Win7: Virus über e-mail>worddokument eingefangen

Wisazo · 05.11.2016, 09:27

Hallo.

Gleich vorweg. Mein Vater hat ein kleines Restaurant und verwendet den infizierten PC hauptsächlich um Musik abzuspielen. Es sind also keine Daten oben die nicht veröffentlich werden dürften oder sonst etwas.

Angefangen hat das ganze damit das mein Vater eine Mail von info@a1.net bekommen hat wo im Anhang eine Word Datei mit "ihre_rechnung" (32kb) drinen war. Er hat die Datei aufgemacht und auf ein Foto, oder was auch immer das war in der Datei, geklickt.

Danach hat es angefangen das Avira die ganze Zeit Sicherheitshinweise rausschmeißt wo steht das es verdächtige Muster gefunden hat und es in die Quarantäne verschoben hat. Wenn ich die Meldung wegklicke fängt Avira an das system zu durchsuchen und kommt einfach nicht voran. Manchmal schafft Avira es fertig zu werden mit dem suchvorhgang und manchmal nicht. Wärend der Scan im Gange ist kommen immer wieder diese Meldungen mit "verdächtige Muster".

Microsoft Security Essentials kommt immer mit der Meldung das es Bedrohungen gefunden und angehalten hat. Bereinigen und neustarten hilft da auch nichts.

Malwarebytes hab ich auch schon ein paar mal durchlaufen lassen aber der findet auch nichts.

Suchlaufdatum: 02.11.2016
Suchlaufzeit: 20:28
Protokolldatei: log2.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.02.09
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Thaliagrill

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348447
Abgelaufene Zeit: 16 Min., 53 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 04.11.2016
Suchlaufzeit: 11:55
Protokolldatei: log1.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.04.04
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Thaliagrill

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349479
Abgelaufene Zeit: 33 Min., 27 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Da das nur ein kleiner schwacher PC ist verlangsamt ihn jeder Prozess sehr und somit kann er dann nicht mehr richtig funktionieren.

Ein Freund hat mir dan von dieser Seite erzählt. Hab mich dann etwas reingelesen und auch gleich alle Schritte befolgt die zum Posten notwendig sind.

FRST hab ich auch schon dürchgeführt.

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
durchgeführt von Thaliagrill (Administrator) auf THALIAGRILL-PC (05-11-2016 08:20:02)
Gestartet von C:\Users\Thaliagrill\Desktop
Geladene Profile: Thaliagrill & MSSQLSERVER (Verfügbare Profile: Thaliagrill & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{38CF2A33-3A20-4868-B02D-F8B1A71934B7}: [NameServer] 192.168.0.1,8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: xeh8i3e8.default
FF ProfilePath: C:\Users\Thaliagrill\AppData\Roaming\Mozilla\Firefox\Profiles\xeh8i3e8.default [2016-11-05]
FF NewTab: Mozilla\Firefox\Profiles\xeh8i3e8.default -> hxxps://at.search.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150722__yaff
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xeh8i3e8.default -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\xeh8i3e8.default -> about:home
FF Extension: (Adblock Plus) - C:\Users\Thaliagrill\AppData\Roaming\Mozilla\Firefox\Profiles\xeh8i3e8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-07-22] (Realtek Semiconductor)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-04] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [145536 2016-10-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-10] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [28008 2014-06-07] (Intel Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-05] (Malwarebytes)
R3 MEIx64; C:\windows\system32\drivers\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S4 RsFx0310; C:\windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S1 cxqlnmyk; \??\C:\windows\system32\drivers\cxqlnmyk.sys [X]
S1 cytcxpkj; \??\C:\windows\system32\drivers\cytcxpkj.sys [X]
S1 mukwikta; \??\C:\windows\system32\drivers\mukwikta.sys [X]
S1 rrufnwla; \??\C:\windows\system32\drivers\rrufnwla.sys [X]
S1 shrrnwab; \??\C:\windows\system32\drivers\shrrnwab.sys [X]
S1 tsfauxnp; \??\C:\windows\system32\drivers\tsfauxnp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-05 08:20 - 2016-11-05 08:20 - 00014826 _____ C:\Users\Thaliagrill\Desktop\FRST.txt
2016-11-05 08:19 - 2016-11-05 08:20 - 00000000 ____D C:\FRST
2016-11-05 08:08 - 2016-11-05 08:06 - 02409984 _____ (Farbar) C:\Users\Thaliagrill\Desktop\FRST64.exe
2016-10-31 07:31 - 2016-10-31 07:31 - 01610813 _____ C:\Users\Thaliagrill\Downloads\meldez(1).pdf
2016-10-30 13:41 - 2016-10-30 13:41 - 02989625 _____ C:\Users\Thaliagrill\Downloads\fsSetup300.exe
2016-10-27 13:38 - 2016-10-27 13:38 - 00016895 _____ C:\Users\Thaliagrill\Downloads\MA - Verdienstnachweis 070916182510.pdf
2016-10-27 13:38 - 2016-10-27 13:38 - 00016895 _____ C:\Users\Thaliagrill\Downloads\MA - Verdienstnachweis 070916182510(1).pdf
2016-10-27 13:29 - 2016-10-27 13:29 - 00016897 _____ C:\Users\Thaliagrill\Downloads\MA - Verdienstnachweis 011016214711.pdf
2016-10-21 15:30 - 2016-11-02 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-05 08:16 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-05 08:12 - 2015-03-24 07:43 - 00797646 _____ C:\windows\system32\perfh007.dat
2016-11-05 08:12 - 2015-03-24 07:43 - 00187846 _____ C:\windows\system32\perfc007.dat
2016-11-05 08:12 - 2009-07-14 06:13 - 01899270 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-05 08:12 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2016-11-05 08:10 - 2009-07-14 05:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-05 08:10 - 2009-07-14 05:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-05 08:02 - 2015-06-23 10:34 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 07:30 - 2015-07-02 06:28 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-11-04 18:50 - 2015-06-23 10:10 - 00003978 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{5C412342-5174-4B90-BCE4-B793E5032550}
2016-11-04 17:58 - 2015-07-07 21:22 - 00000000 ____D C:\Users\Thaliagrill\Documents\Outlook-Dateien
2016-11-04 17:03 - 2015-06-25 11:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-02 20:14 - 2016-05-25 17:09 - 00000356 _____ C:\windows\Tasks\HPCeeScheduleForThaliagrill.job
2016-11-02 20:13 - 2015-06-23 10:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-02 19:28 - 2015-07-09 10:53 - 00000000 ____D C:\Users\Thaliagrill\AppData\Roaming\TeamViewer
2016-11-02 17:46 - 2016-05-25 17:09 - 00003222 _____ C:\windows\System32\Tasks\HPCeeScheduleForThaliagrill
2016-10-29 03:20 - 2015-06-23 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-29 03:19 - 2015-06-23 10:32 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2016-10-28 02:22 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-10-27 01:28 - 2015-07-02 06:28 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-10-27 01:28 - 2015-07-02 06:28 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 01:28 - 2015-07-02 06:28 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-10-27 01:28 - 2015-07-02 06:28 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-10-27 01:28 - 2015-07-02 06:28 - 00000000 ____D C:\windows\system32\Macromed
2016-10-14 13:34 - 2015-06-23 10:48 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-14 13:34 - 2015-06-23 10:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-05-16 18:49 - 2016-09-01 18:11 - 0179576 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2015-06-23 11:24 - 2015-06-23 11:24 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-11-04 00:13

==================== Ende von FRST.txt ============================

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Thaliagrill (05-11-2016 08:21:20)
Gestartet von C:\Users\Thaliagrill\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-23 09:08:14)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-1642952180-3305180400-4284923308-500 - Administrator - Disabled)
Gast (S-1-5-21-1642952180-3305180400-4284923308-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1642952180-3305180400-4284923308-1002 - Limited - Enabled)
Thaliagrill (S-1-5-21-1642952180-3305180400-4284923308-1001 - Administrator - Enabled) => C:\Users\Thaliagrill

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
BERGHOCH version V2.4.9.6 (HKLM-x32\...\{34E9B9BF-3307-48D5-AA5F-BDFDE58BF197}_is1) (Version: V2.4.9.6 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CMS (HKLM-x32\...\CMS) (Version: - )
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{433859BD-82D5-4EFA-A2DC-869D0F4C359C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PageLift (HKLM-x32\...\{28074A47-851D-4599-A270-87609F58EB57}) (Version: 1.0.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Chipset Device Software (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{C7E2483C-10A4-41E3-A2F6-240186FE3E41}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{1A73AF5D-69EE-4AE0-917C-2429CE593A86}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Pro Surveillance System(EN) (HKLM-x32\...\{24C53E05-0747-49C6-8BAA-F73FCE4F3C22}) (Version: 4.06.0 - DH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7312 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{8674E662-F413-4A50-A256-ABE97FECE84D}) (Version: 13.0.5.891 - SAP)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.5 - uvnc bvba)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04266D5A-6955-4B77-AE45-A0735C3B4EBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {06552FC8-CF50-45A1-9850-1D2033BC06B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2DFDC6C0-7B4C-403B-9EC0-12C08250D391} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {38C65735-C377-4C69-A096-4B8B3B222D1F} - System32\Tasks\HPCeeScheduleForThaliagrill => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5CFEEC61-BA19-4620-97D8-C474A3EB2508} - System32\Tasks\{5B1746C9-A138-4C00-B1F7-27CC5AA19AF7} => pcalua.exe -a C:\Users\Thaliagrill\Downloads\wlsetup-web(1).exe -d C:\Users\Thaliagrill\Downloads
Task: {67FF5D5A-1444-4269-85B3-7B3B7DBDCB92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {714D84A5-E2C8-4807-B9EA-90981C6F3D58} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {78F0577C-19C2-41D3-875A-516CE319CF6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {7E67205D-7CE0-4308-8B6D-4746744CCACB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {A978A491-A2DF-470F-AE7C-23503A8EFEA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {AE1AE3C9-D15D-4A9B-9179-4724B3BE924D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {BBC64927-A195-4FAF-8192-5E41995FA666} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C177E98E-A089-4AE8-BCD3-BFA2F2ABCE0D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-27] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForThaliagrill.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-08-26 19:25 - 2016-08-26 19:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-08-13 18:54 - 2014-08-13 18:54 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thaliagrill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{833C8661-0E92-44BE-8B13-14FE73653DBD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F77B394-E8F8-4412-BF41-A08673CB6476}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A50282FE-B515-46E9-9854-FD818D20A96E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A86B8DF-2296-4505-BB99-E06DCD0EBB29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E87A7985-F082-41AB-82F0-7F6A27F5B67F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81095D15-BDD8-42F0-B696-81CFD529A7B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB2C76A-F060-4BA8-A8EC-0721FA7C2052}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18841ABA-1A35-4640-8963-23021EB5A74E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E114683B-BB28-4B5F-9AE2-9F52BE1484C8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{77EB59C8-C8A8-41BD-9514-3538B940B71E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5C3A324A-D4EA-44F1-991D-A2C667AF6CD1}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1671263D-7199-4AC3-921C-E66384F02A9C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{401E3909-08EF-43D7-8274-9C3EBCC3AFD1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EA76A5B0-13CF-435E-82B0-674FC07EB985}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4CBC3DDC-C2E6-4119-960F-3FECBD39A1AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2B44CAD6-F6DE-40DA-A0FD-C992C1BF242B}] => (Allow) C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{66C53918-14F6-4941-BFB5-F916FB5405C6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D1EF977D-548C-4336-B16F-BA54F6B612E6}] => (Allow) LPort=2869
FirewallRules: [{31B1A86C-3A92-400D-9A89-4A14D794E2DB}] => (Allow) LPort=1900
FirewallRules: [{5E237A19-B60D-4BAD-9BF3-55D3B660F68D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BB6233E7-3364-4952-BF7F-763E69460A7D}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{4778714A-7074-4FD3-9BAC-49C7035EFB62}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{6A90E560-BE31-403B-838D-14E08BC07830}] => (Allow) LPort=1433
FirewallRules: [{77B7A81D-F33B-4A9B-893E-A6C8799A808C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BE5CCCB-8AC4-465D-AA15-6DD551EE945D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1D1116EE-6505-4978-9B58-2343C82981B8}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe
FirewallRules: [UDP Query User{648AB20E-E515-48B9-8553-F9104BBE8DF3}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe
FirewallRules: [{8042A4AC-FBC1-43EA-A5D4-476688ADDF50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C9742E9-6EF4-4B53-8B24-B748D4BBCB4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AF4E4DCA-C8A8-4BEB-A904-7300D4976EEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9859B4AF-9EF9-4CD7-A0C7-CFB0A32638C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2392D62C-BD34-447D-AC1D-12725544D2B7}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [UDP Query User{5704B615-7328-4C41-9523-373ECFF605CF}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [TCP Query User{CC810073-D37A-4713-8C66-630CC6D65AA2}C:\program files (x86)\cms\cms.exe] => (Block) C:\program files (x86)\cms\cms.exe
FirewallRules: [UDP Query User{6D4CE145-9DEF-4DAC-8A31-C647E8683ABC}C:\program files (x86)\cms\cms.exe] => (Block) C:\program files (x86)\cms\cms.exe
FirewallRules: [TCP Query User{D31F6C38-9B72-432C-B859-5F6C5040764D}C:\program files (x86)\berghoch\berghoch.exe] => (Block) C:\program files (x86)\berghoch\berghoch.exe
FirewallRules: [UDP Query User{88D242C5-D15E-46CF-9328-FB59C386BF66}C:\program files (x86)\berghoch\berghoch.exe] => (Block) C:\program files (x86)\berghoch\berghoch.exe
FirewallRules: [TCP Query User{63B6F930-BBA9-41D0-8AC8-42BAA8B445FB}C:\program files\uvnc bvba\ultravnc\vncviewer.exe] => (Block) C:\program files\uvnc bvba\ultravnc\vncviewer.exe
FirewallRules: [UDP Query User{219F505C-B17C-4598-B124-E6E46F0F380A}C:\program files\uvnc bvba\ultravnc\vncviewer.exe] => (Block) C:\program files\uvnc bvba\ultravnc\vncviewer.exe
FirewallRules: [{A3A6AE34-F1F2-4872-AF9C-2DDE908CD8F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C5DF7E16-3FB3-4D00-BCDB-6C3684C0E9D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8D97D39E-19A3-4882-AF74-7175D2CD5B71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4C965B42-9D10-4091-89E8-5B5FC48F5EB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Wiederherstellungspunkte =========================

25-10-2016 11:17:12 Windows Update
29-10-2016 11:17:12 Windows Update
02-11-2016 11:17:11 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/05/2016 08:08:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 49.0.2.6136, Zeitstempel: 0x5807c043
Name des fehlerhaften Moduls: mozglue.dll, Version: 49.0.2.6136, Zeitstempel: 0x5807b9a7
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e83e
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0x01d23732c36a6a8c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: a214edc5-a326-11e6-baae-7cd30a13949f

Error: (11/05/2016 08:08:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 49.0.2.6136 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cac

Startzeit: 01d237327d90bb61

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 81103759-a326-11e6-baae-7cd30a13949f

Error: (11/05/2016 02:22:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/04/2016 04:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 49.0.2.6136, Zeitstempel: 0x5807b9c5
Name des fehlerhaften Moduls: mozglue.dll, Version: 49.0.2.6136, Zeitstempel: 0x5807b9a7
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e83e
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0x01d236b2a5f2ceeb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 8ac7a98a-a2a6-11e6-baaa-7cd30a13949f

Error: (11/04/2016 03:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 49.0.2.6136, Zeitstempel: 0x5807c043
Name des fehlerhaften Moduls: mozglue.dll, Version: 49.0.2.6136, Zeitstempel: 0x5807b9a7
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e83e
ID des fehlerhaften Prozesses: 0x1a9c
Startzeit der fehlerhaften Anwendung: 0x01d2368c6807b613
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: c8007e00-a299-11e6-baaa-7cd30a13949f

Error: (11/04/2016 04:38:59 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/03/2016 05:48:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/02/2016 10:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.8.204.0, Zeitstempel: 0x5541eadf
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000021e69
ID des fehlerhaften Prozesses: 0x3a8
Startzeit der fehlerhaften Anwendung: 0x01d2353eb61678f8
Pfad der fehlerhaften Anwendung: c:\Program Files\Microsoft Security Client\MsMpEng.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a7de62cc-a13f-11e6-baaa-7cd30a13949f

Error: (11/02/2016 08:15:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2016 08:15:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Systemfehler:
=============
Error: (11/05/2016 08:21:32 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

Name: Trojan:JS/Certor.C

ID: 2147718103

Schweregrad: Schwerwiegend

Kategorie: Trojaner

Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA;file:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA->[Eval]

Ursprung der Erkennung: Lokaler Computer

Typ der Erkennung: Konkret

Quelle der Erkennung: Echtzeitschutz

Benutzer: NT-AUTORITÄT\SYSTEM

Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

Aktion: Quarantäne

Aktionsstatus: No additional actions required

Fehlercode: 0x80070050

Fehlerbeschreibung: Die Datei ist vorhanden.

Signaturversion: AV: 1.231.1222.0, AS: 1.231.1222.0, NIS: 116.65.0.0

Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/05/2016 08:21:31 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.B&threatid=2147717270&enterprise=0

Name: Trojan:JS/Certor.B

ID: 2147717270

Schweregrad: Schwerwiegend

Kategorie: Trojaner

Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA;file:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA->[FunctionPacked]->[Eval]

Ursprung der Erkennung: Lokaler Computer

Typ der Erkennung: Konkret

Quelle der Erkennung: System

Benutzer: NT-AUTORITÄT\SYSTEM

Prozessname: Unknown

Aktion: Quarantäne

Aktionsstatus: No additional actions required

Fehlercode: 0x80070050

Fehlerbeschreibung: Die Datei ist vorhanden.

Signaturversion: AV: 1.231.1222.0, AS: 1.231.1222.0, NIS: 116.65.0.0

Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/05/2016 06:25:39 AM) (Source: TPM) (EventID: 15) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (11/05/2016 12:00:58 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{34ad1445-197e-11e5-8bf6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4AEF46C1-A252-40FF-9A41-EFAC015F1512}

Error: (11/04/2016 09:07:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{34ad1445-197e-11e5-8bf6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{48247351-0AC6-4C3D-9BDB-779492885372}

Error: (11/04/2016 08:25:23 PM) (Source: TPM) (EventID: 15) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (11/04/2016 07:05:20 PM) (Source: TPM) (EventID: 15) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (11/04/2016 06:47:09 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

Name: Trojan:JS/Certor.C

ID: 2147718103

Schweregrad: Schwerwiegend

Kategorie: Trojaner

Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F583B15A;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F5895837;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F592B3CD;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115922-F611C9BE;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F61F7BDB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F6290B8B;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F633C66E;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F643C6DB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-1159

Ursprung der Erkennung: Lokaler Computer

Typ der Erkennung: Konkret

Quelle der Erkennung: Echtzeitschutz

Benutzer: NT-AUTORITÄT\SYSTEM

Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

Aktion: Quarantäne

Aktionsstatus: No additional actions required

Fehlercode: 0x80070050

Fehlerbeschreibung: Die Datei ist vorhanden.

Signaturversion: AV: 1.231.1182.0, AS: 1.231.1182.0, NIS: 116.65.0.0

Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/04/2016 06:06:24 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

Name: Trojan:JS/Certor.C

ID: 2147718103

Schweregrad: Schwerwiegend

Kategorie: Trojaner

Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F583B15A;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F5895837;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F592B3CD;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115922-F611C9BE;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F61F7BDB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F6290B8B;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F633C66E;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F643C6DB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-1159

Ursprung der Erkennung: Lokaler Computer

Typ der Erkennung: Konkret

Quelle der Erkennung: Echtzeitschutz

Benutzer: NT-AUTORITÄT\SYSTEM

Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

Aktion: Quarantäne

Aktionsstatus: No additional actions required

Fehlercode: 0x80070050

Fehlerbeschreibung: Die Datei ist vorhanden.

Signaturversion: AV: 1.231.1182.0, AS: 1.231.1182.0, NIS: 116.65.0.0

Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/04/2016 05:20:04 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

Name: Trojan:JS/Certor.C

ID: 2147718103

Schweregrad: Schwerwiegend

Kategorie: Trojaner

Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F583B15A;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F5895837;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F592B3CD;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115922-F611C9BE;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F61F7BDB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F6290B8B;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F633C66E;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F643C6DB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-1159

Ursprung der Erkennung: Lokaler Computer

Typ der Erkennung: Konkret

Quelle der Erkennung: Echtzeitschutz

Benutzer: NT-AUTORITÄT\SYSTEM

Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

Aktion: Quarantäne

Aktionsstatus: No additional actions required

Fehlercode: 0x80070050

Fehlerbeschreibung: Die Datei ist vorhanden.

Signaturversion: AV: 1.231.1182.0, AS: 1.231.1182.0, NIS: 116.65.0.0

Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

==================== Speicherinformationen ===========================

Prozessor: Intel(R) Pentium(R) 3558U @ 1.70GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 4012.76 MB
Verfügbarer physikalischer RAM: 2331.69 MB
Summe virtueller Speicher: 8023.73 MB
Verfügbarer virtueller Speicher: 5872.45 MB

==================== Laufwerke ================================

Drive c: (Windows ) (Fixed) (Total:452.56 GB) (Free:364.73 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.09 GB) (Free:1.34 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
Drive f: () (Removable) (Total:28.62 GB) (Free:28.62 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CDDCF6A3)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 28.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Ich hab auch die logfiles von Avira aber da diese zu Groß sind werde ich diese und noch alle anderen die ich gerade gepostet habe gezipt anhängen.

Falls ich etwas vergessen habe oder etwas anderes notwendig ist stehe ich den ganzen Tag zur verfügung.

Danke im Voraus

Mfg Wisazo

deeprybka · 05.11.2016, 12:58

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Logs bitte in Code-Tags posten.

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Wisazo · 05.11.2016, 14:21

Hallo Jürgen.

Danke für die schnelle Antwort.

Ich würde es auf jeden Fall zuerst mit bereinigen probieren wollen da doch auch paar Fotos, Musik und Dokumente auf dem PC sind.

Und ich habe versucht die Logs mit dem Code-Tag zu posten, aber die Datei von Avira ist leider zu groß. Falls sonst noch etwas zu machen ist immer her damit

Mfg Wisazo

deeprybka · 05.11.2016, 14:26

Ich meinte FRST und Addition in Codetags. Da kann ich es leicher analysieren...

Wisazo · 05.11.2016, 14:31

Ahh ok. Sofort erledigt.

FRST:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
durchgeführt von Thaliagrill (Administrator) auf THALIAGRILL-PC (05-11-2016 08:20:02)
Gestartet von C:\Users\Thaliagrill\Desktop
Geladene Profile: Thaliagrill & MSSQLSERVER (Verfügbare Profile: Thaliagrill & MSSQLSERVER)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-28] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{38CF2A33-3A20-4868-B02D-F8B1A71934B7}: [NameServer] 192.168.0.1,8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-15] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: xeh8i3e8.default
FF ProfilePath: C:\Users\Thaliagrill\AppData\Roaming\Mozilla\Firefox\Profiles\xeh8i3e8.default [2016-11-05]
FF NewTab: Mozilla\Firefox\Profiles\xeh8i3e8.default -> hxxps://at.search.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150722__yaff
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xeh8i3e8.default -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\xeh8i3e8.default -> about:home
FF Extension: (Adblock Plus) - C:\Users\Thaliagrill\AppData\Roaming\Mozilla\Firefox\Profiles\xeh8i3e8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-29] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-29] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-07-22] (Realtek Semiconductor)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-04] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [145536 2016-10-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [28600 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-10] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [28008 2014-06-07] (Intel Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-05] (Malwarebytes)
R3 MEIx64; C:\windows\system32\drivers\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S4 RsFx0310; C:\windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S1 cxqlnmyk; \??\C:\windows\system32\drivers\cxqlnmyk.sys [X]
S1 cytcxpkj; \??\C:\windows\system32\drivers\cytcxpkj.sys [X]
S1 mukwikta; \??\C:\windows\system32\drivers\mukwikta.sys [X]
S1 rrufnwla; \??\C:\windows\system32\drivers\rrufnwla.sys [X]
S1 shrrnwab; \??\C:\windows\system32\drivers\shrrnwab.sys [X]
S1 tsfauxnp; \??\C:\windows\system32\drivers\tsfauxnp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-05 08:20 - 2016-11-05 08:20 - 00014826 _____ C:\Users\Thaliagrill\Desktop\FRST.txt
2016-11-05 08:19 - 2016-11-05 08:20 - 00000000 ____D C:\FRST
2016-11-05 08:08 - 2016-11-05 08:06 - 02409984 _____ (Farbar) C:\Users\Thaliagrill\Desktop\FRST64.exe
2016-10-31 07:31 - 2016-10-31 07:31 - 01610813 _____ C:\Users\Thaliagrill\Downloads\meldez(1).pdf
2016-10-30 13:41 - 2016-10-30 13:41 - 02989625 _____ C:\Users\Thaliagrill\Downloads\fsSetup300.exe
2016-10-27 13:38 - 2016-10-27 13:38 - 00016895 _____ C:\Users\Thaliagrill\Downloads\MA - Verdienstnachweis 070916182510.pdf
2016-10-27 13:38 - 2016-10-27 13:38 - 00016895 _____ C:\Users\Thaliagrill\Downloads\MA - Verdienstnachweis 070916182510(1).pdf
2016-10-27 13:29 - 2016-10-27 13:29 - 00016897 _____ C:\Users\Thaliagrill\Downloads\MA - Verdienstnachweis 011016214711.pdf
2016-10-21 15:30 - 2016-11-02 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-05 08:16 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-05 08:12 - 2015-03-24 07:43 - 00797646 _____ C:\windows\system32\perfh007.dat
2016-11-05 08:12 - 2015-03-24 07:43 - 00187846 _____ C:\windows\system32\perfc007.dat
2016-11-05 08:12 - 2009-07-14 06:13 - 01899270 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-05 08:12 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2016-11-05 08:10 - 2009-07-14 05:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-05 08:10 - 2009-07-14 05:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-05 08:02 - 2015-06-23 10:34 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 07:30 - 2015-07-02 06:28 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-11-04 18:50 - 2015-06-23 10:10 - 00003978 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{5C412342-5174-4B90-BCE4-B793E5032550}
2016-11-04 17:58 - 2015-07-07 21:22 - 00000000 ____D C:\Users\Thaliagrill\Documents\Outlook-Dateien
2016-11-04 17:03 - 2015-06-25 11:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-02 20:14 - 2016-05-25 17:09 - 00000356 _____ C:\windows\Tasks\HPCeeScheduleForThaliagrill.job
2016-11-02 20:13 - 2015-06-23 10:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-02 19:28 - 2015-07-09 10:53 - 00000000 ____D C:\Users\Thaliagrill\AppData\Roaming\TeamViewer
2016-11-02 17:46 - 2016-05-25 17:09 - 00003222 _____ C:\windows\System32\Tasks\HPCeeScheduleForThaliagrill
2016-10-29 03:20 - 2015-06-23 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-29 03:19 - 2015-06-23 10:32 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2016-10-28 02:22 - 2010-11-21 04:27 - 00485032 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-10-27 01:28 - 2015-07-02 06:28 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-10-27 01:28 - 2015-07-02 06:28 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 01:28 - 2015-07-02 06:28 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-10-27 01:28 - 2015-07-02 06:28 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-10-27 01:28 - 2015-07-02 06:28 - 00000000 ____D C:\windows\system32\Macromed
2016-10-14 13:34 - 2015-06-23 10:48 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-14 13:34 - 2015-06-23 10:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-05-16 18:49 - 2016-09-01 18:11 - 0179576 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2015-06-23 11:24 - 2015-06-23 11:24 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-04 00:13

==================== Ende von FRST.txt ============================

Addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Thaliagrill (05-11-2016 08:21:20)
Gestartet von C:\Users\Thaliagrill\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-23 09:08:14)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1642952180-3305180400-4284923308-500 - Administrator - Disabled)
Gast (S-1-5-21-1642952180-3305180400-4284923308-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1642952180-3305180400-4284923308-1002 - Limited - Enabled)
Thaliagrill (S-1-5-21-1642952180-3305180400-4284923308-1001 - Administrator - Enabled) => C:\Users\Thaliagrill

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
BERGHOCH version V2.4.9.6 (HKLM-x32\...\{34E9B9BF-3307-48D5-AA5F-BDFDE58BF197}_is1) (Version: V2.4.9.6 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CMS (HKLM-x32\...\CMS) (Version:  - )
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3920 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{433859BD-82D5-4EFA-A2DC-869D0F4C359C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP PageLift (HKLM-x32\...\{28074A47-851D-4599-A270-87609F58EB57}) (Version: 1.0.15.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{B1AD4FFB-DD17-43EC-8C30-B9E71EAD9132}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Chipset Device Software (x32 Version: 10.0.21 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{BF5ABBDB-D3AA-4BCB-8D10-FCD4A4BB7F93}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{C7E2483C-10A4-41E3-A2F6-240186FE3E41}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{1A73AF5D-69EE-4AE0-917C-2429CE593A86}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{E3F613C1-105F-4717-BFE7-007729A95D67}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 de)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Pro Surveillance System(EN) (HKLM-x32\...\{24C53E05-0747-49C6-8BAA-F73FCE4F3C22}) (Version: 4.06.0 - DH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7312 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{8674E662-F413-4A50-A256-ABE97FECE84D}) (Version: 13.0.5.891 - SAP)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
SQL Server 2014 Client Tools (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.5 - uvnc bvba)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{6BCC80EE-3B68-4110-8D47-23E04FB6D08D}) (Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04266D5A-6955-4B77-AE45-A0735C3B4EBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {06552FC8-CF50-45A1-9850-1D2033BC06B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2DFDC6C0-7B4C-403B-9EC0-12C08250D391} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {38C65735-C377-4C69-A096-4B8B3B222D1F} - System32\Tasks\HPCeeScheduleForThaliagrill => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5CFEEC61-BA19-4620-97D8-C474A3EB2508} - System32\Tasks\{5B1746C9-A138-4C00-B1F7-27CC5AA19AF7} => pcalua.exe -a C:\Users\Thaliagrill\Downloads\wlsetup-web(1).exe -d C:\Users\Thaliagrill\Downloads
Task: {67FF5D5A-1444-4269-85B3-7B3B7DBDCB92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {714D84A5-E2C8-4807-B9EA-90981C6F3D58} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {78F0577C-19C2-41D3-875A-516CE319CF6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {7E67205D-7CE0-4308-8B6D-4746744CCACB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {A978A491-A2DF-470F-AE7C-23503A8EFEA0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {AE1AE3C9-D15D-4A9B-9179-4724B3BE924D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {BBC64927-A195-4FAF-8192-5E41995FA666} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C177E98E-A089-4AE8-BCD3-BFA2F2ABCE0D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-27] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForThaliagrill.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-08-26 19:25 - 2016-08-26 19:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-08-13 18:54 - 2014-08-13 18:54 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thaliagrill\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{833C8661-0E92-44BE-8B13-14FE73653DBD}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{0F77B394-E8F8-4412-BF41-A08673CB6476}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A50282FE-B515-46E9-9854-FD818D20A96E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A86B8DF-2296-4505-BB99-E06DCD0EBB29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E87A7985-F082-41AB-82F0-7F6A27F5B67F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81095D15-BDD8-42F0-B696-81CFD529A7B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DB2C76A-F060-4BA8-A8EC-0721FA7C2052}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18841ABA-1A35-4640-8963-23021EB5A74E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E114683B-BB28-4B5F-9AE2-9F52BE1484C8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{77EB59C8-C8A8-41BD-9514-3538B940B71E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5C3A324A-D4EA-44F1-991D-A2C667AF6CD1}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1671263D-7199-4AC3-921C-E66384F02A9C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{401E3909-08EF-43D7-8274-9C3EBCC3AFD1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EA76A5B0-13CF-435E-82B0-674FC07EB985}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4CBC3DDC-C2E6-4119-960F-3FECBD39A1AE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2B44CAD6-F6DE-40DA-A0FD-C992C1BF242B}] => (Allow) C:\Users\Thaliagrill\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{66C53918-14F6-4941-BFB5-F916FB5405C6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D1EF977D-548C-4336-B16F-BA54F6B612E6}] => (Allow) LPort=2869
FirewallRules: [{31B1A86C-3A92-400D-9A89-4A14D794E2DB}] => (Allow) LPort=1900
FirewallRules: [{5E237A19-B60D-4BAD-9BF3-55D3B660F68D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BB6233E7-3364-4952-BF7F-763E69460A7D}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{4778714A-7074-4FD3-9BAC-49C7035EFB62}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{6A90E560-BE31-403B-838D-14E08BC07830}] => (Allow) LPort=1433
FirewallRules: [{77B7A81D-F33B-4A9B-893E-A6C8799A808C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BE5CCCB-8AC4-465D-AA15-6DD551EE945D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1D1116EE-6505-4978-9B58-2343C82981B8}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe
FirewallRules: [UDP Query User{648AB20E-E515-48B9-8553-F9104BBE8DF3}C:\program files (x86)\pro surveillance system(en)\pssproject.exe] => (Allow) C:\program files (x86)\pro surveillance system(en)\pssproject.exe
FirewallRules: [{8042A4AC-FBC1-43EA-A5D4-476688ADDF50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C9742E9-6EF4-4B53-8B24-B748D4BBCB4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AF4E4DCA-C8A8-4BEB-A904-7300D4976EEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9859B4AF-9EF9-4CD7-A0C7-CFB0A32638C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2392D62C-BD34-447D-AC1D-12725544D2B7}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [UDP Query User{5704B615-7328-4C41-9523-373ECFF605CF}C:\program files (x86)\cms\cms.exe] => (Allow) C:\program files (x86)\cms\cms.exe
FirewallRules: [TCP Query User{CC810073-D37A-4713-8C66-630CC6D65AA2}C:\program files (x86)\cms\cms.exe] => (Block) C:\program files (x86)\cms\cms.exe
FirewallRules: [UDP Query User{6D4CE145-9DEF-4DAC-8A31-C647E8683ABC}C:\program files (x86)\cms\cms.exe] => (Block) C:\program files (x86)\cms\cms.exe
FirewallRules: [TCP Query User{D31F6C38-9B72-432C-B859-5F6C5040764D}C:\program files (x86)\berghoch\berghoch.exe] => (Block) C:\program files (x86)\berghoch\berghoch.exe
FirewallRules: [UDP Query User{88D242C5-D15E-46CF-9328-FB59C386BF66}C:\program files (x86)\berghoch\berghoch.exe] => (Block) C:\program files (x86)\berghoch\berghoch.exe
FirewallRules: [TCP Query User{63B6F930-BBA9-41D0-8AC8-42BAA8B445FB}C:\program files\uvnc bvba\ultravnc\vncviewer.exe] => (Block) C:\program files\uvnc bvba\ultravnc\vncviewer.exe
FirewallRules: [UDP Query User{219F505C-B17C-4598-B124-E6E46F0F380A}C:\program files\uvnc bvba\ultravnc\vncviewer.exe] => (Block) C:\program files\uvnc bvba\ultravnc\vncviewer.exe
FirewallRules: [{A3A6AE34-F1F2-4872-AF9C-2DDE908CD8F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C5DF7E16-3FB3-4D00-BCDB-6C3684C0E9D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8D97D39E-19A3-4882-AF74-7175D2CD5B71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4C965B42-9D10-4091-89E8-5B5FC48F5EB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Wiederherstellungspunkte =========================

25-10-2016 11:17:12 Windows Update
29-10-2016 11:17:12 Windows Update
02-11-2016 11:17:11 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/05/2016 08:08:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 49.0.2.6136, Zeitstempel: 0x5807c043
Name des fehlerhaften Moduls: mozglue.dll, Version: 49.0.2.6136, Zeitstempel: 0x5807b9a7
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e83e
ID des fehlerhaften Prozesses: 0xe14
Startzeit der fehlerhaften Anwendung: 0x01d23732c36a6a8c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: a214edc5-a326-11e6-baae-7cd30a13949f

Error: (11/05/2016 08:08:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 49.0.2.6136 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: cac

Startzeit: 01d237327d90bb61

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 81103759-a326-11e6-baae-7cd30a13949f

Error: (11/05/2016 02:22:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/04/2016 04:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 49.0.2.6136, Zeitstempel: 0x5807b9c5
Name des fehlerhaften Moduls: mozglue.dll, Version: 49.0.2.6136, Zeitstempel: 0x5807b9a7
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e83e
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0x01d236b2a5f2ceeb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 8ac7a98a-a2a6-11e6-baaa-7cd30a13949f

Error: (11/04/2016 03:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 49.0.2.6136, Zeitstempel: 0x5807c043
Name des fehlerhaften Moduls: mozglue.dll, Version: 49.0.2.6136, Zeitstempel: 0x5807b9a7
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e83e
ID des fehlerhaften Prozesses: 0x1a9c
Startzeit der fehlerhaften Anwendung: 0x01d2368c6807b613
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: c8007e00-a299-11e6-baaa-7cd30a13949f

Error: (11/04/2016 04:38:59 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/03/2016 05:48:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/02/2016 10:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.8.204.0, Zeitstempel: 0x5541eadf
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000021e69
ID des fehlerhaften Prozesses: 0x3a8
Startzeit der fehlerhaften Anwendung: 0x01d2353eb61678f8
Pfad der fehlerhaften Anwendung: c:\Program Files\Microsoft Security Client\MsMpEng.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: a7de62cc-a13f-11e6-baaa-7cd30a13949f

Error: (11/02/2016 08:15:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/02/2016 08:15:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


Systemfehler:
=============
Error: (11/05/2016 08:21:32 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

	Name: Trojan:JS/Certor.C

	ID: 2147718103

	Schweregrad: Schwerwiegend

	Kategorie: Trojaner

	Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA;file:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA->[Eval]

	Ursprung der Erkennung: Lokaler Computer

	Typ der Erkennung: Konkret

	Quelle der Erkennung: Echtzeitschutz

	Benutzer: NT-AUTORITÄT\SYSTEM

	Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

	Aktion: Quarantäne

	Aktionsstatus:  No additional actions required

	Fehlercode: 0x80070050

	Fehlerbeschreibung: Die Datei ist vorhanden. 

	Signaturversion: AV: 1.231.1222.0, AS: 1.231.1222.0, NIS: 116.65.0.0

	Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/05/2016 08:21:31 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.B&threatid=2147717270&enterprise=0

	Name: Trojan:JS/Certor.B

	ID: 2147717270

	Schweregrad: Schwerwiegend

	Kategorie: Trojaner

	Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA;file:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-075911-B616A3DA->[FunctionPacked]->[Eval]

	Ursprung der Erkennung: Lokaler Computer

	Typ der Erkennung: Konkret

	Quelle der Erkennung: System

	Benutzer: NT-AUTORITÄT\SYSTEM

	Prozessname: Unknown

	Aktion: Quarantäne

	Aktionsstatus:  No additional actions required

	Fehlercode: 0x80070050

	Fehlerbeschreibung: Die Datei ist vorhanden. 

	Signaturversion: AV: 1.231.1222.0, AS: 1.231.1222.0, NIS: 116.65.0.0

	Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/05/2016 06:25:39 AM) (Source: TPM) (EventID: 15) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (11/05/2016 12:00:58 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{34ad1445-197e-11e5-8bf6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4AEF46C1-A252-40FF-9A41-EFAC015F1512}

Error: (11/04/2016 09:07:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a171\??\Volume{34ad1445-197e-11e5-8bf6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{48247351-0AC6-4C3D-9BDB-779492885372}

Error: (11/04/2016 08:25:23 PM) (Source: TPM) (EventID: 15) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (11/04/2016 07:05:20 PM) (Source: TPM) (EventID: 15) (User: )
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.

Error: (11/04/2016 06:47:09 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

	Name: Trojan:JS/Certor.C

	ID: 2147718103

	Schweregrad: Schwerwiegend

	Kategorie: Trojaner

	Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F583B15A;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F5895837;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F592B3CD;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115922-F611C9BE;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F61F7BDB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F6290B8B;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F633C66E;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F643C6DB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-1159

	Ursprung der Erkennung: Lokaler Computer

	Typ der Erkennung: Konkret

	Quelle der Erkennung: Echtzeitschutz

	Benutzer: NT-AUTORITÄT\SYSTEM

	Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

	Aktion: Quarantäne

	Aktionsstatus:  No additional actions required

	Fehlercode: 0x80070050

	Fehlerbeschreibung: Die Datei ist vorhanden. 

	Signaturversion: AV: 1.231.1182.0, AS: 1.231.1182.0, NIS: 116.65.0.0

	Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/04/2016 06:06:24 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

	Name: Trojan:JS/Certor.C

	ID: 2147718103

	Schweregrad: Schwerwiegend

	Kategorie: Trojaner

	Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F583B15A;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F5895837;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F592B3CD;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115922-F611C9BE;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F61F7BDB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F6290B8B;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F633C66E;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F643C6DB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-1159

	Ursprung der Erkennung: Lokaler Computer

	Typ der Erkennung: Konkret

	Quelle der Erkennung: Echtzeitschutz

	Benutzer: NT-AUTORITÄT\SYSTEM

	Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

	Aktion: Quarantäne

	Aktionsstatus:  No additional actions required

	Fehlercode: 0x80070050

	Fehlerbeschreibung: Die Datei ist vorhanden. 

	Signaturversion: AV: 1.231.1182.0, AS: 1.231.1182.0, NIS: 116.65.0.0

	Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0

Error: (11/04/2016 05:20:04 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte Software wurde von Microsoft-Antischadsoftware ein schwerwiegender Fehler festgestellt.

Weitere Informationen finden Sie hier:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Certor.C&threatid=2147718103&enterprise=0

	Name: Trojan:JS/Certor.C

	ID: 2147718103

	Schweregrad: Schwerwiegend

	Kategorie: Trojaner

	Pfad: containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F583B15A;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F5895837;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115917-F592B3CD;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115922-F611C9BE;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F61F7BDB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115923-F6290B8B;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F633C66E;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-115924-F643C6DB;containerfile:_C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161104-115323-D29DF2FF\AVSCAN-20161104-1159

	Ursprung der Erkennung: Lokaler Computer

	Typ der Erkennung: Konkret

	Quelle der Erkennung: Echtzeitschutz

	Benutzer: NT-AUTORITÄT\SYSTEM

	Prozessname: C:\Program Files (x86)\Avira\Antivirus\avguard.exe

	Aktion: Quarantäne

	Aktionsstatus:  No additional actions required

	Fehlercode: 0x80070050

	Fehlerbeschreibung: Die Datei ist vorhanden. 

	Signaturversion: AV: 1.231.1182.0, AS: 1.231.1182.0, NIS: 116.65.0.0

	Modulversion: AM: 1.1.13202.0, NIS: 2.1.12706.0


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) 3558U @ 1.70GHz
Prozentuale Nutzung des RAM: 41%
Installierter physikalischer RAM: 4012.76 MB
Verfügbarer physikalischer RAM: 2331.69 MB
Summe virtueller Speicher: 8023.73 MB
Verfügbarer virtueller Speicher: 5872.45 MB

==================== Laufwerke ================================

Drive c: (Windows ) (Fixed) (Total:452.56 GB) (Free:364.73 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.09 GB) (Free:1.34 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
Drive f: () (Removable) (Total:28.62 GB) (Free:28.62 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CDDCF6A3)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 28.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Mfg Wisazo

deeprybka · 05.11.2016, 15:10

Bitte mal Avira deinstallieren. Zwei AVP sind nie gut, zumal der immer bei sich selber was findet...

Zitat:

05.11.2016, 08:30:28 [Echtzeit-Scanner] Malware gefunden
Muster 'JS/Agent.246532 [virus]'
in Datei 'C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20161105-074233-538FEE41\AVSCAN-20161105-080856-EFCF6260 gefunden.
Durchgeführte Aktion: Datei in Quarantäne verschieben

Sowas verunsichert User doch nur...

Schritt 1
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Wisazo · 05.11.2016, 16:56

Code:

ATTFilter

15:43:06.0924 0x0ed0  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
15:43:20.0153 0x0ed0  ============================================================
15:43:20.0153 0x0ed0  Current date / time: 2016/11/05 15:43:20.0153
15:43:20.0153 0x0ed0  SystemInfo:
15:43:20.0153 0x0ed0  
15:43:20.0153 0x0ed0  OS Version: 6.1.7601 ServicePack: 1.0
15:43:20.0153 0x0ed0  Product type: Workstation
15:43:20.0153 0x0ed0  ComputerName: THALIAGRILL-PC
15:43:20.0153 0x0ed0  UserName: Thaliagrill
15:43:20.0153 0x0ed0  Windows directory: C:\windows
15:43:20.0153 0x0ed0  System windows directory: C:\windows
15:43:20.0153 0x0ed0  Running under WOW64
15:43:20.0153 0x0ed0  Processor architecture: Intel x64
15:43:20.0153 0x0ed0  Number of processors: 2
15:43:20.0153 0x0ed0  Page size: 0x1000
15:43:20.0153 0x0ed0  Boot type: Normal boot
15:43:20.0153 0x0ed0  CodeIntegrityOptions = 0x00000001
15:43:20.0153 0x0ed0  ============================================================
15:43:22.0509 0x0ed0  KLMD registered as C:\windows\system32\drivers\47818395.sys
15:43:22.0509 0x0ed0  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.19018, osProperties = 0x1
15:43:23.0788 0x0ed0  System UUID: {A2536FFB-EA97-BAAA-4414-C331ECACEDFC}
15:43:25.0114 0x0ed0  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:25.0129 0x0ed0  ============================================================
15:43:25.0129 0x0ed0  \Device\Harddisk0\DR0:
15:43:25.0129 0x0ed0  MBR partitions:
15:43:25.0129 0x0ed0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200800
15:43:25.0129 0x0ed0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x201000, BlocksNum 0x38920800
15:43:25.0129 0x0ed0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38B21800, BlocksNum 0x1830000
15:43:25.0129 0x0ed0  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A351800, BlocksNum 0x32000
15:43:25.0129 0x0ed0  ============================================================
15:43:25.0145 0x0ed0  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:25.0332 0x0ed0  D: <-> \Device\Harddisk0\DR0\Partition3
15:43:25.0395 0x0ed0  E: <-> \Device\Harddisk0\DR0\Partition4
15:43:25.0395 0x0ed0  ============================================================
15:43:25.0395 0x0ed0  Initialize success
15:43:25.0395 0x0ed0  ============================================================
15:43:28.0437 0x0f18  ============================================================
15:43:28.0437 0x0f18  Scan started
15:43:28.0437 0x0f18  Mode: Manual; 
15:43:28.0437 0x0f18  ============================================================
15:43:28.0437 0x0f18  KSN ping started
15:43:31.0307 0x0f18  KSN ping finished: true
15:43:32.0227 0x0f18  ================ Scan system memory ========================
15:43:32.0227 0x0f18  System memory - ok
15:43:32.0227 0x0f18  ================ Scan services =============================
15:43:32.0368 0x0f18  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
15:43:32.0383 0x0f18  1394ohci - ok
15:43:32.0430 0x0f18  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
15:43:32.0430 0x0f18  ACPI - ok
15:43:32.0477 0x0f18  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
15:43:32.0477 0x0f18  AcpiPmi - ok
15:43:32.0555 0x0f18  [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:32.0571 0x0f18  AdobeARMservice - ok
15:43:32.0664 0x0f18  [ 16D11D2CA3F2078F553E0C3A70A4F050, 51EEA7EFBE122D3FEB2F8487F5A45166A0C4963314B28840C3C404479B4E1849 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:32.0680 0x0f18  AdobeFlashPlayerUpdateSvc - ok
15:43:32.0711 0x0f18  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
15:43:32.0727 0x0f18  adp94xx - ok
15:43:32.0758 0x0f18  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
15:43:32.0758 0x0f18  adpahci - ok
15:43:32.0789 0x0f18  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
15:43:32.0805 0x0f18  adpu320 - ok
15:43:32.0836 0x0f18  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
15:43:32.0836 0x0f18  AeLookupSvc - ok
15:43:32.0898 0x0f18  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
15:43:32.0898 0x0f18  AERTFilters - ok
15:43:32.0929 0x0f18  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
15:43:32.0945 0x0f18  AFD - ok
15:43:32.0976 0x0f18  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
15:43:32.0976 0x0f18  agp440 - ok
15:43:32.0992 0x0f18  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
15:43:32.0992 0x0f18  ALG - ok
15:43:33.0007 0x0f18  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
15:43:33.0007 0x0f18  aliide - ok
15:43:33.0023 0x0f18  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
15:43:33.0023 0x0f18  amdide - ok
15:43:33.0039 0x0f18  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
15:43:33.0039 0x0f18  AmdK8 - ok
15:43:33.0054 0x0f18  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
15:43:33.0054 0x0f18  AmdPPM - ok
15:43:33.0085 0x0f18  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
15:43:33.0085 0x0f18  amdsata - ok
15:43:33.0101 0x0f18  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
15:43:33.0117 0x0f18  amdsbs - ok
15:43:33.0117 0x0f18  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
15:43:33.0117 0x0f18  amdxata - ok
15:43:33.0148 0x0f18  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\windows\system32\drivers\appid.sys
15:43:33.0195 0x0f18  AppID - ok
15:43:33.0210 0x0f18  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\windows\System32\appidsvc.dll
15:43:33.0241 0x0f18  AppIDSvc - ok
15:43:33.0273 0x0f18  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\windows\System32\appinfo.dll
15:43:33.0273 0x0f18  Appinfo - ok
15:43:33.0288 0x0f18  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\windows\System32\appmgmts.dll
15:43:33.0304 0x0f18  AppMgmt - ok
15:43:33.0319 0x0f18  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
15:43:33.0319 0x0f18  arc - ok
15:43:33.0413 0x0f18  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
15:43:33.0429 0x0f18  arcsas - ok
15:43:33.0491 0x0f18  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:43:33.0491 0x0f18  aspnet_state - ok
15:43:33.0522 0x0f18  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:43:33.0522 0x0f18  AsyncMac - ok
15:43:33.0553 0x0f18  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
15:43:33.0553 0x0f18  atapi - ok
15:43:33.0585 0x0f18  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:43:33.0616 0x0f18  AudioEndpointBuilder - ok
15:43:33.0631 0x0f18  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
15:43:33.0647 0x0f18  AudioSrv - ok
15:43:33.0678 0x0f18  avgntflt - ok
15:43:33.0678 0x0f18  avkmgr - ok
15:43:33.0709 0x0f18  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
15:43:33.0709 0x0f18  AxInstSV - ok
15:43:33.0756 0x0f18  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
15:43:33.0772 0x0f18  b06bdrv - ok
15:43:33.0834 0x0f18  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
15:43:33.0850 0x0f18  b57nd60a - ok
15:43:33.0865 0x0f18  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
15:43:33.0881 0x0f18  BDESVC - ok
15:43:33.0912 0x0f18  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
15:43:33.0912 0x0f18  Beep - ok
15:43:33.0959 0x0f18  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
15:43:34.0006 0x0f18  BFE - ok
15:43:34.0146 0x0f18  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
15:43:34.0177 0x0f18  BITS - ok
15:43:34.0193 0x0f18  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
15:43:34.0209 0x0f18  blbdrive - ok
15:43:34.0255 0x0f18  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:43:34.0271 0x0f18  Bonjour Service - ok
15:43:34.0302 0x0f18  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
15:43:34.0302 0x0f18  bowser - ok
15:43:34.0318 0x0f18  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
15:43:34.0318 0x0f18  BrFiltLo - ok
15:43:34.0333 0x0f18  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
15:43:34.0333 0x0f18  BrFiltUp - ok
15:43:34.0349 0x0f18  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
15:43:34.0349 0x0f18  Browser - ok
15:43:34.0380 0x0f18  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
15:43:34.0396 0x0f18  Brserid - ok
15:43:34.0427 0x0f18  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
15:43:34.0427 0x0f18  BrSerWdm - ok
15:43:34.0443 0x0f18  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
15:43:34.0443 0x0f18  BrUsbMdm - ok
15:43:34.0443 0x0f18  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
15:43:34.0443 0x0f18  BrUsbSer - ok
15:43:34.0474 0x0f18  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
15:43:34.0474 0x0f18  BTHMODEM - ok
15:43:34.0474 0x0f18  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
15:43:34.0489 0x0f18  bthserv - ok
15:43:34.0489 0x0f18  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
15:43:34.0505 0x0f18  cdfs - ok
15:43:34.0521 0x0f18  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
15:43:34.0521 0x0f18  cdrom - ok
15:43:34.0536 0x0f18  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
15:43:34.0536 0x0f18  CertPropSvc - ok
15:43:34.0552 0x0f18  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
15:43:34.0552 0x0f18  circlass - ok
15:43:34.0567 0x0f18  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
15:43:34.0583 0x0f18  CLFS - ok
15:43:34.0630 0x0f18  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:34.0630 0x0f18  clr_optimization_v2.0.50727_32 - ok
15:43:34.0661 0x0f18  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:34.0661 0x0f18  clr_optimization_v2.0.50727_64 - ok
15:43:34.0708 0x0f18  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:34.0755 0x0f18  clr_optimization_v4.0.30319_32 - ok
15:43:34.0770 0x0f18  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:34.0786 0x0f18  clr_optimization_v4.0.30319_64 - ok
15:43:34.0848 0x0f18  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
15:43:34.0848 0x0f18  CmBatt - ok
15:43:34.0864 0x0f18  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
15:43:34.0864 0x0f18  cmdide - ok
15:43:34.0911 0x0f18  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\windows\system32\Drivers\cng.sys
15:43:34.0926 0x0f18  CNG - ok
15:43:34.0942 0x0f18  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
15:43:34.0942 0x0f18  Compbatt - ok
15:43:34.0957 0x0f18  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
15:43:34.0957 0x0f18  CompositeBus - ok
15:43:34.0973 0x0f18  COMSysApp - ok
15:43:35.0035 0x0f18  [ 2421AC62C428CA889FD2582E545A61BF, 69E7A54152F4F0A776D3C037359167AEE19EFDAA786DC287BC0142F79277623D ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
15:43:35.0051 0x0f18  cphs - ok
15:43:35.0082 0x0f18  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
15:43:35.0082 0x0f18  crcdisk - ok
15:43:35.0113 0x0f18  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\windows\system32\cryptsvc.dll
15:43:35.0113 0x0f18  CryptSvc - ok
15:43:35.0160 0x0f18  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\windows\system32\drivers\csc.sys
15:43:35.0176 0x0f18  CSC - ok
15:43:35.0191 0x0f18  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\windows\System32\cscsvc.dll
15:43:35.0254 0x0f18  CscService - ok
15:43:35.0269 0x0f18  cxqlnmyk - ok
15:43:35.0269 0x0f18  cytcxpkj - ok
15:43:35.0316 0x0f18  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:43:35.0332 0x0f18  DcomLaunch - ok
15:43:35.0347 0x0f18  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
15:43:35.0363 0x0f18  defragsvc - ok
15:43:35.0379 0x0f18  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
15:43:35.0379 0x0f18  DfsC - ok
15:43:35.0394 0x0f18  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
15:43:35.0410 0x0f18  Dhcp - ok
15:43:35.0503 0x0f18  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\windows\system32\diagtrack.dll
15:43:35.0550 0x0f18  DiagTrack - ok
15:43:35.0581 0x0f18  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
15:43:35.0597 0x0f18  discache - ok
15:43:35.0613 0x0f18  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
15:43:35.0613 0x0f18  Disk - ok
15:43:35.0628 0x0f18  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\windows\system32\drivers\dmvsc.sys
15:43:35.0644 0x0f18  dmvsc - ok
15:43:35.0659 0x0f18  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:43:35.0659 0x0f18  Dnscache - ok
15:43:35.0675 0x0f18  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
15:43:35.0691 0x0f18  dot3svc - ok
15:43:35.0722 0x0f18  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
15:43:35.0722 0x0f18  DPS - ok
15:43:35.0753 0x0f18  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:43:35.0753 0x0f18  drmkaud - ok
15:43:35.0784 0x0f18  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
15:43:35.0815 0x0f18  DXGKrnl - ok
15:43:35.0831 0x0f18  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
15:43:35.0847 0x0f18  EapHost - ok
15:43:35.0956 0x0f18  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
15:43:36.0065 0x0f18  ebdrv - ok
15:43:36.0096 0x0f18  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS             C:\windows\System32\lsass.exe
15:43:36.0096 0x0f18  EFS - ok
15:43:36.0159 0x0f18  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
15:43:36.0190 0x0f18  ehRecvr - ok
15:43:36.0205 0x0f18  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
15:43:36.0205 0x0f18  ehSched - ok
15:43:36.0237 0x0f18  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
15:43:36.0252 0x0f18  elxstor - ok
15:43:36.0268 0x0f18  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
15:43:36.0268 0x0f18  ErrDev - ok
15:43:36.0299 0x0f18  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
15:43:36.0315 0x0f18  EventSystem - ok
15:43:36.0330 0x0f18  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
15:43:36.0346 0x0f18  exfat - ok
15:43:36.0361 0x0f18  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
15:43:36.0361 0x0f18  fastfat - ok
15:43:36.0408 0x0f18  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
15:43:36.0424 0x0f18  Fax - ok
15:43:36.0455 0x0f18  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
15:43:36.0455 0x0f18  fdc - ok
15:43:36.0471 0x0f18  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
15:43:36.0471 0x0f18  fdPHost - ok
15:43:36.0486 0x0f18  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
15:43:36.0486 0x0f18  FDResPub - ok
15:43:36.0502 0x0f18  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
15:43:36.0502 0x0f18  FileInfo - ok
15:43:36.0502 0x0f18  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
15:43:36.0517 0x0f18  Filetrace - ok
15:43:36.0533 0x0f18  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
15:43:36.0533 0x0f18  flpydisk - ok
15:43:36.0549 0x0f18  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
15:43:36.0564 0x0f18  FltMgr - ok
15:43:36.0611 0x0f18  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\windows\system32\FntCache.dll
15:43:36.0658 0x0f18  FontCache - ok
15:43:36.0705 0x0f18  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:36.0705 0x0f18  FontCache3.0.0.0 - ok
15:43:36.0720 0x0f18  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
15:43:36.0720 0x0f18  FsDepends - ok
15:43:36.0736 0x0f18  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
15:43:36.0751 0x0f18  fssfltr - ok
15:43:36.0876 0x0f18  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:43:36.0923 0x0f18  fsssvc - ok
15:43:36.0954 0x0f18  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:43:36.0954 0x0f18  Fs_Rec - ok
15:43:36.0970 0x0f18  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
15:43:36.0985 0x0f18  fvevol - ok
15:43:36.0985 0x0f18  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
15:43:37.0001 0x0f18  gagp30kx - ok
15:43:37.0032 0x0f18  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
15:43:37.0048 0x0f18  gpsvc - ok
15:43:37.0063 0x0f18  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
15:43:37.0063 0x0f18  hcw85cir - ok
15:43:37.0079 0x0f18  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:43:37.0095 0x0f18  HdAudAddService - ok
15:43:37.0110 0x0f18  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
15:43:37.0110 0x0f18  HDAudBus - ok
15:43:37.0126 0x0f18  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
15:43:37.0126 0x0f18  HidBatt - ok
15:43:37.0141 0x0f18  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
15:43:37.0141 0x0f18  HidBth - ok
15:43:37.0157 0x0f18  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
15:43:37.0157 0x0f18  HidIr - ok
15:43:37.0173 0x0f18  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
15:43:37.0188 0x0f18  hidserv - ok
15:43:37.0204 0x0f18  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:43:37.0219 0x0f18  HidUsb - ok
15:43:37.0235 0x0f18  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
15:43:37.0235 0x0f18  hkmsvc - ok
15:43:37.0251 0x0f18  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:43:37.0266 0x0f18  HomeGroupListener - ok
15:43:37.0282 0x0f18  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:43:37.0297 0x0f18  HomeGroupProvider - ok
15:43:37.0375 0x0f18  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:43:37.0407 0x0f18  hpqwmiex - ok
15:43:37.0453 0x0f18  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
15:43:37.0453 0x0f18  HpSAMD - ok
15:43:37.0500 0x0f18  [ 02F1253476B7F5F818364443DFED3264, 645F51A6781E9DEB381694718EDEF38B02F5345ADCE8860EC2D9483F7C1C7CC2 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
15:43:37.0516 0x0f18  HPSupportSolutionsFrameworkService - ok
15:43:37.0578 0x0f18  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
15:43:37.0594 0x0f18  HTTP - ok
15:43:37.0594 0x0f18  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
15:43:37.0594 0x0f18  hwpolicy - ok
15:43:37.0625 0x0f18  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
15:43:37.0625 0x0f18  i8042prt - ok
15:43:37.0656 0x0f18  [ 9863EC0FB887C0AD0C3A20AC3BF91629, B695048C370CB91BB0CFF2E29641636225B23347B08F7E451FB91CF8B1A0120A ] iaStorA         C:\windows\system32\drivers\iaStorA.sys
15:43:37.0672 0x0f18  iaStorA - ok
15:43:37.0703 0x0f18  [ AB28B4CE85BE2261276ECD3482A0AED9, 0052D158B93F9A5DADD9EFC06FAED27650F104CF79A5BCEDF97AA47D18290756 ] iaStorF         C:\windows\system32\drivers\iaStorF.sys
15:43:37.0703 0x0f18  iaStorF - ok
15:43:37.0750 0x0f18  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
15:43:37.0750 0x0f18  iaStorV - ok
15:43:37.0781 0x0f18  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:43:37.0797 0x0f18  ICCS - ok
15:43:37.0859 0x0f18  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:37.0875 0x0f18  idsvc - ok
15:43:37.0890 0x0f18  IEEtwCollectorService - ok
15:43:38.0046 0x0f18  [ 78C66B3AFEEE9DB358FC365105FAA69A, 8601D75B39FE417B2DB7C11875640F2BE8909381243EF4BBFD49B43B5891DC0E ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
15:43:38.0187 0x0f18  igfx - ok
15:43:38.0202 0x0f18  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
15:43:38.0202 0x0f18  iirsp - ok
15:43:38.0233 0x0f18  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
15:43:38.0265 0x0f18  IKEEXT - ok
15:43:38.0421 0x0f18  [ 52099471D9F0361D1EAE51F1112C63B1, 496FC5190C2056B3F0DDC32748D6E698E6E3842D9978C60E5507DE246330156B ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:43:38.0561 0x0f18  IntcAzAudAddService - ok
15:43:38.0608 0x0f18  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
15:43:38.0623 0x0f18  IntcDAud - ok
15:43:38.0717 0x0f18  [ 9A6DEB5DDF7E29728F6FEA5092AFA3F2, 21C47A0490EBA302657EF30C560E4AF83777685FFE126DCCAC310163C47401D1 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
15:43:40.0012 0x0f18  Intel(R) Capability Licensing Service TCP IP Interface - ok
15:43:40.0043 0x0f18  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
15:43:40.0043 0x0f18  intelide - ok
15:43:40.0074 0x0f18  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
15:43:40.0074 0x0f18  intelppm - ok
15:43:40.0105 0x0f18  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
15:43:40.0105 0x0f18  IPBusEnum - ok
15:43:40.0121 0x0f18  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:43:40.0121 0x0f18  IpFilterDriver - ok
15:43:40.0168 0x0f18  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
15:43:40.0183 0x0f18  iphlpsvc - ok
15:43:40.0199 0x0f18  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
15:43:40.0199 0x0f18  IPMIDRV - ok
15:43:40.0215 0x0f18  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
15:43:40.0230 0x0f18  IPNAT - ok
15:43:40.0230 0x0f18  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
15:43:40.0230 0x0f18  IRENUM - ok
15:43:40.0261 0x0f18  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
15:43:40.0261 0x0f18  isapnp - ok
15:43:40.0277 0x0f18  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
15:43:40.0277 0x0f18  iScsiPrt - ok
15:43:40.0308 0x0f18  [ 61662AFF4AF0413F461F2780167703AE, 55CCBA4F09581871B3EB81A40A3FB59013AD988CEED109E18C58609AD469117A ] iusb3hcs        C:\windows\system32\drivers\iusb3hcs.sys
15:43:40.0308 0x0f18  iusb3hcs - ok
15:43:40.0339 0x0f18  [ 923030D5F4B1C801AE5219551F7B490B, C00D9CCE8D04FEFA9391725F79BBD77F03ED3E3DB53E02E80ABC008B2F179043 ] iusb3hub        C:\windows\system32\drivers\iusb3hub.sys
15:43:40.0339 0x0f18  iusb3hub - ok
15:43:40.0402 0x0f18  [ 234E2245AF65CFC021874F64C40E206B, 4254180327F7B58AAE1A158DADE53A06C02139F6CDD2A657E5E9B2868B96F806 ] iusb3xhc        C:\windows\system32\drivers\iusb3xhc.sys
15:43:40.0417 0x0f18  iusb3xhc - ok
15:43:40.0433 0x0f18  [ 2749D828991C160D1D8E7A06A0A95D93, 6F590E3A8F295D367A23938E062AEB0D904CDD8B8262B1EBB1208369587EA186 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:43:40.0449 0x0f18  jhi_service - ok
15:43:40.0464 0x0f18  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:43:40.0464 0x0f18  kbdclass - ok
15:43:40.0495 0x0f18  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
15:43:40.0527 0x0f18  kbdhid - ok
15:43:40.0542 0x0f18  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso          C:\windows\system32\lsass.exe
15:43:40.0542 0x0f18  KeyIso - ok
15:43:40.0558 0x0f18  [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
15:43:40.0573 0x0f18  KSecDD - ok
15:43:40.0589 0x0f18  [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
15:43:40.0589 0x0f18  KSecPkg - ok
15:43:40.0605 0x0f18  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
15:43:40.0605 0x0f18  ksthunk - ok
15:43:40.0636 0x0f18  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
15:43:40.0651 0x0f18  KtmRm - ok
15:43:40.0667 0x0f18  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
15:43:40.0667 0x0f18  LanmanServer - ok
15:43:40.0698 0x0f18  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:43:40.0698 0x0f18  LanmanWorkstation - ok
15:43:40.0714 0x0f18  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
15:43:40.0714 0x0f18  lltdio - ok
15:43:40.0729 0x0f18  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
15:43:40.0745 0x0f18  lltdsvc - ok
15:43:40.0745 0x0f18  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
15:43:40.0745 0x0f18  lmhosts - ok
15:43:40.0776 0x0f18  [ 9C30978597D52AD8EA319BABE6112AAE, 50A63FB33797D79D688CA86600693FA4BD668588FAE0F67D9725ACDD20445D2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:43:40.0792 0x0f18  LMS - ok
15:43:40.0823 0x0f18  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
15:43:40.0823 0x0f18  LSI_FC - ok
15:43:40.0854 0x0f18  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
15:43:40.0854 0x0f18  LSI_SAS - ok
15:43:40.0870 0x0f18  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
15:43:40.0885 0x0f18  LSI_SAS2 - ok
15:43:40.0901 0x0f18  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
15:43:40.0901 0x0f18  LSI_SCSI - ok
15:43:40.0917 0x0f18  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
15:43:40.0917 0x0f18  luafv - ok
15:43:40.0932 0x0f18  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
15:43:40.0932 0x0f18  Mcx2Svc - ok
15:43:40.0948 0x0f18  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
15:43:40.0948 0x0f18  megasas - ok
15:43:40.0979 0x0f18  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
15:43:40.0979 0x0f18  MegaSR - ok
15:43:40.0995 0x0f18  [ F90198317AFD70357583CCD6474A7CB3, 0F9E426FE6A92C914DC5BBA80840ECBBB78826510C3066362A012F3314D0CFDB ] MEIx64          C:\windows\system32\drivers\TeeDriverx64.sys
15:43:40.0995 0x0f18  MEIx64 - ok
15:43:41.0026 0x0f18  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
15:43:41.0026 0x0f18  MMCSS - ok
15:43:41.0041 0x0f18  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
15:43:41.0041 0x0f18  Modem - ok
15:43:41.0057 0x0f18  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
15:43:41.0073 0x0f18  monitor - ok
15:43:41.0088 0x0f18  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:43:41.0088 0x0f18  mouclass - ok
15:43:41.0104 0x0f18  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:43:41.0135 0x0f18  mouhid - ok
15:43:41.0166 0x0f18  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
15:43:41.0166 0x0f18  mountmgr - ok
15:43:41.0213 0x0f18  [ 572BD5A99648652147A5D3C6DA946C99, FFDAD4A5682864977C926A5DDDB632CDB2A166BF025757801CC56F2828720023 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:41.0213 0x0f18  MozillaMaintenance - ok
15:43:41.0260 0x0f18  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
15:43:41.0275 0x0f18  MpFilter - ok
15:43:41.0291 0x0f18  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
15:43:41.0307 0x0f18  mpio - ok
15:43:41.0307 0x0f18  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
15:43:41.0322 0x0f18  mpsdrv - ok
15:43:41.0353 0x0f18  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
15:43:41.0369 0x0f18  MpsSvc - ok
15:43:41.0400 0x0f18  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
15:43:41.0400 0x0f18  MRxDAV - ok
15:43:41.0431 0x0f18  [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:43:41.0463 0x0f18  mrxsmb - ok
15:43:41.0494 0x0f18  [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
15:43:41.0541 0x0f18  mrxsmb10 - ok
15:43:41.0556 0x0f18  [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
15:43:41.0572 0x0f18  mrxsmb20 - ok
15:43:41.0587 0x0f18  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
15:43:41.0587 0x0f18  msahci - ok
15:43:41.0619 0x0f18  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
15:43:41.0619 0x0f18  msdsm - ok
15:43:41.0634 0x0f18  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
15:43:41.0650 0x0f18  MSDTC - ok
15:43:41.0665 0x0f18  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:43:41.0665 0x0f18  Msfs - ok
15:43:41.0681 0x0f18  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
15:43:41.0681 0x0f18  mshidkmdf - ok
15:43:41.0697 0x0f18  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
15:43:41.0697 0x0f18  msisadrv - ok
15:43:41.0728 0x0f18  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
15:43:41.0728 0x0f18  MSiSCSI - ok
15:43:41.0728 0x0f18  msiserver - ok
15:43:41.0743 0x0f18  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:43:41.0743 0x0f18  MSKSSRV - ok
15:43:41.0790 0x0f18  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:43:41.0790 0x0f18  MsMpSvc - ok
15:43:41.0806 0x0f18  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:43:41.0806 0x0f18  MSPCLOCK - ok
15:43:41.0821 0x0f18  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:43:41.0821 0x0f18  MSPQM - ok
15:43:41.0853 0x0f18  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
15:43:41.0868 0x0f18  MsRPC - ok
15:43:41.0868 0x0f18  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
15:43:41.0868 0x0f18  mssmbios - ok
15:43:42.0024 0x0f18  [ D89F2110A3C59F492CE80648BC645E79, 1EDB265554A19ADC5345BBD703C45C715E0C28D187490367221C11F117377B13 ] MSSQLSERVER     C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
15:43:42.0087 0x0f18  MSSQLSERVER - ok
15:43:42.0165 0x0f18  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:43:42.0227 0x0f18  MSTEE - ok
15:43:42.0243 0x0f18  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
15:43:42.0243 0x0f18  MTConfig - ok
15:43:42.0258 0x0f18  mukwikta - ok
15:43:42.0274 0x0f18  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
15:43:42.0274 0x0f18  Mup - ok
15:43:42.0305 0x0f18  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
15:43:42.0321 0x0f18  napagent - ok
15:43:42.0367 0x0f18  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
15:43:42.0367 0x0f18  NativeWifiP - ok
15:43:42.0414 0x0f18  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
15:43:42.0445 0x0f18  NDIS - ok
15:43:42.0461 0x0f18  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
15:43:42.0461 0x0f18  NdisCap - ok
15:43:42.0477 0x0f18  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:43:42.0477 0x0f18  NdisTapi - ok
15:43:42.0492 0x0f18  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:43:42.0492 0x0f18  Ndisuio - ok
15:43:42.0508 0x0f18  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:43:42.0523 0x0f18  NdisWan - ok
15:43:42.0523 0x0f18  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:43:42.0523 0x0f18  NDProxy - ok
15:43:42.0539 0x0f18  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:43:42.0539 0x0f18  NetBIOS - ok
15:43:42.0570 0x0f18  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:43:42.0570 0x0f18  NetBT - ok
15:43:42.0586 0x0f18  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon        C:\windows\system32\lsass.exe
15:43:42.0586 0x0f18  Netlogon - ok
15:43:42.0601 0x0f18  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
15:43:42.0617 0x0f18  Netman - ok
15:43:42.0664 0x0f18  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:42.0679 0x0f18  NetMsmqActivator - ok
15:43:42.0695 0x0f18  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:42.0711 0x0f18  NetPipeActivator - ok
15:43:42.0726 0x0f18  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
15:43:42.0742 0x0f18  netprofm - ok
15:43:42.0757 0x0f18  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:42.0757 0x0f18  NetTcpActivator - ok
15:43:42.0773 0x0f18  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:42.0773 0x0f18  NetTcpPortSharing - ok
15:43:42.0804 0x0f18  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
15:43:42.0804 0x0f18  nfrd960 - ok
15:43:42.0820 0x0f18  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
15:43:42.0835 0x0f18  NisDrv - ok
15:43:42.0867 0x0f18  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
15:43:42.0882 0x0f18  NisSrv - ok
15:43:42.0913 0x0f18  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
15:43:42.0929 0x0f18  NlaSvc - ok
15:43:42.0945 0x0f18  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf             C:\windows\system32\drivers\npf.sys
15:43:42.0945 0x0f18  npf - ok
15:43:42.0945 0x0f18  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:43:42.0945 0x0f18  Npfs - ok
15:43:42.0960 0x0f18  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
15:43:42.0976 0x0f18  nsi - ok
15:43:42.0976 0x0f18  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
15:43:42.0991 0x0f18  nsiproxy - ok
15:43:43.0038 0x0f18  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:43:43.0101 0x0f18  Ntfs - ok
15:43:43.0122 0x0f18  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
15:43:43.0126 0x0f18  Null - ok
15:43:43.0146 0x0f18  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
15:43:43.0156 0x0f18  nvraid - ok
15:43:43.0186 0x0f18  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
15:43:43.0186 0x0f18  nvstor - ok
15:43:43.0206 0x0f18  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
15:43:43.0216 0x0f18  nv_agp - ok
15:43:43.0236 0x0f18  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
15:43:43.0236 0x0f18  ohci1394 - ok
15:43:43.0306 0x0f18  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:43.0316 0x0f18  ose64 - ok
15:43:43.0526 0x0f18  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:43.0706 0x0f18  osppsvc - ok
15:43:43.0732 0x0f18  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
15:43:43.0747 0x0f18  p2pimsvc - ok
15:43:43.0779 0x0f18  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
15:43:43.0779 0x0f18  p2psvc - ok
15:43:43.0794 0x0f18  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
15:43:43.0794 0x0f18  Parport - ok
15:43:43.0810 0x0f18  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
15:43:43.0810 0x0f18  partmgr - ok
15:43:43.0841 0x0f18  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
15:43:43.0841 0x0f18  PcaSvc - ok
15:43:43.0872 0x0f18  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
15:43:43.0872 0x0f18  pci - ok
15:43:43.0888 0x0f18  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
15:43:43.0888 0x0f18  pciide - ok
15:43:43.0919 0x0f18  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
15:43:43.0919 0x0f18  pcmcia - ok
15:43:43.0935 0x0f18  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
15:43:43.0935 0x0f18  pcw - ok
15:43:43.0966 0x0f18  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
15:43:43.0981 0x0f18  PEAUTH - ok
15:43:44.0044 0x0f18  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
15:43:44.0091 0x0f18  PeerDistSvc - ok
15:43:44.0200 0x0f18  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
15:43:44.0200 0x0f18  PerfHost - ok
15:43:44.0325 0x0f18  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
15:43:44.0387 0x0f18  pla - ok
15:43:44.0418 0x0f18  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
15:43:44.0434 0x0f18  PlugPlay - ok
15:43:44.0449 0x0f18  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
15:43:44.0449 0x0f18  PNRPAutoReg - ok
15:43:44.0481 0x0f18  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
15:43:44.0481 0x0f18  PNRPsvc - ok
15:43:44.0512 0x0f18  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
15:43:44.0527 0x0f18  PolicyAgent - ok
15:43:44.0559 0x0f18  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
15:43:44.0559 0x0f18  Power - ok
15:43:44.0590 0x0f18  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:43:44.0590 0x0f18  PptpMiniport - ok
15:43:44.0605 0x0f18  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
15:43:44.0605 0x0f18  Processor - ok
15:43:44.0637 0x0f18  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
15:43:44.0637 0x0f18  ProfSvc - ok
15:43:44.0652 0x0f18  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\windows\system32\lsass.exe
15:43:44.0652 0x0f18  ProtectedStorage - ok
15:43:44.0683 0x0f18  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
15:43:44.0683 0x0f18  Psched - ok
15:43:44.0746 0x0f18  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
15:43:44.0808 0x0f18  ql2300 - ok
15:43:44.0824 0x0f18  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
15:43:44.0824 0x0f18  ql40xx - ok
15:43:44.0839 0x0f18  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
15:43:44.0855 0x0f18  QWAVE - ok
15:43:44.0871 0x0f18  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
15:43:44.0871 0x0f18  QWAVEdrv - ok
15:43:44.0886 0x0f18  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:43:44.0886 0x0f18  RasAcd - ok
15:43:44.0902 0x0f18  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
15:43:44.0902 0x0f18  RasAgileVpn - ok
15:43:44.0917 0x0f18  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
15:43:44.0933 0x0f18  RasAuto - ok
15:43:44.0933 0x0f18  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:43:44.0949 0x0f18  Rasl2tp - ok
15:43:44.0964 0x0f18  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
15:43:44.0980 0x0f18  RasMan - ok
15:43:44.0995 0x0f18  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:43:44.0995 0x0f18  RasPppoe - ok
15:43:45.0011 0x0f18  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
15:43:45.0027 0x0f18  RasSstp - ok
15:43:45.0042 0x0f18  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:43:45.0042 0x0f18  rdbss - ok
15:43:45.0058 0x0f18  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
15:43:45.0058 0x0f18  rdpbus - ok
15:43:45.0058 0x0f18  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:43:45.0058 0x0f18  RDPCDD - ok
15:43:45.0089 0x0f18  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
15:43:45.0089 0x0f18  RDPDR - ok
15:43:45.0105 0x0f18  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
15:43:45.0105 0x0f18  RDPENCDD - ok
15:43:45.0120 0x0f18  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
15:43:45.0120 0x0f18  RDPREFMP - ok
15:43:45.0151 0x0f18  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:43:45.0151 0x0f18  RDPWD - ok
15:43:45.0183 0x0f18  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
15:43:45.0183 0x0f18  rdyboost - ok
15:43:45.0198 0x0f18  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:43:45.0214 0x0f18  RemoteAccess - ok
15:43:45.0229 0x0f18  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:43:45.0229 0x0f18  RemoteRegistry - ok
15:43:45.0245 0x0f18  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
15:43:45.0245 0x0f18  RpcEptMapper - ok
15:43:45.0261 0x0f18  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
15:43:45.0261 0x0f18  RpcLocator - ok
15:43:45.0292 0x0f18  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
15:43:45.0307 0x0f18  RpcSs - ok
15:43:45.0323 0x0f18  rrufnwla - ok
15:43:45.0370 0x0f18  [ E2319BDFF45DC9600E3751BE690F044D, 93F7A1EB1DB5F5CD41846F8D1DD5F08569DDE55AB125A01131B4ED20C322B956 ] RsFx0310        C:\windows\system32\DRIVERS\RsFx0310.sys
15:43:45.0385 0x0f18  RsFx0310 - ok
15:43:45.0401 0x0f18  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
15:43:45.0401 0x0f18  rspndr - ok
15:43:45.0463 0x0f18  [ E4F4CFC5D51FC559EE4ED77CBD4C1127, 182FC9F08B32BDB0780F3690442211EE98CAAEAF2260561A5BEA33683ADF2550 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
15:43:45.0479 0x0f18  RtkAudioService - ok
15:43:45.0541 0x0f18  [ 7B486E26DCA97766F3617A395690E76A, DB27C4463BC10BCB6F16E731C897D1BC7A84C33305ABCE7E3F60279EFF28BB7B ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
15:43:45.0557 0x0f18  RTL8167 - ok
15:43:45.0573 0x0f18  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\windows\system32\drivers\vms3cap.sys
15:43:45.0573 0x0f18  s3cap - ok
15:43:45.0588 0x0f18  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs           C:\windows\system32\lsass.exe
15:43:45.0588 0x0f18  SamSs - ok
15:43:45.0604 0x0f18  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
15:43:45.0604 0x0f18  sbp2port - ok
15:43:45.0635 0x0f18  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
15:43:45.0635 0x0f18  SCardSvr - ok
15:43:45.0635 0x0f18  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
15:43:45.0651 0x0f18  scfilter - ok
15:43:45.0697 0x0f18  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\windows\system32\schedsvc.dll
15:43:45.0729 0x0f18  Schedule - ok
15:43:45.0760 0x0f18  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
15:43:45.0760 0x0f18  SCPolicySvc - ok
15:43:45.0775 0x0f18  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
15:43:45.0791 0x0f18  SDRSVC - ok
15:43:45.0791 0x0f18  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
15:43:45.0791 0x0f18  secdrv - ok
15:43:45.0807 0x0f18  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
15:43:45.0807 0x0f18  seclogon - ok
15:43:45.0822 0x0f18  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
15:43:45.0822 0x0f18  SENS - ok
15:43:45.0822 0x0f18  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
15:43:45.0822 0x0f18  SensrSvc - ok
15:43:45.0853 0x0f18  [ 9F6490423AC3271E84A90A0DD9D30A3B, 7F8559B06A2E8FC35F71A099F320A87BB90FC9783133C19F49046F06ECBC9605 ] Ser2pl          C:\windows\system32\drivers\ser2pl64.sys
15:43:45.0853 0x0f18  Ser2pl - ok
15:43:45.0885 0x0f18  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
15:43:45.0885 0x0f18  Serenum - ok
15:43:45.0900 0x0f18  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
15:43:45.0900 0x0f18  Serial - ok
15:43:45.0931 0x0f18  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
15:43:45.0931 0x0f18  sermouse - ok
15:43:45.0947 0x0f18  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
15:43:45.0963 0x0f18  SessionEnv - ok
15:43:45.0978 0x0f18  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
15:43:45.0978 0x0f18  sffdisk - ok
15:43:45.0994 0x0f18  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
15:43:45.0994 0x0f18  sffp_mmc - ok
15:43:46.0009 0x0f18  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
15:43:46.0009 0x0f18  sffp_sd - ok
15:43:46.0009 0x0f18  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
15:43:46.0009 0x0f18  sfloppy - ok
15:43:46.0041 0x0f18  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:43:46.0041 0x0f18  SharedAccess - ok
15:43:46.0072 0x0f18  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:43:46.0087 0x0f18  ShellHWDetection - ok
15:43:46.0103 0x0f18  shrrnwab - ok
15:43:46.0103 0x0f18  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
15:43:46.0103 0x0f18  SiSRaid2 - ok
15:43:46.0119 0x0f18  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
15:43:46.0119 0x0f18  SiSRaid4 - ok
15:43:46.0134 0x0f18  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
15:43:46.0134 0x0f18  Smb - ok
15:43:46.0150 0x0f18  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
15:43:46.0150 0x0f18  SNMPTRAP - ok
15:43:46.0165 0x0f18  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
15:43:46.0165 0x0f18  spldr - ok
15:43:46.0181 0x0f18  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
15:43:46.0197 0x0f18  Spooler - ok
15:43:46.0321 0x0f18  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
15:43:46.0431 0x0f18  sppsvc - ok
15:43:46.0446 0x0f18  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
15:43:46.0446 0x0f18  sppuinotify - ok
15:43:46.0540 0x0f18  [ 774C1D27B9ED5A420E11C2343B0FFF7B, 6C291CF9C9205D6F9BA43156E1EBB370CA11DD1656694F1B434E2E7F8AFBC6A4 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:43:46.0555 0x0f18  SQLBrowser - ok
15:43:46.0587 0x0f18  [ D1A4A546ED802E6854B1F1F5DFB58D27, CFA21C67B806176FAC5C9E70B8DB2E1D3E3BC75B0B548D06238CBEFBFEC65A90 ] SQLSERVERAGENT  C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
15:43:46.0618 0x0f18  SQLSERVERAGENT - ok
15:43:46.0633 0x0f18  [ C386F811A5E2F87DCF3EA4A527A20AA6, D68DF4E237AC6CBE193DE3A5C48F473F332A1D3CFC7BC21AFDE3EF922DA08279 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:43:46.0633 0x0f18  SQLWriter - ok
15:43:46.0649 0x0f18  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
15:43:46.0665 0x0f18  srv - ok
15:43:46.0696 0x0f18  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
15:43:46.0711 0x0f18  srv2 - ok
15:43:46.0727 0x0f18  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
15:43:46.0727 0x0f18  srvnet - ok
15:43:46.0758 0x0f18  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:43:46.0758 0x0f18  SSDPSRV - ok
15:43:46.0774 0x0f18  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
15:43:46.0789 0x0f18  SstpSvc - ok
15:43:46.0805 0x0f18  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
15:43:46.0805 0x0f18  stexstor - ok
15:43:46.0836 0x0f18  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
15:43:46.0852 0x0f18  stisvc - ok
15:43:46.0867 0x0f18  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\windows\system32\drivers\vmstorfl.sys
15:43:46.0867 0x0f18  storflt - ok
15:43:46.0883 0x0f18  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\windows\system32\storsvc.dll
15:43:46.0883 0x0f18  StorSvc - ok
15:43:46.0914 0x0f18  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\windows\system32\drivers\storvsc.sys
15:43:46.0914 0x0f18  storvsc - ok
15:43:46.0930 0x0f18  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
15:43:46.0930 0x0f18  swenum - ok
15:43:46.0961 0x0f18  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
15:43:46.0977 0x0f18  swprv - ok
15:43:47.0070 0x0f18  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\windows\system32\sysmain.dll
15:43:47.0133 0x0f18  SysMain - ok
15:43:47.0148 0x0f18  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
15:43:47.0164 0x0f18  TabletInputService - ok
15:43:47.0179 0x0f18  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
15:43:47.0179 0x0f18  TapiSrv - ok
15:43:47.0195 0x0f18  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
15:43:47.0211 0x0f18  TBS - ok
15:43:47.0273 0x0f18  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
15:43:47.0351 0x0f18  Tcpip - ok
15:43:47.0554 0x0f18  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
15:43:47.0585 0x0f18  TCPIP6 - ok
15:43:47.0616 0x0f18  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
15:43:47.0616 0x0f18  tcpipreg - ok
15:43:47.0632 0x0f18  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
15:43:47.0632 0x0f18  TDPIPE - ok
15:43:47.0632 0x0f18  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
15:43:47.0632 0x0f18  TDTCP - ok
15:43:47.0663 0x0f18  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
15:43:47.0663 0x0f18  tdx - ok
15:43:47.0975 0x0f18  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
15:43:48.0240 0x0f18  TeamViewer - ok
15:43:48.0271 0x0f18  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
15:43:48.0271 0x0f18  TermDD - ok
15:43:48.0318 0x0f18  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
15:43:48.0334 0x0f18  TermService - ok
15:43:48.0334 0x0f18  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
15:43:48.0349 0x0f18  Themes - ok
15:43:48.0365 0x0f18  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
15:43:48.0365 0x0f18  THREADORDER - ok
15:43:48.0396 0x0f18  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\windows\system32\drivers\tpm.sys
15:43:48.0396 0x0f18  TPM - ok
15:43:48.0412 0x0f18  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
15:43:48.0412 0x0f18  TrkWks - ok
15:43:48.0443 0x0f18  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:43:48.0459 0x0f18  TrustedInstaller - ok
15:43:48.0459 0x0f18  tsfauxnp - ok
15:43:48.0474 0x0f18  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
15:43:48.0490 0x0f18  tssecsrv - ok
15:43:48.0490 0x0f18  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
15:43:48.0505 0x0f18  TsUsbFlt - ok
15:43:48.0505 0x0f18  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
15:43:48.0505 0x0f18  TsUsbGD - ok
15:43:48.0537 0x0f18  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
15:43:48.0537 0x0f18  tunnel - ok
15:43:48.0552 0x0f18  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
15:43:48.0552 0x0f18  uagp35 - ok
15:43:48.0568 0x0f18  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
15:43:48.0583 0x0f18  udfs - ok
15:43:48.0599 0x0f18  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
15:43:48.0599 0x0f18  UI0Detect - ok
15:43:48.0615 0x0f18  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
15:43:48.0615 0x0f18  uliagpkx - ok
15:43:48.0630 0x0f18  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
15:43:48.0630 0x0f18  umbus - ok
15:43:48.0646 0x0f18  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
15:43:48.0661 0x0f18  UmPass - ok
15:43:48.0661 0x0f18  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\windows\System32\umrdp.dll
15:43:48.0677 0x0f18  UmRdpService - ok
15:43:48.0693 0x0f18  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
15:43:48.0708 0x0f18  upnphost - ok
15:43:48.0724 0x0f18  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:43:48.0755 0x0f18  usbccgp - ok
15:43:48.0786 0x0f18  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
15:43:48.0786 0x0f18  usbcir - ok
15:43:48.0802 0x0f18  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
15:43:48.0802 0x0f18  usbehci - ok
15:43:48.0833 0x0f18  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\drivers\usbhub.sys
15:43:48.0849 0x0f18  usbhub - ok
15:43:48.0849 0x0f18  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
15:43:48.0864 0x0f18  usbohci - ok
15:43:48.0880 0x0f18  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
15:43:48.0880 0x0f18  usbprint - ok
15:43:48.0895 0x0f18  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
15:43:48.0895 0x0f18  usbscan - ok
15:43:48.0911 0x0f18  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:43:48.0911 0x0f18  USBSTOR - ok
15:43:48.0927 0x0f18  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
15:43:48.0927 0x0f18  usbuhci - ok
15:43:48.0927 0x0f18  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
15:43:48.0942 0x0f18  UxSms - ok
15:43:48.0942 0x0f18  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc        C:\windows\system32\lsass.exe
15:43:48.0942 0x0f18  VaultSvc - ok
15:43:48.0973 0x0f18  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
15:43:48.0973 0x0f18  vdrvroot - ok
15:43:49.0005 0x0f18  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
15:43:49.0020 0x0f18  vds - ok
15:43:49.0036 0x0f18  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
15:43:49.0036 0x0f18  vga - ok
15:43:49.0051 0x0f18  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
15:43:49.0051 0x0f18  VgaSave - ok
15:43:49.0067 0x0f18  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
15:43:49.0067 0x0f18  vhdmp - ok
15:43:49.0083 0x0f18  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
15:43:49.0083 0x0f18  viaide - ok
15:43:49.0114 0x0f18  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\windows\system32\drivers\vmbus.sys
15:43:49.0114 0x0f18  vmbus - ok
15:43:49.0129 0x0f18  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
15:43:49.0129 0x0f18  VMBusHID - ok
15:43:49.0145 0x0f18  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
15:43:49.0161 0x0f18  volmgr - ok
15:43:49.0176 0x0f18  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
15:43:49.0192 0x0f18  volmgrx - ok
15:43:49.0207 0x0f18  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
15:43:49.0223 0x0f18  volsnap - ok
15:43:49.0239 0x0f18  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
15:43:49.0239 0x0f18  vsmraid - ok
15:43:49.0301 0x0f18  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
15:43:49.0363 0x0f18  VSS - ok
15:43:49.0379 0x0f18  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
15:43:49.0379 0x0f18  vwifibus - ok
15:43:49.0410 0x0f18  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
15:43:49.0426 0x0f18  W32Time - ok
15:43:49.0441 0x0f18  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
15:43:49.0441 0x0f18  WacomPen - ok
15:43:49.0457 0x0f18  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
15:43:49.0457 0x0f18  WANARP - ok
15:43:49.0457 0x0f18  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
15:43:49.0457 0x0f18  Wanarpv6 - ok
15:43:49.0551 0x0f18  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
15:43:49.0597 0x0f18  WatAdminSvc - ok
15:43:49.0660 0x0f18  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
15:43:49.0707 0x0f18  wbengine - ok
15:43:49.0722 0x0f18  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
15:43:49.0738 0x0f18  WbioSrvc - ok
15:43:49.0753 0x0f18  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
15:43:49.0769 0x0f18  wcncsvc - ok
15:43:49.0785 0x0f18  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:43:49.0785 0x0f18  WcsPlugInService - ok
15:43:49.0800 0x0f18  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
15:43:49.0800 0x0f18  Wd - ok
15:43:49.0831 0x0f18  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
15:43:49.0847 0x0f18  Wdf01000 - ok
15:43:49.0878 0x0f18  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
15:43:49.0878 0x0f18  WdiServiceHost - ok
15:43:49.0894 0x0f18  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\windows\system32\wdi.dll
15:43:49.0894 0x0f18  WdiSystemHost - ok
15:43:49.0925 0x0f18  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\windows\System32\webclnt.dll
15:43:49.0941 0x0f18  WebClient - ok
15:43:50.0065 0x0f18  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
15:43:50.0081 0x0f18  Wecsvc - ok
15:43:50.0081 0x0f18  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
15:43:50.0097 0x0f18  wercplsupport - ok
15:43:50.0097 0x0f18  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
15:43:50.0097 0x0f18  WerSvc - ok
15:43:50.0112 0x0f18  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
15:43:50.0112 0x0f18  WfpLwf - ok
15:43:50.0128 0x0f18  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
15:43:50.0128 0x0f18  WIMMount - ok
15:43:50.0143 0x0f18  WinDefend - ok
15:43:50.0159 0x0f18  WinHttpAutoProxySvc - ok
15:43:50.0190 0x0f18  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:43:50.0206 0x0f18  Winmgmt - ok
15:43:50.0284 0x0f18  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
15:43:50.0346 0x0f18  WinRM - ok
15:43:50.0377 0x0f18  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
15:43:50.0393 0x0f18  WinUsb - ok
15:43:50.0424 0x0f18  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
15:43:50.0455 0x0f18  Wlansvc - ok
15:43:50.0596 0x0f18  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:43:50.0658 0x0f18  wlidsvc - ok
15:43:50.0674 0x0f18  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
15:43:50.0689 0x0f18  WmiAcpi - ok
15:43:50.0705 0x0f18  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
15:43:50.0705 0x0f18  wmiApSrv - ok
15:43:50.0721 0x0f18  WMPNetworkSvc - ok
15:43:50.0736 0x0f18  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
15:43:50.0736 0x0f18  WPCSvc - ok
15:43:50.0736 0x0f18  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
15:43:50.0752 0x0f18  WPDBusEnum - ok
15:43:50.0767 0x0f18  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
15:43:50.0767 0x0f18  ws2ifsl - ok
15:43:50.0767 0x0f18  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
15:43:50.0767 0x0f18  wscsvc - ok
15:43:50.0783 0x0f18  WSearch - ok
15:43:50.0892 0x0f18  [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv        C:\windows\system32\wuaueng.dll
15:43:50.0970 0x0f18  wuauserv - ok
15:43:51.0001 0x0f18  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
15:43:51.0001 0x0f18  WudfPf - ok
15:43:51.0033 0x0f18  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
15:43:51.0033 0x0f18  WUDFRd - ok
15:43:51.0064 0x0f18  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
15:43:51.0064 0x0f18  wudfsvc - ok
15:43:51.0111 0x0f18  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
15:43:51.0126 0x0f18  WwanSvc - ok
15:43:51.0126 0x0f18  ================ Scan global ===============================
15:43:51.0142 0x0f18  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\windows\system32\basesrv.dll
15:43:51.0173 0x0f18  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\windows\system32\winsrv.dll
15:43:51.0189 0x0f18  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\windows\system32\winsrv.dll
15:43:51.0220 0x0f18  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
15:43:51.0251 0x0f18  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
15:43:51.0251 0x0f18  [ Global ] - ok
15:43:51.0251 0x0f18  ================ Scan MBR ==================================
15:43:51.0267 0x0f18  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:43:51.0547 0x0f18  \Device\Harddisk0\DR0 - ok
15:43:51.0547 0x0f18  ================ Scan VBR ==================================
15:43:51.0547 0x0f18  [ F5658285010242DEE9336024C6E1F6C2 ] \Device\Harddisk0\DR0\Partition1
15:43:51.0547 0x0f18  \Device\Harddisk0\DR0\Partition1 - ok
15:43:51.0563 0x0f18  [ 7DEF5283397E2E28B09C46628FA6B15D ] \Device\Harddisk0\DR0\Partition2
15:43:51.0563 0x0f18  \Device\Harddisk0\DR0\Partition2 - ok
15:43:51.0563 0x0f18  [ 442EE5A90ED7F4B668808062B75BC389 ] \Device\Harddisk0\DR0\Partition3
15:43:51.0563 0x0f18  \Device\Harddisk0\DR0\Partition3 - ok
15:43:51.0579 0x0f18  [ 45EC5619DA2023BA84E89498F2711658 ] \Device\Harddisk0\DR0\Partition4
15:43:51.0579 0x0f18  \Device\Harddisk0\DR0\Partition4 - ok
15:43:51.0579 0x0f18  ================ Scan generic autorun ======================
15:43:51.0610 0x0f18  [ CECA9C01CDAFF5C79B56357FC3659D49, F97BBC08619867746CA4022F97CB0FF3F4D5DC376739CA03A227019620BFB94C ] C:\windows\system32\igfxtray.exe
15:43:51.0610 0x0f18  IgfxTray - ok
15:43:51.0657 0x0f18  [ 1DC0FC0038652B85D6AFA4C223116EAF, 713DFC48A55EF9072314B8F27F9A6B10CE30CE6ED196FFF3A6DF7B87C69C8FDA ] C:\windows\system32\igfxpers.exe
15:43:51.0672 0x0f18  Persistence - ok
15:43:51.0937 0x0f18  [ CD62D86C57F4D455961ED760B9661605, AB8A12333264858AB507C6B202B6790749F432831625D9662234FC8573EEF5BF ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
15:43:52.0203 0x0f18  RTHDVCPL - ok
15:43:52.0265 0x0f18  [ CEF76A106D5A43A41C448AA929D920C4, 94D80C6E7A384CAAD05FEEAE1396460875845EF2FBF58482A0D8D084843E0E25 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
15:43:52.0312 0x0f18  RtHDVBg - ok
15:43:52.0374 0x0f18  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
15:43:52.0437 0x0f18  MSC - ok
15:43:52.0499 0x0f18  [ F19BB9A114A0F85E6E8C4395322E7191, FDFAFE5535442031A1102F0AE2B50213BDACA291EF958DE59E9C3CD556BF5DA7 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
15:43:52.0515 0x0f18  USB3MON - ok
15:43:52.0561 0x0f18  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
15:43:52.0561 0x0f18  HP Software Update - ok
15:43:52.0749 0x0f18  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:43:52.0780 0x0f18  Sidebar - ok
15:43:52.0827 0x0f18  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:43:52.0827 0x0f18  mctadmin - ok
15:43:52.0858 0x0f18  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:43:52.0889 0x0f18  Sidebar - ok
15:43:52.0889 0x0f18  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:43:52.0905 0x0f18  mctadmin - ok
15:43:53.0248 0x0f18  [ 8AA4A3119B2DF4FFAAD39A98F4764E47, 412192A2261ED0BD82EE2418DF94A8B3BC41D2D40F5AB8DA0F99FB9F0525910E ] C:\Program Files\CCleaner\CCleaner64.exe
15:43:53.0529 0x0f18  CCleaner Monitoring - ok
15:43:53.0560 0x0f18  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:43:53.0591 0x0f18  Sidebar - ok
15:43:53.0607 0x0f18  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:43:53.0607 0x0f18  mctadmin - ok
15:43:53.0607 0x0f18  Waiting for KSN requests completion. In queue: 45
15:43:54.0621 0x0f18  Waiting for KSN requests completion. In queue: 45
15:43:55.0635 0x0f18  Waiting for KSN requests completion. In queue: 45
15:43:56.0664 0x0f18  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
15:43:56.0680 0x0f18  Win FW state via NFP2: enabled ( trusted )
15:43:59.0410 0x0f18  ============================================================
15:43:59.0410 0x0f18  Scan finished
15:43:59.0410 0x0f18  ============================================================
15:43:59.0425 0x1378  Detected object count: 0
15:43:59.0425 0x1378  Actual detected object count: 0

deeprybka · 05.11.2016, 16:57

Scan bitte nach Anleitung ausführen. Was ist denn daran so schwierig die Anleitung zu lesen?

Wisazo · 05.11.2016, 17:02

Tut mir leid. Hab das gerade neben der arbeit gemacht.

Nochmals aber jetzt richtig:

Code:

ATTFilter

16:59:11.0335 0x1774  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
16:59:13.0460 0x1774  ============================================================
16:59:13.0460 0x1774  Current date / time: 2016/11/05 16:59:13.0460
16:59:13.0460 0x1774  SystemInfo:
16:59:13.0460 0x1774  
16:59:13.0460 0x1774  OS Version: 6.1.7601 ServicePack: 1.0
16:59:13.0460 0x1774  Product type: Workstation
16:59:13.0461 0x1774  ComputerName: THALIAGRILL-PC
16:59:13.0461 0x1774  UserName: Thaliagrill
16:59:13.0461 0x1774  Windows directory: C:\windows
16:59:13.0461 0x1774  System windows directory: C:\windows
16:59:13.0461 0x1774  Running under WOW64
16:59:13.0461 0x1774  Processor architecture: Intel x64
16:59:13.0461 0x1774  Number of processors: 2
16:59:13.0461 0x1774  Page size: 0x1000
16:59:13.0461 0x1774  Boot type: Normal boot
16:59:13.0461 0x1774  CodeIntegrityOptions = 0x00000001
16:59:13.0461 0x1774  ============================================================
16:59:15.0805 0x1774  KLMD registered as C:\windows\system32\drivers\69157252.sys
16:59:15.0805 0x1774  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.19018, osProperties = 0x1
16:59:17.0044 0x1774  System UUID: {A2536FFB-EA97-BAAA-4414-C331ECACEDFC}
16:59:17.0893 0x1774  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:59:18.0705 0x1774  ============================================================
16:59:18.0705 0x1774  \Device\Harddisk0\DR0:
16:59:18.0705 0x1774  MBR partitions:
16:59:18.0705 0x1774  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200800
16:59:18.0705 0x1774  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x201000, BlocksNum 0x38920800
16:59:18.0706 0x1774  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38B21800, BlocksNum 0x1830000
16:59:18.0706 0x1774  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A351800, BlocksNum 0x32000
16:59:18.0706 0x1774  ============================================================
16:59:18.0734 0x1774  C: <-> \Device\Harddisk0\DR0\Partition2
16:59:18.0776 0x1774  D: <-> \Device\Harddisk0\DR0\Partition3
16:59:18.0788 0x1774  E: <-> \Device\Harddisk0\DR0\Partition4
16:59:18.0788 0x1774  ============================================================
16:59:18.0788 0x1774  Initialize success
16:59:18.0788 0x1774  ============================================================
16:59:36.0093 0x0d88  ============================================================
16:59:36.0093 0x0d88  Scan started
16:59:36.0093 0x0d88  Mode: Manual; SigCheck; TDLFS; 
16:59:36.0093 0x0d88  ============================================================
16:59:36.0093 0x0d88  KSN ping started
16:59:38.0840 0x0d88  KSN ping finished: true
16:59:39.0608 0x0d88  ================ Scan system memory ========================
16:59:39.0608 0x0d88  System memory - ok
16:59:39.0609 0x0d88  ================ Scan services =============================
16:59:39.0752 0x0d88  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:59:39.0840 0x0d88  1394ohci - ok
16:59:39.0875 0x0d88  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:59:39.0896 0x0d88  ACPI - ok
16:59:39.0938 0x0d88  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:59:40.0022 0x0d88  AcpiPmi - ok
16:59:40.0099 0x0d88  [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:59:40.0120 0x0d88  AdobeARMservice - ok
16:59:40.0221 0x0d88  [ 16D11D2CA3F2078F553E0C3A70A4F050, 51EEA7EFBE122D3FEB2F8487F5A45166A0C4963314B28840C3C404479B4E1849 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:40.0246 0x0d88  AdobeFlashPlayerUpdateSvc - ok
16:59:40.0279 0x0d88  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:59:40.0305 0x0d88  adp94xx - ok
16:59:40.0336 0x0d88  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:59:40.0356 0x0d88  adpahci - ok
16:59:40.0376 0x0d88  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:59:40.0391 0x0d88  adpu320 - ok
16:59:40.0422 0x0d88  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:59:40.0461 0x0d88  AeLookupSvc - ok
16:59:40.0517 0x0d88  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
16:59:40.0538 0x0d88  AERTFilters - ok
16:59:40.0578 0x0d88  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
16:59:40.0638 0x0d88  AFD - ok
16:59:40.0652 0x0d88  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
16:59:40.0664 0x0d88  agp440 - ok
16:59:40.0686 0x0d88  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
16:59:40.0730 0x0d88  ALG - ok
16:59:40.0741 0x0d88  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
16:59:40.0752 0x0d88  aliide - ok
16:59:40.0767 0x0d88  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
16:59:40.0779 0x0d88  amdide - ok
16:59:40.0798 0x0d88  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:59:40.0824 0x0d88  AmdK8 - ok
16:59:40.0840 0x0d88  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:59:40.0866 0x0d88  AmdPPM - ok
16:59:40.0893 0x0d88  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:59:40.0907 0x0d88  amdsata - ok
16:59:40.0935 0x0d88  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:59:40.0951 0x0d88  amdsbs - ok
16:59:40.0962 0x0d88  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:59:40.0973 0x0d88  amdxata - ok
16:59:40.0995 0x0d88  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\windows\system32\drivers\appid.sys
16:59:41.0029 0x0d88  AppID - ok
16:59:41.0044 0x0d88  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:59:41.0056 0x0d88  AppIDSvc - ok
16:59:41.0073 0x0d88  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\windows\System32\appinfo.dll
16:59:41.0109 0x0d88  Appinfo - ok
16:59:41.0126 0x0d88  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\windows\System32\appmgmts.dll
16:59:41.0162 0x0d88  AppMgmt - ok
16:59:41.0176 0x0d88  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
16:59:41.0189 0x0d88  arc - ok
16:59:41.0216 0x0d88  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:59:41.0229 0x0d88  arcsas - ok
16:59:41.0302 0x0d88  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:59:41.0331 0x0d88  aspnet_state - ok
16:59:41.0398 0x0d88  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:59:41.0506 0x0d88  AsyncMac - ok
16:59:41.0526 0x0d88  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
16:59:41.0537 0x0d88  atapi - ok
16:59:41.0582 0x0d88  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:59:41.0644 0x0d88  AudioEndpointBuilder - ok
16:59:41.0668 0x0d88  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:59:41.0701 0x0d88  AudioSrv - ok
16:59:41.0716 0x0d88  avkmgr - ok
16:59:41.0750 0x0d88  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:59:41.0811 0x0d88  AxInstSV - ok
16:59:41.0849 0x0d88  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:59:41.0893 0x0d88  b06bdrv - ok
16:59:41.0918 0x0d88  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:59:41.0939 0x0d88  b57nd60a - ok
16:59:41.0957 0x0d88  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
16:59:41.0995 0x0d88  BDESVC - ok
16:59:42.0011 0x0d88  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
16:59:42.0056 0x0d88  Beep - ok
16:59:42.0102 0x0d88  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
16:59:42.0153 0x0d88  BFE - ok
16:59:42.0198 0x0d88  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
16:59:42.0283 0x0d88  BITS - ok
16:59:42.0304 0x0d88  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
16:59:42.0318 0x0d88  blbdrive - ok
16:59:42.0365 0x0d88  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:42.0388 0x0d88  Bonjour Service - ok
16:59:42.0413 0x0d88  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:59:42.0442 0x0d88  bowser - ok
16:59:42.0458 0x0d88  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:59:42.0487 0x0d88  BrFiltLo - ok
16:59:42.0499 0x0d88  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:59:42.0539 0x0d88  BrFiltUp - ok
16:59:42.0557 0x0d88  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
16:59:42.0594 0x0d88  Browser - ok
16:59:42.0631 0x0d88  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:59:42.0691 0x0d88  Brserid - ok
16:59:42.0707 0x0d88  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:59:42.0735 0x0d88  BrSerWdm - ok
16:59:42.0748 0x0d88  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:59:42.0766 0x0d88  BrUsbMdm - ok
16:59:42.0783 0x0d88  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:59:42.0804 0x0d88  BrUsbSer - ok
16:59:42.0829 0x0d88  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
16:59:42.0854 0x0d88  BTHMODEM - ok
16:59:42.0863 0x0d88  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
16:59:42.0915 0x0d88  bthserv - ok
16:59:42.0933 0x0d88  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:59:42.0992 0x0d88  cdfs - ok
16:59:43.0030 0x0d88  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\drivers\cdrom.sys
16:59:43.0060 0x0d88  cdrom - ok
16:59:43.0072 0x0d88  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
16:59:43.0119 0x0d88  CertPropSvc - ok
16:59:43.0130 0x0d88  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
16:59:43.0161 0x0d88  circlass - ok
16:59:43.0186 0x0d88  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\windows\system32\CLFS.sys
16:59:43.0209 0x0d88  CLFS - ok
16:59:43.0255 0x0d88  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:43.0267 0x0d88  clr_optimization_v2.0.50727_32 - ok
16:59:43.0299 0x0d88  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:59:43.0311 0x0d88  clr_optimization_v2.0.50727_64 - ok
16:59:43.0363 0x0d88  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:43.0377 0x0d88  clr_optimization_v4.0.30319_32 - ok
16:59:43.0407 0x0d88  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:59:43.0422 0x0d88  clr_optimization_v4.0.30319_64 - ok
16:59:43.0446 0x0d88  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
16:59:43.0460 0x0d88  CmBatt - ok
16:59:43.0475 0x0d88  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:59:43.0488 0x0d88  cmdide - ok
16:59:43.0539 0x0d88  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\windows\system32\Drivers\cng.sys
16:59:43.0571 0x0d88  CNG - ok
16:59:43.0616 0x0d88  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
16:59:43.0627 0x0d88  Compbatt - ok
16:59:43.0638 0x0d88  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:59:43.0671 0x0d88  CompositeBus - ok
16:59:43.0675 0x0d88  COMSysApp - ok
16:59:43.0737 0x0d88  [ 2421AC62C428CA889FD2582E545A61BF, 69E7A54152F4F0A776D3C037359167AEE19EFDAA786DC287BC0142F79277623D ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe
16:59:43.0763 0x0d88  cphs - ok
16:59:43.0781 0x0d88  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:59:43.0793 0x0d88  crcdisk - ok
16:59:43.0821 0x0d88  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:59:43.0858 0x0d88  CryptSvc - ok
16:59:43.0891 0x0d88  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\windows\system32\drivers\csc.sys
16:59:44.0026 0x0d88  CSC - ok
16:59:44.0063 0x0d88  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\windows\System32\cscsvc.dll
16:59:44.0116 0x0d88  CscService - ok
16:59:44.0134 0x0d88  cxqlnmyk - ok
16:59:44.0138 0x0d88  cytcxpkj - ok
16:59:44.0167 0x0d88  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:59:44.0229 0x0d88  DcomLaunch - ok
16:59:44.0249 0x0d88  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
16:59:44.0307 0x0d88  defragsvc - ok
16:59:44.0327 0x0d88  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:59:44.0374 0x0d88  DfsC - ok
16:59:44.0395 0x0d88  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:59:44.0445 0x0d88  Dhcp - ok
16:59:44.0528 0x0d88  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\windows\system32\diagtrack.dll
16:59:44.0594 0x0d88  DiagTrack - ok
16:59:44.0613 0x0d88  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
16:59:44.0670 0x0d88  discache - ok
16:59:44.0691 0x0d88  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
16:59:44.0705 0x0d88  Disk - ok
16:59:44.0721 0x0d88  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\windows\system32\drivers\dmvsc.sys
16:59:44.0758 0x0d88  dmvsc - ok
16:59:44.0774 0x0d88  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:59:44.0818 0x0d88  Dnscache - ok
16:59:44.0829 0x0d88  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
16:59:44.0883 0x0d88  dot3svc - ok
16:59:44.0904 0x0d88  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
16:59:44.0965 0x0d88  DPS - ok
16:59:44.0982 0x0d88  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:59:45.0007 0x0d88  drmkaud - ok
16:59:45.0051 0x0d88  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:59:45.0096 0x0d88  DXGKrnl - ok
16:59:45.0114 0x0d88  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
16:59:45.0172 0x0d88  EapHost - ok
16:59:45.0303 0x0d88  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:59:45.0418 0x0d88  ebdrv - ok
16:59:45.0455 0x0d88  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS             C:\windows\System32\lsass.exe
16:59:45.0502 0x0d88  EFS - ok
16:59:45.0555 0x0d88  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:59:45.0606 0x0d88  ehRecvr - ok
16:59:45.0618 0x0d88  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
16:59:45.0637 0x0d88  ehSched - ok
16:59:45.0672 0x0d88  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:59:45.0702 0x0d88  elxstor - ok
16:59:45.0724 0x0d88  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:59:45.0746 0x0d88  ErrDev - ok
16:59:45.0779 0x0d88  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
16:59:45.0839 0x0d88  EventSystem - ok
16:59:45.0861 0x0d88  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
16:59:45.0921 0x0d88  exfat - ok
16:59:45.0937 0x0d88  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:59:46.0004 0x0d88  fastfat - ok
16:59:46.0046 0x0d88  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
16:59:46.0105 0x0d88  Fax - ok
16:59:46.0134 0x0d88  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
16:59:46.0148 0x0d88  fdc - ok
16:59:46.0164 0x0d88  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
16:59:46.0222 0x0d88  fdPHost - ok
16:59:46.0234 0x0d88  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
16:59:46.0285 0x0d88  FDResPub - ok
16:59:46.0297 0x0d88  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:59:46.0310 0x0d88  FileInfo - ok
16:59:46.0325 0x0d88  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:59:46.0372 0x0d88  Filetrace - ok
16:59:46.0383 0x0d88  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:59:46.0400 0x0d88  flpydisk - ok
16:59:46.0417 0x0d88  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:59:46.0438 0x0d88  FltMgr - ok
16:59:46.0499 0x0d88  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\windows\system32\FntCache.dll
16:59:46.0581 0x0d88  FontCache - ok
16:59:46.0622 0x0d88  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:46.0634 0x0d88  FontCache3.0.0.0 - ok
16:59:46.0650 0x0d88  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:59:46.0662 0x0d88  FsDepends - ok
16:59:46.0683 0x0d88  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
16:59:46.0697 0x0d88  fssfltr - ok
16:59:46.0787 0x0d88  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:59:46.0863 0x0d88  fsssvc - ok
16:59:46.0883 0x0d88  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:59:46.0895 0x0d88  Fs_Rec - ok
16:59:46.0916 0x0d88  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:59:46.0938 0x0d88  fvevol - ok
16:59:46.0967 0x0d88  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:59:46.0980 0x0d88  gagp30kx - ok
16:59:47.0017 0x0d88  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
16:59:47.0092 0x0d88  gpsvc - ok
16:59:47.0106 0x0d88  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:59:47.0142 0x0d88  hcw85cir - ok
16:59:47.0178 0x0d88  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:59:47.0219 0x0d88  HdAudAddService - ok
16:59:47.0237 0x0d88  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:59:47.0263 0x0d88  HDAudBus - ok
16:59:47.0268 0x0d88  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:59:47.0284 0x0d88  HidBatt - ok
16:59:47.0309 0x0d88  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:59:47.0331 0x0d88  HidBth - ok
16:59:47.0344 0x0d88  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
16:59:47.0375 0x0d88  HidIr - ok
16:59:47.0386 0x0d88  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
16:59:47.0442 0x0d88  hidserv - ok
16:59:47.0468 0x0d88  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:59:47.0493 0x0d88  HidUsb - ok
16:59:47.0499 0x0d88  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:59:47.0546 0x0d88  hkmsvc - ok
16:59:47.0568 0x0d88  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:59:47.0618 0x0d88  HomeGroupListener - ok
16:59:47.0650 0x0d88  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:59:47.0681 0x0d88  HomeGroupProvider - ok
16:59:47.0743 0x0d88  [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:59:47.0802 0x0d88  hpqwmiex - ok
16:59:47.0820 0x0d88  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:59:47.0835 0x0d88  HpSAMD - ok
16:59:47.0885 0x0d88  [ 02F1253476B7F5F818364443DFED3264, 645F51A6781E9DEB381694718EDEF38B02F5345ADCE8860EC2D9483F7C1C7CC2 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
16:59:47.0899 0x0d88  HPSupportSolutionsFrameworkService - ok
16:59:47.0940 0x0d88  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:59:48.0000 0x0d88  HTTP - ok
16:59:48.0006 0x0d88  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:59:48.0018 0x0d88  hwpolicy - ok
16:59:48.0036 0x0d88  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:59:48.0064 0x0d88  i8042prt - ok
16:59:48.0099 0x0d88  [ 9863EC0FB887C0AD0C3A20AC3BF91629, B695048C370CB91BB0CFF2E29641636225B23347B08F7E451FB91CF8B1A0120A ] iaStorA         C:\windows\system32\drivers\iaStorA.sys
16:59:48.0148 0x0d88  iaStorA - ok
16:59:48.0163 0x0d88  [ AB28B4CE85BE2261276ECD3482A0AED9, 0052D158B93F9A5DADD9EFC06FAED27650F104CF79A5BCEDF97AA47D18290756 ] iaStorF         C:\windows\system32\drivers\iaStorF.sys
16:59:48.0174 0x0d88  iaStorF - ok
16:59:48.0207 0x0d88  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:59:48.0232 0x0d88  iaStorV - ok
16:59:48.0251 0x0d88  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
16:59:48.0267 0x0d88  ICCS - ok
16:59:48.0327 0x0d88  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:48.0369 0x0d88  idsvc - ok
16:59:48.0378 0x0d88  IEEtwCollectorService - ok
16:59:48.0536 0x0d88  [ 78C66B3AFEEE9DB358FC365105FAA69A, 8601D75B39FE417B2DB7C11875640F2BE8909381243EF4BBFD49B43B5891DC0E ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
16:59:48.0785 0x0d88  igfx - ok
16:59:48.0806 0x0d88  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:59:48.0818 0x0d88  iirsp - ok
16:59:48.0858 0x0d88  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
16:59:48.0901 0x0d88  IKEEXT - ok
16:59:49.0067 0x0d88  [ 52099471D9F0361D1EAE51F1112C63B1, 496FC5190C2056B3F0DDC32748D6E698E6E3842D9978C60E5507DE246330156B ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
16:59:49.0236 0x0d88  IntcAzAudAddService - ok
16:59:49.0280 0x0d88  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:59:49.0304 0x0d88  IntcDAud - ok
16:59:49.0396 0x0d88  [ 9A6DEB5DDF7E29728F6FEA5092AFA3F2, 21C47A0490EBA302657EF30C560E4AF83777685FFE126DCCAC310163C47401D1 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:59:50.0531 0x0d88  Intel(R) Capability Licensing Service TCP IP Interface - ok
16:59:50.0542 0x0d88  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
16:59:50.0554 0x0d88  intelide - ok
16:59:50.0576 0x0d88  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\drivers\intelppm.sys
16:59:50.0598 0x0d88  intelppm - ok
16:59:50.0611 0x0d88  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:59:50.0666 0x0d88  IPBusEnum - ok
16:59:50.0678 0x0d88  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:59:50.0724 0x0d88  IpFilterDriver - ok
16:59:50.0757 0x0d88  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:59:50.0830 0x0d88  iphlpsvc - ok
16:59:50.0853 0x0d88  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:59:50.0868 0x0d88  IPMIDRV - ok
16:59:50.0893 0x0d88  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:59:50.0943 0x0d88  IPNAT - ok
16:59:50.0956 0x0d88  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:59:50.0988 0x0d88  IRENUM - ok
16:59:51.0012 0x0d88  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:59:51.0024 0x0d88  isapnp - ok
16:59:51.0048 0x0d88  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:59:51.0068 0x0d88  iScsiPrt - ok
16:59:51.0090 0x0d88  [ 61662AFF4AF0413F461F2780167703AE, 55CCBA4F09581871B3EB81A40A3FB59013AD988CEED109E18C58609AD469117A ] iusb3hcs        C:\windows\system32\drivers\iusb3hcs.sys
16:59:51.0102 0x0d88  iusb3hcs - ok
16:59:51.0132 0x0d88  [ 923030D5F4B1C801AE5219551F7B490B, C00D9CCE8D04FEFA9391725F79BBD77F03ED3E3DB53E02E80ABC008B2F179043 ] iusb3hub        C:\windows\system32\drivers\iusb3hub.sys
16:59:51.0156 0x0d88  iusb3hub - ok
16:59:51.0200 0x0d88  [ 234E2245AF65CFC021874F64C40E206B, 4254180327F7B58AAE1A158DADE53A06C02139F6CDD2A657E5E9B2868B96F806 ] iusb3xhc        C:\windows\system32\drivers\iusb3xhc.sys
16:59:51.0238 0x0d88  iusb3xhc - ok
16:59:51.0270 0x0d88  [ 2749D828991C160D1D8E7A06A0A95D93, 6F590E3A8F295D367A23938E062AEB0D904CDD8B8262B1EBB1208369587EA186 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:59:51.0288 0x0d88  jhi_service - ok
16:59:51.0312 0x0d88  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:59:51.0325 0x0d88  kbdclass - ok
16:59:51.0350 0x0d88  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:59:51.0364 0x0d88  kbdhid - ok
16:59:51.0377 0x0d88  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso          C:\windows\system32\lsass.exe
16:59:51.0391 0x0d88  KeyIso - ok
16:59:51.0409 0x0d88  [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:59:51.0424 0x0d88  KSecDD - ok
16:59:51.0440 0x0d88  [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:59:51.0457 0x0d88  KSecPkg - ok
16:59:51.0472 0x0d88  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:59:51.0525 0x0d88  ksthunk - ok
16:59:51.0557 0x0d88  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
16:59:51.0615 0x0d88  KtmRm - ok
16:59:51.0637 0x0d88  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
16:59:51.0698 0x0d88  LanmanServer - ok
16:59:51.0728 0x0d88  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:59:51.0776 0x0d88  LanmanWorkstation - ok
16:59:51.0794 0x0d88  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:59:51.0851 0x0d88  lltdio - ok
16:59:51.0872 0x0d88  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:59:51.0939 0x0d88  lltdsvc - ok
16:59:51.0945 0x0d88  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:59:51.0996 0x0d88  lmhosts - ok
16:59:52.0039 0x0d88  [ 9C30978597D52AD8EA319BABE6112AAE, 50A63FB33797D79D688CA86600693FA4BD668588FAE0F67D9725ACDD20445D2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:59:52.0062 0x0d88  LMS - ok
16:59:52.0084 0x0d88  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:59:52.0098 0x0d88  LSI_FC - ok
16:59:52.0116 0x0d88  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:59:52.0131 0x0d88  LSI_SAS - ok
16:59:52.0144 0x0d88  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:59:52.0158 0x0d88  LSI_SAS2 - ok
16:59:52.0174 0x0d88  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:59:52.0189 0x0d88  LSI_SCSI - ok
16:59:52.0207 0x0d88  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
16:59:52.0257 0x0d88  luafv - ok
16:59:52.0270 0x0d88  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:59:52.0286 0x0d88  Mcx2Svc - ok
16:59:52.0295 0x0d88  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
16:59:52.0307 0x0d88  megasas - ok
16:59:52.0328 0x0d88  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:59:52.0349 0x0d88  MegaSR - ok
16:59:52.0368 0x0d88  [ F90198317AFD70357583CCD6474A7CB3, 0F9E426FE6A92C914DC5BBA80840ECBBB78826510C3066362A012F3314D0CFDB ] MEIx64          C:\windows\system32\drivers\TeeDriverx64.sys
16:59:52.0384 0x0d88  MEIx64 - ok
16:59:52.0412 0x0d88  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
16:59:52.0474 0x0d88  MMCSS - ok
16:59:52.0487 0x0d88  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
16:59:52.0538 0x0d88  Modem - ok
16:59:52.0556 0x0d88  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:59:52.0583 0x0d88  monitor - ok
16:59:52.0588 0x0d88  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:59:52.0603 0x0d88  mouclass - ok
16:59:52.0613 0x0d88  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:59:52.0626 0x0d88  mouhid - ok
16:59:52.0646 0x0d88  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:59:52.0660 0x0d88  mountmgr - ok
16:59:52.0702 0x0d88  [ 572BD5A99648652147A5D3C6DA946C99, FFDAD4A5682864977C926A5DDDB632CDB2A166BF025757801CC56F2828720023 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:59:52.0719 0x0d88  MozillaMaintenance - ok
16:59:52.0750 0x0d88  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
16:59:52.0772 0x0d88  MpFilter - ok
16:59:52.0789 0x0d88  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
16:59:52.0806 0x0d88  mpio - ok
16:59:52.0823 0x0d88  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:59:52.0871 0x0d88  mpsdrv - ok
16:59:52.0913 0x0d88  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:59:52.0986 0x0d88  MpsSvc - ok
16:59:53.0011 0x0d88  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:59:53.0059 0x0d88  MRxDAV - ok
16:59:53.0086 0x0d88  [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:59:53.0107 0x0d88  mrxsmb - ok
16:59:53.0128 0x0d88  [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:59:53.0163 0x0d88  mrxsmb10 - ok
16:59:53.0185 0x0d88  [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:59:53.0213 0x0d88  mrxsmb20 - ok
16:59:53.0236 0x0d88  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
16:59:53.0248 0x0d88  msahci - ok
16:59:53.0269 0x0d88  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:59:53.0286 0x0d88  msdsm - ok
16:59:53.0302 0x0d88  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
16:59:53.0321 0x0d88  MSDTC - ok
16:59:53.0341 0x0d88  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:59:53.0387 0x0d88  Msfs - ok
16:59:53.0398 0x0d88  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:59:53.0452 0x0d88  mshidkmdf - ok
16:59:53.0474 0x0d88  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:59:53.0487 0x0d88  msisadrv - ok
16:59:53.0506 0x0d88  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:59:53.0562 0x0d88  MSiSCSI - ok
16:59:53.0566 0x0d88  msiserver - ok
16:59:53.0581 0x0d88  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:59:53.0632 0x0d88  MSKSSRV - ok
16:59:53.0668 0x0d88  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:59:53.0680 0x0d88  MsMpSvc - ok
16:59:53.0691 0x0d88  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:59:53.0736 0x0d88  MSPCLOCK - ok
16:59:53.0748 0x0d88  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:59:53.0801 0x0d88  MSPQM - ok
16:59:53.0826 0x0d88  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:59:53.0849 0x0d88  MsRPC - ok
16:59:53.0857 0x0d88  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:59:53.0868 0x0d88  mssmbios - ok
16:59:53.0938 0x0d88  [ D89F2110A3C59F492CE80648BC645E79, 1EDB265554A19ADC5345BBD703C45C715E0C28D187490367221C11F117377B13 ] MSSQLSERVER     C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
16:59:53.0965 0x0d88  MSSQLSERVER - ok
16:59:53.0978 0x0d88  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:59:54.0025 0x0d88  MSTEE - ok
16:59:54.0038 0x0d88  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:59:54.0051 0x0d88  MTConfig - ok
16:59:54.0065 0x0d88  mukwikta - ok
16:59:54.0078 0x0d88  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
16:59:54.0091 0x0d88  Mup - ok
16:59:54.0125 0x0d88  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
16:59:54.0197 0x0d88  napagent - ok
16:59:54.0232 0x0d88  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:59:54.0262 0x0d88  NativeWifiP - ok
16:59:54.0309 0x0d88  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
16:59:54.0352 0x0d88  NDIS - ok
16:59:54.0365 0x0d88  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:59:54.0410 0x0d88  NdisCap - ok
16:59:54.0431 0x0d88  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:59:54.0476 0x0d88  NdisTapi - ok
16:59:54.0495 0x0d88  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:59:54.0544 0x0d88  Ndisuio - ok
16:59:54.0564 0x0d88  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:59:54.0615 0x0d88  NdisWan - ok
16:59:54.0629 0x0d88  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:59:54.0676 0x0d88  NDProxy - ok
16:59:54.0691 0x0d88  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:59:54.0738 0x0d88  NetBIOS - ok
16:59:54.0757 0x0d88  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:59:54.0823 0x0d88  NetBT - ok
16:59:54.0834 0x0d88  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon        C:\windows\system32\lsass.exe
16:59:54.0847 0x0d88  Netlogon - ok
16:59:54.0879 0x0d88  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
16:59:54.0937 0x0d88  Netman - ok
16:59:54.0989 0x0d88  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:55.0006 0x0d88  NetMsmqActivator - ok
16:59:55.0013 0x0d88  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:55.0028 0x0d88  NetPipeActivator - ok
16:59:55.0057 0x0d88  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
16:59:55.0120 0x0d88  netprofm - ok
16:59:55.0129 0x0d88  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:55.0144 0x0d88  NetTcpActivator - ok
16:59:55.0151 0x0d88  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:55.0166 0x0d88  NetTcpPortSharing - ok
16:59:55.0181 0x0d88  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:59:55.0194 0x0d88  nfrd960 - ok
16:59:55.0217 0x0d88  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:59:55.0233 0x0d88  NisDrv - ok
16:59:55.0262 0x0d88  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
16:59:55.0287 0x0d88  NisSrv - ok
16:59:55.0313 0x0d88  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\windows\System32\nlasvc.dll
16:59:55.0374 0x0d88  NlaSvc - ok
16:59:55.0416 0x0d88  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf             C:\windows\system32\drivers\npf.sys
16:59:55.0427 0x0d88  npf - ok
16:59:55.0442 0x0d88  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:59:55.0492 0x0d88  Npfs - ok
16:59:55.0508 0x0d88  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
16:59:55.0554 0x0d88  nsi - ok
16:59:55.0566 0x0d88  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:59:55.0610 0x0d88  nsiproxy - ok
16:59:55.0678 0x0d88  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:59:55.0760 0x0d88  Ntfs - ok
16:59:55.0775 0x0d88  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
16:59:55.0822 0x0d88  Null - ok
16:59:55.0839 0x0d88  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:59:55.0855 0x0d88  nvraid - ok
16:59:55.0870 0x0d88  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:59:55.0887 0x0d88  nvstor - ok
16:59:55.0907 0x0d88  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:59:55.0922 0x0d88  nv_agp - ok
16:59:55.0937 0x0d88  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:59:55.0968 0x0d88  ohci1394 - ok
16:59:56.0036 0x0d88  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:56.0053 0x0d88  ose64 - ok
16:59:56.0273 0x0d88  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:56.0441 0x0d88  osppsvc - ok
16:59:56.0484 0x0d88  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:59:56.0537 0x0d88  p2pimsvc - ok
16:59:56.0562 0x0d88  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
16:59:56.0603 0x0d88  p2psvc - ok
16:59:56.0609 0x0d88  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
16:59:56.0626 0x0d88  Parport - ok
16:59:56.0644 0x0d88  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:59:56.0658 0x0d88  partmgr - ok
16:59:56.0680 0x0d88  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:59:56.0717 0x0d88  PcaSvc - ok
16:59:56.0735 0x0d88  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
16:59:56.0753 0x0d88  pci - ok
16:59:56.0767 0x0d88  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
16:59:56.0778 0x0d88  pciide - ok
16:59:56.0796 0x0d88  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:59:56.0816 0x0d88  pcmcia - ok
16:59:56.0840 0x0d88  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
16:59:56.0854 0x0d88  pcw - ok
16:59:56.0884 0x0d88  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:59:56.0928 0x0d88  PEAUTH - ok
16:59:56.0981 0x0d88  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
16:59:57.0092 0x0d88  PeerDistSvc - ok
16:59:57.0157 0x0d88  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:59:57.0173 0x0d88  PerfHost - ok
16:59:57.0248 0x0d88  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
16:59:57.0371 0x0d88  pla - ok
16:59:57.0423 0x0d88  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:59:57.0461 0x0d88  PlugPlay - ok
16:59:57.0472 0x0d88  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:59:57.0500 0x0d88  PNRPAutoReg - ok
16:59:57.0512 0x0d88  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:59:57.0538 0x0d88  PNRPsvc - ok
16:59:57.0575 0x0d88  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:59:57.0646 0x0d88  PolicyAgent - ok
16:59:57.0671 0x0d88  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
16:59:57.0723 0x0d88  Power - ok
16:59:57.0750 0x0d88  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:59:57.0804 0x0d88  PptpMiniport - ok
16:59:57.0822 0x0d88  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
16:59:57.0836 0x0d88  Processor - ok
16:59:57.0866 0x0d88  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\windows\system32\profsvc.dll
16:59:57.0899 0x0d88  ProfSvc - ok
16:59:57.0908 0x0d88  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\windows\system32\lsass.exe
16:59:57.0921 0x0d88  ProtectedStorage - ok
16:59:57.0943 0x0d88  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:59:57.0991 0x0d88  Psched - ok
16:59:58.0051 0x0d88  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:59:58.0131 0x0d88  ql2300 - ok
16:59:58.0160 0x0d88  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:59:58.0176 0x0d88  ql40xx - ok
16:59:58.0192 0x0d88  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
16:59:58.0221 0x0d88  QWAVE - ok
16:59:58.0229 0x0d88  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:59:58.0257 0x0d88  QWAVEdrv - ok
16:59:58.0268 0x0d88  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:59:58.0317 0x0d88  RasAcd - ok
16:59:58.0343 0x0d88  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:59:58.0390 0x0d88  RasAgileVpn - ok
16:59:58.0401 0x0d88  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
16:59:58.0450 0x0d88  RasAuto - ok
16:59:58.0462 0x0d88  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:59:58.0510 0x0d88  Rasl2tp - ok
16:59:58.0540 0x0d88  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
16:59:58.0597 0x0d88  RasMan - ok
16:59:58.0609 0x0d88  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:59:58.0658 0x0d88  RasPppoe - ok
16:59:58.0687 0x0d88  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:59:58.0735 0x0d88  RasSstp - ok
16:59:58.0761 0x0d88  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:59:58.0815 0x0d88  rdbss - ok
16:59:58.0828 0x0d88  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:59:58.0850 0x0d88  rdpbus - ok
16:59:58.0860 0x0d88  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:59:58.0913 0x0d88  RDPCDD - ok
16:59:58.0928 0x0d88  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
16:59:58.0965 0x0d88  RDPDR - ok
16:59:58.0977 0x0d88  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:59:59.0023 0x0d88  RDPENCDD - ok
16:59:59.0028 0x0d88  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:59:59.0082 0x0d88  RDPREFMP - ok
16:59:59.0113 0x0d88  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:59:59.0154 0x0d88  RDPWD - ok
16:59:59.0168 0x0d88  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:59:59.0185 0x0d88  rdyboost - ok
16:59:59.0208 0x0d88  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:59:59.0257 0x0d88  RemoteAccess - ok
16:59:59.0270 0x0d88  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:59:59.0331 0x0d88  RemoteRegistry - ok
16:59:59.0349 0x0d88  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:59:59.0408 0x0d88  RpcEptMapper - ok
16:59:59.0421 0x0d88  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
16:59:59.0437 0x0d88  RpcLocator - ok
16:59:59.0469 0x0d88  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
16:59:59.0528 0x0d88  RpcSs - ok
16:59:59.0546 0x0d88  rrufnwla - ok
16:59:59.0586 0x0d88  [ E2319BDFF45DC9600E3751BE690F044D, 93F7A1EB1DB5F5CD41846F8D1DD5F08569DDE55AB125A01131B4ED20C322B956 ] RsFx0310        C:\windows\system32\DRIVERS\RsFx0310.sys
16:59:59.0606 0x0d88  RsFx0310 - ok
16:59:59.0612 0x0d88  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:59:59.0669 0x0d88  rspndr - ok
16:59:59.0704 0x0d88  [ E4F4CFC5D51FC559EE4ED77CBD4C1127, 182FC9F08B32BDB0780F3690442211EE98CAAEAF2260561A5BEA33683ADF2550 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:59:59.0723 0x0d88  RtkAudioService - ok
16:59:59.0770 0x0d88  [ 7B486E26DCA97766F3617A395690E76A, DB27C4463BC10BCB6F16E731C897D1BC7A84C33305ABCE7E3F60279EFF28BB7B ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
16:59:59.0814 0x0d88  RTL8167 - ok
16:59:59.0829 0x0d88  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\windows\system32\drivers\vms3cap.sys
16:59:59.0842 0x0d88  s3cap - ok
16:59:59.0851 0x0d88  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs           C:\windows\system32\lsass.exe
16:59:59.0864 0x0d88  SamSs - ok
16:59:59.0877 0x0d88  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:59:59.0891 0x0d88  sbp2port - ok
16:59:59.0908 0x0d88  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:59:59.0960 0x0d88  SCardSvr - ok
16:59:59.0965 0x0d88  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
17:00:00.0016 0x0d88  scfilter - ok
17:00:00.0071 0x0d88  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\windows\system32\schedsvc.dll
17:00:00.0179 0x0d88  Schedule - ok
17:00:00.0209 0x0d88  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
17:00:00.0259 0x0d88  SCPolicySvc - ok
17:00:00.0279 0x0d88  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
17:00:00.0321 0x0d88  SDRSVC - ok
17:00:00.0336 0x0d88  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
17:00:00.0370 0x0d88  secdrv - ok
17:00:00.0383 0x0d88  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
17:00:00.0432 0x0d88  seclogon - ok
17:00:00.0451 0x0d88  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
17:00:00.0511 0x0d88  SENS - ok
17:00:00.0516 0x0d88  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
17:00:00.0548 0x0d88  SensrSvc - ok
17:00:00.0577 0x0d88  [ 9F6490423AC3271E84A90A0DD9D30A3B, 7F8559B06A2E8FC35F71A099F320A87BB90FC9783133C19F49046F06ECBC9605 ] Ser2pl          C:\windows\system32\drivers\ser2pl64.sys
17:00:00.0603 0x0d88  Ser2pl - ok
17:00:00.0626 0x0d88  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
17:00:00.0650 0x0d88  Serenum - ok
17:00:00.0665 0x0d88  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
17:00:00.0681 0x0d88  Serial - ok
17:00:00.0686 0x0d88  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
17:00:00.0699 0x0d88  sermouse - ok
17:00:00.0720 0x0d88  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
17:00:00.0769 0x0d88  SessionEnv - ok
17:00:00.0783 0x0d88  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
17:00:00.0801 0x0d88  sffdisk - ok
17:00:00.0807 0x0d88  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
17:00:00.0824 0x0d88  sffp_mmc - ok
17:00:00.0838 0x0d88  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
17:00:00.0859 0x0d88  sffp_sd - ok
17:00:00.0873 0x0d88  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
17:00:00.0887 0x0d88  sfloppy - ok
17:00:00.0920 0x0d88  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
17:00:00.0978 0x0d88  SharedAccess - ok
17:00:01.0002 0x0d88  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:00:01.0060 0x0d88  ShellHWDetection - ok
17:00:01.0089 0x0d88  shrrnwab - ok
17:00:01.0100 0x0d88  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
17:00:01.0112 0x0d88  SiSRaid2 - ok
17:00:01.0135 0x0d88  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
17:00:01.0149 0x0d88  SiSRaid4 - ok
17:00:01.0176 0x0d88  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
17:00:01.0225 0x0d88  Smb - ok
17:00:01.0243 0x0d88  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
17:00:01.0266 0x0d88  SNMPTRAP - ok
17:00:01.0278 0x0d88  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
17:00:01.0290 0x0d88  spldr - ok
17:00:01.0321 0x0d88  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
17:00:01.0366 0x0d88  Spooler - ok
17:00:01.0486 0x0d88  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
17:00:01.0639 0x0d88  sppsvc - ok
17:00:01.0661 0x0d88  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
17:00:01.0716 0x0d88  sppuinotify - ok
17:00:01.0804 0x0d88  [ 774C1D27B9ED5A420E11C2343B0FFF7B, 6C291CF9C9205D6F9BA43156E1EBB370CA11DD1656694F1B434E2E7F8AFBC6A4 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:00:01.0839 0x0d88  SQLBrowser - ok
17:00:01.0874 0x0d88  [ D1A4A546ED802E6854B1F1F5DFB58D27, CFA21C67B806176FAC5C9E70B8DB2E1D3E3BC75B0B548D06238CBEFBFEC65A90 ] SQLSERVERAGENT  C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
17:00:01.0908 0x0d88  SQLSERVERAGENT - ok
17:00:01.0951 0x0d88  [ C386F811A5E2F87DCF3EA4A527A20AA6, D68DF4E237AC6CBE193DE3A5C48F473F332A1D3CFC7BC21AFDE3EF922DA08279 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:00:01.0967 0x0d88  SQLWriter - ok
17:00:01.0998 0x0d88  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
17:00:02.0042 0x0d88  srv - ok
17:00:02.0073 0x0d88  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
17:00:02.0113 0x0d88  srv2 - ok
17:00:02.0134 0x0d88  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
17:00:02.0153 0x0d88  srvnet - ok
17:00:02.0182 0x0d88  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
17:00:02.0242 0x0d88  SSDPSRV - ok
17:00:02.0262 0x0d88  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
17:00:02.0312 0x0d88  SstpSvc - ok
17:00:02.0331 0x0d88  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
17:00:02.0343 0x0d88  stexstor - ok
17:00:02.0382 0x0d88  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
17:00:02.0433 0x0d88  stisvc - ok
17:00:02.0452 0x0d88  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\windows\system32\drivers\vmstorfl.sys
17:00:02.0464 0x0d88  storflt - ok
17:00:02.0469 0x0d88  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\windows\system32\storsvc.dll
17:00:02.0510 0x0d88  StorSvc - ok
17:00:02.0530 0x0d88  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\windows\system32\drivers\storvsc.sys
17:00:02.0542 0x0d88  storvsc - ok
17:00:02.0566 0x0d88  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
17:00:02.0578 0x0d88  swenum - ok
17:00:02.0605 0x0d88  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
17:00:02.0671 0x0d88  swprv - ok
17:00:02.0745 0x0d88  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\windows\system32\sysmain.dll
17:00:02.0850 0x0d88  SysMain - ok
17:00:02.0868 0x0d88  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
17:00:02.0902 0x0d88  TabletInputService - ok
17:00:02.0937 0x0d88  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
17:00:02.0996 0x0d88  TapiSrv - ok
17:00:03.0006 0x0d88  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
17:00:03.0056 0x0d88  TBS - ok
17:00:03.0125 0x0d88  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
17:00:03.0219 0x0d88  Tcpip - ok
17:00:03.0292 0x0d88  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
17:00:03.0360 0x0d88  TCPIP6 - ok
17:00:03.0376 0x0d88  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
17:00:03.0389 0x0d88  tcpipreg - ok
17:00:03.0407 0x0d88  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
17:00:03.0462 0x0d88  TDPIPE - ok
17:00:03.0486 0x0d88  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
17:00:03.0500 0x0d88  TDTCP - ok
17:00:03.0521 0x0d88  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\windows\system32\DRIVERS\tdx.sys
17:00:03.0556 0x0d88  tdx - ok
17:00:03.0866 0x0d88  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
17:00:04.0201 0x0d88  TeamViewer - ok
17:00:04.0223 0x0d88  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
17:00:04.0236 0x0d88  TermDD - ok
17:00:04.0275 0x0d88  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\windows\System32\termsrv.dll
17:00:04.0323 0x0d88  TermService - ok
17:00:04.0338 0x0d88  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
17:00:04.0370 0x0d88  Themes - ok
17:00:04.0392 0x0d88  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
17:00:04.0439 0x0d88  THREADORDER - ok
17:00:04.0459 0x0d88  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\windows\system32\drivers\tpm.sys
17:00:04.0474 0x0d88  TPM - ok
17:00:04.0491 0x0d88  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
17:00:04.0541 0x0d88  TrkWks - ok
17:00:04.0578 0x0d88  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:00:04.0640 0x0d88  TrustedInstaller - ok
17:00:04.0646 0x0d88  tsfauxnp - ok
17:00:04.0670 0x0d88  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
17:00:04.0691 0x0d88  tssecsrv - ok
17:00:04.0709 0x0d88  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
17:00:04.0740 0x0d88  TsUsbFlt - ok
17:00:04.0755 0x0d88  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
17:00:04.0769 0x0d88  TsUsbGD - ok
17:00:04.0784 0x0d88  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
17:00:04.0834 0x0d88  tunnel - ok
17:00:04.0854 0x0d88  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
17:00:04.0866 0x0d88  uagp35 - ok
17:00:04.0887 0x0d88  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
17:00:04.0941 0x0d88  udfs - ok
17:00:04.0985 0x0d88  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
17:00:05.0009 0x0d88  UI0Detect - ok
17:00:05.0031 0x0d88  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
17:00:05.0043 0x0d88  uliagpkx - ok
17:00:05.0068 0x0d88  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
17:00:05.0095 0x0d88  umbus - ok
17:00:05.0106 0x0d88  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
17:00:05.0121 0x0d88  UmPass - ok
17:00:05.0139 0x0d88  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\windows\System32\umrdp.dll
17:00:05.0168 0x0d88  UmRdpService - ok
17:00:05.0192 0x0d88  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
17:00:05.0251 0x0d88  upnphost - ok
17:00:05.0265 0x0d88  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
17:00:05.0286 0x0d88  usbccgp - ok
17:00:05.0309 0x0d88  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
17:00:05.0348 0x0d88  usbcir - ok
17:00:05.0361 0x0d88  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
17:00:05.0383 0x0d88  usbehci - ok
17:00:05.0404 0x0d88  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\drivers\usbhub.sys
17:00:05.0439 0x0d88  usbhub - ok
17:00:05.0450 0x0d88  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
17:00:05.0470 0x0d88  usbohci - ok
17:00:05.0493 0x0d88  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
17:00:05.0511 0x0d88  usbprint - ok
17:00:05.0528 0x0d88  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
17:00:05.0567 0x0d88  usbscan - ok
17:00:05.0588 0x0d88  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
17:00:05.0618 0x0d88  USBSTOR - ok
17:00:05.0629 0x0d88  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
17:00:05.0642 0x0d88  usbuhci - ok
17:00:05.0648 0x0d88  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
17:00:05.0696 0x0d88  UxSms - ok
17:00:05.0702 0x0d88  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc        C:\windows\system32\lsass.exe
17:00:05.0714 0x0d88  VaultSvc - ok
17:00:05.0730 0x0d88  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
17:00:05.0742 0x0d88  vdrvroot - ok
17:00:05.0771 0x0d88  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
17:00:05.0837 0x0d88  vds - ok
17:00:05.0848 0x0d88  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
17:00:05.0884 0x0d88  vga - ok
17:00:05.0897 0x0d88  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
17:00:05.0942 0x0d88  VgaSave - ok
17:00:05.0961 0x0d88  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
17:00:05.0980 0x0d88  vhdmp - ok
17:00:05.0991 0x0d88  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
17:00:06.0002 0x0d88  viaide - ok
17:00:06.0019 0x0d88  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\windows\system32\drivers\vmbus.sys
17:00:06.0037 0x0d88  vmbus - ok
17:00:06.0047 0x0d88  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
17:00:06.0059 0x0d88  VMBusHID - ok
17:00:06.0066 0x0d88  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
17:00:06.0079 0x0d88  volmgr - ok
17:00:06.0099 0x0d88  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
17:00:06.0123 0x0d88  volmgrx - ok
17:00:06.0146 0x0d88  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
17:00:06.0167 0x0d88  volsnap - ok
17:00:06.0185 0x0d88  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
17:00:06.0201 0x0d88  vsmraid - ok
17:00:06.0262 0x0d88  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
17:00:06.0389 0x0d88  VSS - ok
17:00:06.0405 0x0d88  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
17:00:06.0445 0x0d88  vwifibus - ok
17:00:06.0474 0x0d88  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
17:00:06.0535 0x0d88  W32Time - ok
17:00:06.0556 0x0d88  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
17:00:06.0571 0x0d88  WacomPen - ok
17:00:06.0588 0x0d88  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
17:00:06.0637 0x0d88  WANARP - ok
17:00:06.0642 0x0d88  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
17:00:06.0688 0x0d88  Wanarpv6 - ok
17:00:06.0789 0x0d88  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
17:00:06.0854 0x0d88  WatAdminSvc - ok
17:00:06.0916 0x0d88  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
17:00:07.0013 0x0d88  wbengine - ok
17:00:07.0036 0x0d88  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
17:00:07.0070 0x0d88  WbioSrvc - ok
17:00:07.0093 0x0d88  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
17:00:07.0127 0x0d88  wcncsvc - ok
17:00:07.0145 0x0d88  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:00:07.0185 0x0d88  WcsPlugInService - ok
17:00:07.0194 0x0d88  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
17:00:07.0207 0x0d88  Wd - ok
17:00:07.0248 0x0d88  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
17:00:07.0288 0x0d88  Wdf01000 - ok
17:00:07.0310 0x0d88  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\windows\system32\wdi.dll
17:00:07.0353 0x0d88  WdiServiceHost - ok
17:00:07.0358 0x0d88  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\windows\system32\wdi.dll
17:00:07.0374 0x0d88  WdiSystemHost - ok
17:00:07.0401 0x0d88  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\windows\System32\webclnt.dll
17:00:07.0453 0x0d88  WebClient - ok
17:00:07.0472 0x0d88  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
17:00:07.0533 0x0d88  Wecsvc - ok
17:00:07.0551 0x0d88  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
17:00:07.0601 0x0d88  wercplsupport - ok
17:00:07.0633 0x0d88  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
17:00:07.0686 0x0d88  WerSvc - ok
17:00:07.0700 0x0d88  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
17:00:07.0745 0x0d88  WfpLwf - ok
17:00:07.0755 0x0d88  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
17:00:07.0766 0x0d88  WIMMount - ok
17:00:07.0783 0x0d88  WinDefend - ok
17:00:07.0791 0x0d88  WinHttpAutoProxySvc - ok
17:00:07.0827 0x0d88  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
17:00:07.0893 0x0d88  Winmgmt - ok
17:00:07.0971 0x0d88  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\windows\system32\WsmSvc.dll
17:00:08.0097 0x0d88  WinRM - ok
17:00:08.0134 0x0d88  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
17:00:08.0163 0x0d88  WinUsb - ok
17:00:08.0205 0x0d88  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
17:00:08.0256 0x0d88  Wlansvc - ok
17:00:08.0406 0x0d88  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:00:08.0504 0x0d88  wlidsvc - ok
17:00:08.0538 0x0d88  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
17:00:08.0552 0x0d88  WmiAcpi - ok
17:00:08.0568 0x0d88  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
17:00:08.0586 0x0d88  wmiApSrv - ok
17:00:08.0599 0x0d88  WMPNetworkSvc - ok
17:00:08.0605 0x0d88  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
17:00:08.0634 0x0d88  WPCSvc - ok
17:00:08.0642 0x0d88  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
17:00:08.0698 0x0d88  WPDBusEnum - ok
17:00:08.0718 0x0d88  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
17:00:08.0779 0x0d88  ws2ifsl - ok
17:00:08.0799 0x0d88  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
17:00:08.0837 0x0d88  wscsvc - ok
17:00:08.0842 0x0d88  WSearch - ok
17:00:08.0942 0x0d88  [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv        C:\windows\system32\wuaueng.dll
17:00:09.0082 0x0d88  wuauserv - ok
17:00:09.0110 0x0d88  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
17:00:09.0136 0x0d88  WudfPf - ok
17:00:09.0159 0x0d88  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
17:00:09.0178 0x0d88  WUDFRd - ok
17:00:09.0197 0x0d88  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
17:00:09.0214 0x0d88  wudfsvc - ok
17:00:09.0232 0x0d88  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
17:00:09.0282 0x0d88  WwanSvc - ok
17:00:09.0286 0x0d88  ================ Scan global ===============================
17:00:09.0308 0x0d88  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\windows\system32\basesrv.dll
17:00:09.0338 0x0d88  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\windows\system32\winsrv.dll
17:00:09.0355 0x0d88  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\windows\system32\winsrv.dll
17:00:09.0380 0x0d88  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
17:00:09.0421 0x0d88  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
17:00:09.0430 0x0d88  [ Global ] - ok
17:00:09.0431 0x0d88  ================ Scan MBR ==================================
17:00:09.0441 0x0d88  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:00:09.0756 0x0d88  \Device\Harddisk0\DR0 - ok
17:00:09.0757 0x0d88  ================ Scan VBR ==================================
17:00:09.0760 0x0d88  [ F5658285010242DEE9336024C6E1F6C2 ] \Device\Harddisk0\DR0\Partition1
17:00:09.0763 0x0d88  \Device\Harddisk0\DR0\Partition1 - ok
17:00:09.0766 0x0d88  [ 7DEF5283397E2E28B09C46628FA6B15D ] \Device\Harddisk0\DR0\Partition2
17:00:09.0768 0x0d88  \Device\Harddisk0\DR0\Partition2 - ok
17:00:09.0771 0x0d88  [ 442EE5A90ED7F4B668808062B75BC389 ] \Device\Harddisk0\DR0\Partition3
17:00:09.0773 0x0d88  \Device\Harddisk0\DR0\Partition3 - ok
17:00:09.0777 0x0d88  [ 45EC5619DA2023BA84E89498F2711658 ] \Device\Harddisk0\DR0\Partition4
17:00:09.0778 0x0d88  \Device\Harddisk0\DR0\Partition4 - ok
17:00:09.0781 0x0d88  ================ Scan generic autorun ======================
17:00:09.0836 0x0d88  [ CECA9C01CDAFF5C79B56357FC3659D49, F97BBC08619867746CA4022F97CB0FF3F4D5DC376739CA03A227019620BFB94C ] C:\windows\system32\igfxtray.exe
17:00:09.0860 0x0d88  IgfxTray - ok
17:00:09.0897 0x0d88  [ 1DC0FC0038652B85D6AFA4C223116EAF, 713DFC48A55EF9072314B8F27F9A6B10CE30CE6ED196FFF3A6DF7B87C69C8FDA ] C:\windows\system32\igfxpers.exe
17:00:09.0933 0x0d88  Persistence - ok
17:00:10.0189 0x0d88  [ CD62D86C57F4D455961ED760B9661605, AB8A12333264858AB507C6B202B6790749F432831625D9662234FC8573EEF5BF ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
17:00:10.0506 0x0d88  RTHDVCPL - ok
17:00:10.0572 0x0d88  [ CEF76A106D5A43A41C448AA929D920C4, 94D80C6E7A384CAAD05FEEAE1396460875845EF2FBF58482A0D8D084843E0E25 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:00:10.0638 0x0d88  RtHDVBg - ok
17:00:10.0729 0x0d88  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
17:00:10.0808 0x0d88  MSC - ok
17:00:10.0882 0x0d88  [ F19BB9A114A0F85E6E8C4395322E7191, FDFAFE5535442031A1102F0AE2B50213BDACA291EF958DE59E9C3CD556BF5DA7 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
17:00:10.0909 0x0d88  USB3MON - ok
17:00:10.0965 0x0d88  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
17:00:10.0989 0x0d88  HP Software Update - ok
17:00:11.0083 0x0d88  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:00:11.0194 0x0d88  Sidebar - ok
17:00:11.0226 0x0d88  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:00:11.0250 0x0d88  mctadmin - ok
17:00:11.0297 0x0d88  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:00:11.0344 0x0d88  Sidebar - ok
17:00:11.0351 0x0d88  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:00:11.0373 0x0d88  mctadmin - ok
17:00:11.0677 0x0d88  [ 8AA4A3119B2DF4FFAAD39A98F4764E47, 412192A2261ED0BD82EE2418DF94A8B3BC41D2D40F5AB8DA0F99FB9F0525910E ] C:\Program Files\CCleaner\CCleaner64.exe
17:00:12.0055 0x0d88  CCleaner Monitoring - ok
17:00:12.0128 0x0d88  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:00:12.0175 0x0d88  Sidebar - ok
17:00:12.0182 0x0d88  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:00:12.0204 0x0d88  mctadmin - ok
17:00:12.0205 0x0d88  Waiting for KSN requests completion. In queue: 73
17:00:13.0205 0x0d88  Waiting for KSN requests completion. In queue: 73
17:00:14.0205 0x0d88  Waiting for KSN requests completion. In queue: 73
17:00:15.0228 0x0d88  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
17:00:15.0238 0x0d88  Win FW state via NFP2: enabled ( trusted )
17:00:17.0922 0x0d88  ============================================================
17:00:17.0922 0x0d88  Scan finished
17:00:17.0922 0x0d88  ============================================================
17:00:17.0940 0x1760  Detected object count: 0
17:00:17.0940 0x1760  Actual detected object count: 0
17:01:59.0302 0x0e58  Deinitialize success

deeprybka · 05.11.2016, 17:04

Schritt 1

Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Wisazo · 05.11.2016, 20:04

1:

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.14.280
www.hitmanpro.com

   Computer name . . . . : THALIAGRILL-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Thaliagrill-PC\Thaliagrill
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-11-05 17:29:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 49s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 4

   Objects scanned . . . : 1.853.742
   Files scanned . . . . : 33.021
   Remnants scanned  . . : 274.876 files / 1.545.845 keys

Malware _____________________________________________________________________

   C:\Jetsystem\JetSystem.exe
      Size . . . . . . . : 13.044.224 bytes
      Age  . . . . . . . : 383.4 days (2015-10-19 08:50:32)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : A0139214D07527000F40EFFAD529EF14CE5FF330EE18FB1CA88DC870D75B475D
      Product  . . . . . : JetGastro.X
      Publisher  . . . . : MV-DATA
      Description  . . . : JetGastro.X
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Strictor.94080
      Fuzzy  . . . . . . : 100.0
      References
         C:\Users\Thaliagrill\Desktop\Kasse\Jetsystem.lnk
         HKU\S-1-5-21-1642952180-3305180400-4284923308-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Jetsystem\JetSystem.exe


Suspicious files ____________________________________________________________

   C:\$RECYCLE.BIN\S-1-5-21-1642952180-3305180400-4284923308-1001\$R28AX9Y.exe
      Size . . . . . . . : 2.409.984 bytes
      Age  . . . . . . . : 0.4 days (2016-11-05 08:08:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AC81F3D4148F10234E4A231B8E7004D4EB4DD07B4ADC63E384E023450CE98EB4
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

2:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bc389c1d29c36d41968d78151acdea76
# end=init
# utc_time=2016-11-05 04:36:00
# local_time=2016-11-05 05:36:00 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 31311
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bc389c1d29c36d41968d78151acdea76
# end=updated
# utc_time=2016-11-05 04:41:44
# local_time=2016-11-05 05:41:44 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bc389c1d29c36d41968d78151acdea76
# engine=31311
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-05 06:01:26
# local_time=2016-11-05 07:01:26 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 41389240 171682496 0 0
# scanned=170784
# found=0
# cleaned=0
# scan_time=4781

deeprybka · 06.11.2016, 11:47

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Wisazo · 07.11.2016, 12:28

Hallo.

Am sonntag konnte ich nicht reinschauen und heute auch erst jetzt.
Also bis jetzt funktioniert er wieder normal. Nicht das ich störungen bemerkt hätte. Danke vielmals.

mfg Wisazo

deeprybka · 07.11.2016, 15:35

OK. Bitte nochmal frische Logs:

Schritt 1

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

05.11.2016, 14:26	#4
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Win7: Virus über e-mail>worddokument eingefangen Ich meinte FRST und Addition in Codetags. Da kann ich es leicher analysieren... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

05.11.2016, 16:57	#8
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Win7: Virus über e-mail>worddokument eingefangen Scan bitte nach Anleitung ausführen. Was ist denn daran so schwierig die Anleitung zu lesen? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

06.11.2016, 11:47	#12
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Win7: Virus über e-mail>worddokument eingefangen Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Win7: Virus über e-mail>worddokument eingefangen

Log-Analyse und Auswertung: Win7: Virus über e-mail>worddokument eingefangen