCC - ok
20:04:26.0251 0x12dc [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
20:04:26.0253 0x12dc GrooveMonitor - ok
20:04:26.0304 0x12dc [ DDEFF7E98629203E66BB4298FABC5983, 59CBE0A49AAA93898831B1D64FFB1D0809736CABB4D19843DB2E99C2650D1AD9 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:04:26.0307 0x12dc PDFPrint - ok
20:04:26.0424 0x12dc [ 28DEF0EFB36D172EAA5A08EB09CF75DF, 62D07A28167AEBFB9511830BFBBEAAB17CC24D57FF8D07F1414D921135BC9024 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:04:26.0436 0x12dc avgnt - ok
20:04:26.0495 0x12dc [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:04:26.0498 0x12dc Avira Systray - ok
20:04:26.0562 0x12dc [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:04:26.0564 0x12dc swg - ok
20:04:26.0591 0x12dc [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
20:04:26.0601 0x12dc RESTART_STICKY_NOTES - ok
20:04:26.0706 0x12dc [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
20:04:26.0709 0x12dc Dropbox Update - ok
20:04:27.0193 0x12dc [ 47DBCC66CF9A3DCEF2D42051431160D3, 5E99CB8333471E80590AED8CA139EF859AD617D1C7BD9406913A86016DCA08F6 ] C:\Program Files\CCleaner\CCleaner64.exe
20:04:27.0461 0x12dc CCleaner Monitoring - ok
20:04:27.0470 0x12dc Waiting for KSN requests completion. In queue: 346
20:04:28.0470 0x12dc Waiting for KSN requests completion. In queue: 346
20:04:29.0470 0x12dc Waiting for KSN requests completion. In queue: 346
20:04:30.0521 0x12dc AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.402 ), 0x41000 ( enabled : updated )
20:04:30.0567 0x12dc Win FW state via NFP2: enabled ( trusted )
20:04:32.0957 0x12dc ============================================================
20:04:32.0957 0x12dc Scan finished
20:04:32.0957 0x12dc ============================================================
20:04:32.0966 0x0568 Detected object count: 0
20:04:32.0966 0x0568 Actual detected object count: 0
20:05:39.0138 0x12a8 ============================================================
20:05:39.0138 0x12a8 Scan started
20:05:39.0138 0x12a8 Mode: Manual; SigCheck; TDLFS;
20:05:39.0138 0x12a8 ============================================================
20:05:39.0138 0x12a8 KSN ping started
20:05:41.0591 0x12a8 KSN ping finished: true
20:05:41.0766 0x12a8 ================ Scan system memory ========================
20:05:41.0766 0x12a8 System memory - ok
20:05:41.0767 0x12a8 ================ Scan services =============================
20:05:41.0931 0x12a8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:05:42.0066 0x12a8 1394ohci - ok
20:05:42.0098 0x12a8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:05:42.0117 0x12a8 ACPI - ok
20:05:42.0141 0x12a8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:05:42.0201 0x12a8 AcpiPmi - ok
20:05:42.0285 0x12a8 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:05:42.0298 0x12a8 AdobeARMservice - ok
20:05:42.0409 0x12a8 [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:05:42.0424 0x12a8 AdobeFlashPlayerUpdateSvc - ok
20:05:42.0466 0x12a8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:05:42.0488 0x12a8 adp94xx - ok
20:05:42.0509 0x12a8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:05:42.0527 0x12a8 adpahci - ok
20:05:42.0538 0x12a8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:05:42.0553 0x12a8 adpu320 - ok
20:05:42.0587 0x12a8 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:05:42.0646 0x12a8 AeLookupSvc - ok
20:05:42.0685 0x12a8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
20:05:42.0739 0x12a8 AFD - ok
20:05:42.0757 0x12a8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:05:42.0769 0x12a8 agp440 - ok
20:05:42.0801 0x12a8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:05:42.0851 0x12a8 ALG - ok
20:05:42.0880 0x12a8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:05:42.0892 0x12a8 aliide - ok
20:05:42.0926 0x12a8 [ 520A16454C60DBDCBFD0645AE509B89C, 933A96450090B68C9A907073952AA12580D9EBAB3D988F2D9E2B4B047D493B17 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:05:43.0019 0x12a8 AMD External Events Utility - ok
20:05:43.0035 0x12a8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:05:43.0047 0x12a8 amdide - ok
20:05:43.0066 0x12a8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:05:43.0119 0x12a8 AmdK8 - ok
20:05:43.0387 0x12a8 [ 046E2912A515A16DD6832371E573FF0C, 0E99689EBEDBAE9B18CA1D7826F50D6179534F7A2D21B6E7DB720DAB5F0B7832 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:05:43.0636 0x12a8 amdkmdag - ok
20:05:43.0680 0x12a8 [ B618489ABAE5F112BAFFAF6B077ADC54, F61B9F38F16BCE2B463DC7821AC2B0A04B47343F8070C94D2BB1EF58FFC04824 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:05:43.0720 0x12a8 amdkmdap - ok
20:05:43.0743 0x12a8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:05:43.0773 0x12a8 AmdPPM - ok
20:05:43.0808 0x12a8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:05:43.0821 0x12a8 amdsata - ok
20:05:43.0857 0x12a8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:05:43.0873 0x12a8 amdsbs - ok
20:05:43.0886 0x12a8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:05:43.0898 0x12a8 amdxata - ok
20:05:43.0931 0x12a8 [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
20:05:43.0974 0x12a8 AmUStor - ok
20:05:44.0091 0x12a8 [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
20:05:44.0130 0x12a8 AntiVirMailService - ok
20:05:44.0169 0x12a8 [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:05:44.0189 0x12a8 AntiVirSchedulerService - ok
20:05:44.0231 0x12a8 [ 58FB167B287CAA05F7DD5AA1018FD52C, D9EB68E1C2B99E5F59A0DA4C9FA46E15C6E470F7445E232C03C82790F546A6AA ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:05:44.0252 0x12a8 AntiVirService - ok
20:05:44.0311 0x12a8 [ F857D22CEC14854D310C5596C8CE6006, 67448C506D3171D327A6CE3952E41BDC65587FEB45F510160A1DAFCA9491711E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
20:05:44.0349 0x12a8 AntiVirWebService - ok
20:05:44.0383 0x12a8 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
20:05:44.0430 0x12a8 AppID - ok
20:05:44.0443 0x12a8 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:05:44.0478 0x12a8 AppIDSvc - ok
20:05:44.0509 0x12a8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:05:44.0564 0x12a8 Appinfo - ok
20:05:44.0585 0x12a8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:05:44.0599 0x12a8 arc - ok
20:05:44.0616 0x12a8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:05:44.0629 0x12a8 arcsas - ok
20:05:44.0734 0x12a8 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:05:44.0749 0x12a8 aspnet_state - ok
20:05:44.0767 0x12a8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:44.0893 0x12a8 AsyncMac - ok
20:05:44.0920 0x12a8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:05:44.0932 0x12a8 atapi - ok
20:05:45.0001 0x12a8 [ EBEAEAA0FCA29215F12B9646376ADE39, DAA425CCB27D9AAE4D2E78A1C06722B86797E27890A5EF4EB76A07A46F979B91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:05:45.0059 0x12a8 athr - ok
20:05:45.0096 0x12a8 [ CBD14F698DEF12EE3557604B726CB8EB, 45EDD88B18F2DE9024851BFDE9DC0CA943692DD306CB3A0822F4A5C0C3D7CDD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:05:45.0110 0x12a8 AtiHDAudioService - ok
20:05:45.0162 0x12a8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:05:45.0203 0x12a8 AudioEndpointBuilder - ok
20:05:45.0221 0x12a8 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:05:45.0248 0x12a8 AudioSrv - ok
20:05:45.0277 0x12a8 [ 24843902369DC82B4691F816F08F2938, 330E22C6007B10FE9C232BBCA2F388ADA17DEDBAA11BEC2A70377A4466DFB6FA ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:05:45.0293 0x12a8 avgntflt - ok
20:05:45.0309 0x12a8 [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:05:45.0323 0x12a8 avipbb - ok
20:05:45.0381 0x12a8 [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
20:05:45.0398 0x12a8 Avira.OE.ServiceHost - ok
20:05:45.0437 0x12a8 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:05:45.0450 0x12a8 avkmgr - ok
20:05:45.0485 0x12a8 [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
20:05:45.0497 0x12a8 avnetflt - ok
20:05:45.0533 0x12a8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:05:45.0614 0x12a8 AxInstSV - ok
20:05:45.0646 0x12a8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:05:45.0699 0x12a8 b06bdrv - ok
20:05:45.0726 0x12a8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:05:45.0772 0x12a8 b57nd60a - ok
20:05:45.0810 0x12a8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:05:45.0852 0x12a8 BDESVC - ok
20:05:45.0866 0x12a8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:05:45.0927 0x12a8 Beep - ok
20:05:45.0972 0x12a8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:05:46.0016 0x12a8 BFE - ok
20:05:46.0073 0x12a8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
20:05:46.0235 0x12a8 BITS - ok
20:05:46.0262 0x12a8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:05:46.0295 0x12a8 blbdrive - ok
20:05:46.0326 0x12a8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:05:46.0370 0x12a8 bowser - ok
20:05:46.0380 0x12a8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:05:46.0448 0x12a8 BrFiltLo - ok
20:05:46.0459 0x12a8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:05:46.0490 0x12a8 BrFiltUp - ok
20:05:46.0514 0x12a8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:05:46.0562 0x12a8 BridgeMP - ok
20:05:46.0593 0x12a8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:05:46.0644 0x12a8 Browser - ok
20:05:46.0679 0x12a8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:05:46.0727 0x12a8 Brserid - ok
20:05:46.0741 0x12a8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:05:46.0775 0x12a8 BrSerWdm - ok
20:05:46.0794 0x12a8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:05:46.0831 0x12a8 BrUsbMdm - ok
20:05:46.0835 0x12a8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:05:46.0854 0x12a8 BrUsbSer - ok
20:05:46.0872 0x12a8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:05:46.0901 0x12a8 BTHMODEM - ok
20:05:46.0930 0x12a8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:05:46.0968 0x12a8 bthserv - ok
20:05:46.0984 0x12a8 catchme - ok
20:05:46.0999 0x12a8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:05:47.0047 0x12a8 cdfs - ok
20:05:47.0083 0x12a8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:05:47.0099 0x12a8 cdrom - ok
20:05:47.0131 0x12a8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:05:47.0180 0x12a8 CertPropSvc - ok
20:05:47.0196 0x12a8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:05:47.0211 0x12a8 circlass - ok
20:05:47.0252 0x12a8 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
20:05:47.0271 0x12a8 CLFS - ok
20:05:47.0335 0x12a8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:47.0347 0x12a8 clr_optimization_v2.0.50727_32 - ok
20:05:47.0396 0x12a8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:05:47.0407 0x12a8 clr_optimization_v2.0.50727_64 - ok
20:05:47.0494 0x12a8 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:47.0508 0x12a8 clr_optimization_v4.0.30319_32 - ok
20:05:47.0521 0x12a8 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:05:47.0536 0x12a8 clr_optimization_v4.0.30319_64 - ok
20:05:47.0550 0x12a8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:47.0562 0x12a8 CmBatt - ok
20:05:47.0580 0x12a8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:05:47.0591 0x12a8 cmdide - ok
20:05:47.0630 0x12a8 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
20:05:47.0665 0x12a8 CNG - ok
20:05:47.0676 0x12a8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:05:47.0687 0x12a8 Compbatt - ok
20:05:47.0715 0x12a8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:05:47.0743 0x12a8 CompositeBus - ok
20:05:47.0747 0x12a8 COMSysApp - ok
20:05:47.0768 0x12a8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:05:47.0779 0x12a8 crcdisk - ok
20:05:47.0813 0x12a8 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:05:47.0863 0x12a8 CryptSvc - ok
20:05:47.0900 0x12a8 [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:05:47.0911 0x12a8 dc3d - ok
20:05:47.0951 0x12a8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:05:47.0999 0x12a8 DcomLaunch - ok
20:05:48.0030 0x12a8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:05:48.0089 0x12a8 defragsvc - ok
20:05:48.0116 0x12a8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:05:48.0170 0x12a8 DfsC - ok
20:05:48.0198 0x12a8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:05:48.0258 0x12a8 Dhcp - ok
20:05:48.0321 0x12a8 [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
20:05:48.0396 0x12a8 DiagTrack - ok
20:05:48.0417 0x12a8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:05:48.0478 0x12a8 discache - ok
20:05:48.0512 0x12a8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:05:48.0525 0x12a8 Disk - ok
20:05:48.0560 0x12a8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:05:48.0611 0x12a8 Dnscache - ok
20:05:48.0653 0x12a8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:05:48.0693 0x12a8 dot3svc - ok
20:05:48.0728 0x12a8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:05:48.0777 0x12a8 DPS - ok
20:05:48.0809 0x12a8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:05:48.0856 0x12a8 drmkaud - ok
20:05:48.0912 0x12a8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:05:48.0945 0x12a8 DXGKrnl - ok
20:05:48.0974 0x12a8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:05:49.0028 0x12a8 EapHost - ok
20:05:49.0153 0x12a8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:05:49.0256 0x12a8 ebdrv - ok
20:05:49.0286 0x12a8 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
20:05:49.0335 0x12a8 EFS - ok
20:05:49.0410 0x12a8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:05:49.0469 0x12a8 ehRecvr - ok
20:05:49.0502 0x12a8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:05:49.0554 0x12a8 ehSched - ok
20:05:49.0593 0x12a8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:05:49.0615 0x12a8 elxstor - ok
20:05:49.0643 0x12a8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:05:49.0674 0x12a8 ErrDev - ok
20:05:49.0717 0x12a8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:05:49.0775 0x12a8 EventSystem - ok
20:05:49.0796 0x12a8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:05:49.0849 0x12a8 exfat - ok
20:05:49.0881 0x12a8 [ 0EE1D766D9B671AB101978723FE3558B, 7144181AD870BBDD2CA1AAA9990ACE5760D35620A775713C27AAFD1D0245AA4C ] FARMNTIO c:\windows\system32\drivers\farmntio.sys
20:05:49.0890 0x12a8 FARMNTIO - detected UnsignedFile.Multi.Generic ( 1 )
20:05:49.0890 0x12a8 Detect skipped due to KSN trusted
20:05:49.0890 0x12a8 FARMNTIO - ok
20:05:49.0919 0x12a8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:05:49.0974 0x12a8 fastfat - ok
20:05:50.0024 0x12a8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:05:50.0080 0x12a8 Fax - ok
20:05:50.0099 0x12a8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:05:50.0130 0x12a8 fdc - ok
20:05:50.0161 0x12a8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:05:50.0220 0x12a8 fdPHost - ok
20:05:50.0237 0x12a8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:05:50.0287 0x12a8 FDResPub - ok
20:05:50.0319 0x12a8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:05:50.0332 0x12a8 FileInfo - ok
20:05:50.0343 0x12a8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:05:50.0390 0x12a8 Filetrace - ok
20:05:50.0413 0x12a8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:50.0426 0x12a8 flpydisk - ok
20:05:50.0464 0x12a8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:05:50.0482 0x12a8 FltMgr - ok
20:05:50.0542 0x12a8 [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
20:05:50.0609 0x12a8 FontCache - ok
20:05:50.0661 0x12a8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:05:50.0673 0x12a8 FontCache3.0.0.0 - ok
20:05:50.0695 0x12a8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:05:50.0708 0x12a8 FsDepends - ok
20:05:50.0740 0x12a8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:05:50.0752 0x12a8 Fs_Rec - ok
20:05:50.0787 0x12a8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:05:50.0805 0x12a8 fvevol - ok
20:05:50.0819 0x12a8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:05:50.0831 0x12a8 gagp30kx - ok
20:05:50.0835 0x12a8 globalUpdatem - ok
20:05:50.0889 0x12a8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:05:50.0941 0x12a8 gpsvc - ok
20:05:51.0021 0x12a8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:51.0033 0x12a8 gupdate - ok
20:05:51.0038 0x12a8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:05:51.0048 0x12a8 gupdatem - ok
20:05:51.0083 0x12a8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:05:51.0097 0x12a8 gusvc - ok
20:05:51.0119 0x12a8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:05:51.0167 0x12a8 hcw85cir - ok
20:05:51.0198 0x12a8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:05:51.0238 0x12a8 HdAudAddService - ok
20:05:51.0271 0x12a8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:05:51.0306 0x12a8 HDAudBus - ok
20:05:51.0333 0x12a8 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:05:51.0345 0x12a8 HECIx64 - ok
20:05:51.0360 0x12a8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:05:51.0391 0x12a8 HidBatt - ok
20:05:51.0414 0x12a8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:05:51.0431 0x12a8 HidBth - ok
20:05:51.0466 0x12a8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:05:51.0496 0x12a8 HidIr - ok
20:05:51.0521 0x12a8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
20:05:51.0559 0x12a8 hidserv - ok
20:05:51.0586 0x12a8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:05:51.0609 0x12a8 HidUsb - ok
20:05:51.0639 0x12a8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:05:51.0689 0x12a8 hkmsvc - ok
20:05:51.0723 0x12a8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:05:51.0771 0x12a8 HomeGroupListener - ok
20:05:51.0808 0x12a8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:05:51.0844 0x12a8 HomeGroupProvider - ok
20:05:51.0881 0x12a8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:05:51.0895 0x12a8 HpSAMD - ok
20:05:51.0944 0x12a8 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:05:51.0984 0x12a8 HTTP - ok
20:05:52.0020 0x12a8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:05:52.0032 0x12a8 hwpolicy - ok
20:05:52.0058 0x12a8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:05:52.0086 0x12a8 i8042prt - ok
20:05:52.0131 0x12a8 [ 42E00996DFC13C46366689C0EA8ABC5E, 1C73B7FADB3209D7C1CAA75531F789B47907129E418F91F23CBE9FC68B3056E4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:05:52.0154 0x12a8 iaStor - ok
20:05:52.0214 0x12a8 [ 48362E5DB5CB2C000C514EE1F3890ACD, 561FB7BE085A624770832B0138DA1B9859981BCC66540A8F98D9F7D5B8EE6707 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:05:52.0225 0x12a8 IAStorDataMgrSvc - ok
20:05:52.0268 0x12a8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:05:52.0287 0x12a8 iaStorV - ok
20:05:52.0367 0x12a8 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:05:52.0391 0x12a8 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
20:05:52.0391 0x12a8 Detect skipped due to KSN trusted
20:05:52.0391 0x12a8 IDriverT - ok
20:05:52.0458 0x12a8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:05:52.0486 0x12a8 idsvc - ok
20:05:52.0492 0x12a8 IEEtwCollectorService - ok
20:05:52.0513 0x12a8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:05:52.0525 0x12a8 iirsp - ok
20:05:52.0582 0x12a8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:05:52.0631 0x12a8 IKEEXT - ok
20:05:52.0671 0x12a8 [ C48567D80AD357613CD0EEADE18780AE, AFFAB3C915C5B48A39F7F8F9438A3085DBEBA1E431DD35861A5A08EA1CBE4D37 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
20:05:52.0723 0x12a8 Impcd - ok
20:05:52.0801 0x12a8 [ A0EAB13A78CC5FB960EC76E3D6408DA3, F536B151EB1F284E8F352A7D8C9C0EBBC2E852E5EB6F0F6C6C313F272CE617FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:05:52.0860 0x12a8 IntcAzAudAddService - ok
20:05:52.0897 0x12a8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:05:52.0908 0x12a8 intelide - ok
20:05:53.0213 0x12a8 [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
20:05:53.0472 0x12a8 intelkmd - ok
20:05:53.0522 0x12a8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:05:53.0547 0x12a8 intelppm - ok
20:05:53.0573 0x12a8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:05:53.0628 0x12a8 IPBusEnum - ok
20:05:53.0658 0x12a8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:05:53.0696 0x12a8 IpFilterDriver - ok
20:05:53.0741 0x12a8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:05:53.0801 0x12a8 iphlpsvc - ok
20:05:53.0824 0x12a8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:05:53.0856 0x12a8 IPMIDRV - ok
20:05:53.0892 0x12a8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:05:53.0950 0x12a8 IPNAT - ok
20:05:53.0968 0x12a8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:05:54.0039 0x12a8 IRENUM - ok
20:05:54.0060 0x12a8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:05:54.0072 0x12a8 isapnp - ok
20:05:54.0109 0x12a8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:05:54.0126 0x12a8 iScsiPrt - ok
20:05:54.0158 0x12a8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:05:54.0170 0x12a8 kbdclass - ok
20:05:54.0197 0x12a8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:05:54.0227 0x12a8 kbdhid - ok
20:05:54.0244 0x12a8 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
20:05:54.0258 0x12a8 KeyIso - ok
20:05:54.0295 0x12a8 [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:05:54.0309 0x12a8 KSecDD - ok
20:05:54.0326 0x12a8 [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:05:54.0341 0x12a8 KSecPkg - ok
20:05:54.0369 0x12a8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:05:54.0421 0x12a8 ksthunk - ok
20:05:54.0462 0x12a8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:05:54.0517 0x12a8 KtmRm - ok
20:05:54.0547 0x12a8 [ 6E0698CEA0901FD1A2B9CE0859E2D8FE, A9A2335948037ADE09EEEE17FEC37A55B8336715F52EFD49DEC4726A8C5169C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:05:54.0558 0x12a8 L1C - ok
20:05:54.0599 0x12a8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:05:54.0659 0x12a8 LanmanServer - ok
20:05:54.0695 0x12a8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:05:54.0733 0x12a8 LanmanWorkstation - ok
20:05:54.0746 0x12a8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:05:54.0798 0x12a8 lltdio - ok
20:05:54.0835 0x12a8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:05:54.0889 0x12a8 lltdsvc - ok
20:05:54.0905 0x12a8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:05:54.0939 0x12a8 lmhosts - ok
20:05:55.0009 0x12a8 [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:05:55.0026 0x12a8 LMS - ok
20:05:55.0059 0x12a8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:05:55.0073 0x12a8 LSI_FC - ok
20:05:55.0085 0x12a8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:05:55.0100 0x12a8 LSI_SAS - ok
20:05:55.0109 0x12a8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:05:55.0121 0x12a8 LSI_SAS2 - ok
20:05:55.0128 0x12a8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:05:55.0141 0x12a8 LSI_SCSI - ok
20:05:55.0160 0x12a8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:05:55.0214 0x12a8 luafv - ok
20:05:55.0246 0x12a8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:05:55.0260 0x12a8 Mcx2Svc - ok
20:05:55.0270 0x12a8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:05:55.0281 0x12a8 megasas - ok
20:05:55.0302 0x12a8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:05:55.0319 0x12a8 MegaSR - ok
20:05:55.0392 0x12a8 [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:05:55.0404 0x12a8 Microsoft Office Groove Audit Service - ok
20:05:55.0425 0x12a8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:05:55.0477 0x12a8 MMCSS - ok
20:05:55.0495 0x12a8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:05:55.0543 0x12a8 Modem - ok
20:05:55.0569 0x12a8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:05:55.0604 0x12a8 monitor - ok
20:05:55.0622 0x12a8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:05:55.0635 0x12a8 mouclass - ok
20:05:55.0646 0x12a8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:05:55.0676 0x12a8 mouhid - ok
20:05:55.0704 0x12a8 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:05:55.0718 0x12a8 mountmgr - ok
20:05:55.0773 0x12a8 [ 2E1F005987F6C31ADE25B67C2D172DF6, 7DDEA05F80158FECCF37A31F056D04E8E76115B178557450056DEC516D3027C8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:05:55.0788 0x12a8 MozillaMaintenance - ok
20:05:55.0815 0x12a8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:05:55.0830 0x12a8 mpio - ok
20:05:55.0856 0x12a8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:05:55.0893 0x12a8 mpsdrv - ok
20:05:55.0946 0x12a8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:05:55.0998 0x12a8 MpsSvc - ok
20:05:56.0035 0x12a8 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:05:56.0080 0x12a8 MRxDAV - ok
20:05:56.0115 0x12a8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:05:56.0163 0x12a8 mrxsmb - ok
20:05:56.0189 0x12a8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:05:56.0223 0x12a8 mrxsmb10 - ok
20:05:56.0243 0x12a8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:05:56.0273 0x12a8 mrxsmb20 - ok
20:05:56.0302 0x12a8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:05:56.0314 0x12a8 msahci - ok
20:05:56.0341 0x12a8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:05:56.0355 0x12a8 msdsm - ok
20:05:56.0369 0x12a8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:05:56.0386 0x12a8 MSDTC - ok
20:05:56.0401 0x12a8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:05:56.0452 0x12a8 Msfs - ok
20:05:56.0469 0x12a8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:05:56.0522 0x12a8 mshidkmdf - ok
20:05:56.0553 0x12a8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:05:56.0564 0x12a8 msisadrv - ok
20:05:56.0589 0x12a8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:05:56.0647 0x12a8 MSiSCSI - ok
20:05:56.0651 0x12a8 msiserver - ok
20:05:56.0668 0x12a8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:05:56.0714 0x12a8 MSKSSRV - ok
20:05:56.0730 0x12a8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:05:56.0782 0x12a8 MSPCLOCK - ok
20:05:56.0800 0x12a8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:05:56.0852 0x12a8 MSPQM - ok
20:05:56.0887 0x12a8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:05:56.0905 0x12a8 MsRPC - ok
20:05:56.0932 0x12a8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:05:56.0943 0x12a8 mssmbios - ok
20:05:56.0959 0x12a8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:05:57.0013 0x12a8 MSTEE - ok
20:05:57.0036 0x12a8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:05:57.0050 0x12a8 MTConfig - ok
20:05:57.0061 0x12a8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:05:57.0075 0x12a8 Mup - ok
20:05:57.0121 0x12a8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:05:57.0180 0x12a8 napagent - ok
20:05:57.0208 0x12a8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:05:57.0244 0x12a8 NativeWifiP - ok
20:05:57.0314 0x12a8 [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
20:05:57.0340 0x12a8 NAUpdate - ok
20:05:57.0399 0x12a8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:05:57.0430 0x12a8 NDIS - ok
20:05:57.0448 0x12a8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:05:57.0502 0x12a8 NdisCap - ok
20:05:57.0525 0x12a8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:05:57.0561 0x12a8 NdisTapi - ok
20:05:57.0589 0x12a8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:05:57.0641 0x12a8 Ndisuio - ok
20:05:57.0667 0x12a8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:05:57.0719 0x12a8 NdisWan - ok
20:05:57.0752 0x12a8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:05:57.0805 0x12a8 NDProxy - ok
20:05:57.0826 0x12a8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:05:57.0877 0x12a8 NetBIOS - ok
20:05:57.0944 0x12a8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:05:57.0997 0x12a8 NetBT - ok
20:05:58.0020 0x12a8 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
20:05:58.0034 0x12a8 Netlogon - ok
20:05:58.0067 0x12a8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:05:58.0112 0x12a8 Netman - ok
20:05:58.0525 0x12a8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:58.0540 0x12a8 NetMsmqActivator - ok
20:05:58.0546 0x12a8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:58.0560 0x12a8 NetPipeActivator - ok
20:05:58.0589 0x12a8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:05:58.0634 0x12a8 netprofm - ok
20:05:58.0643 0x12a8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:58.0657 0x12a8 NetTcpActivator - ok
20:05:58.0663 0x12a8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:05:58.0678 0x12a8 NetTcpPortSharing - ok
20:05:58.0706 0x12a8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:05:58.0718 0x12a8 nfrd960 - ok
20:05:58.0756 0x12a8 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:05:58.0806 0x12a8 NlaSvc - ok
20:05:58.0822 0x12a8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:05:58.0877 0x12a8 Npfs - ok
20:05:58.0905 0x12a8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:05:58.0959 0x12a8 nsi - ok
20:05:58.0963 0x12a8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:05:59.0009 0x12a8 nsiproxy - ok
20:05:59.0086 0x12a8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:05:59.0133 0x12a8 Ntfs - ok
20:05:59.0161 0x12a8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:05:59.0195 0x12a8 Null - ok
20:05:59.0222 0x12a8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:05:59.0236 0x12a8 nvraid - ok
20:05:59.0275 0x12a8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:05:59.0289 0x12a8 nvstor - ok
20:05:59.0322 0x12a8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:05:59.0335 0x12a8 nv_agp - ok
20:05:59.0416 0x12a8 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:05:59.0434 0x12a8 odserv - ok
20:05:59.0459 0x12a8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:05:59.0473 0x12a8 ohci1394 - ok
20:05:59.0512 0x12a8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:05:59.0525 0x12a8 ose - ok
20:05:59.0554 0x12a8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:05:59.0583 0x12a8 p2pimsvc - ok
20:05:59.0616 0x12a8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:05:59.0655 0x12a8 p2psvc - ok
20:05:59.0690 0x12a8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:05:59.0717 0x12a8 Parport - ok
20:05:59.0749 0x12a8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:05:59.0763 0x12a8 partmgr - ok
20:05:59.0803 0x12a8 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:05:59.0848 0x12a8 PcaSvc - ok
20:05:59.0873 0x12a8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:05:59.0888 0x12a8 pci - ok
20:05:59.0916 0x12a8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:05:59.0928 0x12a8 pciide - ok
20:05:59.0958 0x12a8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:05:59.0974 0x12a8 pcmcia - ok
20:05:59.0993 0x12a8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:06:00.0006 0x12a8 pcw - ok
20:06:00.0030 0x12a8 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:06:00.0076 0x12a8 PEAUTH - ok
20:06:00.0168 0x12a8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:06:00.0200 0x12a8 PerfHost - ok
20:06:00.0277 0x12a8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:06:00.0361 0x12a8 pla - ok
20:06:00.0404 0x12a8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:06:00.0459 0x12a8 PlugPlay - ok
20:06:00.0477 0x12a8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:06:00.0505 0x12a8 PNRPAutoReg - ok
20:06:00.0529 0x12a8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:06:00.0549 0x12a8 PNRPsvc - ok
20:06:00.0589 0x12a8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:06:00.0650 0x12a8 PolicyAgent - ok
20:06:00.0686 0x12a8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:06:00.0726 0x12a8 Power - ok
20:06:00.0757 0x12a8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:06:00.0793 0x12a8 PptpMiniport - ok
20:06:00.0819 0x12a8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:06:00.0850 0x12a8 Processor - ok
20:06:00.0885 0x12a8 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:06:00.0918 0x12a8 ProfSvc - ok
20:06:00.0937 0x12a8 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:06:00.0951 0x12a8 ProtectedStorage - ok
20:06:00.0980 0x12a8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:06:01.0017 0x12a8 Psched - ok
20:06:01.0074 0x12a8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:06:01.0117 0x12a8 ql2300 - ok
20:06:01.0135 0x12a8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:06:01.0149 0x12a8 ql40xx - ok
20:06:01.0176 0x12a8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:06:01.0198 0x12a8 QWAVE - ok
20:06:01.0211 0x12a8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:06:01.0247 0x12a8 QWAVEdrv - ok
20:06:01.0280 0x12a8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:06:01.0326 0x12a8 RasAcd - ok
20:06:01.0352 0x12a8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:06:01.0405 0x12a8 RasAgileVpn - ok
20:06:01.0430 0x12a8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:06:01.0483 0x12a8 RasAuto - ok
20:06:01.0512 0x12a8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:01.0566 0x12a8 Rasl2tp - ok
20:06:01.0594 0x12a8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:06:01.0635 0x12a8 RasMan - ok
20:06:01.0655 0x12a8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:01.0691 0x12a8 RasPppoe - ok
20:06:01.0703 0x12a8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:06:01.0757 0x12a8 RasSstp - ok
20:06:01.0779 0x12a8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:06:01.0832 0x12a8 rdbss - ok
20:06:01.0864 0x12a8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:06:01.0878 0x12a8 rdpbus - ok
20:06:01.0896 0x12a8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:01.0932 0x12a8 RDPCDD - ok
20:06:01.0946 0x12a8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:06:01.0983 0x12a8 RDPENCDD - ok
20:06:01.0998 0x12a8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:06:02.0032 0x12a8 RDPREFMP - ok
20:06:02.0096 0x12a8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:06:02.0147 0x12a8 RdpVideoMiniport - ok
20:06:02.0184 0x12a8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:06:02.0233 0x12a8 RDPWD - ok
20:06:02.0269 0x12a8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:06:02.0284 0x12a8 rdyboost - ok
20:06:02.0315 0x12a8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:06:02.0367 0x12a8 RemoteAccess - ok
20:06:02.0405 0x12a8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:06:02.0465 0x12a8 RemoteRegistry - ok
20:06:02.0485 0x12a8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:06:02.0539 0x12a8 RpcEptMapper - ok
20:06:02.0566 0x12a8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:06:02.0599 0x12a8 RpcLocator - ok
20:06:02.0643 0x12a8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:06:02.0688 0x12a8 RpcSs - ok
20:06:02.0717 0x12a8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:06:02.0767 0x12a8 rspndr - ok
20:06:02.0787 0x12a8 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
20:06:02.0799 0x12a8 SamSs - ok
20:06:02.0822 0x12a8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:06:02.0835 0x12a8 sbp2port - ok
20:06:02.0865 0x12a8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:06:02.0917 0x12a8 SCardSvr - ok
20:06:02.0947 0x12a8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:06:03.0000 0x12a8 scfilter - ok
20:06:03.0055 0x12a8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:06:03.0130 0x12a8 Schedule - ok
20:06:03.0156 0x12a8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:06:03.0192 0x12a8 SCPolicySvc - ok
20:06:03.0228 0x12a8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:06:03.0254 0x12a8 SDRSVC - ok
20:06:03.0280 0x12a8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:06:03.0333 0x12a8 secdrv - ok
20:06:03.0346 0x12a8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:06:03.0396 0x12a8 seclogon - ok
20:06:03.0429 0x12a8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
20:06:03.0478 0x12a8 SENS - ok
20:06:03.0500 0x12a8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:06:03.0523 0x12a8 SensrSvc - ok
20:06:03.0539 0x12a8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:06:03.0552 0x12a8 Serenum - ok
20:06:03.0567 0x12a8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:06:03.0582 0x12a8 Serial - ok
20:06:03.0605 0x12a8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:06:03.0617 0x12a8 sermouse - ok
20:06:03.0661 0x12a8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:06:03.0699 0x12a8 SessionEnv - ok
20:06:03.0720 0x12a8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:06:03.0735 0x12a8 sffdisk - ok
20:06:03.0760 0x12a8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:06:03.0787 0x12a8 sffp_mmc - ok
20:06:03.0812 0x12a8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:06:03.0846 0x12a8 sffp_sd - ok
20:06:03.0873 0x12a8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:06:03.0898 0x12a8 sfloppy - ok
20:06:03.0941 0x12a8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:06:03.0986 0x12a8 SharedAccess - ok
20:06:04.0025 0x12a8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:06:04.0085 0x12a8 ShellHWDetection - ok
20:06:04.0105 0x12a8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:06:04.0117 0x12a8 SiSRaid2 - ok
20:06:04.0132 0x12a8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:06:04.0144 0x12a8 SiSRaid4 - ok
20:06:04.0158 0x12a8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:06:04.0214 0x12a8 Smb - ok
20:06:04.0243 0x12a8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:06:04.0270 0x12a8 SNMPTRAP - ok
20:06:04.0293 0x12a8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:06:04.0305 0x12a8 spldr - ok
20:06:04.0344 0x12a8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:06:04.0398 0x12a8 Spooler - ok
20:06:04.0519 0x12a8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:06:04.0646 0x12a8 sppsvc - ok
20:06:04.0673 0x12a8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:06:04.0726 0x12a8 sppuinotify - ok
20:06:04.0772 0x12a8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:06:04.0802 0x12a8 srv - ok
20:06:04.0826 0x12a8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:06:04.0863 0x12a8 srv2 - ok
20:06:04.0890 0x12a8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:06:04.0905 0x12a8 srvnet - ok
20:06:04.0918 0x12a8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:06:04.0976 0x12a8 SSDPSRV - ok
20:06:05.0010 0x12a8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:06:05.0066 0x12a8 SstpSvc - ok
20:06:05.0098 0x12a8 [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
20:06:05.0112 0x12a8 ss_bbus - ok
20:06:05.0123 0x12a8 [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:06:05.0133 0x12a8 ss_bmdfl - ok
20:06:05.0149 0x12a8 [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:06:05.0164 0x12a8 ss_bmdm - ok
20:06:05.0185 0x12a8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:06:05.0197 0x12a8 stexstor - ok
20:06:05.0243 0x12a8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:06:05.0293 0x12a8 stisvc - ok
20:06:05.0319 0x12a8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
20:06:05.0330 0x12a8 swenum - ok
20:06:05.0364 0x12a8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:06:05.0412 0x12a8 swprv - ok
20:06:05.0446 0x12a8 [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:06:05.0463 0x12a8 SynTP - ok
20:06:05.0535 0x12a8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:06:05.0605 0x12a8 SysMain - ok
20:06:05.0638 0x12a8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:06:05.0658 0x12a8 TabletInputService - ok
20:06:05.0700 0x12a8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:06:05.0761 0x12a8 TapiSrv - ok
20:06:05.0798 0x12a8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:06:05.0834 0x12a8 TBS - ok
20:06:05.0917 0x12a8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:06:05.0968 0x12a8 Tcpip - ok
20:06:06.0014 0x12a8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:06:06.0065 0x12a8 TCPIP6 - ok
20:06:06.0095 0x12a8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:06:06.0109 0x12a8 tcpipreg - ok
20:06:06.0139 0x12a8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:06:06.0177 0x12a8 TDPIPE - ok
20:06:06.0207 0x12a8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:06:06.0238 0x12a8 TDTCP - ok
20:06:06.0273 0x12a8 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:06:06.0298 0x12a8 tdx - ok
20:06:06.0324 0x12a8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
20:06:06.0339 0x12a8 TermDD - ok
20:06:06.0383 0x12a8 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:06:06.0461 0x12a8 TermService - ok
20:06:06.0487 0x12a8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:06:06.0506 0x12a8 Themes - ok
20:06:06.0534 0x12a8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:06:06.0573 0x12a8 THREADORDER - ok
20:06:06.0589 0x12a8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:06:06.0645 0x12a8 TrkWks - ok
20:06:06.0699 0x12a8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:06:06.0740 0x12a8 TrustedInstaller - ok
20:06:06.0777 0x12a8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:06.0806 0x12a8 tssecsrv - ok
20:06:06.0844 0x12a8 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:06:06.0871 0x12a8 TsUsbFlt - ok
20:06:06.0890 0x12a8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:06:06.0943 0x12a8 tunnel - ok
20:06:06.0970 0x12a8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:06:06.0982 0x12a8 uagp35 - ok
20:06:07.0007 0x12a8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:06:07.0046 0x12a8 udfs - ok
20:06:07.0076 0x12a8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:06:07.0091 0x12a8 UI0Detect - ok
20:06:07.0118 0x12a8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:06:07.0129 0x12a8 uliagpkx - ok
20:06:07.0158 0x12a8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
20:06:07.0186 0x12a8 umbus - ok
20:06:07.0202 0x12a8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:06:07.0215 0x12a8 UmPass - ok
20:06:07.0344 0x12a8 [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:06:07.0401 0x12a8 UNS - ok
20:06:07.0433 0x12a8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:06:07.0489 0x12a8 upnphost - ok
20:06:07.0524 0x12a8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:07.0568 0x12a8 usbccgp - ok
20:06:07.0611 0x12a8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:06:07.0650 0x12a8 usbcir - ok
20:06:07.0674 0x12a8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:06:07.0689 0x12a8 usbehci - ok
20:06:07.0710 0x12a8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:06:07.0730 0x12a8 usbhub - ok
20:06:07.0756 0x12a8 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:06:07.0788 0x12a8 usbohci - ok
20:06:07.0807 0x12a8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:06:07.0842 0x12a8 usbprint - ok
20:06:07.0879 0x12a8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:06:07.0907 0x12a8 usbscan - ok
20:06:07.0940 0x12a8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:07.0968 0x12a8 USBSTOR - ok
20:06:07.0982 0x12a8 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:06:08.0014 0x12a8 usbuhci - ok
20:06:08.0051 0x12a8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:06:08.0078 0x12a8 usbvideo - ok
20:06:08.0102 0x12a8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:06:08.0140 0x12a8 UxSms - ok
20:06:08.0153 0x12a8 [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
20:06:08.0167 0x12a8 VaultSvc - ok
20:06:08.0192 0x12a8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:06:08.0204 0x12a8 vdrvroot - ok
20:06:08.0250 0x12a8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:06:08.0296 0x12a8 vds - ok
20:06:08.0319 0x12a8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:08.0333 0x12a8 vga - ok
20:06:08.0338 0x12a8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:06:08.0372 0x12a8 VgaSave - ok
20:06:08.0419 0x12a8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:06:08.0435 0x12a8 vhdmp - ok
20:06:08.0467 0x12a8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:06:08.0479 0x12a8 viaide - ok
20:06:08.0506 0x12a8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:06:08.0518 0x12a8 volmgr - ok
20:06:08.0539 0x12a8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:06:08.0558 0x12a8 volmgrx - ok
20:06:08.0582 0x12a8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:06:08.0598 0x12a8 volsnap - ok
20:06:08.0614 0x12a8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:06:08.0629 0x12a8 vsmraid - ok
20:06:08.0695 0x12a8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:06:08.0776 0x12a8 VSS - ok
20:06:08.0800 0x12a8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:06:08.0816 0x12a8 vwifibus - ok
20:06:08.0841 0x12a8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:06:08.0877 0x12a8 vwififlt - ok
20:06:08.0913 0x12a8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:06:08.0976 0x12a8 W32Time - ok
20:06:08.0994 0x12a8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:06:09.0008 0x12a8 WacomPen - ok
20:06:09.0042 0x12a8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:06:09.0097 0x12a8 WANARP - ok
20:06:09.0101 0x12a8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:06:09.0137 0x12a8 Wanarpv6 - ok
20:06:09.0208 0x12a8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:06:09.0265 0x12a8 wbengine - ok
20:06:09.0303 0x12a8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:06:09.0342 0x12a8 WbioSrvc - ok
20:06:09.0389 0x12a8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:06:09.0436 0x12a8 wcncsvc - ok
20:06:09.0454 0x12a8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:06:09.0484 0x12a8 WcsPlugInService - ok
20:06:09.0502 0x12a8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:06:09.0514 0x12a8 Wd - ok
20:06:09.0565 0x12a8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:06:09.0596 0x12a8 Wdf01000 - ok
20:06:09.0626 0x12a8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:06:09.0654 0x12a8 WdiServiceHost - ok
20:06:09.0660 0x12a8 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:06:09.0676 0x12a8 WdiSystemHost - ok
20:06:09.0716 0x12a8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:06:09.0769 0x12a8 WebClient - ok
20:06:09.0805 0x12a8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:06:09.0847 0x12a8 Wecsvc - ok
20:06:09.0861 0x12a8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:06:09.0899 0x12a8 wercplsupport - ok
20:06:09.0914 0x12a8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:06:09.0952 0x12a8 WerSvc - ok
20:06:09.0983 0x12a8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:06:10.0018 0x12a8 WfpLwf - ok
20:06:10.0034 0x12a8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:06:10.0046 0x12a8 WIMMount - ok
20:06:10.0073 0x12a8 WinDefend - ok
20:06:10.0079 0x12a8 WinHttpAutoProxySvc - ok
20:06:10.0126 0x12a8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:06:10.0167 0x12a8 Winmgmt - ok
20:06:10.0247 0x12a8 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:06:10.0335 0x12a8 WinRM - ok
20:06:10.0376 0x12a8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:06:10.0393 0x12a8 WinUsb - ok
20:06:10.0433 0x12a8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:06:10.0485 0x12a8 Wlansvc - ok
20:06:10.0515 0x12a8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:06:10.0548 0x12a8 WmiAcpi - ok
20:06:10.0583 0x12a8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:06:10.0602 0x12a8 wmiApSrv - ok
20:06:10.0622 0x12a8 WMPNetworkSvc - ok
20:06:10.0631 0x12a8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:06:10.0659 0x12a8 WPCSvc - ok
20:06:10.0695 0x12a8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:06:10.0732 0x12a8 WPDBusEnum - ok
20:06:10.0758 0x12a8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:06:10.0809 0x12a8 ws2ifsl - ok
20:06:10.0841 0x12a8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
20:06:10.0873 0x12a8 wscsvc - ok
20:06:10.0876 0x12a8 WSearch - ok
20:06:10.0973 0x12a8 [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
20:06:11.0070 0x12a8 wuauserv - ok
20:06:11.0110 0x12a8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:06:11.0153 0x12a8 WudfPf - ok
20:06:11.0171 0x12a8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:11.0202 0x12a8 WUDFRd - ok
20:06:11.0226 0x12a8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:06:11.0258 0x12a8 wudfsvc - ok
20:06:11.0291 0x12a8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:06:11.0323 0x12a8 WwanSvc - ok
20:06:11.0338 0x12a8 ================ Scan global ===============================
20:06:11.0360 0x12a8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:06:11.0393 0x12a8 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:06:11.0404 0x12a8 [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
20:06:11.0440 0x12a8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:06:11.0483 0x12a8 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:06:11.0490 0x12a8 [ Global ] - ok
20:06:11.0491 0x12a8 ================ Scan MBR ==================================
20:06:11.0507 0x12a8 [ EA923EB0EC0060F1451E9AD7B5762CFE ] \Device\Harddisk0\DR0
20:06:11.0735 0x12a8 \Device\Harddisk0\DR0 - ok
20:06:11.0735 0x12a8 ================ Scan VBR ==================================
20:06:11.0766 0x12a8 [ 86B47CAC986C0228B404334AFECDE13A ] \Device\Harddisk0\DR0\Partition1
20:06:11.0768 0x12a8 \Device\Harddisk0\DR0\Partition1 - ok
20:06:11.0777 0x12a8 [ AC18DEDE53E17638F34597878D3A3590 ] \Device\Harddisk0\DR0\Partition2
20:06:11.0778 0x12a8 \Device\Harddisk0\DR0\Partition2 - ok
20:06:11.0778 0x12a8 ================ Scan generic autorun ======================
20:06:12.0081 0x12a8 [ 73E7DAFAA77FC23F8139F87BA96D7FC5, 6C6A1D81A87D475819901E213753E84DE0E5C5AB37DE5FF200A0C753015E091B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:06:12.0298 0x12a8 RtHDVCpl - ok
20:06:12.0369 0x12a8 [ 853521CB6320E741378DFD4B017CED22, C9818D5B1F5D056143C9FC6F7642093890658DDA2CB4CDC31C672A81F664E321 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:06:12.0397 0x12a8 RtHDVBg - ok
20:06:12.0434 0x12a8 [ 220BC54C446F88CFAAD689CCBDE591E3, C86E1B9E407E7C29B9977EBDE6CFA2BCB1E22BB88A51B5FD723A013E807B593C ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
20:06:12.0462 0x12a8 AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 )
20:06:12.0462 0x12a8 Detect skipped due to KSN trusted
20:06:12.0462 0x12a8 AmIcoSinglun64 - ok
20:06:12.0463 0x12a8 SynTPEnh - ok
20:06:12.0495 0x12a8 [ 4D35E5C67696D308789D157F494BDD79, 0C50A1F1B7C4B96C9B25031AFA2490A359EDD2DF8ACC517372EAACF7AA57E043 ] C:\Windows\system32\igfxtray.exe
20:06:12.0509 0x12a8 IgfxTray - ok
20:06:12.0531 0x12a8 [ 1E67506218C44534A130DCC7B447EA46, F9061E666CF5938AE661A88DB842289530C88F2B7C6746C3BC25D1702935C077 ] C:\Windows\system32\hkcmd.exe
20:06:12.0551 0x12a8 HotKeysCmds - ok
20:06:12.0576 0x12a8 [ A32B96BBA65A4F41276D4E2308FE9CD5, DDA56F4C91D83DC3BAF602C5D6196C5A00958539DC0BC10FC4F30023238C99F0 ] C:\Windows\system32\igfxpers.exe
20:06:12.0594 0x12a8 Persistence - ok
20:06:12.0620 0x12a8 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
20:06:12.0649 0x12a8 Logitech Download Assistant - ok
20:06:12.0716 0x12a8 [ DD7DAE4E8F169D1FF4511FC292FF6FF6, 23A6C639832EB769037EA3BF7365A90DB3D534C7113B48B0C7BC96C023100204 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
20:06:12.0731 0x12a8 IAStorIcon - ok
20:06:12.0833 0x12a8 [ 088DFDD458ADE1CF4BA7F8921ECA817A, DE53D38A49A6829D2C0CB83A698467FB69562F96A765DD65011960AD6C3B321B ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:06:12.0862 0x12a8 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:06:12.0862 0x12a8 Detect skipped due to KSN trusted
20:06:12.0862 0x12a8 StartCCC - ok
20:06:12.0938 0x12a8 [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
20:06:12.0949 0x12a8 GrooveMonitor - ok
20:06:12.0991 0x12a8 [ DDEFF7E98629203E66BB4298FABC5983, 59CBE0A49AAA93898831B1D64FFB1D0809736CABB4D19843DB2E99C2650D1AD9 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:06:13.0005 0x12a8 PDFPrint - ok
20:06:13.0113 0x12a8 [ 28DEF0EFB36D172EAA5A08EB09CF75DF, 62D07A28167AEBFB9511830BFBBEAAB17CC24D57FF8D07F1414D921135BC9024 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
20:06:13.0143 0x12a8 avgnt - ok
20:06:13.0199 0x12a8 [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
20:06:13.0210 0x12a8 Avira Systray - ok
20:06:13.0274 0x12a8 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:06:13.0284 0x12a8 swg - ok
20:06:13.0311 0x12a8 [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
20:06:13.0363 0x12a8 RESTART_STICKY_NOTES - ok
20:06:13.0477 0x12a8 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
20:06:13.0490 0x12a8 Dropbox Update - ok
20:06:14.0023 0x12a8 [ 47DBCC66CF9A3DCEF2D42051431160D3, 5E99CB8333471E80590AED8CA139EF859AD617D1C7BD9406913A86016DCA08F6 ] C:\Program Files\CCleaner\CCleaner64.exe
20:06:14.0205 0x12a8 CCleaner Monitoring - ok
20:06:14.0220 0x12a8 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.402 ), 0x41000 ( enabled : updated )
20:06:14.0223 0x12a8 Win FW state via NFP2: enabled ( trusted )
20:06:16.0592 0x12a8 ============================================================
20:06:16.0592 0x12a8 Scan finished
20:06:16.0592 0x12a8 ============================================================
20:06:16.0597 0x14c0 Detected object count: 0
20:06:16.0597 0x14c0 Actual detected object count: 0
|
|
18.08.2015, 11:13
| #5 |
| /// the machine /// TB-Ausbilder | Vermutete Virus-Infektion hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2015, 16:09
| #6 |
| | Vermutete Virus-Infektion Hallo schrauber, anbei die Combofix log Infos: Code:
ATTFilter ComboFix 15-08-18.01 - Acer 18.08.2015 16:49:28.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3764.1386 [GMT 2:00]
ausgeführt von:: c:\users\Acer\Downloads\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-07-18 bis 2015-08-18 ))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2015-08-18 14:54 . 2015-08-18 14:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-18 14:54 . 2015-08-18 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-18 14:54 . 2015-08-18 14:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-17 17:27 . 2015-08-17 17:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-17 17:27 . 2015-08-17 17:27 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 17:24 . 2015-08-17 17:24 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-16 17:54 . 2015-08-16 18:35 -------- d-----w- c:\users\Acer\AppData\Roaming\FreshDiagnose
2015-08-16 17:52 . 2015-08-16 17:52 -------- d-----w- c:\program files (x86)\FreshDevices
2015-08-11 21:35 . 2015-08-12 12:37 -------- d-----w- c:\program files (x86)\OpenRA
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 08:29 . 2014-01-24 07:49 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 13:35 . 2014-02-09 13:59 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 13:35 . 2014-02-09 13:59 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 10:33 . 2014-10-09 17:23 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-30 10:33 . 2014-10-09 17:23 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-02-09 39408]
"Dropbox Update"="c:\users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-17 134512]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-07-30 782008]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Acer\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 39179912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys;c:\windows\SYSNATIVE\drivers\farmntio.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-12 22:56 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-09 13:35]
.
2015-08-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000Core.job
- c:\users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 09:39]
.
2015-08-18 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4176456405-1835366957-2564523001-1000UA.job
- c:\users\Acer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 09:39]
.
2015-08-18 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2014-03-07 15:51]
.
2015-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09 13:21]
.
2015-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09 13:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408213403&from=tugs&uid=TOSHIBAXMK5061GSYN_3388Y2L9FXX3388Y2L9F&q={searchTerms}
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.230.36.33
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\q5xhenuy.default-1412876105243\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-Run-AviraSpeedup - c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Acer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
AddRemove-PokerStars.eu - c:\program files (x86)\PokerStars.EU\PokerStarsUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-08-18 17:07:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-08-18 15:07
ComboFix2.txt 2014-08-31 13:58
.
Vor Suchlauf: 13 Verzeichnis(se), 138.085.281.792 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 138.005.725.184 Bytes frei
.
- - End Of File - - C73D773F91E93288788C8EDA20608D3E
|
|
19.08.2015, 07:47
| #7 |
| /// the machine /// TB-Ausbilder | Vermutete Virus-Infektion Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Vermutete Virus-Infektion |
| antivir, antivirus, avira, canon, ccsetup, combofix, converter, desktop, device driver, dnsapi.dll, entfernen, failed, firefox, flash player, google, home, homepage, installation, mozilla, mp3, newtab, popup, realtek, registry, scan, software, svchost.exe, system, teredo, usb, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
