Win 7 in Troja ?

Erwin80 · 31.12.2016, 14:24

hi ich glaube ich habe trojaner ...daher frage ich um hilfe

Welche angaben sind nötig um das Problem zu erkennen?

cosinus · 31.12.2016, 14:28

Hallo und

+++ WICHTIGER HINWEIS +++

Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache.
Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung!
Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben.

Gelesen und verstanden?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Erwin80 · 31.12.2016, 14:50

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-12-2016
durchgeführt von Erwin (31-12-2016 14:45:58)
Gestartet von C:\Users\Erwin\Desktop\Trojaner-Software
Windows 7 Professional Service Pack 1 (X64) (2016-08-02 07:52:00)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3372468986-2828329476-3420813562-500 - Administrator - Disabled)
Gast (S-1-5-21-3372468986-2828329476-3420813562-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3372468986-2828329476-3420813562-1002 - Limited - Enabled)
Erwin (S-1-5-21-3372468986-2828329476-3420813562-1000 - Administrator - Enabled) => C:\Users\Erwin

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: ESET Smart Security 9.0.408.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.408.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)


7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_0) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.51 - Ubisoft)
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)
ASUS GPU TweakII (x32 Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.50.6271 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.3 - Broadcom Corporation)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Call of Duty: Infinite Warfare (HKLM\...\Steam App 292730) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DSL-Manager (HKLM-x32\...\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{A6F36CF6-73C0-454D-A95C-5613B146B3D4}) (Version: 9.0.386.1 - ESET, spol. s r.o.)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.44.20513.9 - Electronic Arts)
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.46.21015 - Electronic Arts)
FIFA 17 DEMO (HKLM-x32\...\{39C00B2C-EA3C-4A6B-AECF-DADA0F09C2AE}) (Version: 1.0.45.26330 - Electronic Arts)
GameDesire-Pool & Snooker (HKLM-x32\...\GameDesire-Pool & Snooker) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
INFERNO (HKLM-x32\...\{72C4453F-FC68-4502-ADA5-4A7A19DDF043}) (Version: 1.2.0.0 - Cooler Master)
Intel(R) Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Thunderbird 45.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 de)) (Version: 45.4.0 - Mozilla)
Mozilla Thunderbird 45.5.0 (x86 de) (HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\Mozilla Thunderbird 45.5.0 (x86 de)) (Version: 45.5.0 - Mozilla)
Nitro Reader 5 (HKLM\...\{2C5E29B1-314E-4FB0-A2F0-1A8AE7C64536}) (Version: 5.5.9.2 - Nitro)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenTTD 1.6.0 (HKLM-x32\...\OpenTTD) (Version: 1.6.0 - OpenTTD)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\PrintProjects) (Version: 1.0.0.22142 - RocketLife Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7727 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.97.4382 - Electronic Arts)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
STEEP (HKLM-x32\...\Uplay Install 3445) (Version:  - Ubisoft)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Uplay (HKLM-x32\...\Uplay) (Version: 25.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder Launcher 1.0.1.730 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3372468986-2828329476-3420813562-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Erwin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3372468986-2828329476-3420813562-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3372468986-2828329476-3420813562-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A180622-138A-4E02-B7BD-C533E09CA20D} - System32\Tasks\AdobeAAMUpdater-1.0-Erwin-PC-Erwin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {0FDE99B9-CB3D-40B7-BFB8-0B3635067196} - System32\Tasks\{52FBD96F-0634-4871-A92C-532DBCA30A17} => pcalua.exe -a C:\Users\Erwin\Desktop\OInstall.exe -d C:\Users\Erwin\Desktop
Task: {111B498F-DE5F-4862-8DE3-BC2C2B071589} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {1FE4C4B8-6234-41AC-A4D0-5A6CE7F9B7BB} - System32\Tasks\{D4FFACDD-9517-4AA8-902C-55D8FF274B79} => pcalua.exe -a E:\Download´s\FirmwareFlashLauncher.exe -d E:\Download´s
Task: {21A7F18D-AD88-49AE-8507-77770A3EF0A8} - System32\Tasks\{7F5601B7-248D-42BF-ACB5-C5AD91A35D3B} => pcalua.exe -a C:\Users\Erwin\Desktop\64\KB2779768_64\MSuSetup.exe -d C:\Users\Erwin\Desktop\64\KB2779768_64
Task: {29D6FA42-2297-428F-8831-5FA231A5B8F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {2D0F8821-9F89-4330-BF24-758ACF013E59} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {3724311C-64C4-42D2-B58B-505462A3C982} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {63CA0A79-9850-48D7-AE8F-90F5274E830F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {6AD20159-38B4-4F9D-B178-43B3EBF1FCE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-03] (Google Inc.)
Task: {7EF6253C-F52A-4B9B-89CF-E507592D28AD} - System32\Tasks\{B4D3AA97-5062-49BE-928D-8EAE3BAE338F} => pcalua.exe -a E:\Download´s\FirmwareFlashLauncher(1).exe -d E:\Download´s
Task: {8F8D33CF-B4AA-4DD0-9CA3-BDF5F56B1825} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {B77AD491-C4F3-4C61-89F2-E8E5E90F8BC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {C19167BC-B8EE-4353-9213-1A6FECB45826} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-03] (Google Inc.)
Task: {DAF52731-8EC1-4B25-9628-C2C29E31F92C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-13 20:42 - 2016-07-13 20:42 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-12-15 02:54 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 02:54 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2000-01-01 01:00 - 2000-01-01 01:00 - 02967040 _____ () E:\Programme\Tor Browser\Browser\TorBrowser\Tor\tor.exe
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2000-01-01 01:00 - 2000-01-01 01:00 - 00092599 _____ () E:\Programme\Tor Browser\Browser\libssp-0.dll
2000-01-01 01:00 - 2000-01-01 01:00 - 00719217 _____ () E:\Programme\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
2000-01-01 01:00 - 2000-01-01 01:00 - 00092599 _____ () E:\Programme\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
2000-01-01 01:00 - 2000-01-01 01:00 - 00523262 _____ () E:\Programme\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
2000-01-01 01:00 - 2000-01-01 01:00 - 00107520 _____ () E:\Programme\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
2016-09-17 08:35 - 2016-02-11 14:20 - 03378688 _____ () G:\Games\Bluestacks\Bluestacks\BluestacksGameManager\xulrunner-sdk\mozjs.dll
2016-09-17 08:33 - 2016-03-09 07:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-09-17 08:33 - 2016-03-09 07:28 - 00133120 _____ () C:\Program Files (x86)\Bluestacks\libEGL.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.117.1.25 - 89.16.129.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8F4AB278-300A-4FA6-AFFE-B4E6DFC5DB53}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D2F87D9B-3AAA-4EDA-AC2F-3BFF90401C33}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9FA03795-48BB-404D-8CA5-7CD5A6D18152}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D50E84CE-F0A3-4982-AB2E-53EDB5157FB4}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22BFE914-FE40-4A43-9E35-62C3EF0E7D1B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F815EC64-1D71-4D31-AED9-4790890637A9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B71657F-FC9B-4992-B317-8B89B58F8F34}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A44DB755-799D-4FA6-9A0C-5B4D190D2724}] => C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{51D040E9-3DD5-4A36-B3B4-6010B93CD0E6}] => G:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{4C3CA8E4-8F90-4E3D-AD6F-84EEECA4171C}] => G:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{667485FE-4A31-40F0-A114-BDBFA82E0939}] => G:\Steam Game\Steam.exe
FirewallRules: [{EC171D1D-4B4A-482B-9BE6-2C5182EDBE17}] => G:\Steam Game\Steam.exe
FirewallRules: [{02AA4018-36C2-405D-B90A-E1E08DE55242}] => G:\Steam Game\bin\steamwebhelper.exe
FirewallRules: [{7E3ED941-83BD-4F49-9972-0D23DA1954A9}] => G:\Steam Game\bin\steamwebhelper.exe
FirewallRules: [VirtualPC-In-UDP-1] => %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => %SystemRoot%\System32\vpc.exe
FirewallRules: [{37BC8809-6BED-4AA6-B121-5B9197434595}] => G:\Steam Game\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7B1B9810-CC38-46D2-9640-EFD419A2A27E}] => G:\Steam Game\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{324F8606-34EB-4430-A007-451326AC7B74}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7674490A-943F-4ACE-8F31-D0B3A36F0793}] => C:\Program Files (x86)\Origin Games\FIFA 17 DEMO\FIFASetup\fifaconfig.exe
FirewallRules: [{0CB0F180-D4FA-4FAD-A7D9-E6FA63A079A7}] => C:\Program Files (x86)\Origin Games\FIFA 17 DEMO\FIFASetup\fifaconfig.exe
FirewallRules: [{9DE4C7F5-EC7F-4C19-AE92-5DB265D69D46}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5BE363FC-D3D2-4D40-BFB2-F6DB9D1936CD}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A64E27A6-139F-4169-9E6E-27CAFC2FC0E7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{51D339E4-7AA3-455C-8B33-ADC0A39C2F18}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A05DD337-A473-45AB-847D-7229666BFFE2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E8D7D9FC-815B-4751-8B74-F0E39B7DF5C8}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2842E376-4236-484A-9F30-720B9FCE5BCC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3FF50AC-8F95-4033-8A08-20441442ED76}] => C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{C76DB012-4B2D-4AF6-B7E6-90937D28917A}] => C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{1A618FF8-246C-4356-93C9-14B6780A4324}] => G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{EE6A2E46-FD07-4937-B347-4B0BEFED3131}] => G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{C566B15C-9957-42EC-97A6-AD17B355A414}] => LPort=9322
FirewallRules: [{7B2237A9-06A0-4820-ADEB-22C2EE723CBE}] => LPort=5353
FirewallRules: [{F0F507C5-784D-48DB-9C30-7DD033E9CB6C}] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{F6C9CB37-EC83-405C-9DC2-4F8AE89826CF}] => C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{15DCD263-9EAB-414F-AC12-FAA08CF00B4F}] => C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{794909E7-AF26-4D6D-B746-6E24725FABF4}] => C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{FD8D8B9D-1860-4C84-8308-40D41DCDFFFA}] => C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{6DBBBA87-3B1B-4D3E-B053-A2E86C08284B}] => G:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{6A26BEF7-F12E-4AB8-8D49-AD65497AC873}] => G:\Program Files (x86)\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{6210DDAB-7BFF-44AB-8184-5BCD0E45FC0D}] => LPort=80
FirewallRules: [{B086EF2B-C420-458A-A1FF-ABEED87DB972}] => LPort=443
FirewallRules: [{2E97F039-B399-4DBB-A671-04BD1F8E11F6}] => LPort=3216
FirewallRules: [{63026457-6171-4DED-8AE5-049D46C34467}] => LPort=18000
FirewallRules: [{9203F572-D973-4193-969D-F6CF18B561C1}] => LPort=18120
FirewallRules: [{E89BE0E4-9AD5-460E-9D25-FE241789647B}] => LPort=18060
FirewallRules: [{8259DA93-329F-4522-8FB7-5FC4B3EA5935}] => LPort=27900
FirewallRules: [{E3447003-B92B-4263-8333-696FDE05302E}] => LPort=29900
FirewallRules: [{F85B4469-3BA4-48DF-A154-ED1133916CAC}] => LPort=18000
FirewallRules: [{823569C6-BA5E-42BB-A56A-E77541871628}] => LPort=29900
FirewallRules: [{712FACAF-DEE5-49F8-A570-33A4D0DB4D4A}] => G:\Spiele\Ubisoft Game Launcher\games\Assassin's Creed Syndicate\ACS.exe
FirewallRules: [{A065AE66-5053-45E5-BA3F-0499B147188B}] => G:\Spiele\Ubisoft Game Launcher\games\STEEP\steep.exe
FirewallRules: [{39CA125D-DCA0-4AB7-98F3-D3FB6DF121E2}] => G:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{DD0725D5-A624-4000-850C-6B60AA83C4CB}] => G:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{BFE90204-8330-4D17-811B-8486C7F37D6D}] => E:\Programme\ITunes\iTunes.exe
FirewallRules: [{0D6B3F25-AAD7-49F5-9D38-A8E89ED3B54C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9ED7436A-634E-45CB-B4B2-188830C188A2}] => G:\Games\WarThunder\launcher.exe
FirewallRules: [{D82B09BC-53F4-49B7-A97A-1F05F4BE5D92}] => G:\Games\WarThunder\launcher.exe
FirewallRules: [{D3E98096-A1EE-4339-9767-EC8E74A03471}] => G:\Games\WarThunder\run.exe
FirewallRules: [{4F7B1A93-ECCB-433E-ABC8-F77D01392189}] => G:\Games\WarThunder\run.exe
FirewallRules: [{F0C58E10-CA4A-4E8E-8749-A771B0005F3F}] => LPort=80
FirewallRules: [{77F616BF-3AB4-44FC-BE29-02DE8E33B4D3}] => LPort=443
FirewallRules: [{13B3B28B-6875-48F9-BB7A-AFEB502C3A0F}] => LPort=20010
FirewallRules: [{DA6BE6AE-5F07-4CC2-A485-DCC697580CF1}] => LPort=3478
FirewallRules: [{1C19AA7B-2679-4C0D-90E1-6A150B93391F}] => LPort=7850
FirewallRules: [{0C37499C-88DF-403C-A7BF-C5EE0B5EB5A3}] => LPort=7852
FirewallRules: [{98892FFC-F835-4703-BBA1-E54F76DD4EAD}] => LPort=7853
FirewallRules: [{919D2A0E-25B1-422E-B6DC-3371C1982864}] => LPort=27022
FirewallRules: [{EC3BF2F6-D646-43C6-B625-604DADD7B62C}] => LPort=6881
FirewallRules: [{43D406D2-C4CA-43C7-8E9F-698051001913}] => LPort=33333
FirewallRules: [{8892625B-CF9B-440A-A5BA-DC92C9902456}] => LPort=20443
FirewallRules: [{994AC187-7210-482D-85F5-BBA5FB9F76F3}] => LPort=8090
FirewallRules: [{B85A6748-17D3-4462-BA5B-7148E9F94616}] => G:\Steam Game\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C58645F2-CC20-400D-A927-D480F1B6A348}] => G:\Steam Game\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1F8C50A2-D98E-4F6A-87B5-71306C8B7FBE}] => G:\Steam Game\steamapps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [{D56DE574-7518-4601-AA2E-84C5201141F6}] => G:\Steam Game\steamapps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [{79AE4334-E168-4D39-AC47-161E0B9D0212}] => C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E3568F07-BE7D-44D3-9E18-312B4E96EC5E}] => C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/29/2016 01:09:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7547c1da-c180-4404-9654-9312b483b11b}

Error: (12/28/2016 10:49:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\Download´s\esetsmartinstaller_deu (1).exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/28/2016 09:24:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 94c

Startzeit: 01d26146bee0ccc8

Endzeit: 8

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: ac3e349c-cd3b-11e6-8bc0-010101010000

Error: (12/28/2016 09:17:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\Download´s\esetsmartinstaller_deu (1).exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/28/2016 09:16:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\Download´s\esetsmartinstaller_deu (1).exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/28/2016 09:16:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\Download´s\esetsmartinstaller_deu (1).exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/28/2016 09:05:42 PM) (Source: MsiInstaller) (EventID: 11601) (User: Erwin-PC)
Description: Product: Ableton Live 9 Lite -- Disk full: Out of disk space -- Volume: 'C:'; required space: 968.188 KB; available space: 877.128 KB.  Free some disk space and retry.

Error: (12/28/2016 09:05:40 PM) (Source: MsiInstaller) (EventID: 11601) (User: Erwin-PC)
Description: Product: Ableton Live 9 Lite -- Disk full: Out of disk space -- Volume: 'C:'; required space: 968.188 KB; available space: 877.128 KB.  Free some disk space and retry.

Error: (12/28/2016 09:05:36 PM) (Source: MsiInstaller) (EventID: 11601) (User: Erwin-PC)
Description: Product: Ableton Live 9 Lite -- Disk full: Out of disk space -- Volume: 'C:'; required space: 968.188 KB; available space: 877.128 KB.  Free some disk space and retry.

Error: (12/28/2016 09:05:36 PM) (Source: MsiInstaller) (EventID: 11601) (User: Erwin-PC)
Description: Product: Ableton Live 9 Lite -- Disk full: Out of disk space -- Volume: 'C:'; required space: 968.188 KB; available space: 877.128 KB.  Free some disk space and retry.


Systemfehler:
=============
Error: (12/31/2016 01:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/31/2016 01:31:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (12/30/2016 01:50:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/30/2016 01:50:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (12/29/2016 05:57:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/29/2016 05:57:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (12/29/2016 05:56:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎12.‎2016 um 13:09:26 unerwartet heruntergefahren.

Error: (12/29/2016 12:25:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/29/2016 12:25:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (12/29/2016 03:07:09 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 16276.84 MB
Verfügbarer physikalischer RAM: 9682.45 MB
Summe virtueller Speicher: 32551.86 MB
Verfügbarer virtueller Speicher: 25254.83 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:3.84 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: () (Fixed) (Total:926.44 GB) (Free:202.05 GB) NTFS
Drive f: (Musik) (Fixed) (Total:936.58 GB) (Free:85.27 GB) NTFS
Drive g: (Games) (Fixed) (Total:2794.39 GB) (Free:2584.24 GB) NTFS
Drive k: (DEW95_FULL) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 75F281A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 52425DEB)
Partition 1: (Active) - (Size=936.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=926.4 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
durchgeführt von Erwin (Administrator) auf Erwin-PC (31-12-2016 14:45:39)
Gestartet von C:\Users\Erwin\Desktop\Trojaner-Software
Geladene Profile: Erwin (Verfügbare Profile: Erwin)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) E:\Programme\ITunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(T-Systems Enterprise Services GmbH) E:\Telekom netzmanager\DslMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(T-Systems Enterprise Services GmbH) E:\Telekom netzmanager\DslMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) E:\Programme\Tor Browser\Browser\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\Programme\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\Bluestacks.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\Bluestacks\BstkSVC.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Programme\ITunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\MountPoints2: {579bb393-5884-11e6-b2a6-806e6f6e6963} - V:\setup.exe
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\MountPoints2: {879de627-7672-11e6-9748-010101010000} - L:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\...\MountPoints2: {ae577840-6517-11e6-9168-806e6f6e6963} - L:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-08-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2016-12-23]
ShortcutTarget: DSL-Manager.lnk -> E:\Telekom netzmanager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2016-12-23]
ShortcutTarget: DSL-Manager.lnk -> E:\Telekom netzmanager\DslMgr.exe (T-Systems Enterprise Services GmbH)
Startup: C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2016-12-28]
ShortcutTarget: DSL-Manager.lnk -> E:\Telekom netzmanager\DslMgr.exe (T-Systems Enterprise Services GmbH)
GroupPolicy: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

AutoConfigURL: [S-1-5-21-3372468986-2828329476-3420813562-1000] => hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25
Tcpip\..\Interfaces\{00ECA228-DA30-4653-8611-243CD66FBCB1}: [DhcpNameServer] 62.117.1.25 89.16.129.25
ManualProxies: 0hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-02] (Oracle Corporation)
DPF: HKLM {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x64/MuCatalogWebControl.cab?1470163823013
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\1hw9sf1i.default-1478083278111 [2016-12-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> E:\Programme\VLC Player\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-23] ()
FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2015-07-15] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNRD -> C:\Program Files (x86)\Nitro\Pro 10\npnitromozilla.dll [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3372468986-2828329476-3420813562-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Erwin\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-10-26] (RocketLife, LLP)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://www.facebook.com/Eichlie
CHR Profile: C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default [2016-12-31]
CHR Extension: (Google Präsentationen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-03]
CHR Extension: (Google Docs) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-03]
CHR Extension: (Google Drive) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-03]
CHR Extension: (YouTube) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-03]
CHR Extension: (Adblock Plus) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-03]
CHR Extension: (Google Tabellen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-03]
CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2016-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04]
CHR Extension: (Ghostery) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-12-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-03]
CHR Extension: (Google Mail) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Datei ist nicht signiert]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-08] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-08] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-11-16] (ESET)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [296432 2014-04-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; G:\Origin\OriginClientService.exe [2119688 2016-12-06] (Electronic Arts)
S2 Origin Web Helper Service; G:\Origin\OriginWebHelperService.exe [2180624 2016-12-06] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R3 TDslMgrService; E:\Telekom netzmanager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S4 StarWindServiceAE; F:\Programme\Alcohol 120\StarWind\StarWindServiceAE.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-08] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-06] (Bluestack System Inc. )
R1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-29] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-16] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-16] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-16] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-16] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-16] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-16] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-08-18] (Duplex Secure Ltd.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
U3 aysgnwy7; C:\Windows\System32\Drivers\aysgnwy7.sys [0 ] (Microsoft Corporation) <==== ACHTUNG (Null Byte Datei/Ordner)
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-29 18:32 - 2016-12-29 18:32 - 00000778 _____ C:\Users\Erwin\Desktop\Start Tor Browser.lnk
2016-12-29 18:32 - 2016-12-29 18:32 - 00000778 _____ C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-12-29 00:39 - 2016-12-29 00:40 - 00000000 ____D C:\Users\Erwin\Documents\Ableton
2016-12-28 23:27 - 2016-12-28 23:27 - 00000446 __RSH C:\ProgramData\ntuser.pol
2016-12-28 23:26 - 2016-12-29 00:44 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Ableton
2016-12-28 23:26 - 2016-12-28 23:26 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-12-28 21:37 - 2016-12-28 21:37 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-28 21:37 - 2016-12-28 21:37 - 00000000 ____D C:\de63200890cbf850afd3c700889515
2016-12-28 21:16 - 2016-12-28 21:16 - 00000000 ____D C:\Program Files (x86)\ESET
2016-12-27 10:18 - 2016-12-27 10:23 - 00000000 ____D C:\Users\Erwin\Desktop\Wohnung Friedrich-Wolf-Str. 4
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsigne5366bf2748e4ffd
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignd715b855f746097e
2016-12-23 11:29 - 2016-12-23 11:29 - 00000000 ____D C:\ProgramData\T-Online
2016-12-23 11:29 - 2007-09-12 17:24 - 00041024 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\DslTestSp5a64.sys
2016-12-23 11:28 - 2016-12-23 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSL-Manager
2016-12-23 11:28 - 2007-08-01 14:49 - 00019008 _____ (T-Systems Enterprise Services GmbH) C:\Windows\system32\Drivers\dslmnlwf.sys
2016-12-23 10:48 - 2016-12-23 10:48 - 00000000 ____D C:\Users\Erwin\AppData\Local\Chromium
2016-12-23 10:38 - 2016-12-23 10:39 - 00000000 ____D C:\Users\Erwin\Desktop\Schloss konflikt
2016-12-22 12:41 - 2016-12-22 12:41 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignd1d326e19262b78c
2016-12-22 12:41 - 2016-12-22 12:41 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsign32dc2236ae449d67
2016-12-22 11:59 - 2016-12-22 11:59 - 00000000 ____D C:\Users\Erwin\Desktop\Becca handy lieder
2016-12-22 11:47 - 2016-12-22 11:47 - 00000000 ____D C:\Users\Erwin\Desktop\Schnuffel-Schnuffels_Weihnachtslied-CDS-DE-2008-VOLDiES
2016-12-21 08:31 - 2016-12-21 08:31 - 00000000 ____D C:\Users\Erwin\Desktop\German_TOP50_ODC_18_12_2016-NoGroup
2016-12-20 22:19 - 2016-12-20 22:19 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-12-19 21:38 - 2016-12-19 21:42 - 00352256 _____ C:\Users\Erwin\Documents\Database1.accdb
2016-12-19 15:43 - 2016-12-19 20:51 - 00249684 _____ C:\Users\Erwin\Desktop\Schichtplan Utti 36h Woche.xlsx
2016-12-17 21:26 - 2016-12-17 21:26 - 05894324 _____ C:\Users\Erwin\Desktop\paper-535960_960_720 Probe.psd
2016-12-17 21:26 - 2016-12-17 21:26 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignfc68dddba1b67432
2016-12-17 21:21 - 2016-12-17 21:21 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignfce5d7898ded0240
2016-12-17 21:21 - 2016-12-17 21:21 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignefc6498f3d192f4f
2016-12-17 21:21 - 2016-12-17 21:21 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignba106bc5e48e560a
2016-12-17 21:19 - 2016-12-17 21:19 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignfb4c5680568b1c8f
2016-12-17 21:19 - 2016-12-17 21:19 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignb6fcd28f5f457492
2016-12-17 21:14 - 2016-12-17 21:14 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignfba89f7db43a07d2
2016-12-17 21:14 - 2016-12-17 21:14 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsignee672a68e77a45d9
2016-12-17 21:14 - 2016-12-17 21:14 - 00000000 ____D C:\Users\Erwin\AppData\Local\Tempzxpsign253fb9ae04d1d142
2016-12-16 19:59 - 2016-12-16 20:00 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-12-16 19:59 - 2016-12-16 19:59 - 00000000 ____D C:\Program Files\Rockstar Games
2016-12-16 19:58 - 2016-12-16 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-12-16 19:52 - 2016-12-16 20:00 - 00000000 ____D C:\Users\Erwin\Documents\Rockstar Games
2016-12-16 19:52 - 2016-12-16 19:52 - 00000000 ____D C:\Users\Erwin\AppData\Local\Rockstar Games
2016-12-15 15:38 - 2016-12-15 15:38 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2016-12-15 15:38 - 2016-12-15 15:38 - 00000000 ____D C:\Users\Erwin\AppData\Local\Gaijin
2016-12-15 15:38 - 2016-12-15 15:38 - 00000000 ____D C:\ProgramData\Gaijin
2016-12-14 14:27 - 2016-12-14 14:27 - 00001538 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-14 14:27 - 2016-12-14 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-14 14:26 - 2016-12-14 14:26 - 00000000 ____D C:\Program Files\iPod
2016-12-14 13:00 - 2016-12-14 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-12-09 09:15 - 2016-12-09 09:15 - 00000000 ____D C:\Users\Erwin\Desktop\VA_-_Weihnachten_Mit_ToysRUs-_SP_906555_-DE-2015-ZzZz
2016-12-06 10:56 - 2016-12-23 10:39 - 00000000 ____D C:\Users\Erwin\Desktop\Anwalt VBG Knie Links

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-31 14:45 - 2016-10-30 20:01 - 00000000 ____D C:\FRST
2016-12-31 14:45 - 2016-08-02 10:02 - 00000000 ____D C:\Users\Erwin\Desktop\Trojaner-Software
2016-12-31 13:37 - 2009-07-14 05:45 - 00033392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-31 13:37 - 2009-07-14 05:45 - 00033392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-31 13:35 - 2009-07-14 18:58 - 00702266 _____ C:\Windows\system32\perfh007.dat
2016-12-31 13:35 - 2009-07-14 18:58 - 00150664 _____ C:\Windows\system32\perfc007.dat
2016-12-31 13:35 - 2009-07-14 06:13 - 01623690 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-31 13:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-31 13:30 - 2016-09-22 07:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-31 13:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-30 19:10 - 2016-08-02 15:43 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Origin
2016-12-30 18:35 - 2016-08-02 15:42 - 00000000 ____D C:\ProgramData\Origin
2016-12-30 18:32 - 2016-08-02 10:41 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-30 14:00 - 2016-08-03 19:29 - 00000000 ____D C:\Users\Erwin\AppData\Local\Adobe
2016-12-28 23:27 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-28 23:26 - 2016-08-02 15:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-28 21:37 - 2016-11-17 09:30 - 00000000 ___HT C:\Windows\wusa.lock
2016-12-28 21:37 - 2016-08-04 06:28 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-28 21:37 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-12-28 21:36 - 2016-08-02 15:51 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-28 21:20 - 2016-08-20 11:35 - 00000000 ____D C:\test
2016-12-28 21:18 - 2016-08-02 20:58 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\TeamViewer
2016-12-28 21:11 - 2016-08-17 22:32 - 00000000 ____D C:\Users\Erwin\.VirtualBox
2016-12-28 21:11 - 2016-08-02 13:53 - 00000000 ____D C:\AdwCleaner
2016-12-27 14:34 - 2016-09-14 12:23 - 00617984 _____ C:\Users\Erwin\Desktop\Patrick _September.xls
2016-12-24 00:38 - 2016-08-02 10:01 - 00000000 ___RD C:\Users\Erwin\Desktop\Spiele
2016-12-24 00:28 - 2016-11-17 23:05 - 00000000 ____D C:\Users\Erwin\Desktop\Hochzeit Becca & Erwin
2016-12-23 13:15 - 2016-08-17 22:33 - 00000000 ____D C:\Users\Erwin\VirtualBox VMs
2016-12-23 12:49 - 2016-08-02 08:54 - 00000000 ____D C:\Users\Erwin\AppData\Local\VirtualStore
2016-12-23 11:28 - 2016-08-02 09:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-23 10:48 - 2016-08-12 06:39 - 00000000 ____D C:\Users\Erwin\AppData\Local\Steam
2016-12-23 10:42 - 2016-08-02 10:00 - 00000000 ____D C:\Users\Erwin\Desktop\Dokumente Erwin & Becca Handy
2016-12-22 13:14 - 2016-08-09 20:04 - 00000000 ____D C:\Users\Erwin\AppData\Roaming\Skype
2016-12-20 23:12 - 2003-03-30 16:28 - 00095232 _____ () C:\Users\Erwin\Desktop\IC_annocheat104.exe
2016-12-19 22:06 - 2016-09-22 07:24 - 00000000 ____D C:\Users\Erwin\AppData\Local\CrashDumps
2016-12-19 22:05 - 2016-08-02 10:02 - 00000000 ____D C:\Users\Erwin\Desktop\Vip Verkehrsunternehmen
2016-12-17 10:54 - 2016-11-03 11:48 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 10:54 - 2016-11-03 11:48 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 15:38 - 2016-11-19 02:39 - 00000000 ____D C:\Users\Erwin\Documents\My Games
2016-12-15 02:54 - 2016-11-03 11:49 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 14:26 - 2016-08-04 07:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-14 13:04 - 2016-08-04 07:50 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-04 09:42 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-08-02 09:50 - 2016-08-02 09:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Erwin\AppData\Local\Temp\libeay32.dll
C:\Users\Erwin\AppData\Local\Temp\msvcr120.dll
C:\Users\Erwin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-13 14:54

==================== Ende von FRST.txt ============================

--- --- ---

cosinus · 31.12.2016, 18:47

Logs der Virenscanner fehlen.
Wenn es bisher keine Funde gab solltest du schonmal erklären warum du glaubst, dass da Trojaner sind.

Zitat:

Adobe Creative Suite 6 Master Collection
Microsoft Office Professional Plus 2016

Und bitte beantworten ob das ein gewerblich genutztes System ist, für privat sind mir diese Versionen ein wenig zu "dick".

Erwin80 · 01.01.2017, 16:05

Code:

ATTFilter

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 14:03:08</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">25F0B6117A6D9A6556372BD265C4EC03CAB9DB7A</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 13:59:59</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">25F0B6117A6D9A6556372BD265C4EC03CAB9DB7A</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 13:58:05</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">336779BF64FF39E57D26D3971DBB4BBC603B7182</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 13:57:53</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">336779BF64FF39E57D26D3971DBB4BBC603B7182</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 13:57:07</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">336779BF64FF39E57D26D3971DBB4BBC603B7182</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 13:54:05</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Telekom netzmanager\DslMgr.exe (69774B016777773E6013AD3E1EA22C519B9F04CF).</COLUMN>
      <COLUMN NAME="Hash">336779BF64FF39E57D26D3971DBB4BBC603B7182</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">01.01.2017 13:53:50</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (142D9F2CCDA7AD70686F38530883B959E300FC2D).</COLUMN>
      <COLUMN NAME="Hash">336779BF64FF39E57D26D3971DBB4BBC603B7182</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 20:43:28</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Download´s\ccsetup525.exe (F9D434EEC90359C58A2F49AC5E924B9C80FE9630).</COLUMN>
      <COLUMN NAME="Hash">7C1B6272C9CB4F443C4F71EB2CEB65CBB4C9710F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 20:43:14</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7C1B6272C9CB4F443C4F71EB2CEB65CBB4C9710F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 20:42:38</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7C1B6272C9CB4F443C4F71EB2CEB65CBB4C9710F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 20:41:14</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7C1B6272C9CB4F443C4F71EB2CEB65CBB4C9710F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 20:40:29</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7C1B6272C9CB4F443C4F71EB2CEB65CBB4C9710F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 19:13:48</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">DDBF29D867E51F0789C1AF783ED5274B528268F5</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 18:30:38</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">535752F2DDA496C7A6FBC972EF7DF1540E9DC710</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 18:03:31</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">ABB1B93A4D9DBF980F9BBD5759B02A193F151D56</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 16:54:47</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">831C26493AD09AA11093BFB9F5713060BF7A146A</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 16:24:27</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">2CF44678DB8428FE5129F7E3D05B4D7B38701A9E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:45:06</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\Erwin\Desktop\Trojaner-Software\FRST64.exe (704DE8CD5ADE1256E14578DA78DDD49CCDD21873).</COLUMN>
      <COLUMN NAME="Hash">2EDCA336FDE246FF84511180FF024AA20F37D93B</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:05:25</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:05:02</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:03:26</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:02:33</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:02:14</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:02:03</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:01:21</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 14:00:38</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">0627140615ACF9FF67B52C95DA0E25863437BB7F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">31.12.2016 13:47:58</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (142D9F2CCDA7AD70686F38530883B959E300FC2D).</COLUMN>
      <COLUMN NAME="Hash">586F124264D01BE6DD8BE89DA23FE9EF38675AFA</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 19:13:48</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">ED930CEDBC68991EC53133D0A2DB40BD2C29969E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 19:06:18</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">CB095431739D51A4761FACB6BA012530A4933CC9</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:35:55</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">50664615D43353941C527EEF19823E07A0872B0E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:35:37</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">50664615D43353941C527EEF19823E07A0872B0E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:34:07</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">50664615D43353941C527EEF19823E07A0872B0E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:33:22</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">50664615D43353941C527EEF19823E07A0872B0E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:32:52</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">50664615D43353941C527EEF19823E07A0872B0E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:32:20</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">50664615D43353941C527EEF19823E07A0872B0E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 18:20:01</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">FFF4C46673F74C2FD55683A58DEBE6D361936DC8</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 17:53:44</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">8D5D3752B5631511239378CA52147F9BCA275220</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:50:18</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">834CCBDDEB500B9F6BA32AAC3B12A4E14289E07F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:49:30</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">834CCBDDEB500B9F6BA32AAC3B12A4E14289E07F</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:18:57</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">3FDA2DC686F8614E5C044A98D5600A77EC53F814</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:16:57</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">3FDA2DC686F8614E5C044A98D5600A77EC53F814</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:16:00</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">3FDA2DC686F8614E5C044A98D5600A77EC53F814</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:15:40</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">3FDA2DC686F8614E5C044A98D5600A77EC53F814</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 16:06:48</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">2BE66426DD1FAA89D6AD3138A1EDEB765C5F06D3</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 15:56:46</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">ACE922DC6EB598A3054E24D9C8C4000DD4B72572</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 15:54:46</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">ACE922DC6EB598A3054E24D9C8C4000DD4B72572</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 15:52:46</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">9ADBEBE3AAC13D444E913B0E4565458C210969EB</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 15:49:18</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">9ADBEBE3AAC13D444E913B0E4565458C210969EB</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 15:48:45</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme\Thunderbird  final\thunderbird.exe (138093F4D7A691CC4877B7C7A4FAC9D53A5CDD4C).</COLUMN>
      <COLUMN NAME="Hash">9ADBEBE3AAC13D444E913B0E4565458C210969EB</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 13:56:56</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">54944F5DBC7453BB164072F65EF95809BD1B53A0</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 13:53:39</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">D15314016F9E585439ADE33265A89EEED15B9F1E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 13:53:22</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">D15314016F9E585439ADE33265A89EEED15B9F1E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 13:52:33</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">D15314016F9E585439ADE33265A89EEED15B9F1E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 13:51:42</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">D15314016F9E585439ADE33265A89EEED15B9F1E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">30.12.2016 13:50:54</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">D15314016F9E585439ADE33265A89EEED15B9F1E</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:33:32</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">89B2CED796BD0D2435A3A8704D69B22D7CF89E1C</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:28:32</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">8F49B4E70E1BD0249208A8C946FBB74A439DFFC2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:23:32</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">8F49B4E70E1BD0249208A8C946FBB74A439DFFC2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:18:17</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">E87D30E190156FC0322A9A1D086179FB10F5705B</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:13:17</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">E87D30E190156FC0322A9A1D086179FB10F5705B</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:08:02</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">12ACC01E2EE23A09A6F64DEE056AF5FDE0A20FB4</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 19:02:47</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">B7D2B86692020E607B42420B05AB4D5A3C64197A</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:57:47</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">CF58136A17272A009222FE86DE54177A15DF4522</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:52:32</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">02D98C497F55070E8DDB8BD3C04EB83C105D99FC</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:47:32</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">4A33B3A4E2522B3CF105B563F16CD739EFAF9992</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:42:17</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">C76AAC1E2CCFEE9485B0C0182E39A9418807A262</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:37:17</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">BA3E8D3C1D81289D76C4B160EDDDFD806BA3D13A</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:34:31</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">B8CFB329A650F1DE47A761BBCCD4E67A1F255DD2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:33:01</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">B8CFB329A650F1DE47A761BBCCD4E67A1F255DD2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:32:16</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">B8CFB329A650F1DE47A761BBCCD4E67A1F255DD2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:31:46</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">B8CFB329A650F1DE47A761BBCCD4E67A1F255DD2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:31:15</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">B8CFB329A650F1DE47A761BBCCD4E67A1F255DD2</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:28:07</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">C8FEEDF680ED92C98D2A7B68855FAFF43F3CE316</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:26:31</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">C8FEEDF680ED92C98D2A7B68855FAFF43F3CE316</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:25:07</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">C8FEEDF680ED92C98D2A7B68855FAFF43F3CE316</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:24:28</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">C8FEEDF680ED92C98D2A7B68855FAFF43F3CE316</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 18:23:43</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">C8FEEDF680ED92C98D2A7B68855FAFF43F3CE316</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 12:43:15</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">FC5334ADA9B70D7BFEC97861DEA1F055529C8ABA</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 12:41:08</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">19E12F72BA10D6EEF5BAE6CA4077E42DB42B275D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 12:40:02</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">19E12F72BA10D6EEF5BAE6CA4077E42DB42B275D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 12:38:02</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">19E12F72BA10D6EEF5BAE6CA4077E42DB42B275D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 12:37:13</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">19E12F72BA10D6EEF5BAE6CA4077E42DB42B275D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 12:25:29</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Bluestacks\BlueStacksTV.exe (9B42F6A2B1E908B06E5C3D812B6E53A57369D1B4).</COLUMN>
      <COLUMN NAME="Hash">53663D3EB43C6F902075AC4EF9F8A5DAD6400A3C</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 04:43:33</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7EAAAC26F3981130512A207956572F4031FA5735</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 04:41:45</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7EAAAC26F3981130512A207956572F4031FA5735</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 04:41:31</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7EAAAC26F3981130512A207956572F4031FA5735</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 04:40:50</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">7EAAAC26F3981130512A207956572F4031FA5735</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 04:17:15</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">4DE5C1DE453466CC1740FA52C1EA8B71C5727B03</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 04:09:04</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">BF1A407CD05AB32ABFC01AD4D6DBDE902D8EB9DF</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 03:38:43</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: G:\Origin\Origin.exe (1ED5244C1E93736B1014D92D957138AC457D6F91).</COLUMN>
      <COLUMN NAME="Hash">A9235A89381E52A7913CF8C5188A8FAFDB067CE1</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 03:16:34</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme Adobe\Adobe Audition CC 2017\LogTransport2.exe (1A3CBBAB0325F93A2864A8CA4A2D7D0A3281E232).</COLUMN>
      <COLUMN NAME="Hash">45590BC5B337513CDFD9AD6B21CE400B67A8E0C5</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 02:25:27</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme Adobe\Adobe Audition CC 2017\LogTransport2.exe (1A3CBBAB0325F93A2864A8CA4A2D7D0A3281E232).</COLUMN>
      <COLUMN NAME="Hash">BD15809A71F958872EF4FF767780060D750B26B0</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 01:28:51</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">DF826996EE7D674BF2DFF9EC6D3D498F4765FA78</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 01:22:15</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">49CD59A58FA93D7CADBF4DC9B2F5A6E0FC919FDE</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 01:22:00</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme Adobe\Adobe Audition CC 2017\LogTransport2.exe (1A3CBBAB0325F93A2864A8CA4A2D7D0A3281E232).</COLUMN>
      <COLUMN NAME="Hash">49CD59A58FA93D7CADBF4DC9B2F5A6E0FC919FDE</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 01:18:23</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme Adobe\Adobe Audition CC 2017\Adobe Audition CC.exe (93A8504078B2DD6BACA17BDB910D21A3208130ED).</COLUMN>
      <COLUMN NAME="Hash">49CD59A58FA93D7CADBF4DC9B2F5A6E0FC919FDE</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 01:18:11</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme Adobe\Adobe Audition CC 2017\LogTransport2.exe (1A3CBBAB0325F93A2864A8CA4A2D7D0A3281E232).</COLUMN>
      <COLUMN NAME="Hash">49CD59A58FA93D7CADBF4DC9B2F5A6E0FC919FDE</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">29.12.2016 00:49:13</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Programme Adobe\Adobe Audition CC 2017\Adobe Audition CC.exe (93A8504078B2DD6BACA17BDB910D21A3208130ED).</COLUMN>
      <COLUMN NAME="Hash">491557A45903B67821C8A6187DF03650069DCFDE</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:25:10</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">95E638F79B16FB71D3F5DD0C759E37042C0EAF23</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:23:00</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">2241985BFAFC22E45674B3C7B90C36ED53B5110D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:21:57</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">2241985BFAFC22E45674B3C7B90C36ED53B5110D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:19:52</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">2241985BFAFC22E45674B3C7B90C36ED53B5110D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:19:10</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">2241985BFAFC22E45674B3C7B90C36ED53B5110D</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:16:59</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Download´s\esetsmartinstaller_deu (1).exe (12E55E5F40D9E85CB0626ADC7371B3DAA4CD6809).</COLUMN>
      <COLUMN NAME="Hash">9EE5A08F85F522DB981D3B87B1D8B9BA2AA63AF3</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:16:45</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">9EE5A08F85F522DB981D3B87B1D8B9BA2AA63AF3</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:14:45</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">9EE5A08F85F522DB981D3B87B1D8B9BA2AA63AF3</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:13:55</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">9EE5A08F85F522DB981D3B87B1D8B9BA2AA63AF3</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:13:14</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (142D9F2CCDA7AD70686F38530883B959E300FC2D).</COLUMN>
      <COLUMN NAME="Hash">9EE5A08F85F522DB981D3B87B1D8B9BA2AA63AF3</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:11:08</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\Erwin\Desktop\Trojaner-Software\AdwCleaner_6.041.exe (322DF7084E893D96B7C4A06AADE24D6321378917).</COLUMN>
      <COLUMN NAME="Hash">1ABB0920C11A4F8D44B62D6FFA5B4D69B3291C87</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:09:54</COLUMN>
      <COLUMN NAME="Prüfung">Echtzeit-Dateischutz</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">C:\Users\Erwin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M6D122B\wpad[1].dat</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Gesäubert durch Löschen</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Ereignis beim Erstellen einer neuen Datei durch die Anwendung: E:\Telekom netzmanager\DslMgr.exe (69774B016777773E6013AD3E1EA22C519B9F04CF).</COLUMN>
      <COLUMN NAME="Hash"></COLUMN>
      <COLUMN NAME="Zuerst gesehen">28.12.2016 21:09:35</COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:09:34</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: E:\Telekom netzmanager\DslMgr.exe (69774B016777773E6013AD3E1EA22C519B9F04CF).</COLUMN>
      <COLUMN NAME="Hash">1ABB0920C11A4F8D44B62D6FFA5B4D69B3291C87</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 21:07:24</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">1ABB0920C11A4F8D44B62D6FFA5B4D69B3291C87</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 20:58:36</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">38EEC5421C7699566E2BD956780E746E63ACB383</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 20:54:15</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">DA1DFDE155E2E97EFA0158D01745B68343C5BBCC</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 20:52:14</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">DA1DFDE155E2E97EFA0158D01745B68343C5BBCC</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">28.12.2016 20:51:32</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613</COLUMN>
      <COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (8AC4446E055A253537BF62E2F36493FB590025CA).</COLUMN>
      <COLUMN NAME="Hash">DA1DFDE155E2E97EFA0158D01745B68343C5BBCC</COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">19.11.2016 14:21:34</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://rt.firsttechsys.org/find.php?WMt_PLUS_aDZ08fk_SLASH_uLiNyC1b3Bwh6r3DhFcTo2tbZnaM2T_PLUS_lX1RaH2TVMqasUFnVIej8y5RR2sdB2RnrwnwE7WTDyA_EQUALS__EQUALS_</COLUMN>
      <COLUMN NAME="Bedrohung">Variante von Win32/Kryptik.FJVW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.</COLUMN>
      <COLUMN NAME="Hash"></COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
    <RECORD>
      <COLUMN NAME="Zeit">19.11.2016 14:20:48</COLUMN>
      <COLUMN NAME="Prüfung">HTTP-Prüfung</COLUMN>
      <COLUMN NAME="Objekttyp">Datei</COLUMN>
      <COLUMN NAME="Objekt">hxxp://rt.firsttechsys.org/find.php?WMt_PLUS_aDZ08fk_SLASH_uLiNyC1b3Bwh6r3DhFcTo2tbZnaM2T_PLUS_lX1RaH2TVMqasUFnVIej8y5RR2sdB2RnrwnwE7WTDyA_EQUALS__EQUALS_</COLUMN>
      <COLUMN NAME="Bedrohung">Variante von Win32/Kryptik.FJVW Trojaner</COLUMN>
      <COLUMN NAME="Aktion">Verbindung getrennt</COLUMN>
      <COLUMN NAME="Benutzer">Erwin-PC\Erwin</COLUMN>
      <COLUMN NAME="Informationen">Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.</COLUMN>
      <COLUMN NAME="Hash"></COLUMN>
      <COLUMN NAME="Zuerst gesehen"></COLUMN>
    </RECORD>
 </LOG>
</ESET>

Adobe sowie Office sind aus Privaten nutzen im gebrauch zur unterstützung gewisser Hobby´s

und ich wünsche dir auch ein "Gesundes neues Jahr 2017"

<COLUMN NAME="Bedrohung">JS/ProxyChanger.CW Trojaner</COLUMN>

das zeigt mir eset auch immer an es ploppt einfach auf!

cosinus · 02.01.2017, 09:35

1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Erwin80 · 02.01.2017, 15:40

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.02.01
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Erwin :: Erwin [administrator]

02.01.2017 15:07:09
mbar-log-2017-01-02 (15-07-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 331926
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES| (Hijack.AutoConfigURL.PrxySvrRST) -> Data: 0hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [19005225cbdd0c2a64447c4bd52be41c]
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [0b0e3245664292a426ad6e59679936ca]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

15:36:02.0365 0x02d4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
15:36:38.0619 0x02d4  ============================================================
15:36:38.0619 0x02d4  Current date / time: 2017/01/02 15:36:38.0619
15:36:38.0619 0x02d4  SystemInfo:
15:36:38.0619 0x02d4  
15:36:38.0619 0x02d4  OS Version: 6.1.7601 ServicePack: 1.0
15:36:38.0619 0x02d4  Product type: Workstation
15:36:38.0619 0x02d4  ComputerName: Erwin
15:36:38.0619 0x02d4  UserName: Erwin
15:36:38.0619 0x02d4  Windows directory: C:\Windows
15:36:38.0619 0x02d4  System windows directory: C:\Windows
15:36:38.0619 0x02d4  Running under WOW64
15:36:38.0619 0x02d4  Processor architecture: Intel x64
15:36:38.0619 0x02d4  Number of processors: 8
15:36:38.0619 0x02d4  Page size: 0x1000
15:36:38.0619 0x02d4  Boot type: Normal boot
15:36:38.0619 0x02d4  CodeIntegrityOptions = 0x00000001
15:36:38.0619 0x02d4  ============================================================
15:36:40.0789 0x02d4  KLMD registered as C:\Windows\system32\drivers\22313787.sys
15:36:40.0789 0x02d4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23564, osProperties = 0x1
15:36:40.0994 0x02d4  System UUID: {91BD891E-1715-C74A-39C4-04E1DA4CFF87}
15:36:41.0427 0x02d4  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:36:41.0669 0x02d4  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:36:41.0742 0x02d4  Drive \Device\Harddisk6\DR6 - Size: 0x1D1C1115800 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:36:41.0807 0x02d4  ============================================================
15:36:41.0807 0x02d4  \Device\Harddisk0\DR0:
15:36:41.0808 0x02d4  MBR partitions:
15:36:41.0808 0x02d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:36:41.0808 0x02d4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
15:36:41.0808 0x02d4  \Device\Harddisk1\DR1:
15:36:41.0808 0x02d4  GPT partitions:
15:36:41.0809 0x02d4  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BE90CE78-FC1F-450F-B391-F134042E3D78}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
15:36:41.0809 0x02d4  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2633F0BA-E60D-403D-AA2A-4D4D43E4F317}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
15:36:41.0809 0x02d4  MBR partitions:
15:36:41.0809 0x02d4  \Device\Harddisk6\DR6:
15:36:41.0809 0x02d4  MBR partitions:
15:36:41.0809 0x02d4  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x75127800
15:36:41.0809 0x02d4  \Device\Harddisk6\DR6\Partition2: MBR, Type 0x7, StartLBA 0x75128000, BlocksNum 0x73CDF800
15:36:41.0809 0x02d4  ============================================================
15:36:41.0810 0x02d4  C: <-> \Device\Harddisk0\DR0\Partition2
15:36:41.0858 0x02d4  F: <-> \Device\Harddisk6\DR6\Partition1
15:36:41.0861 0x02d4  D: <-> \Device\Harddisk0\DR0\Partition1
15:36:41.0874 0x02d4  G: <-> \Device\Harddisk1\DR1\Partition2
15:36:41.0951 0x02d4  E: <-> \Device\Harddisk6\DR6\Partition2
15:36:41.0951 0x02d4  ============================================================
15:36:41.0951 0x02d4  Initialize success
15:36:41.0951 0x02d4  ============================================================
15:37:30.0181 0x0e3c  ============================================================
15:37:30.0181 0x0e3c  Scan started
15:37:30.0181 0x0e3c  Mode: Manual; SigCheck; TDLFS; 
15:37:30.0181 0x0e3c  ============================================================
15:37:30.0181 0x0e3c  KSN ping started
15:37:42.0273 0x0e3c  KSN ping finished: true
15:37:42.0818 0x0e3c  ================ Scan system memory ========================
15:37:42.0818 0x0e3c  System memory - ok
15:37:42.0818 0x0e3c  ================ Scan services =============================
15:37:42.0859 0x0e3c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:37:42.0899 0x0e3c  1394ohci - ok
15:37:42.0909 0x0e3c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:37:42.0919 0x0e3c  ACPI - ok
15:37:42.0924 0x0e3c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:37:42.0944 0x0e3c  AcpiPmi - ok
15:37:42.0964 0x0e3c  [ 8532B30A054D83614A90D24AD61A29DF, 959C74C63AF7F4E5588C705FBF08EA7A8749268BC28819879ED53AB7A3410B74 ] AdobeUpdateService C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
15:37:42.0979 0x0e3c  AdobeUpdateService - ok
15:37:42.0989 0x0e3c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:37:43.0004 0x0e3c  adp94xx - ok
15:37:43.0015 0x0e3c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:37:43.0028 0x0e3c  adpahci - ok
15:37:43.0033 0x0e3c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:37:43.0043 0x0e3c  adpu320 - ok
15:37:43.0043 0x0e3c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:37:43.0068 0x0e3c  AeLookupSvc - ok
15:37:43.0078 0x0e3c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
15:37:43.0093 0x0e3c  AFD - ok
15:37:43.0098 0x0e3c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:37:43.0103 0x0e3c  agp440 - ok
15:37:43.0143 0x0e3c  [ 840E0468368EB5FD87371EF508D72ACF, 7E05854D29C24E9BBB27B038620C345E063FF3B8F1AE0FDA054BEDF842FB29A9 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
15:37:43.0183 0x0e3c  AGSService - ok
15:37:43.0188 0x0e3c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:37:43.0203 0x0e3c  ALG - ok
15:37:43.0203 0x0e3c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:37:43.0213 0x0e3c  aliide - ok
15:37:43.0213 0x0e3c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:37:43.0223 0x0e3c  amdide - ok
15:37:43.0228 0x0e3c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:37:43.0238 0x0e3c  AmdK8 - ok
15:37:43.0238 0x0e3c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:37:43.0248 0x0e3c  AmdPPM - ok
15:37:43.0253 0x0e3c  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:37:43.0263 0x0e3c  amdsata - ok
15:37:43.0268 0x0e3c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:37:43.0278 0x0e3c  amdsbs - ok
15:37:43.0283 0x0e3c  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:37:43.0288 0x0e3c  amdxata - ok
15:37:43.0293 0x0e3c  [ D46391F209DE0A98A97D1D1765F53438, 4D8C7D90BE3DB348ED4069CE3F4F403FCC6149D60B238E0B5DF9DCE4CF69C995 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
15:37:43.0308 0x0e3c  AMPPAL - ok
15:37:43.0313 0x0e3c  [ D46391F209DE0A98A97D1D1765F53438, 4D8C7D90BE3DB348ED4069CE3F4F403FCC6149D60B238E0B5DF9DCE4CF69C995 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
15:37:43.0323 0x0e3c  AMPPALP - ok
15:37:43.0338 0x0e3c  [ EDFB061F7D553B84731B8263077FD520, 6A678358AAAB411C2A4911E1DA9E668F801831B8EE95E77977F72A0A5A3F90D9 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:37:43.0358 0x0e3c  AMPPALR3 - ok
15:37:43.0363 0x0e3c  [ 8B73FEE96B60EE597CBCAA735A842A36, AB3FC01FEC62AC115EC766770D8694DEDA2FF2286E0199DC238ABF2493EC1A22 ] AppID           C:\Windows\system32\drivers\appid.sys
15:37:43.0373 0x0e3c  AppID - ok
15:37:43.0378 0x0e3c  [ F5800413C0DF45C2CA15FD3ACBB1365F, 741E09EED0FF0152B59704729BD700E7D7A671C88F0708884AAB7A56ECCBD8AB ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:37:43.0388 0x0e3c  AppIDSvc - ok
15:37:43.0388 0x0e3c  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
15:37:43.0398 0x0e3c  Appinfo - ok
15:37:43.0403 0x0e3c  [ 7D811EA7A2AAA49B0446D42CBC1CD338, AFECE5E44E48F756C7EB81D95C9237552AF8A9C02CBE756E0F3D3C6524DE49AD ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:37:43.0413 0x0e3c  Apple Mobile Device Service - ok
15:37:43.0418 0x0e3c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:37:43.0433 0x0e3c  AppMgmt - ok
15:37:43.0438 0x0e3c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:37:43.0443 0x0e3c  arc - ok
15:37:43.0448 0x0e3c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:37:43.0458 0x0e3c  arcsas - ok
15:37:43.0478 0x0e3c  [ D2B5EB862E4CCD9713D6B9DE7BBCBB7B, 897DEE611A3CF7216E8F78033D2DB4055DE5FEC37FA665AE9E1163AF133C2526 ] ASGT            C:\Windows\SysWOW64\ASGT.exe
15:37:43.0488 0x0e3c  ASGT - detected UnsignedFile.Multi.Generic ( 1 )
15:37:44.0584 0x0e3c  Detect skipped due to KSN trusted
15:37:44.0584 0x0e3c  ASGT - ok
15:37:44.0599 0x0e3c  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:37:44.0609 0x0e3c  aspnet_state - ok
15:37:44.0609 0x0e3c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:44.0629 0x0e3c  AsyncMac - ok
15:37:44.0634 0x0e3c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:37:44.0639 0x0e3c  atapi - ok
15:37:44.0649 0x0e3c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:37:44.0669 0x0e3c  AudioEndpointBuilder - ok
15:37:44.0679 0x0e3c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:37:44.0699 0x0e3c  AudioSrv - ok
15:37:44.0704 0x0e3c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:37:44.0719 0x0e3c  AxInstSV - ok
15:37:44.0729 0x0e3c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:37:44.0744 0x0e3c  b06bdrv - ok
15:37:44.0749 0x0e3c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:37:44.0764 0x0e3c  b57nd60a - ok
15:37:44.0769 0x0e3c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:37:44.0779 0x0e3c  BDESVC - ok
15:37:44.0784 0x0e3c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:37:44.0799 0x0e3c  Beep - ok
15:37:44.0814 0x0e3c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:37:44.0834 0x0e3c  BFE - ok
15:37:44.0849 0x0e3c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:37:44.0884 0x0e3c  BITS - ok
15:37:44.0884 0x0e3c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:37:44.0894 0x0e3c  blbdrive - ok
15:37:44.0904 0x0e3c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:37:44.0919 0x0e3c  Bonjour Service - ok
15:37:44.0924 0x0e3c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:37:44.0934 0x0e3c  bowser - ok
15:37:44.0939 0x0e3c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:37:44.0959 0x0e3c  BrFiltLo - ok
15:37:44.0959 0x0e3c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:37:44.0969 0x0e3c  BrFiltUp - ok
15:37:44.0974 0x0e3c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:37:44.0984 0x0e3c  Browser - ok
15:37:44.0989 0x0e3c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:37:45.0009 0x0e3c  Brserid - ok
15:37:45.0013 0x0e3c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:37:45.0023 0x0e3c  BrSerWdm - ok
15:37:45.0023 0x0e3c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:37:45.0033 0x0e3c  BrUsbMdm - ok
15:37:45.0038 0x0e3c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:37:45.0043 0x0e3c  BrUsbSer - ok
15:37:45.0058 0x0e3c  [ 3C2B44729EB279FCC5582699E8922281, B21EE8CD526D0B360658F0ABD2027213957B5154946D55EAD09ED14451CFC81C ] BstHdAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Service.exe
15:37:45.0073 0x0e3c  BstHdAndroidSvc - ok
15:37:45.0078 0x0e3c  [ 8181CDC414549F453E879A3D3D575DBC, 174BD61A581B8095CA6F3CB97ED2238A360270117CEF0EDDF06C3C190B8B0FB0 ] BstHdDrv        C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys
15:37:45.0088 0x0e3c  BstHdDrv - ok
15:37:45.0098 0x0e3c  [ C062341653746EB2D429F5C288E24FA2, 395C5434F1CD02B9F91536FAA5DFD542704BAEE4CA78FD94D8D303BC54BDAB8C ] BstHdLogRotatorSvc C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
15:37:45.0108 0x0e3c  BstHdLogRotatorSvc - ok
15:37:45.0118 0x0e3c  [ A0CC8145972577347800359AF7711536, B578C5C9C0F5F26E46E9F9008D8B148C258A2C6BFC58D1A37461CC44D54FFA74 ] BstHdPlusAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
15:37:45.0133 0x0e3c  BstHdPlusAndroidSvc - ok
15:37:45.0138 0x0e3c  [ 95820BAC50416203BAB1AA3B1D5C6ED5, 472A7ECE8F11597620D27EF37204AF42B92290C228B267B4AA3B5066F40B60CD ] BstkDrv         C:\Program Files (x86)\Bluestacks\BstkDrv.sys
15:37:45.0153 0x0e3c  BstkDrv - ok
15:37:45.0153 0x0e3c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:37:45.0163 0x0e3c  BTHMODEM - ok
15:37:45.0168 0x0e3c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:37:45.0188 0x0e3c  bthserv - ok
15:37:45.0193 0x0e3c  [ A3BC030FC526643DFDCA27299F75544B, A5BB94DBE52746D16CB35EE5311F1660232F6BA840F70420549360A19B7D6F7E ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:37:45.0203 0x0e3c  BTHSSecurityMgr - ok
15:37:45.0208 0x0e3c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:37:45.0228 0x0e3c  cdfs - ok
15:37:45.0233 0x0e3c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:37:45.0243 0x0e3c  cdrom - ok
15:37:45.0248 0x0e3c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:37:45.0263 0x0e3c  CertPropSvc - ok
15:37:45.0268 0x0e3c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:37:45.0278 0x0e3c  circlass - ok
15:37:45.0288 0x0e3c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
15:37:45.0298 0x0e3c  CLFS - ok
15:37:45.0383 0x0e3c  [ 069565979759A32A7E7FFF1541906B3F, E840AA394EB60120F8E6C4E7880A7F061070CAC5CC9AB1F74F88F65A6572BE08 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
15:37:45.0443 0x0e3c  ClickToRunSvc - ok
15:37:45.0453 0x0e3c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:37:45.0458 0x0e3c  clr_optimization_v2.0.50727_32 - ok
15:37:45.0468 0x0e3c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:37:45.0473 0x0e3c  clr_optimization_v2.0.50727_64 - ok
15:37:45.0488 0x0e3c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:37:45.0498 0x0e3c  clr_optimization_v4.0.30319_32 - ok
15:37:45.0503 0x0e3c  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:37:45.0512 0x0e3c  clr_optimization_v4.0.30319_64 - ok
15:37:45.0515 0x0e3c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:37:45.0523 0x0e3c  CmBatt - ok
15:37:45.0523 0x0e3c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:37:45.0533 0x0e3c  cmdide - ok
15:37:45.0543 0x0e3c  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:37:45.0558 0x0e3c  CNG - ok
15:37:45.0558 0x0e3c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:37:45.0568 0x0e3c  Compbatt - ok
15:37:45.0568 0x0e3c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:37:45.0583 0x0e3c  CompositeBus - ok
15:37:45.0583 0x0e3c  COMSysApp - ok
15:37:45.0613 0x0e3c  [ 8492FA3B8E6C23805A61032A2C66FD54, 13248B60A1D119694DBAC464CCF0D534CD8ADC24329394F0E31D856746791DF5 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:37:45.0628 0x0e3c  cphs - ok
15:37:45.0628 0x0e3c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:37:45.0638 0x0e3c  crcdisk - ok
15:37:45.0643 0x0e3c  [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:37:45.0653 0x0e3c  CryptSvc - ok
15:37:45.0663 0x0e3c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:37:45.0683 0x0e3c  CSC - ok
15:37:45.0693 0x0e3c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:37:45.0713 0x0e3c  CscService - ok
15:37:45.0728 0x0e3c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:37:45.0753 0x0e3c  DcomLaunch - ok
15:37:45.0758 0x0e3c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:37:45.0783 0x0e3c  defragsvc - ok
15:37:45.0788 0x0e3c  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:37:45.0798 0x0e3c  DfsC - ok
15:37:45.0803 0x0e3c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:37:45.0828 0x0e3c  Dhcp - ok
15:37:45.0833 0x0e3c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:37:45.0853 0x0e3c  discache - ok
15:37:45.0858 0x0e3c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:37:45.0863 0x0e3c  Disk - ok
15:37:45.0868 0x0e3c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:37:45.0878 0x0e3c  Dnscache - ok
15:37:45.0888 0x0e3c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:37:45.0913 0x0e3c  dot3svc - ok
15:37:45.0918 0x0e3c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:37:45.0938 0x0e3c  DPS - ok
15:37:45.0953 0x0e3c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:37:45.0963 0x0e3c  drmkaud - ok
15:37:45.0968 0x0e3c  [ D52EEB224DF107AAD9059597F0EB95CC, 40BE0E795CE981AB287FE93C509ED7FB11519B9A5173C7AC67D1EFB3E766859D ] DslMNLwf        C:\Windows\system32\DRIVERS\dslmnlwf.sys
15:37:45.0973 0x0e3c  DslMNLwf - ok
15:37:45.0988 0x0e3c  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:37:46.0009 0x0e3c  DXGKrnl - ok
15:37:46.0019 0x0e3c  [ CC2DE631888782989B27B775B09F6FCD, 911009FF41EE5B05EDD76950A696FA1631F93107BEE6CEB153EEB6EEFC8A922A ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
15:37:46.0034 0x0e3c  e1dexpress - ok
15:37:46.0039 0x0e3c  [ E75A80FA10A247F1E104ECB813255A45, 565B0706F5CEBB205AB2ED9849D55271EAFE101DCE91E512F1C38D84E5EDD6E7 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
15:37:46.0054 0x0e3c  eamonm - ok
15:37:46.0054 0x0e3c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:37:46.0079 0x0e3c  EapHost - ok
15:37:46.0124 0x0e3c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:37:46.0189 0x0e3c  ebdrv - ok
15:37:46.0194 0x0e3c  [ ACD3E4A07215DBE12F2274A685B17AB8, 9676F69D1FCCA2905B7B171B52A8503F569CE2528CF0861606010B10672EC976 ] edevmon         C:\Windows\system32\DRIVERS\edevmon.sys
15:37:46.0209 0x0e3c  edevmon - ok
15:37:46.0209 0x0e3c  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] EFS             C:\Windows\System32\lsass.exe
15:37:46.0219 0x0e3c  EFS - ok
15:37:46.0224 0x0e3c  [ 1A4A59712D426D752FB668342A04A0D8, CAAEC83497139B5F2BB6852C6A1E279D0186A0E5A4AE7F3B823003D2F6E9547F ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
15:37:46.0234 0x0e3c  ehdrv - ok
15:37:46.0249 0x0e3c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:37:46.0269 0x0e3c  ehRecvr - ok
15:37:46.0274 0x0e3c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:37:46.0289 0x0e3c  ehSched - ok
15:37:46.0294 0x0e3c  [ 68FF4448C05A11D169D47A849E7EF379, 02020DA595C7DE8D7BD014A4C622B568DA61988A0BA0E110803A58F87CB3FD11 ] ekbdflt         C:\Windows\system32\DRIVERS\ekbdflt.sys
15:37:46.0304 0x0e3c  ekbdflt - ok
15:37:46.0344 0x0e3c  [ 83A9EF0F3F1AA1E474A6D33AD191F2BA, 0E2E3F9A6104B8D3689AEC19256CC644B0BCDADD95BB98F90DBBFD679BE26E96 ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
15:37:46.0399 0x0e3c  ekrn - ok
15:37:46.0409 0x0e3c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:37:46.0424 0x0e3c  elxstor - ok
15:37:46.0434 0x0e3c  [ 59E0BD14BC40B77E9AA0143B1ACD2BB8, 516214B60F344A4A782444FBC272DE9FA6A9785E1057CDB43282C99376F31C86 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
15:37:46.0444 0x0e3c  epfw - ok
15:37:46.0444 0x0e3c  [ 424E123AA389801748E53530B3D23910, 65E3F9B5732FC1E14343E697F63434D2BA8EC06CB014DF08503C08969BDA2E78 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
15:37:46.0454 0x0e3c  EpfwLWF - ok
15:37:46.0459 0x0e3c  [ 553EE9B0426F8AE1321E2CC07374FA19, A6A96BECA8744D482FE1B039DF1B902B4CA5CEC9120701162EF31B8CD7305813 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
15:37:46.0464 0x0e3c  epfwwfp - ok
15:37:46.0469 0x0e3c  [ 8783EDE26F315555EFE697239D337910, 344232F0018A942B57AF40FBE00AEB89F55A8F412CD20A2174024117F95B2BE9 ] epp             C:\EEK\bin64\epp.sys
15:37:46.0479 0x0e3c  epp - ok
15:37:46.0484 0x0e3c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:37:46.0489 0x0e3c  ErrDev - ok
15:37:46.0499 0x0e3c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:37:46.0529 0x0e3c  EventSystem - ok
15:37:46.0544 0x0e3c  [ 6EB16C7286FBCD3AB206743BA813EC48, DF0BEDEF0205C940A4F14E196CDF4626DDCA6C8BEDF2C414CF7BB89303272C0E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:37:46.0559 0x0e3c  EvtEng - ok
15:37:46.0564 0x0e3c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:37:46.0589 0x0e3c  exfat - ok
15:37:46.0594 0x0e3c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:37:46.0619 0x0e3c  fastfat - ok
15:37:46.0629 0x0e3c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:37:46.0649 0x0e3c  Fax - ok
15:37:46.0654 0x0e3c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:37:46.0664 0x0e3c  fdc - ok
15:37:46.0669 0x0e3c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:37:46.0689 0x0e3c  fdPHost - ok
15:37:46.0689 0x0e3c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:37:46.0709 0x0e3c  FDResPub - ok
15:37:46.0714 0x0e3c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:37:46.0719 0x0e3c  FileInfo - ok
15:37:46.0724 0x0e3c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:37:46.0739 0x0e3c  Filetrace - ok
15:37:46.0744 0x0e3c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:37:46.0754 0x0e3c  flpydisk - ok
15:37:46.0759 0x0e3c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:37:46.0769 0x0e3c  FltMgr - ok
15:37:46.0789 0x0e3c  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
15:37:46.0819 0x0e3c  FontCache - ok
15:37:46.0824 0x0e3c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:37:46.0829 0x0e3c  FontCache3.0.0.0 - ok
15:37:46.0829 0x0e3c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:37:46.0839 0x0e3c  FsDepends - ok
15:37:46.0839 0x0e3c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:37:46.0844 0x0e3c  Fs_Rec - ok
15:37:46.0854 0x0e3c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:37:46.0864 0x0e3c  fvevol - ok
15:37:46.0869 0x0e3c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:37:46.0874 0x0e3c  gagp30kx - ok
15:37:46.0894 0x0e3c  [ C6E1E9A45C8BCFD073148B6A6B038C69, EB421C687BC3A3CF97685AA598EF0C671AA74DC801185D4E3C197C1B5B24EE02 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
15:37:46.0919 0x0e3c  GfExperienceService - ok
15:37:46.0934 0x0e3c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:37:46.0959 0x0e3c  gpsvc - ok
15:37:46.0964 0x0e3c  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:37:46.0974 0x0e3c  gupdate - ok
15:37:46.0979 0x0e3c  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:37:46.0984 0x0e3c  gupdatem - ok
15:37:46.0989 0x0e3c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:37:46.0999 0x0e3c  hcw85cir - ok
15:37:47.0004 0x0e3c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:37:47.0024 0x0e3c  HdAudAddService - ok
15:37:47.0029 0x0e3c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:37:47.0039 0x0e3c  HDAudBus - ok
15:37:47.0039 0x0e3c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:37:47.0049 0x0e3c  HidBatt - ok
15:37:47.0054 0x0e3c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:37:47.0064 0x0e3c  HidBth - ok
15:37:47.0064 0x0e3c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:37:47.0074 0x0e3c  HidIr - ok
15:37:47.0079 0x0e3c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:37:47.0099 0x0e3c  hidserv - ok
15:37:47.0104 0x0e3c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:37:47.0114 0x0e3c  HidUsb - ok
15:37:47.0114 0x0e3c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:37:47.0134 0x0e3c  hkmsvc - ok
15:37:47.0144 0x0e3c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:37:47.0159 0x0e3c  HomeGroupListener - ok
15:37:47.0164 0x0e3c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:37:47.0174 0x0e3c  HomeGroupProvider - ok
15:37:47.0179 0x0e3c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:37:47.0184 0x0e3c  HpSAMD - ok
15:37:47.0199 0x0e3c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:37:47.0219 0x0e3c  HTTP - ok
15:37:47.0224 0x0e3c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:37:47.0229 0x0e3c  hwpolicy - ok
15:37:47.0234 0x0e3c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:37:47.0244 0x0e3c  i8042prt - ok
15:37:47.0259 0x0e3c  [ 6655615C7E4E29E6481F75A93ED99954, C7387D85DEC6BEF74DAD3B36398D1DA8914E9CF6F460D36E30088E3F6754E972 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
15:37:47.0274 0x0e3c  iaStorA - ok
15:37:47.0279 0x0e3c  [ F35FBCEB1B71BC20BBAFA526E203D6A1, F389B689B5DF0D204E3EA21B7201A89D29DE518716781BB390AC6E5CED64C790 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:37:47.0284 0x0e3c  IAStorDataMgrSvc - ok
15:37:47.0284 0x0e3c  [ ABE52EF9AF37C8D4FC67FDB9BE368142, 75B2787A0E45ED4801530D13381E596D1DB635D0A9C3FDFAB3951063048A5ECF ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
15:37:47.0289 0x0e3c  iaStorF - ok
15:37:47.0299 0x0e3c  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:37:47.0314 0x0e3c  iaStorV - ok
15:37:47.0339 0x0e3c  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:37:47.0354 0x0e3c  ICCS - ok
15:37:47.0369 0x0e3c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:37:47.0394 0x0e3c  idsvc - ok
15:37:47.0394 0x0e3c  IEEtwCollectorService - ok
15:37:47.0444 0x0e3c  [ B12F7F8180BCD99B29AE2A6534857EA1, D095DF08A4F3510B96DE55A69ACCDEA0AACC7244447A858041D4C511835BA066 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:37:47.0524 0x0e3c  igfx - ok
15:37:47.0529 0x0e3c  [ 181722D8E78521191B9B83109AA011CA, 42255FD631D269283686DE964F512345C2C3A257E988A950A12EE9A7F815234E ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
15:37:47.0539 0x0e3c  igfxCUIService1.0.0.0 - ok
15:37:47.0544 0x0e3c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:37:47.0554 0x0e3c  iirsp - ok
15:37:47.0569 0x0e3c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:37:47.0589 0x0e3c  IKEEXT - ok
15:37:47.0659 0x0e3c  [ 0D378E0EC4009E954FB1A358514CE99E, 05B36FCFFBCB01DBD01096B3E72F2AEBCEF91C99EF2AA4DB17EBECC33A1CA0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:37:47.0739 0x0e3c  IntcAzAudAddService - ok
15:37:47.0749 0x0e3c  [ FA6094444A7DC90449800F964E0A8668, A6DCF395649FA185596D55713888922BA2A61D96AD0D5E7860FD47EE30B7E4CF ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
15:37:47.0759 0x0e3c  Intel(R) PROSet Monitoring Service - ok
15:37:47.0759 0x0e3c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:37:47.0769 0x0e3c  intelide - ok
15:37:47.0774 0x0e3c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:37:47.0779 0x0e3c  intelppm - ok
15:37:47.0784 0x0e3c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:37:47.0809 0x0e3c  IPBusEnum - ok
15:37:47.0814 0x0e3c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:47.0834 0x0e3c  IpFilterDriver - ok
15:37:47.0844 0x0e3c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:37:47.0874 0x0e3c  iphlpsvc - ok
15:37:47.0879 0x0e3c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:37:47.0889 0x0e3c  IPMIDRV - ok
15:37:47.0894 0x0e3c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:37:47.0914 0x0e3c  IPNAT - ok
15:37:47.0929 0x0e3c  [ A9E19D4C0E9487544B0A87D511514DA9, 83767BA2A7EE1DE39DBF824B57D898355F8C5E3CE146CA280B0E336428837E70 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:37:47.0944 0x0e3c  iPod Service - ok
15:37:47.0949 0x0e3c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:37:47.0959 0x0e3c  IRENUM - ok
15:37:47.0964 0x0e3c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:37:47.0969 0x0e3c  isapnp - ok
15:37:47.0979 0x0e3c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:37:47.0989 0x0e3c  iScsiPrt - ok
15:37:47.0994 0x0e3c  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:37:47.0999 0x0e3c  iusb3hcs - ok
15:37:48.0004 0x0e3c  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:37:48.0019 0x0e3c  iusb3hub - ok
15:37:48.0029 0x0e3c  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:37:48.0049 0x0e3c  iusb3xhc - ok
15:37:48.0049 0x0e3c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:37:48.0059 0x0e3c  kbdclass - ok
15:37:48.0059 0x0e3c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:37:48.0069 0x0e3c  kbdhid - ok
15:37:48.0074 0x0e3c  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] KeyIso          C:\Windows\system32\lsass.exe
15:37:48.0079 0x0e3c  KeyIso - ok
15:37:48.0094 0x0e3c  [ 4677AF088A95F02A41F81733E33507C6, 0579EF63D0BB604CA4955A0A0CB1DE65AC99C28DBA6A1EB138793F338D36052A ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
15:37:48.0104 0x0e3c  Kodak AiO Network Discovery Service - ok
15:37:48.0119 0x0e3c  [ 60301F8FDF519FFEC307A686209C33BE, B9A31478707B518967A6200813DCBD4DE03824FBFAB6E35D4FA4DA783FD6305A ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
15:37:48.0139 0x0e3c  Kodak AiO Status Monitor Service - ok
15:37:48.0144 0x0e3c  [ CF11CC2B73D5155533C67354F9188E09, D59C30B9651F8E0952DFF34A010BC60A1D27AE10F5705C54424BF6BB7ADF9F62 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:37:48.0149 0x0e3c  KSecDD - ok
15:37:48.0154 0x0e3c  [ 2E56D51B184EFB8E353B7AF446299DC8, CE7AAFF89F3A0BFE191DE90430A04C7FB899F5CF3B704AA5A96F47D5F37192B2 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:37:48.0164 0x0e3c  KSecPkg - ok
15:37:48.0164 0x0e3c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:37:48.0184 0x0e3c  ksthunk - ok
15:37:48.0194 0x0e3c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:37:48.0219 0x0e3c  KtmRm - ok
15:37:48.0229 0x0e3c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:37:48.0254 0x0e3c  LanmanServer - ok
15:37:48.0254 0x0e3c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:37:48.0279 0x0e3c  LanmanWorkstation - ok
15:37:48.0284 0x0e3c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:37:48.0304 0x0e3c  lltdio - ok
15:37:48.0314 0x0e3c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:37:48.0339 0x0e3c  lltdsvc - ok
15:37:48.0344 0x0e3c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:37:48.0364 0x0e3c  lmhosts - ok
15:37:48.0369 0x0e3c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:37:48.0379 0x0e3c  LSI_FC - ok
15:37:48.0384 0x0e3c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:37:48.0394 0x0e3c  LSI_SAS - ok
15:37:48.0394 0x0e3c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:37:48.0404 0x0e3c  LSI_SAS2 - ok
15:37:48.0409 0x0e3c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:37:48.0414 0x0e3c  LSI_SCSI - ok
15:37:48.0419 0x0e3c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:37:48.0439 0x0e3c  luafv - ok
15:37:48.0444 0x0e3c  [ 47701ECA633574E122687693B5C5D35C, 1DB12767462347504956450FAD0D90B6E682E2E8959A6C5DF3792C3C3DA289B1 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
15:37:48.0454 0x0e3c  mbamchameleon - ok
15:37:48.0454 0x0e3c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:37:48.0464 0x0e3c  Mcx2Svc - ok
15:37:48.0469 0x0e3c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:37:48.0474 0x0e3c  megasas - ok
15:37:48.0479 0x0e3c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:37:48.0494 0x0e3c  MegaSR - ok
15:37:48.0494 0x0e3c  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:37:48.0504 0x0e3c  MEIx64 - ok
15:37:48.0504 0x0e3c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:37:48.0529 0x0e3c  MMCSS - ok
15:37:48.0529 0x0e3c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:37:48.0549 0x0e3c  Modem - ok
15:37:48.0554 0x0e3c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:37:48.0559 0x0e3c  monitor - ok
15:37:48.0564 0x0e3c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:37:48.0569 0x0e3c  mouclass - ok
15:37:48.0574 0x0e3c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:37:48.0584 0x0e3c  mouhid - ok
15:37:48.0584 0x0e3c  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:37:48.0594 0x0e3c  mountmgr - ok
15:37:48.0599 0x0e3c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:37:48.0609 0x0e3c  mpio - ok
15:37:48.0614 0x0e3c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:37:48.0634 0x0e3c  mpsdrv - ok
15:37:48.0649 0x0e3c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:37:48.0684 0x0e3c  MpsSvc - ok
15:37:48.0689 0x0e3c  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:37:48.0699 0x0e3c  MRxDAV - ok
15:37:48.0704 0x0e3c  [ FCA01B0C70DAE9BE557577E719469D17, F9868B7B50EF6323BF6690F087A83928A1E82B96A19B27F344E10BF11E520C32 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:37:48.0714 0x0e3c  mrxsmb - ok
15:37:48.0724 0x0e3c  [ 386BE96797C5B480AD31E8B50CEE337C, 88E826F42BEB38CAA7C84AE6ED4D8EBC4D382A8A37CF9F7B8517B297F168F1B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:37:48.0734 0x0e3c  mrxsmb10 - ok
15:37:48.0739 0x0e3c  [ 841474CF2EB14F826038FBCC7D85B857, 4B1BC8AFDA54D1F16AC2AAB7EDDAE07FBF1E3B65D1658F8901A3E3175AF72800 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:37:48.0749 0x0e3c  mrxsmb20 - ok
15:37:48.0754 0x0e3c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:37:48.0759 0x0e3c  msahci - ok
15:37:48.0764 0x0e3c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:37:48.0774 0x0e3c  msdsm - ok
15:37:48.0779 0x0e3c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:37:48.0789 0x0e3c  MSDTC - ok
15:37:48.0794 0x0e3c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:37:48.0814 0x0e3c  Msfs - ok
15:37:48.0819 0x0e3c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:37:48.0839 0x0e3c  mshidkmdf - ok
15:37:48.0839 0x0e3c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:37:48.0844 0x0e3c  msisadrv - ok
15:37:48.0849 0x0e3c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:37:48.0874 0x0e3c  MSiSCSI - ok
15:37:48.0874 0x0e3c  msiserver - ok
15:37:48.0879 0x0e3c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:37:48.0899 0x0e3c  MSKSSRV - ok
15:37:48.0899 0x0e3c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:37:48.0919 0x0e3c  MSPCLOCK - ok
15:37:48.0924 0x0e3c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:37:48.0944 0x0e3c  MSPQM - ok
15:37:48.0949 0x0e3c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:37:48.0964 0x0e3c  MsRPC - ok
15:37:48.0964 0x0e3c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:37:48.0974 0x0e3c  mssmbios - ok
15:37:48.0974 0x0e3c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:37:48.0994 0x0e3c  MSTEE - ok
15:37:48.0999 0x0e3c  [ 32528D01ACBBC8DF6211268FA06D7C10, ACAEB89550FDAE7DD7701EB07ED1700933DDFABC753BB639E3C49457A40AFE30 ] mt7612US        C:\Windows\system32\DRIVERS\mt7612US.sys
15:37:49.0019 0x0e3c  mt7612US - ok
15:37:49.0024 0x0e3c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:37:49.0029 0x0e3c  MTConfig - ok
15:37:49.0034 0x0e3c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:37:49.0039 0x0e3c  Mup - ok
15:37:49.0049 0x0e3c  [ 7E11D1788F5B531D49EF0AF97202437B, 8BF4A65466D235F0AB8E8855B04920BEF81A7EAC29C066FFC258BE816EBED2F4 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:37:49.0059 0x0e3c  MyWiFiDHCPDNS - ok
15:37:49.0069 0x0e3c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:37:49.0094 0x0e3c  napagent - ok
15:37:49.0104 0x0e3c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:37:49.0119 0x0e3c  NativeWifiP - ok
15:37:49.0134 0x0e3c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:37:49.0159 0x0e3c  NDIS - ok
15:37:49.0159 0x0e3c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:37:49.0179 0x0e3c  NdisCap - ok
15:37:49.0184 0x0e3c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:49.0204 0x0e3c  NdisTapi - ok
15:37:49.0204 0x0e3c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:49.0224 0x0e3c  Ndisuio - ok
15:37:49.0229 0x0e3c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:49.0254 0x0e3c  NdisWan - ok
15:37:49.0254 0x0e3c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:37:49.0274 0x0e3c  NDProxy - ok
15:37:49.0279 0x0e3c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:37:49.0299 0x0e3c  NetBIOS - ok
15:37:49.0304 0x0e3c  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:37:49.0319 0x0e3c  NetBT - ok
15:37:49.0319 0x0e3c  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] Netlogon        C:\Windows\system32\lsass.exe
15:37:49.0329 0x0e3c  Netlogon - ok
15:37:49.0334 0x0e3c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:37:49.0359 0x0e3c  Netman - ok
15:37:49.0374 0x0e3c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:49.0384 0x0e3c  NetMsmqActivator - ok
15:37:49.0389 0x0e3c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:49.0394 0x0e3c  NetPipeActivator - ok
15:37:49.0404 0x0e3c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:37:49.0434 0x0e3c  netprofm - ok
15:37:49.0439 0x0e3c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:49.0444 0x0e3c  NetTcpActivator - ok
15:37:49.0449 0x0e3c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:49.0459 0x0e3c  NetTcpPortSharing - ok
15:37:49.0459 0x0e3c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:37:49.0469 0x0e3c  nfrd960 - ok
15:37:49.0479 0x0e3c  [ 956BB5F7CCC82D31BF32AE43A41D1ADE, 4AF9F85B2E6C4966B9125A0F3728459C221EF4CD3FFCDD65435D7AD01E141176 ] NitroReaderDriverReadSpool5 C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
15:37:49.0489 0x0e3c  NitroReaderDriverReadSpool5 - ok
15:37:49.0494 0x0e3c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:37:49.0509 0x0e3c  NlaSvc - ok
15:37:49.0514 0x0e3c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:37:49.0534 0x0e3c  Npfs - ok
15:37:49.0534 0x0e3c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:37:49.0554 0x0e3c  nsi - ok
15:37:49.0559 0x0e3c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:37:49.0579 0x0e3c  nsiproxy - ok
15:37:49.0604 0x0e3c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:37:49.0634 0x0e3c  Ntfs - ok
15:37:49.0639 0x0e3c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:37:49.0659 0x0e3c  Null - ok
15:37:49.0664 0x0e3c  [ 67B51A97733B10D716B366C2ED126763, C34B889D39A4443A82BCDF6B9A0BF637D2ECC37BBB1AAE21143EC9E3DC495D90 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
15:37:49.0674 0x0e3c  NVHDA - ok
15:37:49.0854 0x0e3c  [ 71CF83223F3ADC2EC9DC0FDA8702E312, A76E94F73CD1EAB5D49EF8A206B1E4BC141620B482236E0FD17F5FA0CAD05863 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:37:50.0069 0x0e3c  nvlddmkm - ok
15:37:50.0104 0x0e3c  [ A6102293847A7A2DF01E7BF7AC1C1F12, 14E4E75711C00DA826136FB531E9AD53787502F441103386C5CD37EEFCE27AFC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
15:37:50.0144 0x0e3c  NvNetworkService - ok
15:37:50.0149 0x0e3c  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:37:50.0159 0x0e3c  nvraid - ok
15:37:50.0164 0x0e3c  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:37:50.0174 0x0e3c  nvstor - ok
15:37:50.0179 0x0e3c  [ 99D42078C9596A20A7B3419159265A25, E9F5380E6597C79B26B2CBAAC534F31C5027F32AAA0FD5876CF7E9BB6658F30C ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
15:37:50.0184 0x0e3c  NvStreamKms - ok
15:37:50.0234 0x0e3c  [ E6A64322EB213AEACBB61584AA6FB032, FA91C89B81DD7F3EC22DF71FFC3A506AD40AE76EC91F1115CCAB6ED39431369D ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
15:37:50.0299 0x0e3c  NvStreamNetworkSvc - ok
15:37:50.0339 0x0e3c  [ A8213BF32D2E75ADD362E118AD164749, 6F35210ED11088FE64F13DD63053FFDA4628A5F6397DA33A345970962AB83499 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
15:37:50.0389 0x0e3c  NvStreamSvc - ok
15:37:50.0409 0x0e3c  [ F07CC5C6A71B002C50D74FD611F44538, 85A341530740A71768947E721B0A979DEE328348F3083806A367DAA0CD628CB4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:37:50.0439 0x0e3c  nvsvc - ok
15:37:50.0444 0x0e3c  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:37:50.0454 0x0e3c  nvvad_WaveExtensible - ok
15:37:50.0454 0x0e3c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:37:50.0464 0x0e3c  nv_agp - ok
15:37:50.0484 0x0e3c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:37:50.0494 0x0e3c  ohci1394 - ok
15:37:50.0554 0x0e3c  [ AD851D818F399DD946A9C17AB2156F22, 4A541E7A3A3164581BFB9080DE0976E18F6DD00E39458EBBCBD3B2445708BEB5 ] Origin Client Service G:\Origin\OriginClientService.exe
15:37:50.0609 0x0e3c  Origin Client Service - ok
15:37:50.0654 0x0e3c  [ 788363C87EBD90AC1EAD2DC5A9A40759, B565663B459414C5C9F81451D9A127D62CDF605BC2A9E686F74A2E4FD44A9B43 ] Origin Web Helper Service G:\Origin\OriginWebHelperService.exe
15:37:50.0709 0x0e3c  Origin Web Helper Service - ok
15:37:50.0719 0x0e3c  [ A5FB4253A5C42548C817864826E5F202, A5F0E2564D530B14B43BEA359602C4A753C45497971587D208EA56AC8C4AEDBD ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:37:50.0734 0x0e3c  ose64 - ok
15:37:50.0809 0x0e3c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:37:50.0904 0x0e3c  osppsvc - ok
15:37:50.0914 0x0e3c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:37:50.0935 0x0e3c  p2pimsvc - ok
15:37:50.0940 0x0e3c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:37:50.0960 0x0e3c  p2psvc - ok
15:37:50.0965 0x0e3c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:37:50.0970 0x0e3c  Parport - ok
15:37:50.0975 0x0e3c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:37:50.0985 0x0e3c  partmgr - ok
15:37:50.0990 0x0e3c  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:37:51.0005 0x0e3c  PcaSvc - ok
15:37:51.0010 0x0e3c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:37:51.0020 0x0e3c  pci - ok
15:37:51.0020 0x0e3c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:37:51.0025 0x0e3c  pciide - ok
15:37:51.0035 0x0e3c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:37:51.0045 0x0e3c  pcmcia - ok
15:37:51.0045 0x0e3c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:37:51.0055 0x0e3c  pcw - ok
15:37:51.0065 0x0e3c  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:37:51.0085 0x0e3c  PEAUTH - ok
15:37:51.0110 0x0e3c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:37:51.0145 0x0e3c  PeerDistSvc - ok
15:37:51.0175 0x0e3c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:37:51.0185 0x0e3c  PerfHost - ok
15:37:51.0210 0x0e3c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:37:51.0255 0x0e3c  pla - ok
15:37:51.0265 0x0e3c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:37:51.0280 0x0e3c  PlugPlay - ok
15:37:51.0285 0x0e3c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:37:51.0295 0x0e3c  PNRPAutoReg - ok
15:37:51.0300 0x0e3c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:37:51.0315 0x0e3c  PNRPsvc - ok
15:37:51.0325 0x0e3c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:37:51.0345 0x0e3c  PolicyAgent - ok
15:37:51.0350 0x0e3c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:37:51.0375 0x0e3c  Power - ok
15:37:51.0375 0x0e3c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:37:51.0400 0x0e3c  PptpMiniport - ok
15:37:51.0400 0x0e3c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:37:51.0410 0x0e3c  Processor - ok
15:37:51.0415 0x0e3c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:37:51.0430 0x0e3c  ProfSvc - ok
15:37:51.0430 0x0e3c  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:37:51.0440 0x0e3c  ProtectedStorage - ok
15:37:51.0445 0x0e3c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:37:51.0465 0x0e3c  Psched - ok
15:37:51.0490 0x0e3c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:37:51.0520 0x0e3c  ql2300 - ok
15:37:51.0525 0x0e3c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:37:51.0535 0x0e3c  ql40xx - ok
15:37:51.0540 0x0e3c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:37:51.0555 0x0e3c  QWAVE - ok
15:37:51.0560 0x0e3c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:37:51.0570 0x0e3c  QWAVEdrv - ok
15:37:51.0570 0x0e3c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:37:51.0590 0x0e3c  RasAcd - ok
15:37:51.0595 0x0e3c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:37:51.0615 0x0e3c  RasAgileVpn - ok
15:37:51.0620 0x0e3c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:37:51.0645 0x0e3c  RasAuto - ok
15:37:51.0650 0x0e3c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:51.0670 0x0e3c  Rasl2tp - ok
15:37:51.0675 0x0e3c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:37:51.0705 0x0e3c  RasMan - ok
15:37:51.0710 0x0e3c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:51.0730 0x0e3c  RasPppoe - ok
15:37:51.0735 0x0e3c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:37:51.0755 0x0e3c  RasSstp - ok
15:37:51.0765 0x0e3c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:37:51.0791 0x0e3c  rdbss - ok
15:37:51.0791 0x0e3c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:37:51.0801 0x0e3c  rdpbus - ok
15:37:51.0806 0x0e3c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:51.0826 0x0e3c  RDPCDD - ok
15:37:51.0831 0x0e3c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:37:51.0841 0x0e3c  RDPDR - ok
15:37:51.0846 0x0e3c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:37:51.0866 0x0e3c  RDPENCDD - ok
15:37:51.0871 0x0e3c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:37:51.0886 0x0e3c  RDPREFMP - ok
15:37:51.0896 0x0e3c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:37:51.0906 0x0e3c  RDPWD - ok
15:37:51.0911 0x0e3c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:37:51.0921 0x0e3c  rdyboost - ok
15:37:51.0926 0x0e3c  [ F09087C51C6AE42AE7DABE1EB3E44C17, DAE1CB123EA830DFCB68FD34A95FC427755FBBAD7AD16EE3F0D4941A25AD49F4 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:37:51.0936 0x0e3c  RegSrvc - ok
15:37:51.0941 0x0e3c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:37:51.0961 0x0e3c  RemoteAccess - ok
15:37:51.0966 0x0e3c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:37:51.0991 0x0e3c  RemoteRegistry - ok
15:37:51.0991 0x0e3c  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
15:37:52.0001 0x0e3c  Revoflt - ok
15:37:52.0001 0x0e3c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:37:52.0021 0x0e3c  RpcEptMapper - ok
15:37:52.0026 0x0e3c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:37:52.0036 0x0e3c  RpcLocator - ok
15:37:52.0041 0x0e3c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:37:52.0071 0x0e3c  RpcSs - ok
15:37:52.0071 0x0e3c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:37:52.0096 0x0e3c  rspndr - ok
15:37:52.0096 0x0e3c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:37:52.0106 0x0e3c  s3cap - ok
15:37:52.0106 0x0e3c  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] SamSs           C:\Windows\system32\lsass.exe
15:37:52.0116 0x0e3c  SamSs - ok
15:37:52.0116 0x0e3c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:37:52.0126 0x0e3c  sbp2port - ok
15:37:52.0131 0x0e3c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:37:52.0156 0x0e3c  SCardSvr - ok
15:37:52.0161 0x0e3c  [ 81912490882BE0F971B582AD1C33CA57, F0D94B8DAB7012C6407A866A148A93641684D26400CCF65856A08E423AD18DF0 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
15:37:52.0171 0x0e3c  SCDEmu - ok
15:37:52.0171 0x0e3c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:37:52.0191 0x0e3c  scfilter - ok
15:37:52.0206 0x0e3c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
15:37:52.0236 0x0e3c  Schedule - ok
15:37:52.0241 0x0e3c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:37:52.0261 0x0e3c  SCPolicySvc - ok
15:37:52.0266 0x0e3c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:37:52.0276 0x0e3c  SDRSVC - ok
15:37:52.0281 0x0e3c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:37:52.0291 0x0e3c  secdrv - ok
15:37:52.0291 0x0e3c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
15:37:52.0301 0x0e3c  seclogon - ok
15:37:52.0306 0x0e3c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:37:52.0326 0x0e3c  SENS - ok
15:37:52.0331 0x0e3c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:37:52.0341 0x0e3c  SensrSvc - ok
15:37:52.0346 0x0e3c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:37:52.0351 0x0e3c  Serenum - ok
15:37:52.0356 0x0e3c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:37:52.0366 0x0e3c  Serial - ok
15:37:52.0371 0x0e3c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:37:52.0376 0x0e3c  sermouse - ok
15:37:52.0386 0x0e3c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:37:52.0406 0x0e3c  SessionEnv - ok
15:37:52.0406 0x0e3c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:37:52.0416 0x0e3c  sffdisk - ok
15:37:52.0421 0x0e3c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:37:52.0426 0x0e3c  sffp_mmc - ok
15:37:52.0431 0x0e3c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:37:52.0441 0x0e3c  sffp_sd - ok
15:37:52.0441 0x0e3c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:37:52.0451 0x0e3c  sfloppy - ok
15:37:52.0456 0x0e3c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:37:52.0481 0x0e3c  SharedAccess - ok
15:37:52.0491 0x0e3c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:37:52.0516 0x0e3c  ShellHWDetection - ok
15:37:52.0521 0x0e3c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:37:52.0526 0x0e3c  SiSRaid2 - ok
15:37:52.0531 0x0e3c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:37:52.0541 0x0e3c  SiSRaid4 - ok
15:37:52.0546 0x0e3c  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:37:52.0561 0x0e3c  SkypeUpdate - ok
15:37:52.0566 0x0e3c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:37:52.0586 0x0e3c  Smb - ok
15:37:52.0591 0x0e3c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:37:52.0601 0x0e3c  SNMPTRAP - ok
15:37:52.0606 0x0e3c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:37:52.0611 0x0e3c  spldr - ok
15:37:52.0621 0x0e3c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
15:37:52.0656 0x0e3c  Spooler - ok
15:37:52.0741 0x0e3c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:37:52.0841 0x0e3c  sppsvc - ok
15:37:52.0851 0x0e3c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:37:52.0881 0x0e3c  sppuinotify - ok
15:37:52.0981 0x0e3c  [ FEB80A9EC320569CC82D4DB9F4AC78BC, E6340CDA9B5F59DBE68128356E357FEDA3655A296BFE4B7F44944F2DE5DA9765 ] sptd            C:\Windows\System32\Drivers\sptd.sys
15:37:53.0004 0x0e3c  sptd - ok
15:37:53.0018 0x0e3c  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:37:53.0040 0x0e3c  srv - ok
15:37:53.0056 0x0e3c  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:37:53.0072 0x0e3c  srv2 - ok
15:37:53.0078 0x0e3c  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:37:53.0097 0x0e3c  srvnet - ok
15:37:53.0109 0x0e3c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:37:53.0133 0x0e3c  SSDPSRV - ok
15:37:53.0136 0x0e3c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:37:53.0159 0x0e3c  SstpSvc - ok
15:37:53.0198 0x0e3c  [ 9867A86327E8AE3806305F1BCF01211A, CCDDB2560B30D27CE662F1B02710E1FAA9331E6A27D9A6629EEDED2CBA822062 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:37:53.0241 0x0e3c  Steam Client Service - ok
15:37:53.0256 0x0e3c  [ 4AD54C2E540F2364607A26F3585A509F, AB453222A1F9C906478AFA9460C4687F4D40B504C2F29E68F047D2D38A2BFBB8 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
15:37:53.0269 0x0e3c  Stereo Service - ok
15:37:53.0273 0x0e3c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:37:53.0280 0x0e3c  stexstor - ok
15:37:53.0294 0x0e3c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:37:53.0322 0x0e3c  stisvc - ok
15:37:53.0327 0x0e3c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:37:53.0335 0x0e3c  storflt - ok
15:37:53.0342 0x0e3c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
15:37:53.0355 0x0e3c  StorSvc - ok
15:37:53.0359 0x0e3c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:37:53.0368 0x0e3c  storvsc - ok
15:37:53.0371 0x0e3c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:37:53.0377 0x0e3c  swenum - ok
15:37:53.0396 0x0e3c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:37:53.0416 0x0e3c  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
15:37:54.0556 0x0e3c  Detect skipped due to KSN trusted
15:37:54.0556 0x0e3c  SwitchBoard - ok
15:37:54.0865 0x0e3c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:37:55.0300 0x0e3c  swprv - ok
15:37:55.0338 0x0e3c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
15:37:55.0415 0x0e3c  SysMain - ok
15:37:55.0420 0x0e3c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:37:55.0433 0x0e3c  TabletInputService - ok
15:37:55.0443 0x0e3c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:37:55.0472 0x0e3c  TapiSrv - ok
15:37:55.0476 0x0e3c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:37:55.0505 0x0e3c  TBS - ok
15:37:55.0538 0x0e3c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:37:55.0578 0x0e3c  Tcpip - ok
15:37:55.0620 0x0e3c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:37:55.0667 0x0e3c  TCPIP6 - ok
15:37:55.0672 0x0e3c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:37:55.0692 0x0e3c  tcpipreg - ok
15:37:55.0696 0x0e3c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:37:55.0705 0x0e3c  TDPIPE - ok
15:37:55.0768 0x0e3c  [ 1226A953D4FDBDFD570DA5CEE66EAA55, 640922152493057519198A55373A82CD1C7DCF0C219F4ECE7D2C30363FFA1E86 ] TDslMgrService  E:\Telekom netzmanager\DslMgrSvc.exe
15:37:55.0785 0x0e3c  TDslMgrService - detected UnsignedFile.Multi.Generic ( 1 )
15:37:57.0052 0x0e3c  Detect skipped due to KSN trusted
15:37:57.0052 0x0e3c  TDslMgrService - ok
15:37:57.0055 0x0e3c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:37:57.0064 0x0e3c  TDTCP - ok
15:37:57.0068 0x0e3c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:37:57.0080 0x0e3c  tdx - ok
15:37:57.0086 0x0e3c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:37:57.0095 0x0e3c  TermDD - ok
15:37:57.0108 0x0e3c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:37:57.0130 0x0e3c  TermService - ok
15:37:57.0134 0x0e3c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:37:57.0146 0x0e3c  Themes - ok
15:37:57.0149 0x0e3c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:37:57.0172 0x0e3c  THREADORDER - ok
15:37:57.0177 0x0e3c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:37:57.0200 0x0e3c  TrkWks - ok
15:37:57.0207 0x0e3c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:37:57.0232 0x0e3c  TrustedInstaller - ok
15:37:57.0237 0x0e3c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:57.0247 0x0e3c  tssecsrv - ok
15:37:57.0252 0x0e3c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:37:57.0262 0x0e3c  TsUsbFlt - ok
15:37:57.0267 0x0e3c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:37:57.0295 0x0e3c  tunnel - ok
15:37:57.0299 0x0e3c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:37:57.0306 0x0e3c  uagp35 - ok
15:37:57.0314 0x0e3c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:37:57.0351 0x0e3c  udfs - ok
15:37:57.0361 0x0e3c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:37:57.0370 0x0e3c  UI0Detect - ok
15:37:57.0374 0x0e3c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:37:57.0386 0x0e3c  uliagpkx - ok
15:37:57.0395 0x0e3c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
15:37:57.0408 0x0e3c  umbus - ok
15:37:57.0412 0x0e3c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:37:57.0420 0x0e3c  UmPass - ok
15:37:57.0426 0x0e3c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:37:57.0438 0x0e3c  UmRdpService - ok
15:37:57.0446 0x0e3c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:37:57.0474 0x0e3c  upnphost - ok
15:37:57.0479 0x0e3c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:37:57.0488 0x0e3c  USBAAPL64 - ok
15:37:57.0493 0x0e3c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:37:57.0502 0x0e3c  usbaudio - ok
15:37:57.0506 0x0e3c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:57.0516 0x0e3c  usbccgp - ok
15:37:57.0520 0x0e3c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:37:57.0532 0x0e3c  usbcir - ok
15:37:57.0535 0x0e3c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:37:57.0545 0x0e3c  usbehci - ok
15:37:57.0553 0x0e3c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:37:57.0568 0x0e3c  usbhub - ok
15:37:57.0571 0x0e3c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:37:57.0578 0x0e3c  usbohci - ok
15:37:57.0582 0x0e3c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:37:57.0594 0x0e3c  usbprint - ok
15:37:57.0597 0x0e3c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:37:57.0606 0x0e3c  usbscan - ok
15:37:57.0610 0x0e3c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:57.0620 0x0e3c  USBSTOR - ok
15:37:57.0623 0x0e3c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:37:57.0631 0x0e3c  usbuhci - ok
15:37:57.0634 0x0e3c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:37:57.0654 0x0e3c  UxSms - ok
15:37:57.0657 0x0e3c  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] VaultSvc        C:\Windows\system32\lsass.exe
15:37:57.0664 0x0e3c  VaultSvc - ok
15:37:57.0681 0x0e3c  [ 839927AE745E5FEEFF2FEDB1C360808A, E4E90BE76F8FD3FAE43EC4AA2560F0B539F229CEA4D758C8C9D4EC0EEE10BB7A ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:37:57.0702 0x0e3c  VBoxDrv - ok
15:37:57.0709 0x0e3c  [ AF7181C136C761FFF1D4BDEAC89ADFDB, 20FDA090A193FE611C2147FA43F1CC7645389FC44F3F92D0655EEFF7A2AA6B1E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
15:37:57.0718 0x0e3c  VBoxNetAdp - ok
15:37:57.0725 0x0e3c  [ FFBED9472385DD8F18191EE8AAC08AEB, FC6B0F6E17200434C80D492276C3B564990DE5C394486C99FACFC2934EB9BA77 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
15:37:57.0735 0x0e3c  VBoxNetLwf - ok
15:37:57.0740 0x0e3c  [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
15:37:57.0750 0x0e3c  VBoxUSB - ok
15:37:57.0753 0x0e3c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:37:57.0759 0x0e3c  vdrvroot - ok
15:37:57.0769 0x0e3c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:37:57.0799 0x0e3c  vds - ok
15:37:57.0803 0x0e3c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:57.0815 0x0e3c  vga - ok
15:37:57.0818 0x0e3c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:37:57.0838 0x0e3c  VgaSave - ok
15:37:57.0844 0x0e3c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:37:57.0855 0x0e3c  vhdmp - ok
15:37:57.0858 0x0e3c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:37:57.0865 0x0e3c  viaide - ok
15:37:57.0871 0x0e3c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:37:57.0881 0x0e3c  vmbus - ok
15:37:57.0883 0x0e3c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:37:57.0891 0x0e3c  VMBusHID - ok
15:37:57.0893 0x0e3c  vmci - ok
15:37:57.0895 0x0e3c  VMnetAdapter - ok
15:37:57.0899 0x0e3c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:37:57.0906 0x0e3c  volmgr - ok
15:37:57.0914 0x0e3c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:37:57.0927 0x0e3c  volmgrx - ok
15:37:57.0934 0x0e3c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:37:57.0945 0x0e3c  volsnap - ok
15:37:57.0951 0x0e3c  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
15:37:57.0960 0x0e3c  vpcbus - ok
15:37:57.0965 0x0e3c  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:37:57.0973 0x0e3c  vpcnfltr - ok
15:37:57.0977 0x0e3c  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
15:37:57.0986 0x0e3c  vpcusb - ok
15:37:57.0995 0x0e3c  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
15:37:58.0006 0x0e3c  vpcvmm - ok
15:37:58.0011 0x0e3c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:37:58.0021 0x0e3c  vsmraid - ok
15:37:58.0045 0x0e3c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:37:58.0092 0x0e3c  VSS - ok
15:37:58.0096 0x0e3c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:37:58.0106 0x0e3c  vwifibus - ok
15:37:58.0115 0x0e3c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:37:58.0143 0x0e3c  W32Time - ok
15:37:58.0147 0x0e3c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:37:58.0156 0x0e3c  WacomPen - ok
15:37:58.0161 0x0e3c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:37:58.0182 0x0e3c  WANARP - ok
15:37:58.0185 0x0e3c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:37:58.0205 0x0e3c  Wanarpv6 - ok
15:37:58.0228 0x0e3c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:37:58.0258 0x0e3c  WatAdminSvc - ok
15:37:58.0287 0x0e3c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:37:58.0324 0x0e3c  wbengine - ok
15:37:58.0331 0x0e3c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:37:58.0346 0x0e3c  WbioSrvc - ok
15:37:58.0356 0x0e3c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:37:58.0377 0x0e3c  wcncsvc - ok
15:37:58.0380 0x0e3c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:37:58.0391 0x0e3c  WcsPlugInService - ok
15:37:58.0393 0x0e3c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:37:58.0400 0x0e3c  Wd - ok
15:37:58.0415 0x0e3c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:37:58.0436 0x0e3c  Wdf01000 - ok
15:37:58.0440 0x0e3c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:37:58.0454 0x0e3c  WdiServiceHost - ok
15:37:58.0457 0x0e3c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:37:58.0468 0x0e3c  WdiSystemHost - ok
15:37:58.0474 0x0e3c  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
15:37:58.0488 0x0e3c  WebClient - ok
15:37:58.0495 0x0e3c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:37:58.0521 0x0e3c  Wecsvc - ok
15:37:58.0525 0x0e3c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:37:58.0548 0x0e3c  wercplsupport - ok
15:37:58.0552 0x0e3c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:37:58.0575 0x0e3c  WerSvc - ok
15:37:58.0577 0x0e3c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:58.0598 0x0e3c  WfpLwf - ok
15:37:58.0600 0x0e3c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:37:58.0607 0x0e3c  WIMMount - ok
15:37:58.0609 0x0e3c  WinDefend - ok
15:37:58.0613 0x0e3c  WinHttpAutoProxySvc - ok
15:37:58.0623 0x0e3c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:37:58.0648 0x0e3c  Winmgmt - ok
15:37:58.0678 0x0e3c  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:37:58.0722 0x0e3c  WinRM - ok
15:37:58.0730 0x0e3c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:58.0740 0x0e3c  WinUsb - ok
15:37:58.0755 0x0e3c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:37:58.0785 0x0e3c  Wlansvc - ok
15:37:58.0819 0x0e3c  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:37:58.0859 0x0e3c  wlidsvc - ok
15:37:58.0863 0x0e3c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:37:58.0873 0x0e3c  WmiAcpi - ok
15:37:58.0879 0x0e3c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:37:58.0893 0x0e3c  wmiApSrv - ok
15:37:58.0895 0x0e3c  WMPNetworkSvc - ok
15:37:58.0899 0x0e3c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:37:58.0910 0x0e3c  WPCSvc - ok
15:37:58.0914 0x0e3c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:37:58.0928 0x0e3c  WPDBusEnum - ok
15:37:58.0939 0x0e3c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:37:58.0973 0x0e3c  ws2ifsl - ok
15:37:58.0977 0x0e3c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:37:58.0991 0x0e3c  wscsvc - ok
15:37:58.0993 0x0e3c  WSearch - ok
15:37:59.0032 0x0e3c  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:37:59.0096 0x0e3c  wuauserv - ok
15:37:59.0101 0x0e3c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:37:59.0131 0x0e3c  WudfPf - ok
15:37:59.0137 0x0e3c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:59.0166 0x0e3c  WUDFRd - ok
15:37:59.0170 0x0e3c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:37:59.0193 0x0e3c  wudfsvc - ok
15:37:59.0200 0x0e3c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:37:59.0218 0x0e3c  WwanSvc - ok
15:37:59.0222 0x0e3c  [ F0AE983ABA93D6A0327FC21B9ABED1C3, FB804CF5E8FF083E4223E4845311A1D2BEB2CEE1A0B5F0F1B1CEB0EF4D36B040 ] xb1usb          C:\Windows\system32\DRIVERS\xb1usb.sys
15:37:59.0239 0x0e3c  xb1usb - ok
15:37:59.0248 0x0e3c  [ F0701B21AE5546930A7B6DEC4C6F2779, 3ED7E5CA688FDA54604C491EB5A1A062E0D163E534AEAB7D9A2678D7F9175DF5 ] xboxgip         C:\Windows\system32\DRIVERS\xboxgip.sys
15:37:59.0266 0x0e3c  xboxgip - ok
15:37:59.0272 0x0e3c  [ 9A59E1059AE62321B7B85B6EB72F1509, 88D93E180C904E2C8B773DA1AC38B160953AFB3D483119DE7DCBEA17E6861555 ] xinputhid       C:\Windows\system32\DRIVERS\xinputhid.sys
15:37:59.0283 0x0e3c  xinputhid - ok
15:37:59.0288 0x0e3c  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:37:59.0297 0x0e3c  xusb21 - ok
15:37:59.0353 0x0e3c  [ 5BCB1F6CB749B6826BE1C0F16FF2F600, EF36100ACC0591EB4E04D52E57423E43E331B5D5BA8DFF5854285198931CD3EE ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
15:37:59.0424 0x0e3c  ZeroConfigService - ok
15:37:59.0429 0x0e3c  ================ Scan global ===============================
15:37:59.0432 0x0e3c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:37:59.0439 0x0e3c  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
15:37:59.0449 0x0e3c  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
15:37:59.0454 0x0e3c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:37:59.0462 0x0e3c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:37:59.0468 0x0e3c  [ Global ] - ok
15:37:59.0468 0x0e3c  ================ Scan MBR ==================================
15:37:59.0470 0x0e3c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:37:59.0722 0x0e3c  \Device\Harddisk0\DR0 - ok
15:37:59.0734 0x0e3c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:37:59.0826 0x0e3c  \Device\Harddisk1\DR1 - ok
15:37:59.0859 0x0e3c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk6\DR6
15:38:00.0091 0x0e3c  \Device\Harddisk6\DR6 - ok
15:38:00.0091 0x0e3c  ================ Scan VBR ==================================
15:38:00.0093 0x0e3c  [ 909137473DDEB604BF3970C2ED5BF06E ] \Device\Harddisk0\DR0\Partition1
15:38:00.0095 0x0e3c  \Device\Harddisk0\DR0\Partition1 - ok
15:38:00.0096 0x0e3c  [ A045445BEB9B37164406F84F4112A610 ] \Device\Harddisk0\DR0\Partition2
15:38:00.0097 0x0e3c  \Device\Harddisk0\DR0\Partition2 - ok
15:38:00.0099 0x0e3c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
15:38:00.0099 0x0e3c  \Device\Harddisk1\DR1\Partition1 - ok
15:38:00.0130 0x0e3c  [ 0E8C24123BFBB0AFF9101965B0E96270 ] \Device\Harddisk1\DR1\Partition2
15:38:00.0131 0x0e3c  \Device\Harddisk1\DR1\Partition2 - ok
15:38:00.0133 0x0e3c  [ BA8FE403DB60F7732141B978798CD4C6 ] \Device\Harddisk6\DR6\Partition1
15:38:00.0134 0x0e3c  \Device\Harddisk6\DR6\Partition1 - ok
15:38:00.0135 0x0e3c  [ 959A297B78429791E21E3B5395659A1C ] \Device\Harddisk6\DR6\Partition2
15:38:00.0137 0x0e3c  \Device\Harddisk6\DR6\Partition2 - ok
15:38:00.0137 0x0e3c  ================ Scan generic autorun ======================
15:38:00.0353 0x0e3c  [ CE56F859CEF04D23458FC9C175D5F18B, 85358687BD0E35142FE9C414E98A26740BA3F5028CF82C06B5CA2A4DB9CB22F4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:38:00.0605 0x0e3c  RTHDVCPL - ok
15:38:00.0617 0x0e3c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
15:38:00.0627 0x0e3c  ShadowPlay - ok
15:38:00.0638 0x0e3c  [ 48515EEA1608ECD83FE26C7490460F59, C7C552D13ED12B4165FDE45F69E170D4F18B746D84B3B08E7254AAF8D9671D0C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
15:38:00.0653 0x0e3c  AdobeAAMUpdater-1.0 - ok
15:38:00.0803 0x0e3c  [ 1710A603D1EEBF86D738D1C6283C39B3, 5427A41AB64122FC119A42D7E4954A04A650FE88BD2B7FD2D4CDD1E823433268 ] E:\Programme\ITunes\iTunesHelper.exe
15:38:00.0818 0x0e3c  iTunesHelper - ok
15:38:00.0827 0x0e3c  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
15:38:00.0837 0x0e3c  USB3MON - ok
15:38:00.0857 0x0e3c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:38:00.0891 0x0e3c  Sidebar - ok
15:38:00.0895 0x0e3c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:38:00.0908 0x0e3c  mctadmin - ok
15:38:00.0928 0x0e3c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:38:00.0956 0x0e3c  Sidebar - ok
15:38:00.0959 0x0e3c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:38:00.0975 0x0e3c  mctadmin - ok
15:38:01.0159 0x0e3c  [ 2269768074F6A93E454BA384ED9652E2, 3BB698018941471327A3031CC0F4011D69EBA03B00E9E6F2D99922639DCCDA59 ] C:\Program Files\CCleaner\CCleaner64.exe
15:38:01.0309 0x0e3c  CCleaner Monitoring - ok
15:38:01.0332 0x0e3c  [ 6DB9A0FBDA5556B925D64651D57031D3, AE4C9196EFD61B973F93FDDAA001F7C239100EDD7E3F840927C0C07B08C69C04 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
15:38:01.0340 0x0e3c  iCloudServices - ok
15:38:01.0341 0x0e3c  Waiting for KSN requests completion. In queue: 136
15:38:02.0341 0x0e3c  Waiting for KSN requests completion. In queue: 136
15:38:03.0352 0x0e3c  AV detected via SS2: ESET Smart Security 9.0.408.1, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 9.0.407.0 ), 0x41000 ( enabled : updated )
15:38:03.0353 0x0e3c  FW detected via SS2: ESET Personal Firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 9.0.407.0 ), 0x41010 ( enabled )
15:38:04.0438 0x0e3c  ============================================================
15:38:04.0438 0x0e3c  Scan finished
15:38:04.0438 0x0e3c  ============================================================
15:38:04.0442 0x1c14  Detected object count: 0
15:38:04.0442 0x1c14  Actual detected object count: 0

cosinus · 02.01.2017, 15:43

Was sollst du machen, wenn MBAR fündig wurde?

Erwin80 · 02.01.2017, 17:22

ist unterwegs der 2. Scan

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.02.01
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Erwin :: Erwin [administrator]

02.01.2017 16:21:17
mbar-log-2017-01-02 (16-21-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 332207
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [42d7f97ee0c81125fcd77651e41c13ed]
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [5cbd64137d2bd46243909c2b17e9ec14]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Zitat:

Zitat von Erwin80

ist unterwegs der 2. Scan

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.02.01
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Erwin :: Erwin [administrator]

02.01.2017 16:21:17
mbar-log-2017-01-02 (16-21-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 332207
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [42d7f97ee0c81125fcd77651e41c13ed]
HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [5cbd64137d2bd46243909c2b17e9ec14]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

da sind wieder 2 funde oder ?

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.02.01
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Erwin :: Erwin  [administrator]

02.01.2017 16:42:20
mbar-log-2017-01-02 (16-42-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 331863
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://noblockingweb.com/wpad.dat?7f61c9fb3b8a7c356ad7f0291b30b0da22891613 -> Delete on reboot. [4ccd96e127813bfb8f44c403e31de020]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

noch 1 fehler oder ?

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.01.02.01
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
Erwin  :: Erwin [administrator]

02.01.2017 17:06:52
mbar-log-2017-01-02 (17-06-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 331716
Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

17:17:50.0389 0x0aa8  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
17:17:53.0054 0x0aa8  ============================================================
17:17:53.0054 0x0aa8  Current date / time: 2017/01/02 17:17:53.0054
17:17:53.0054 0x0aa8  SystemInfo:
17:17:53.0054 0x0aa8  
17:17:53.0054 0x0aa8  OS Version: 6.1.7601 ServicePack: 1.0
17:17:53.0054 0x0aa8  Product type: Workstation
17:17:53.0054 0x0aa8  ComputerName: Erwin	
17:17:53.0054 0x0aa8  UserName: Erwin
17:17:53.0054 0x0aa8  Windows directory: C:\Windows
17:17:53.0054 0x0aa8  System windows directory: C:\Windows
17:17:53.0054 0x0aa8  Running under WOW64
17:17:53.0054 0x0aa8  Processor architecture: Intel x64
17:17:53.0054 0x0aa8  Number of processors: 8
17:17:53.0054 0x0aa8  Page size: 0x1000
17:17:53.0054 0x0aa8  Boot type: Normal boot
17:17:53.0054 0x0aa8  CodeIntegrityOptions = 0x00000001
17:17:53.0054 0x0aa8  ============================================================
17:17:53.0898 0x0aa8  KLMD registered as C:\Windows\system32\drivers\82172357.sys
17:17:53.0898 0x0aa8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23564, osProperties = 0x1
17:17:53.0959 0x0aa8  System UUID: {91BD891E-1715-C74A-39C4-04E1DA4CFF87}
17:17:54.0202 0x0aa8  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:54.0203 0x0aa8  Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1476000 ( 2794.52 Gb ), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:17:54.0263 0x0aa8  Drive \Device\Harddisk6\DR6 - Size: 0x1D1C1115800 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:17:54.0326 0x0aa8  ============================================================
17:17:54.0326 0x0aa8  \Device\Harddisk0\DR0:
17:17:54.0327 0x0aa8  MBR partitions:
17:17:54.0327 0x0aa8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:17:54.0327 0x0aa8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
17:17:54.0327 0x0aa8  \Device\Harddisk1\DR1:
17:17:54.0418 0x0aa8  GPT partitions:
17:17:54.0418 0x0aa8  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BE90CE78-FC1F-450F-B391-F134042E3D78}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
17:17:54.0418 0x0aa8  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2633F0BA-E60D-403D-AA2A-4D4D43E4F317}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
17:17:54.0418 0x0aa8  MBR partitions:
17:17:54.0418 0x0aa8  \Device\Harddisk6\DR6:
17:17:54.0419 0x0aa8  MBR partitions:
17:17:54.0419 0x0aa8  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x75127800
17:17:54.0419 0x0aa8  \Device\Harddisk6\DR6\Partition2: MBR, Type 0x7, StartLBA 0x75128000, BlocksNum 0x73CDF800
17:17:54.0419 0x0aa8  ============================================================
17:17:54.0421 0x0aa8  C: <-> \Device\Harddisk0\DR0\Partition2
17:17:54.0482 0x0aa8  F: <-> \Device\Harddisk6\DR6\Partition1
17:17:54.0483 0x0aa8  D: <-> \Device\Harddisk0\DR0\Partition1
17:17:54.0515 0x0aa8  G: <-> \Device\Harddisk1\DR1\Partition2
17:17:54.0596 0x0aa8  E: <-> \Device\Harddisk6\DR6\Partition2
17:17:54.0596 0x0aa8  ============================================================
17:17:54.0596 0x0aa8  Initialize success
17:17:54.0596 0x0aa8  ============================================================
17:18:03.0137 0x0cfc  ============================================================
17:18:03.0137 0x0cfc  Scan started
17:18:03.0137 0x0cfc  Mode: Manual; SigCheck; TDLFS; 
17:18:03.0137 0x0cfc  ============================================================
17:18:03.0137 0x0cfc  KSN ping started
17:18:15.0249 0x0cfc  KSN ping finished: true
17:18:16.0332 0x0cfc  ================ Scan system memory ========================
17:18:16.0332 0x0cfc  System memory - ok
17:18:16.0333 0x0cfc  ================ Scan services =============================
17:18:16.0377 0x0cfc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:18:16.0407 0x0cfc  1394ohci - ok
17:18:16.0416 0x0cfc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:18:16.0428 0x0cfc  ACPI - ok
17:18:16.0430 0x0cfc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:18:16.0438 0x0cfc  AcpiPmi - ok
17:18:16.0459 0x0cfc  [ 8532B30A054D83614A90D24AD61A29DF, 959C74C63AF7F4E5588C705FBF08EA7A8749268BC28819879ED53AB7A3410B74 ] AdobeUpdateService C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
17:18:16.0475 0x0cfc  AdobeUpdateService - ok
17:18:16.0486 0x0cfc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:18:16.0500 0x0cfc  adp94xx - ok
17:18:16.0507 0x0cfc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:18:16.0519 0x0cfc  adpahci - ok
17:18:16.0525 0x0cfc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:18:16.0534 0x0cfc  adpu320 - ok
17:18:16.0538 0x0cfc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:18:16.0558 0x0cfc  AeLookupSvc - ok
17:18:16.0568 0x0cfc  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
17:18:16.0584 0x0cfc  AFD - ok
17:18:16.0587 0x0cfc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:18:16.0594 0x0cfc  agp440 - ok
17:18:16.0634 0x0cfc  [ 840E0468368EB5FD87371EF508D72ACF, 7E05854D29C24E9BBB27B038620C345E063FF3B8F1AE0FDA054BEDF842FB29A9 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
17:18:16.0671 0x0cfc  AGSService - ok
17:18:16.0676 0x0cfc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:18:16.0685 0x0cfc  ALG - ok
17:18:16.0688 0x0cfc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:18:16.0694 0x0cfc  aliide - ok
17:18:16.0696 0x0cfc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:18:16.0701 0x0cfc  amdide - ok
17:18:16.0705 0x0cfc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:18:16.0713 0x0cfc  AmdK8 - ok
17:18:16.0716 0x0cfc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:18:16.0725 0x0cfc  AmdPPM - ok
17:18:16.0729 0x0cfc  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:18:16.0736 0x0cfc  amdsata - ok
17:18:16.0742 0x0cfc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:18:16.0751 0x0cfc  amdsbs - ok
17:18:16.0754 0x0cfc  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:18:16.0760 0x0cfc  amdxata - ok
17:18:16.0766 0x0cfc  [ D46391F209DE0A98A97D1D1765F53438, 4D8C7D90BE3DB348ED4069CE3F4F403FCC6149D60B238E0B5DF9DCE4CF69C995 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
17:18:16.0777 0x0cfc  AMPPAL - ok
17:18:16.0782 0x0cfc  [ D46391F209DE0A98A97D1D1765F53438, 4D8C7D90BE3DB348ED4069CE3F4F403FCC6149D60B238E0B5DF9DCE4CF69C995 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
17:18:16.0790 0x0cfc  AMPPALP - ok
17:18:16.0805 0x0cfc  [ EDFB061F7D553B84731B8263077FD520, 6A678358AAAB411C2A4911E1DA9E668F801831B8EE95E77977F72A0A5A3F90D9 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
17:18:16.0827 0x0cfc  AMPPALR3 - ok
17:18:16.0831 0x0cfc  [ 8B73FEE96B60EE597CBCAA735A842A36, AB3FC01FEC62AC115EC766770D8694DEDA2FF2286E0199DC238ABF2493EC1A22 ] AppID           C:\Windows\system32\drivers\appid.sys
17:18:16.0839 0x0cfc  AppID - ok
17:18:16.0842 0x0cfc  [ F5800413C0DF45C2CA15FD3ACBB1365F, 741E09EED0FF0152B59704729BD700E7D7A671C88F0708884AAB7A56ECCBD8AB ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:18:16.0850 0x0cfc  AppIDSvc - ok
17:18:16.0853 0x0cfc  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
17:18:16.0862 0x0cfc  Appinfo - ok
17:18:16.0868 0x0cfc  [ 7D811EA7A2AAA49B0446D42CBC1CD338, AFECE5E44E48F756C7EB81D95C9237552AF8A9C02CBE756E0F3D3C6524DE49AD ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:18:16.0875 0x0cfc  Apple Mobile Device Service - ok
17:18:16.0882 0x0cfc  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:18:16.0893 0x0cfc  AppMgmt - ok
17:18:16.0897 0x0cfc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:18:16.0904 0x0cfc  arc - ok
17:18:16.0907 0x0cfc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:18:16.0914 0x0cfc  arcsas - ok
17:18:16.0938 0x0cfc  [ D2B5EB862E4CCD9713D6B9DE7BBCBB7B, 897DEE611A3CF7216E8F78033D2DB4055DE5FEC37FA665AE9E1163AF133C2526 ] ASGT            C:\Windows\SysWOW64\ASGT.exe
17:18:16.0943 0x0cfc  ASGT - detected UnsignedFile.Multi.Generic ( 1 )
17:18:18.0098 0x0cfc  Detect skipped due to KSN trusted
17:18:18.0098 0x0cfc  ASGT - ok
17:18:18.0113 0x0cfc  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:18:18.0121 0x0cfc  aspnet_state - ok
17:18:18.0123 0x0cfc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:18:18.0142 0x0cfc  AsyncMac - ok
17:18:18.0145 0x0cfc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:18:18.0151 0x0cfc  atapi - ok
17:18:18.0163 0x0cfc  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:18:18.0182 0x0cfc  AudioEndpointBuilder - ok
17:18:18.0193 0x0cfc  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:18:18.0209 0x0cfc  AudioSrv - ok
17:18:18.0216 0x0cfc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:18:18.0228 0x0cfc  AxInstSV - ok
17:18:18.0238 0x0cfc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:18:18.0253 0x0cfc  b06bdrv - ok
17:18:18.0260 0x0cfc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:18:18.0272 0x0cfc  b57nd60a - ok
17:18:18.0278 0x0cfc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:18:18.0287 0x0cfc  BDESVC - ok
17:18:18.0289 0x0cfc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:18:18.0307 0x0cfc  Beep - ok
17:18:18.0321 0x0cfc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:18:18.0340 0x0cfc  BFE - ok
17:18:18.0355 0x0cfc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:18:18.0387 0x0cfc  BITS - ok
17:18:18.0391 0x0cfc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:18:18.0399 0x0cfc  blbdrive - ok
17:18:18.0409 0x0cfc  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:18:18.0423 0x0cfc  Bonjour Service - ok
17:18:18.0427 0x0cfc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:18:18.0435 0x0cfc  bowser - ok
17:18:18.0438 0x0cfc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:18:18.0447 0x0cfc  BrFiltLo - ok
17:18:18.0449 0x0cfc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:18:18.0457 0x0cfc  BrFiltUp - ok
17:18:18.0461 0x0cfc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:18:18.0472 0x0cfc  Browser - ok
17:18:18.0479 0x0cfc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:18:18.0492 0x0cfc  Brserid - ok
17:18:18.0495 0x0cfc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:18:18.0505 0x0cfc  BrSerWdm - ok
17:18:18.0507 0x0cfc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:18:18.0516 0x0cfc  BrUsbMdm - ok
17:18:18.0518 0x0cfc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:18:18.0525 0x0cfc  BrUsbSer - ok
17:18:18.0539 0x0cfc  [ 3C2B44729EB279FCC5582699E8922281, B21EE8CD526D0B360658F0ABD2027213957B5154946D55EAD09ED14451CFC81C ] BstHdAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Service.exe
17:18:18.0554 0x0cfc  BstHdAndroidSvc - ok
17:18:18.0560 0x0cfc  [ 8181CDC414549F453E879A3D3D575DBC, 174BD61A581B8095CA6F3CB97ED2238A360270117CEF0EDDF06C3C190B8B0FB0 ] BstHdDrv        C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys
17:18:18.0569 0x0cfc  BstHdDrv - ok
17:18:18.0577 0x0cfc  [ C062341653746EB2D429F5C288E24FA2, 395C5434F1CD02B9F91536FAA5DFD542704BAEE4CA78FD94D8D303BC54BDAB8C ] BstHdLogRotatorSvc C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
17:18:18.0588 0x0cfc  BstHdLogRotatorSvc - ok
17:18:18.0598 0x0cfc  [ A0CC8145972577347800359AF7711536, B578C5C9C0F5F26E46E9F9008D8B148C258A2C6BFC58D1A37461CC44D54FFA74 ] BstHdPlusAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
17:18:18.0612 0x0cfc  BstHdPlusAndroidSvc - ok
17:18:18.0619 0x0cfc  [ 95820BAC50416203BAB1AA3B1D5C6ED5, 472A7ECE8F11597620D27EF37204AF42B92290C228B267B4AA3B5066F40B60CD ] BstkDrv         C:\Program Files (x86)\Bluestacks\BstkDrv.sys
17:18:18.0630 0x0cfc  BstkDrv - ok
17:18:18.0634 0x0cfc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:18:18.0644 0x0cfc  BTHMODEM - ok
17:18:18.0648 0x0cfc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:18:18.0668 0x0cfc  bthserv - ok
17:18:18.0673 0x0cfc  [ A3BC030FC526643DFDCA27299F75544B, A5BB94DBE52746D16CB35EE5311F1660232F6BA840F70420549360A19B7D6F7E ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
17:18:18.0680 0x0cfc  BTHSSecurityMgr - ok
17:18:18.0684 0x0cfc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:18:18.0703 0x0cfc  cdfs - ok
17:18:18.0708 0x0cfc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:18:18.0716 0x0cfc  cdrom - ok
17:18:18.0721 0x0cfc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:18:18.0740 0x0cfc  CertPropSvc - ok
17:18:18.0743 0x0cfc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:18:18.0752 0x0cfc  circlass - ok
17:18:18.0760 0x0cfc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
17:18:18.0772 0x0cfc  CLFS - ok
17:18:18.0862 0x0cfc  [ 069565979759A32A7E7FFF1541906B3F, E840AA394EB60120F8E6C4E7880A7F061070CAC5CC9AB1F74F88F65A6572BE08 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
17:18:18.0926 0x0cfc  ClickToRunSvc - ok
17:18:18.0938 0x0cfc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:18.0946 0x0cfc  clr_optimization_v2.0.50727_32 - ok
17:18:18.0952 0x0cfc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:18:18.0959 0x0cfc  clr_optimization_v2.0.50727_64 - ok
17:18:18.0974 0x0cfc  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:18:18.0982 0x0cfc  clr_optimization_v4.0.30319_32 - ok
17:18:18.0985 0x0cfc  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:18:18.0994 0x0cfc  clr_optimization_v4.0.30319_64 - ok
17:18:18.0996 0x0cfc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:18:19.0004 0x0cfc  CmBatt - ok
17:18:19.0006 0x0cfc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:18:19.0011 0x0cfc  cmdide - ok
17:18:19.0020 0x0cfc  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
17:18:19.0037 0x0cfc  CNG - ok
17:18:19.0040 0x0cfc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:18:19.0045 0x0cfc  Compbatt - ok
17:18:19.0048 0x0cfc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:18:19.0057 0x0cfc  CompositeBus - ok
17:18:19.0059 0x0cfc  COMSysApp - ok
17:18:19.0088 0x0cfc  [ 8492FA3B8E6C23805A61032A2C66FD54, 13248B60A1D119694DBAC464CCF0D534CD8ADC24329394F0E31D856746791DF5 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:18:19.0099 0x0cfc  cphs - ok
17:18:19.0102 0x0cfc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:18:19.0108 0x0cfc  crcdisk - ok
17:18:19.0114 0x0cfc  [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:18:19.0125 0x0cfc  CryptSvc - ok
17:18:19.0136 0x0cfc  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
17:18:19.0151 0x0cfc  CSC - ok
17:18:19.0163 0x0cfc  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
17:18:19.0183 0x0cfc  CscService - ok
17:18:19.0194 0x0cfc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:18:19.0219 0x0cfc  DcomLaunch - ok
17:18:19.0226 0x0cfc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:18:19.0250 0x0cfc  defragsvc - ok
17:18:19.0254 0x0cfc  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:18:19.0263 0x0cfc  DfsC - ok
17:18:19.0271 0x0cfc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:18:19.0294 0x0cfc  Dhcp - ok
17:18:19.0297 0x0cfc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:18:19.0315 0x0cfc  discache - ok
17:18:19.0319 0x0cfc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:18:19.0325 0x0cfc  Disk - ok
17:18:19.0331 0x0cfc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:18:19.0343 0x0cfc  Dnscache - ok
17:18:19.0350 0x0cfc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:18:19.0373 0x0cfc  dot3svc - ok
17:18:19.0378 0x0cfc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:18:19.0400 0x0cfc  DPS - ok
17:18:19.0402 0x0cfc  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:18:19.0409 0x0cfc  drmkaud - ok
17:18:19.0413 0x0cfc  [ D52EEB224DF107AAD9059597F0EB95CC, 40BE0E795CE981AB287FE93C509ED7FB11519B9A5173C7AC67D1EFB3E766859D ] DslMNLwf        C:\Windows\system32\DRIVERS\dslmnlwf.sys
17:18:19.0418 0x0cfc  DslMNLwf - ok
17:18:19.0434 0x0cfc  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:18:19.0456 0x0cfc  DXGKrnl - ok
17:18:19.0467 0x0cfc  [ CC2DE631888782989B27B775B09F6FCD, 911009FF41EE5B05EDD76950A696FA1631F93107BEE6CEB153EEB6EEFC8A922A ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
17:18:19.0481 0x0cfc  e1dexpress - ok
17:18:19.0488 0x0cfc  [ E75A80FA10A247F1E104ECB813255A45, 565B0706F5CEBB205AB2ED9849D55271EAFE101DCE91E512F1C38D84E5EDD6E7 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
17:18:19.0500 0x0cfc  eamonm - ok
17:18:19.0504 0x0cfc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:18:19.0524 0x0cfc  EapHost - ok
17:18:19.0571 0x0cfc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:18:19.0634 0x0cfc  ebdrv - ok
17:18:19.0644 0x0cfc  [ ACD3E4A07215DBE12F2274A685B17AB8, 9676F69D1FCCA2905B7B171B52A8503F569CE2528CF0861606010B10672EC976 ] edevmon         C:\Windows\system32\DRIVERS\edevmon.sys
17:18:19.0655 0x0cfc  edevmon - ok
17:18:19.0657 0x0cfc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] EFS             C:\Windows\System32\lsass.exe
17:18:19.0665 0x0cfc  EFS - ok
17:18:19.0670 0x0cfc  [ 1A4A59712D426D752FB668342A04A0D8, CAAEC83497139B5F2BB6852C6A1E279D0186A0E5A4AE7F3B823003D2F6E9547F ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
17:18:19.0680 0x0cfc  ehdrv - ok
17:18:19.0694 0x0cfc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:18:19.0714 0x0cfc  ehRecvr - ok
17:18:19.0718 0x0cfc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:18:19.0728 0x0cfc  ehSched - ok
17:18:19.0732 0x0cfc  [ 68FF4448C05A11D169D47A849E7EF379, 02020DA595C7DE8D7BD014A4C622B568DA61988A0BA0E110803A58F87CB3FD11 ] ekbdflt         C:\Windows\system32\DRIVERS\ekbdflt.sys
17:18:19.0742 0x0cfc  ekbdflt - ok
17:18:19.0785 0x0cfc  [ 83A9EF0F3F1AA1E474A6D33AD191F2BA, 0E2E3F9A6104B8D3689AEC19256CC644B0BCDADD95BB98F90DBBFD679BE26E96 ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
17:18:19.0835 0x0cfc  ekrn - ok
17:18:19.0848 0x0cfc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:18:19.0863 0x0cfc  elxstor - ok
17:18:19.0870 0x0cfc  [ 59E0BD14BC40B77E9AA0143B1ACD2BB8, 516214B60F344A4A782444FBC272DE9FA6A9785E1057CDB43282C99376F31C86 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
17:18:19.0881 0x0cfc  epfw - ok
17:18:19.0884 0x0cfc  [ 424E123AA389801748E53530B3D23910, 65E3F9B5732FC1E14343E697F63434D2BA8EC06CB014DF08503C08969BDA2E78 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
17:18:19.0892 0x0cfc  EpfwLWF - ok
17:18:19.0895 0x0cfc  [ 553EE9B0426F8AE1321E2CC07374FA19, A6A96BECA8744D482FE1B039DF1B902B4CA5CEC9120701162EF31B8CD7305813 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
17:18:19.0904 0x0cfc  epfwwfp - ok
17:18:19.0910 0x0cfc  [ 8783EDE26F315555EFE697239D337910, 344232F0018A942B57AF40FBE00AEB89F55A8F412CD20A2174024117F95B2BE9 ] epp             C:\EEK\bin64\epp.sys
17:18:19.0919 0x0cfc  epp - ok
17:18:19.0921 0x0cfc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:18:19.0928 0x0cfc  ErrDev - ok
17:18:19.0938 0x0cfc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:18:19.0965 0x0cfc  EventSystem - ok
17:18:19.0979 0x0cfc  [ 6EB16C7286FBCD3AB206743BA813EC48, DF0BEDEF0205C940A4F14E196CDF4626DDCA6C8BEDF2C414CF7BB89303272C0E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:18:19.0996 0x0cfc  EvtEng - ok
17:18:20.0002 0x0cfc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:18:20.0022 0x0cfc  exfat - ok
17:18:20.0028 0x0cfc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:18:20.0048 0x0cfc  fastfat - ok
17:18:20.0061 0x0cfc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:18:20.0081 0x0cfc  Fax - ok
17:18:20.0084 0x0cfc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:18:20.0092 0x0cfc  fdc - ok
17:18:20.0095 0x0cfc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:18:20.0115 0x0cfc  fdPHost - ok
17:18:20.0117 0x0cfc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:18:20.0137 0x0cfc  FDResPub - ok
17:18:20.0140 0x0cfc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:18:20.0147 0x0cfc  FileInfo - ok
17:18:20.0149 0x0cfc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:18:20.0168 0x0cfc  Filetrace - ok
17:18:20.0170 0x0cfc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:18:20.0177 0x0cfc  flpydisk - ok
17:18:20.0185 0x0cfc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:18:20.0196 0x0cfc  FltMgr - ok
17:18:20.0214 0x0cfc  [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
17:18:20.0242 0x0cfc  FontCache - ok
17:18:20.0246 0x0cfc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:18:20.0252 0x0cfc  FontCache3.0.0.0 - ok
17:18:20.0254 0x0cfc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:18:20.0261 0x0cfc  FsDepends - ok
17:18:20.0263 0x0cfc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:18:20.0269 0x0cfc  Fs_Rec - ok
17:18:20.0275 0x0cfc  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:18:20.0286 0x0cfc  fvevol - ok
17:18:20.0289 0x0cfc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:18:20.0296 0x0cfc  gagp30kx - ok
17:18:20.0316 0x0cfc  [ C6E1E9A45C8BCFD073148B6A6B038C69, EB421C687BC3A3CF97685AA598EF0C671AA74DC801185D4E3C197C1B5B24EE02 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
17:18:20.0342 0x0cfc  GfExperienceService - ok
17:18:20.0356 0x0cfc  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
17:18:20.0378 0x0cfc  gpsvc - ok
17:18:20.0386 0x0cfc  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:18:20.0394 0x0cfc  gupdate - ok
17:18:20.0399 0x0cfc  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:18:20.0405 0x0cfc  gupdatem - ok
17:18:20.0408 0x0cfc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:18:20.0416 0x0cfc  hcw85cir - ok
17:18:20.0425 0x0cfc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:18:20.0439 0x0cfc  HdAudAddService - ok
17:18:20.0444 0x0cfc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:18:20.0455 0x0cfc  HDAudBus - ok
17:18:20.0457 0x0cfc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:18:20.0464 0x0cfc  HidBatt - ok
17:18:20.0468 0x0cfc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:18:20.0478 0x0cfc  HidBth - ok
17:18:20.0481 0x0cfc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:18:20.0490 0x0cfc  HidIr - ok
17:18:20.0493 0x0cfc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:18:20.0512 0x0cfc  hidserv - ok
17:18:20.0516 0x0cfc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:18:20.0523 0x0cfc  HidUsb - ok
17:18:20.0526 0x0cfc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:18:20.0546 0x0cfc  hkmsvc - ok
17:18:20.0552 0x0cfc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:18:20.0564 0x0cfc  HomeGroupListener - ok
17:18:20.0569 0x0cfc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:18:20.0581 0x0cfc  HomeGroupProvider - ok
17:18:20.0584 0x0cfc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:18:20.0591 0x0cfc  HpSAMD - ok
17:18:20.0604 0x0cfc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:18:20.0624 0x0cfc  HTTP - ok
17:18:20.0627 0x0cfc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:18:20.0633 0x0cfc  hwpolicy - ok
17:18:20.0637 0x0cfc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:18:20.0646 0x0cfc  i8042prt - ok
17:18:20.0659 0x0cfc  [ 6655615C7E4E29E6481F75A93ED99954, C7387D85DEC6BEF74DAD3B36398D1DA8914E9CF6F460D36E30088E3F6754E972 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
17:18:20.0675 0x0cfc  iaStorA - ok
17:18:20.0679 0x0cfc  [ F35FBCEB1B71BC20BBAFA526E203D6A1, F389B689B5DF0D204E3EA21B7201A89D29DE518716781BB390AC6E5CED64C790 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:18:20.0684 0x0cfc  IAStorDataMgrSvc - ok
17:18:20.0686 0x0cfc  [ ABE52EF9AF37C8D4FC67FDB9BE368142, 75B2787A0E45ED4801530D13381E596D1DB635D0A9C3FDFAB3951063048A5ECF ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
17:18:20.0692 0x0cfc  iaStorF - ok
17:18:20.0700 0x0cfc  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:18:20.0714 0x0cfc  iaStorV - ok
17:18:20.0720 0x0cfc  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
17:18:20.0728 0x0cfc  ICCS - ok
17:18:20.0743 0x0cfc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:18:20.0765 0x0cfc  idsvc - ok
17:18:20.0767 0x0cfc  IEEtwCollectorService - ok
17:18:20.0821 0x0cfc  [ B12F7F8180BCD99B29AE2A6534857EA1, D095DF08A4F3510B96DE55A69ACCDEA0AACC7244447A858041D4C511835BA066 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:18:20.0910 0x0cfc  igfx - ok
17:18:20.0943 0x0cfc  [ 181722D8E78521191B9B83109AA011CA, 42255FD631D269283686DE964F512345C2C3A257E988A950A12EE9A7F815234E ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
17:18:20.0952 0x0cfc  igfxCUIService1.0.0.0 - ok
17:18:20.0959 0x0cfc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:18:20.0966 0x0cfc  iirsp - ok
17:18:21.0035 0x0cfc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:18:21.0058 0x0cfc  IKEEXT - ok
17:18:21.0129 0x0cfc  [ 0D378E0EC4009E954FB1A358514CE99E, 05B36FCFFBCB01DBD01096B3E72F2AEBCEF91C99EF2AA4DB17EBECC33A1CA0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:18:21.0221 0x0cfc  IntcAzAudAddService - ok
17:18:21.0232 0x0cfc  [ FA6094444A7DC90449800F964E0A8668, A6DCF395649FA185596D55713888922BA2A61D96AD0D5E7860FD47EE30B7E4CF ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
17:18:21.0242 0x0cfc  Intel(R) PROSet Monitoring Service - ok
17:18:21.0245 0x0cfc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:18:21.0250 0x0cfc  intelide - ok
17:18:21.0253 0x0cfc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:18:21.0261 0x0cfc  intelppm - ok
17:18:21.0265 0x0cfc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:18:21.0286 0x0cfc  IPBusEnum - ok
17:18:21.0289 0x0cfc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:18:21.0312 0x0cfc  IpFilterDriver - ok
17:18:21.0341 0x0cfc  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:18:21.0378 0x0cfc  iphlpsvc - ok
17:18:21.0382 0x0cfc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:18:21.0391 0x0cfc  IPMIDRV - ok
17:18:21.0396 0x0cfc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:18:21.0416 0x0cfc  IPNAT - ok
17:18:21.0429 0x0cfc  [ A9E19D4C0E9487544B0A87D511514DA9, 83767BA2A7EE1DE39DBF824B57D898355F8C5E3CE146CA280B0E336428837E70 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:18:21.0446 0x0cfc  iPod Service - ok
17:18:21.0449 0x0cfc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:18:21.0458 0x0cfc  IRENUM - ok
17:18:21.0465 0x0cfc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:18:21.0471 0x0cfc  isapnp - ok
17:18:21.0478 0x0cfc  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:18:21.0489 0x0cfc  iScsiPrt - ok
17:18:21.0494 0x0cfc  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:18:21.0500 0x0cfc  iusb3hcs - ok
17:18:21.0512 0x0cfc  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
17:18:21.0524 0x0cfc  iusb3hub - ok
17:18:21.0538 0x0cfc  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:18:21.0557 0x0cfc  iusb3xhc - ok
17:18:21.0561 0x0cfc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:18:21.0567 0x0cfc  kbdclass - ok
17:18:21.0570 0x0cfc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:18:21.0577 0x0cfc  kbdhid - ok
17:18:21.0579 0x0cfc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] KeyIso          C:\Windows\system32\lsass.exe
17:18:21.0586 0x0cfc  KeyIso - ok
17:18:21.0601 0x0cfc  [ 4677AF088A95F02A41F81733E33507C6, 0579EF63D0BB604CA4955A0A0CB1DE65AC99C28DBA6A1EB138793F338D36052A ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
17:18:21.0614 0x0cfc  Kodak AiO Network Discovery Service - ok
17:18:21.0629 0x0cfc  [ 60301F8FDF519FFEC307A686209C33BE, B9A31478707B518967A6200813DCBD4DE03824FBFAB6E35D4FA4DA783FD6305A ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
17:18:21.0648 0x0cfc  Kodak AiO Status Monitor Service - ok
17:18:21.0652 0x0cfc  [ CF11CC2B73D5155533C67354F9188E09, D59C30B9651F8E0952DFF34A010BC60A1D27AE10F5705C54424BF6BB7ADF9F62 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:18:21.0660 0x0cfc  KSecDD - ok
17:18:21.0666 0x0cfc  [ 2E56D51B184EFB8E353B7AF446299DC8, CE7AAFF89F3A0BFE191DE90430A04C7FB899F5CF3B704AA5A96F47D5F37192B2 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:18:21.0675 0x0cfc  KSecPkg - ok
17:18:21.0680 0x0cfc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:18:21.0699 0x0cfc  ksthunk - ok
17:18:21.0711 0x0cfc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:18:21.0737 0x0cfc  KtmRm - ok
17:18:21.0743 0x0cfc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:18:21.0766 0x0cfc  LanmanServer - ok
17:18:21.0772 0x0cfc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:18:21.0793 0x0cfc  LanmanWorkstation - ok
17:18:21.0800 0x0cfc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:18:21.0820 0x0cfc  lltdio - ok
17:18:21.0835 0x0cfc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:18:21.0858 0x0cfc  lltdsvc - ok
17:18:21.0861 0x0cfc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:18:21.0879 0x0cfc  lmhosts - ok
17:18:21.0886 0x0cfc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:18:21.0893 0x0cfc  LSI_FC - ok
17:18:21.0897 0x0cfc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:18:21.0905 0x0cfc  LSI_SAS - ok
17:18:21.0908 0x0cfc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:18:21.0914 0x0cfc  LSI_SAS2 - ok
17:18:21.0926 0x0cfc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:18:21.0934 0x0cfc  LSI_SCSI - ok
17:18:21.0940 0x0cfc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:18:21.0961 0x0cfc  luafv - ok
17:18:21.0965 0x0cfc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:18:21.0974 0x0cfc  Mcx2Svc - ok
17:18:21.0977 0x0cfc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:18:21.0983 0x0cfc  megasas - ok
17:18:21.0998 0x0cfc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:18:22.0009 0x0cfc  MegaSR - ok
17:18:22.0012 0x0cfc  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:18:22.0018 0x0cfc  MEIx64 - ok
17:18:22.0030 0x0cfc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:18:22.0051 0x0cfc  MMCSS - ok
17:18:22.0056 0x0cfc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:18:22.0074 0x0cfc  Modem - ok
17:18:22.0086 0x0cfc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:18:22.0094 0x0cfc  monitor - ok
17:18:22.0098 0x0cfc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:18:22.0105 0x0cfc  mouclass - ok
17:18:22.0109 0x0cfc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:18:22.0117 0x0cfc  mouhid - ok
17:18:22.0134 0x0cfc  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:18:22.0142 0x0cfc  mountmgr - ok
17:18:22.0184 0x0cfc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:18:22.0194 0x0cfc  mpio - ok
17:18:22.0197 0x0cfc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:18:22.0218 0x0cfc  mpsdrv - ok
17:18:22.0241 0x0cfc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:18:22.0275 0x0cfc  MpsSvc - ok
17:18:22.0286 0x0cfc  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:18:22.0304 0x0cfc  MRxDAV - ok
17:18:22.0315 0x0cfc  [ FCA01B0C70DAE9BE557577E719469D17, F9868B7B50EF6323BF6690F087A83928A1E82B96A19B27F344E10BF11E520C32 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:18:22.0325 0x0cfc  mrxsmb - ok
17:18:22.0345 0x0cfc  [ 386BE96797C5B480AD31E8B50CEE337C, 88E826F42BEB38CAA7C84AE6ED4D8EBC4D382A8A37CF9F7B8517B297F168F1B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:18:22.0357 0x0cfc  mrxsmb10 - ok
17:18:22.0361 0x0cfc  [ 841474CF2EB14F826038FBCC7D85B857, 4B1BC8AFDA54D1F16AC2AAB7EDDAE07FBF1E3B65D1658F8901A3E3175AF72800 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:18:22.0371 0x0cfc  mrxsmb20 - ok
17:18:22.0379 0x0cfc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:18:22.0385 0x0cfc  msahci - ok
17:18:22.0394 0x0cfc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:18:22.0402 0x0cfc  msdsm - ok
17:18:22.0419 0x0cfc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:18:22.0430 0x0cfc  MSDTC - ok
17:18:22.0439 0x0cfc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:18:22.0457 0x0cfc  Msfs - ok
17:18:22.0464 0x0cfc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:18:22.0483 0x0cfc  mshidkmdf - ok
17:18:22.0489 0x0cfc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:18:22.0494 0x0cfc  msisadrv - ok
17:18:22.0513 0x0cfc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:18:22.0544 0x0cfc  MSiSCSI - ok
17:18:22.0546 0x0cfc  msiserver - ok
17:18:22.0553 0x0cfc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:18:22.0573 0x0cfc  MSKSSRV - ok
17:18:22.0579 0x0cfc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:18:22.0599 0x0cfc  MSPCLOCK - ok
17:18:22.0604 0x0cfc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:18:22.0624 0x0cfc  MSPQM - ok
17:18:22.0646 0x0cfc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:18:22.0657 0x0cfc  MsRPC - ok
17:18:22.0660 0x0cfc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:18:22.0668 0x0cfc  mssmbios - ok
17:18:22.0678 0x0cfc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:18:22.0698 0x0cfc  MSTEE - ok
17:18:22.0711 0x0cfc  [ 32528D01ACBBC8DF6211268FA06D7C10, ACAEB89550FDAE7DD7701EB07ED1700933DDFABC753BB639E3C49457A40AFE30 ] mt7612US        C:\Windows\system32\DRIVERS\mt7612US.sys
17:18:22.0730 0x0cfc  mt7612US - ok
17:18:22.0733 0x0cfc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:18:22.0739 0x0cfc  MTConfig - ok
17:18:22.0749 0x0cfc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:18:22.0756 0x0cfc  Mup - ok
17:18:22.0764 0x0cfc  [ 7E11D1788F5B531D49EF0AF97202437B, 8BF4A65466D235F0AB8E8855B04920BEF81A7EAC29C066FFC258BE816EBED2F4 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:18:22.0774 0x0cfc  MyWiFiDHCPDNS - ok
17:18:22.0784 0x0cfc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:18:22.0811 0x0cfc  napagent - ok
17:18:22.0819 0x0cfc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:18:22.0834 0x0cfc  NativeWifiP - ok
17:18:22.0865 0x0cfc  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:18:22.0887 0x0cfc  NDIS - ok
17:18:22.0891 0x0cfc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:18:22.0910 0x0cfc  NdisCap - ok
17:18:22.0919 0x0cfc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:18:22.0938 0x0cfc  NdisTapi - ok
17:18:22.0944 0x0cfc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:18:22.0963 0x0cfc  Ndisuio - ok
17:18:22.0975 0x0cfc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:18:22.0996 0x0cfc  NdisWan - ok
17:18:22.0999 0x0cfc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:18:23.0016 0x0cfc  NDProxy - ok
17:18:23.0023 0x0cfc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:18:23.0041 0x0cfc  NetBIOS - ok
17:18:23.0050 0x0cfc  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:18:23.0080 0x0cfc  NetBT - ok
17:18:23.0082 0x0cfc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] Netlogon        C:\Windows\system32\lsass.exe
17:18:23.0089 0x0cfc  Netlogon - ok
17:18:23.0107 0x0cfc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:18:23.0134 0x0cfc  Netman - ok
17:18:23.0151 0x0cfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:23.0160 0x0cfc  NetMsmqActivator - ok
17:18:23.0170 0x0cfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:23.0178 0x0cfc  NetPipeActivator - ok
17:18:23.0189 0x0cfc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:18:23.0216 0x0cfc  netprofm - ok
17:18:23.0220 0x0cfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:23.0229 0x0cfc  NetTcpActivator - ok
17:18:23.0246 0x0cfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:18:23.0254 0x0cfc  NetTcpPortSharing - ok
17:18:23.0277 0x0cfc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:18:23.0284 0x0cfc  nfrd960 - ok
17:18:23.0306 0x0cfc  [ 956BB5F7CCC82D31BF32AE43A41D1ADE, 4AF9F85B2E6C4966B9125A0F3728459C221EF4CD3FFCDD65435D7AD01E141176 ] NitroReaderDriverReadSpool5 C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
17:18:23.0316 0x0cfc  NitroReaderDriverReadSpool5 - ok
17:18:23.0324 0x0cfc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:18:23.0337 0x0cfc  NlaSvc - ok
17:18:23.0340 0x0cfc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:18:23.0359 0x0cfc  Npfs - ok
17:18:23.0367 0x0cfc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:18:23.0387 0x0cfc  nsi - ok
17:18:23.0392 0x0cfc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:18:23.0412 0x0cfc  nsiproxy - ok
17:18:23.0441 0x0cfc  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:18:23.0471 0x0cfc  Ntfs - ok
17:18:23.0482 0x0cfc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:18:23.0511 0x0cfc  Null - ok
17:18:23.0525 0x0cfc  [ 67B51A97733B10D716B366C2ED126763, C34B889D39A4443A82BCDF6B9A0BF637D2ECC37BBB1AAE21143EC9E3DC495D90 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:18:23.0537 0x0cfc  NVHDA - ok
17:18:23.0732 0x0cfc  [ 71CF83223F3ADC2EC9DC0FDA8702E312, A76E94F73CD1EAB5D49EF8A206B1E4BC141620B482236E0FD17F5FA0CAD05863 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:18:23.0978 0x0cfc  nvlddmkm - ok
17:18:24.0017 0x0cfc  [ A6102293847A7A2DF01E7BF7AC1C1F12, 14E4E75711C00DA826136FB531E9AD53787502F441103386C5CD37EEFCE27AFC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
17:18:24.0055 0x0cfc  NvNetworkService - ok
17:18:24.0072 0x0cfc  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:18:24.0080 0x0cfc  nvraid - ok
17:18:24.0095 0x0cfc  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:18:24.0104 0x0cfc  nvstor - ok
17:18:24.0111 0x0cfc  [ 99D42078C9596A20A7B3419159265A25, E9F5380E6597C79B26B2CBAAC534F31C5027F32AAA0FD5876CF7E9BB6658F30C ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:18:24.0117 0x0cfc  NvStreamKms - ok
17:18:24.0170 0x0cfc  [ E6A64322EB213AEACBB61584AA6FB032, FA91C89B81DD7F3EC22DF71FFC3A506AD40AE76EC91F1115CCAB6ED39431369D ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
17:18:24.0245 0x0cfc  NvStreamNetworkSvc - ok
17:18:24.0291 0x0cfc  [ A8213BF32D2E75ADD362E118AD164749, 6F35210ED11088FE64F13DD63053FFDA4628A5F6397DA33A345970962AB83499 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
17:18:24.0352 0x0cfc  NvStreamSvc - ok
17:18:24.0385 0x0cfc  [ F07CC5C6A71B002C50D74FD611F44538, 85A341530740A71768947E721B0A979DEE328348F3083806A367DAA0CD628CB4 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:18:24.0415 0x0cfc  nvsvc - ok
17:18:24.0427 0x0cfc  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
17:18:24.0435 0x0cfc  nvvad_WaveExtensible - ok
17:18:24.0448 0x0cfc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:18:24.0456 0x0cfc  nv_agp - ok
17:18:24.0472 0x0cfc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:18:24.0482 0x0cfc  ohci1394 - ok
17:18:24.0539 0x0cfc  [ AD851D818F399DD946A9C17AB2156F22, 4A541E7A3A3164581BFB9080DE0976E18F6DD00E39458EBBCBD3B2445708BEB5 ] Origin Client Service G:\Origin\OriginClientService.exe
17:18:24.0593 0x0cfc  Origin Client Service - ok
17:18:24.0638 0x0cfc  [ 788363C87EBD90AC1EAD2DC5A9A40759, B565663B459414C5C9F81451D9A127D62CDF605BC2A9E686F74A2E4FD44A9B43 ] Origin Web Helper Service G:\Origin\OriginWebHelperService.exe
17:18:24.0696 0x0cfc  Origin Web Helper Service - ok
17:18:24.0706 0x0cfc  [ A5FB4253A5C42548C817864826E5F202, A5F0E2564D530B14B43BEA359602C4A753C45497971587D208EA56AC8C4AEDBD ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:18:24.0719 0x0cfc  ose64 - ok
17:18:24.0791 0x0cfc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:18:24.0887 0x0cfc  osppsvc - ok
17:18:24.0899 0x0cfc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:18:24.0912 0x0cfc  p2pimsvc - ok
17:18:24.0922 0x0cfc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:18:24.0937 0x0cfc  p2psvc - ok
17:18:24.0941 0x0cfc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:18:24.0950 0x0cfc  Parport - ok
17:18:24.0953 0x0cfc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:18:24.0960 0x0cfc  partmgr - ok
17:18:24.0965 0x0cfc  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:18:24.0976 0x0cfc  PcaSvc - ok
17:18:24.0981 0x0cfc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:18:24.0991 0x0cfc  pci - ok
17:18:24.0993 0x0cfc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:18:24.0999 0x0cfc  pciide - ok
17:18:25.0005 0x0cfc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:18:25.0015 0x0cfc  pcmcia - ok
17:18:25.0018 0x0cfc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:18:25.0024 0x0cfc  pcw - ok
17:18:25.0035 0x0cfc  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:18:25.0054 0x0cfc  PEAUTH - ok
17:18:25.0076 0x0cfc  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:18:25.0108 0x0cfc  PeerDistSvc - ok
17:18:25.0133 0x0cfc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:18:25.0141 0x0cfc  PerfHost - ok
17:18:25.0165 0x0cfc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:18:25.0209 0x0cfc  pla - ok
17:18:25.0219 0x0cfc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:18:25.0234 0x0cfc  PlugPlay - ok
17:18:25.0237 0x0cfc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:18:25.0245 0x0cfc  PNRPAutoReg - ok
17:18:25.0252 0x0cfc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:18:25.0263 0x0cfc  PNRPsvc - ok
17:18:25.0274 0x0cfc  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:18:25.0290 0x0cfc  PolicyAgent - ok
17:18:25.0296 0x0cfc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:18:25.0319 0x0cfc  Power - ok
17:18:25.0323 0x0cfc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:18:25.0343 0x0cfc  PptpMiniport - ok
17:18:25.0346 0x0cfc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:18:25.0354 0x0cfc  Processor - ok
17:18:25.0359 0x0cfc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:18:25.0371 0x0cfc  ProfSvc - ok
17:18:25.0373 0x0cfc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:18:25.0379 0x0cfc  ProtectedStorage - ok
17:18:25.0385 0x0cfc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:18:25.0405 0x0cfc  Psched - ok
17:18:25.0428 0x0cfc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:18:25.0461 0x0cfc  ql2300 - ok
17:18:25.0466 0x0cfc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:18:25.0474 0x0cfc  ql40xx - ok
17:18:25.0481 0x0cfc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:18:25.0495 0x0cfc  QWAVE - ok
17:18:25.0497 0x0cfc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:18:25.0507 0x0cfc  QWAVEdrv - ok
17:18:25.0509 0x0cfc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:18:25.0528 0x0cfc  RasAcd - ok
17:18:25.0531 0x0cfc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:18:25.0550 0x0cfc  RasAgileVpn - ok
17:18:25.0554 0x0cfc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:18:25.0574 0x0cfc  RasAuto - ok
17:18:25.0578 0x0cfc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:18:25.0599 0x0cfc  Rasl2tp - ok
17:18:25.0607 0x0cfc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:18:25.0632 0x0cfc  RasMan - ok
17:18:25.0636 0x0cfc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:18:25.0656 0x0cfc  RasPppoe - ok
17:18:25.0659 0x0cfc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:18:25.0679 0x0cfc  RasSstp - ok
17:18:25.0685 0x0cfc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:18:25.0709 0x0cfc  rdbss - ok
17:18:25.0712 0x0cfc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:18:25.0719 0x0cfc  rdpbus - ok
17:18:25.0722 0x0cfc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:18:25.0739 0x0cfc  RDPCDD - ok
17:18:25.0745 0x0cfc  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:18:25.0755 0x0cfc  RDPDR - ok
17:18:25.0758 0x0cfc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:18:25.0776 0x0cfc  RDPENCDD - ok
17:18:25.0779 0x0cfc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:18:25.0798 0x0cfc  RDPREFMP - ok
17:18:25.0804 0x0cfc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:18:25.0815 0x0cfc  RDPWD - ok
17:18:25.0831 0x0cfc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:18:25.0845 0x0cfc  rdyboost - ok
17:18:25.0875 0x0cfc  [ F09087C51C6AE42AE7DABE1EB3E44C17, DAE1CB123EA830DFCB68FD34A95FC427755FBBAD7AD16EE3F0D4941A25AD49F4 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:18:25.0883 0x0cfc  RegSrvc - ok
17:18:25.0887 0x0cfc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:18:25.0907 0x0cfc  RemoteAccess - ok
17:18:25.0912 0x0cfc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:18:25.0935 0x0cfc  RemoteRegistry - ok
17:18:25.0938 0x0cfc  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
17:18:25.0944 0x0cfc  Revoflt - ok
17:18:25.0947 0x0cfc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:18:25.0967 0x0cfc  RpcEptMapper - ok
17:18:25.0969 0x0cfc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:18:25.0977 0x0cfc  RpcLocator - ok
17:18:25.0986 0x0cfc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:18:26.0011 0x0cfc  RpcSs - ok
17:18:26.0015 0x0cfc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:18:26.0035 0x0cfc  rspndr - ok
17:18:26.0037 0x0cfc  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:18:26.0044 0x0cfc  s3cap - ok
17:18:26.0046 0x0cfc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] SamSs           C:\Windows\system32\lsass.exe
17:18:26.0052 0x0cfc  SamSs - ok
17:18:26.0056 0x0cfc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:18:26.0064 0x0cfc  sbp2port - ok
17:18:26.0069 0x0cfc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:18:26.0092 0x0cfc  SCardSvr - ok
17:18:26.0097 0x0cfc  [ 81912490882BE0F971B582AD1C33CA57, F0D94B8DAB7012C6407A866A148A93641684D26400CCF65856A08E423AD18DF0 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
17:18:26.0105 0x0cfc  SCDEmu - ok
17:18:26.0107 0x0cfc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:18:26.0126 0x0cfc  scfilter - ok
17:18:26.0143 0x0cfc  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
17:18:26.0170 0x0cfc  Schedule - ok
17:18:26.0174 0x0cfc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:18:26.0192 0x0cfc  SCPolicySvc - ok
17:18:26.0197 0x0cfc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:18:26.0208 0x0cfc  SDRSVC - ok
17:18:26.0211 0x0cfc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:18:26.0217 0x0cfc  secdrv - ok
17:18:26.0220 0x0cfc  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
17:18:26.0227 0x0cfc  seclogon - ok
17:18:26.0230 0x0cfc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:18:26.0250 0x0cfc  SENS - ok
17:18:26.0253 0x0cfc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:18:26.0260 0x0cfc  SensrSvc - ok
17:18:26.0263 0x0cfc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:18:26.0270 0x0cfc  Serenum - ok
17:18:26.0274 0x0cfc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:18:26.0282 0x0cfc  Serial - ok
17:18:26.0285 0x0cfc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:18:26.0292 0x0cfc  sermouse - ok
17:18:26.0298 0x0cfc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:18:26.0320 0x0cfc  SessionEnv - ok
17:18:26.0323 0x0cfc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:18:26.0330 0x0cfc  sffdisk - ok
17:18:26.0332 0x0cfc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:18:26.0338 0x0cfc  sffp_mmc - ok
17:18:26.0340 0x0cfc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:18:26.0347 0x0cfc  sffp_sd - ok
17:18:26.0350 0x0cfc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:18:26.0356 0x0cfc  sfloppy - ok
17:18:26.0363 0x0cfc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:18:26.0388 0x0cfc  SharedAccess - ok
17:18:26.0397 0x0cfc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:18:26.0422 0x0cfc  ShellHWDetection - ok
17:18:26.0425 0x0cfc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:18:26.0432 0x0cfc  SiSRaid2 - ok
17:18:26.0436 0x0cfc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:18:26.0443 0x0cfc  SiSRaid4 - ok
17:18:26.0451 0x0cfc  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:18:26.0464 0x0cfc  SkypeUpdate - ok
17:18:26.0468 0x0cfc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:18:26.0488 0x0cfc  Smb - ok
17:18:26.0492 0x0cfc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:18:26.0499 0x0cfc  SNMPTRAP - ok
17:18:26.0501 0x0cfc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:18:26.0506 0x0cfc  spldr - ok
17:18:26.0516 0x0cfc  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
17:18:26.0542 0x0cfc  Spooler - ok
17:18:26.0592 0x0cfc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:18:26.0672 0x0cfc  sppsvc - ok
17:18:26.0678 0x0cfc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:18:26.0698 0x0cfc  sppuinotify - ok
17:18:26.0708 0x0cfc  [ FEB80A9EC320569CC82D4DB9F4AC78BC, E6340CDA9B5F59DBE68128356E357FEDA3655A296BFE4B7F44944F2DE5DA9765 ] sptd            C:\Windows\System32\Drivers\sptd.sys
17:18:26.0720 0x0cfc  sptd - ok
17:18:26.0730 0x0cfc  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:18:26.0744 0x0cfc  srv - ok
17:18:26.0753 0x0cfc  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:18:26.0766 0x0cfc  srv2 - ok
17:18:26.0771 0x0cfc  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:18:26.0781 0x0cfc  srvnet - ok
17:18:26.0786 0x0cfc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:18:26.0810 0x0cfc  SSDPSRV - ok
17:18:26.0813 0x0cfc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:18:26.0835 0x0cfc  SstpSvc - ok
17:18:26.0859 0x0cfc  [ 9867A86327E8AE3806305F1BCF01211A, CCDDB2560B30D27CE662F1B02710E1FAA9331E6A27D9A6629EEDED2CBA822062 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:18:26.0890 0x0cfc  Steam Client Service - ok
17:18:26.0900 0x0cfc  [ 4AD54C2E540F2364607A26F3585A509F, AB453222A1F9C906478AFA9460C4687F4D40B504C2F29E68F047D2D38A2BFBB8 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
17:18:26.0912 0x0cfc  Stereo Service - ok
17:18:26.0915 0x0cfc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:18:26.0921 0x0cfc  stexstor - ok
17:18:26.0932 0x0cfc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:18:26.0952 0x0cfc  stisvc - ok
17:18:26.0955 0x0cfc  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:18:26.0961 0x0cfc  storflt - ok
17:18:26.0963 0x0cfc  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
17:18:26.0970 0x0cfc  StorSvc - ok
17:18:26.0973 0x0cfc  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:18:26.0979 0x0cfc  storvsc - ok
17:18:26.0981 0x0cfc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:18:26.0986 0x0cfc  swenum - ok
17:18:26.0999 0x0cfc  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:18:27.0014 0x0cfc  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
17:18:28.0096 0x0cfc  Detect skipped due to KSN trusted
17:18:28.0096 0x0cfc  SwitchBoard - ok
17:18:28.0107 0x0cfc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:18:28.0136 0x0cfc  swprv - ok
17:18:28.0162 0x0cfc  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
17:18:28.0199 0x0cfc  SysMain - ok
17:18:28.0204 0x0cfc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:18:28.0215 0x0cfc  TabletInputService - ok
17:18:28.0222 0x0cfc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:18:28.0245 0x0cfc  TapiSrv - ok
17:18:28.0249 0x0cfc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:18:28.0269 0x0cfc  TBS - ok
17:18:28.0296 0x0cfc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:18:28.0335 0x0cfc  Tcpip - ok
17:18:28.0363 0x0cfc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:18:28.0395 0x0cfc  TCPIP6 - ok
17:18:28.0400 0x0cfc  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:18:28.0419 0x0cfc  tcpipreg - ok
17:18:28.0422 0x0cfc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:18:28.0429 0x0cfc  TDPIPE - ok
17:18:28.0489 0x0cfc  [ 1226A953D4FDBDFD570DA5CEE66EAA55, 640922152493057519198A55373A82CD1C7DCF0C219F4ECE7D2C30363FFA1E86 ] TDslMgrService  E:\Telekom netzmanager\DslMgrSvc.exe
17:18:28.0505 0x0cfc  TDslMgrService - detected UnsignedFile.Multi.Generic ( 1 )
17:18:29.0588 0x0cfc  Detect skipped due to KSN trusted
17:18:29.0588 0x0cfc  TDslMgrService - ok
17:18:29.0591 0x0cfc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:18:29.0598 0x0cfc  TDTCP - ok
17:18:29.0602 0x0cfc  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:18:29.0610 0x0cfc  tdx - ok
17:18:29.0614 0x0cfc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:18:29.0620 0x0cfc  TermDD - ok
17:18:29.0632 0x0cfc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
17:18:29.0650 0x0cfc  TermService - ok
17:18:29.0653 0x0cfc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:18:29.0663 0x0cfc  Themes - ok
17:18:29.0666 0x0cfc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:18:29.0685 0x0cfc  THREADORDER - ok
17:18:29.0690 0x0cfc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:18:29.0711 0x0cfc  TrkWks - ok
17:18:29.0717 0x0cfc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:18:29.0739 0x0cfc  TrustedInstaller - ok
17:18:29.0742 0x0cfc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:18:29.0750 0x0cfc  tssecsrv - ok
17:18:29.0753 0x0cfc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:18:29.0762 0x0cfc  TsUsbFlt - ok
17:18:29.0767 0x0cfc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:18:29.0786 0x0cfc  tunnel - ok
17:18:29.0789 0x0cfc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:18:29.0796 0x0cfc  uagp35 - ok
17:18:29.0803 0x0cfc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:18:29.0827 0x0cfc  udfs - ok
17:18:29.0831 0x0cfc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:18:29.0839 0x0cfc  UI0Detect - ok
17:18:29.0842 0x0cfc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:18:29.0849 0x0cfc  uliagpkx - ok
17:18:29.0853 0x0cfc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
17:18:29.0860 0x0cfc  umbus - ok
17:18:29.0862 0x0cfc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:18:29.0869 0x0cfc  UmPass - ok
17:18:29.0874 0x0cfc  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:18:29.0886 0x0cfc  UmRdpService - ok
17:18:29.0893 0x0cfc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:18:29.0918 0x0cfc  upnphost - ok
17:18:29.0923 0x0cfc  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:18:29.0932 0x0cfc  USBAAPL64 - ok
17:18:29.0936 0x0cfc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:18:29.0945 0x0cfc  usbaudio - ok
17:18:29.0949 0x0cfc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:18:29.0956 0x0cfc  usbccgp - ok
17:18:29.0960 0x0cfc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:18:29.0969 0x0cfc  usbcir - ok
17:18:29.0972 0x0cfc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:18:29.0980 0x0cfc  usbehci - ok
17:18:29.0988 0x0cfc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:18:30.0001 0x0cfc  usbhub - ok
17:18:30.0003 0x0cfc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:18:30.0010 0x0cfc  usbohci - ok
17:18:30.0013 0x0cfc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:18:30.0022 0x0cfc  usbprint - ok
17:18:30.0025 0x0cfc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:18:30.0032 0x0cfc  usbscan - ok
17:18:30.0036 0x0cfc  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:18:30.0045 0x0cfc  USBSTOR - ok
17:18:30.0047 0x0cfc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:18:30.0054 0x0cfc  usbuhci - ok
17:18:30.0057 0x0cfc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:18:30.0078 0x0cfc  UxSms - ok
17:18:30.0080 0x0cfc  [ 0EE3B249D8079D72D4C84B108E99A16F, 453A792CDF2133949EA2E1FFC2373C3CC16895FCAED82A0A403E432ED161DAB9 ] VaultSvc        C:\Windows\system32\lsass.exe
17:18:30.0087 0x0cfc  VaultSvc - ok
17:18:30.0104 0x0cfc  [ 839927AE745E5FEEFF2FEDB1C360808A, E4E90BE76F8FD3FAE43EC4AA2560F0B539F229CEA4D758C8C9D4EC0EEE10BB7A ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:18:30.0127 0x0cfc  VBoxDrv - ok
17:18:30.0134 0x0cfc  [ AF7181C136C761FFF1D4BDEAC89ADFDB, 20FDA090A193FE611C2147FA43F1CC7645389FC44F3F92D0655EEFF7A2AA6B1E ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
17:18:30.0143 0x0cfc  VBoxNetAdp - ok
17:18:30.0149 0x0cfc  [ FFBED9472385DD8F18191EE8AAC08AEB, FC6B0F6E17200434C80D492276C3B564990DE5C394486C99FACFC2934EB9BA77 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
17:18:30.0159 0x0cfc  VBoxNetLwf - ok
17:18:30.0164 0x0cfc  [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
17:18:30.0174 0x0cfc  VBoxUSB - ok
17:18:30.0176 0x0cfc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:18:30.0182 0x0cfc  vdrvroot - ok
17:18:30.0192 0x0cfc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:18:30.0220 0x0cfc  vds - ok
17:18:30.0224 0x0cfc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:18:30.0232 0x0cfc  vga - ok
17:18:30.0234 0x0cfc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:18:30.0253 0x0cfc  VgaSave - ok
17:18:30.0259 0x0cfc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:18:30.0269 0x0cfc  vhdmp - ok
17:18:30.0271 0x0cfc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:18:30.0277 0x0cfc  viaide - ok
17:18:30.0283 0x0cfc  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:18:30.0292 0x0cfc  vmbus - ok
17:18:30.0294 0x0cfc  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:18:30.0301 0x0cfc  VMBusHID - ok
17:18:30.0303 0x0cfc  vmci - ok
17:18:30.0305 0x0cfc  VMnetAdapter - ok
17:18:30.0308 0x0cfc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:18:30.0315 0x0cfc  volmgr - ok
17:18:30.0322 0x0cfc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:18:30.0334 0x0cfc  volmgrx - ok
17:18:30.0341 0x0cfc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:18:30.0352 0x0cfc  volsnap - ok
17:18:30.0358 0x0cfc  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
17:18:30.0367 0x0cfc  vpcbus - ok
17:18:30.0372 0x0cfc  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:18:30.0380 0x0cfc  vpcnfltr - ok
17:18:30.0384 0x0cfc  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
17:18:30.0393 0x0cfc  vpcusb - ok
17:18:30.0401 0x0cfc  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
17:18:30.0414 0x0cfc  vpcvmm - ok
17:18:30.0419 0x0cfc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:18:30.0428 0x0cfc  vsmraid - ok
17:18:30.0451 0x0cfc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:18:30.0497 0x0cfc  VSS - ok
17:18:30.0501 0x0cfc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:18:30.0510 0x0cfc  vwifibus - ok
17:18:30.0518 0x0cfc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:18:30.0544 0x0cfc  W32Time - ok
17:18:30.0547 0x0cfc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:18:30.0555 0x0cfc  WacomPen - ok
17:18:30.0559 0x0cfc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:18:30.0578 0x0cfc  WANARP - ok
17:18:30.0581 0x0cfc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:18:30.0599 0x0cfc  Wanarpv6 - ok
17:18:30.0619 0x0cfc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:18:30.0646 0x0cfc  WatAdminSvc - ok
17:18:30.0669 0x0cfc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:18:30.0702 0x0cfc  wbengine - ok
17:18:30.0708 0x0cfc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:18:30.0722 0x0cfc  WbioSrvc - ok
17:18:30.0730 0x0cfc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:18:30.0745 0x0cfc  wcncsvc - ok
17:18:30.0748 0x0cfc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:18:30.0756 0x0cfc  WcsPlugInService - ok
17:18:30.0758 0x0cfc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:18:30.0764 0x0cfc  Wd - ok
17:18:30.0777 0x0cfc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:18:30.0797 0x0cfc  Wdf01000 - ok
17:18:30.0801 0x0cfc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:18:30.0813 0x0cfc  WdiServiceHost - ok
17:18:30.0816 0x0cfc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:18:30.0826 0x0cfc  WdiSystemHost - ok
17:18:30.0833 0x0cfc  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
17:18:30.0844 0x0cfc  WebClient - ok
17:18:30.0850 0x0cfc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:18:30.0873 0x0cfc  Wecsvc - ok
17:18:30.0877 0x0cfc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:18:30.0897 0x0cfc  wercplsupport - ok
17:18:30.0901 0x0cfc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:18:30.0921 0x0cfc  WerSvc - ok
17:18:30.0924 0x0cfc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:18:30.0942 0x0cfc  WfpLwf - ok
17:18:30.0944 0x0cfc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:18:30.0950 0x0cfc  WIMMount - ok
17:18:30.0952 0x0cfc  WinDefend - ok
17:18:30.0954 0x0cfc  WinHttpAutoProxySvc - ok
17:18:30.0964 0x0cfc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:18:30.0987 0x0cfc  Winmgmt - ok
17:18:31.0015 0x0cfc  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:18:31.0057 0x0cfc  WinRM - ok
17:18:31.0065 0x0cfc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:18:31.0074 0x0cfc  WinUsb - ok
17:18:31.0089 0x0cfc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:18:31.0115 0x0cfc  Wlansvc - ok
17:18:31.0149 0x0cfc  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:18:31.0187 0x0cfc  wlidsvc - ok
17:18:31.0191 0x0cfc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:18:31.0198 0x0cfc  WmiAcpi - ok
17:18:31.0204 0x0cfc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:18:31.0215 0x0cfc  wmiApSrv - ok
17:18:31.0217 0x0cfc  WMPNetworkSvc - ok
17:18:31.0219 0x0cfc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:18:31.0227 0x0cfc  WPCSvc - ok
17:18:31.0231 0x0cfc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:18:31.0241 0x0cfc  WPDBusEnum - ok
17:18:31.0243 0x0cfc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:18:31.0263 0x0cfc  ws2ifsl - ok
17:18:31.0266 0x0cfc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:18:31.0278 0x0cfc  wscsvc - ok
17:18:31.0280 0x0cfc  WSearch - ok
17:18:31.0317 0x0cfc  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:18:31.0370 0x0cfc  wuauserv - ok
17:18:31.0376 0x0cfc  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:18:31.0396 0x0cfc  WudfPf - ok
17:18:31.0401 0x0cfc  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:18:31.0422 0x0cfc  WUDFRd - ok
17:18:31.0425 0x0cfc  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:18:31.0445 0x0cfc  wudfsvc - ok
17:18:31.0451 0x0cfc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:18:31.0466 0x0cfc  WwanSvc - ok
17:18:31.0469 0x0cfc  [ F0AE983ABA93D6A0327FC21B9ABED1C3, FB804CF5E8FF083E4223E4845311A1D2BEB2CEE1A0B5F0F1B1CEB0EF4D36B040 ] xb1usb          C:\Windows\system32\DRIVERS\xb1usb.sys
17:18:31.0479 0x0cfc  xb1usb - ok
17:18:31.0485 0x0cfc  [ F0701B21AE5546930A7B6DEC4C6F2779, 3ED7E5CA688FDA54604C491EB5A1A062E0D163E534AEAB7D9A2678D7F9175DF5 ] xboxgip         C:\Windows\system32\DRIVERS\xboxgip.sys
17:18:31.0501 0x0cfc  xboxgip - ok
17:18:31.0504 0x0cfc  [ 9A59E1059AE62321B7B85B6EB72F1509, 88D93E180C904E2C8B773DA1AC38B160953AFB3D483119DE7DCBEA17E6861555 ] xinputhid       C:\Windows\system32\DRIVERS\xinputhid.sys
17:18:31.0514 0x0cfc  xinputhid - ok
17:18:31.0518 0x0cfc  [ 2C6BC21B2D5B58D8B1D638C1704CB494, 0AABCEB627E274E338DDD9BA664BAA128D7C00AF04C95C776C2AFFA6BB17F680 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
17:18:31.0525 0x0cfc  xusb21 - ok
17:18:31.0571 0x0cfc  [ 5BCB1F6CB749B6826BE1C0F16FF2F600, EF36100ACC0591EB4E04D52E57423E43E331B5D5BA8DFF5854285198931CD3EE ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
17:18:31.0624 0x0cfc  ZeroConfigService - ok
17:18:31.0629 0x0cfc  ================ Scan global ===============================
17:18:31.0631 0x0cfc  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
17:18:31.0638 0x0cfc  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
17:18:31.0645 0x0cfc  [ 20EBCFD94E5F9C801354062991E7257B, 9CD497241559A5D6A8C2C77F1109B6D512BFFA8CC154480A3CDC36B7BB68BFAB ] C:\Windows\system32\winsrv.dll
17:18:31.0650 0x0cfc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:18:31.0658 0x0cfc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
17:18:31.0662 0x0cfc  [ Global ] - ok
17:18:31.0662 0x0cfc  ================ Scan MBR ==================================
17:18:31.0663 0x0cfc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:18:31.0912 0x0cfc  \Device\Harddisk0\DR0 - ok
17:18:31.0913 0x0cfc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:18:32.0001 0x0cfc  \Device\Harddisk1\DR1 - ok
17:18:32.0033 0x0cfc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk6\DR6
17:18:32.0265 0x0cfc  \Device\Harddisk6\DR6 - ok
17:18:32.0265 0x0cfc  ================ Scan VBR ==================================
17:18:32.0267 0x0cfc  [ 909137473DDEB604BF3970C2ED5BF06E ] \Device\Harddisk0\DR0\Partition1
17:18:32.0268 0x0cfc  \Device\Harddisk0\DR0\Partition1 - ok
17:18:32.0270 0x0cfc  [ A045445BEB9B37164406F84F4112A610 ] \Device\Harddisk0\DR0\Partition2
17:18:32.0271 0x0cfc  \Device\Harddisk0\DR0\Partition2 - ok
17:18:32.0272 0x0cfc  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
17:18:32.0272 0x0cfc  \Device\Harddisk1\DR1\Partition1 - ok
17:18:32.0274 0x0cfc  [ 0E8C24123BFBB0AFF9101965B0E96270 ] \Device\Harddisk1\DR1\Partition2
17:18:32.0275 0x0cfc  \Device\Harddisk1\DR1\Partition2 - ok
17:18:32.0276 0x0cfc  [ BA8FE403DB60F7732141B978798CD4C6 ] \Device\Harddisk6\DR6\Partition1
17:18:32.0277 0x0cfc  \Device\Harddisk6\DR6\Partition1 - ok
17:18:32.0278 0x0cfc  [ 959A297B78429791E21E3B5395659A1C ] \Device\Harddisk6\DR6\Partition2
17:18:32.0280 0x0cfc  \Device\Harddisk6\DR6\Partition2 - ok
17:18:32.0280 0x0cfc  ================ Scan generic autorun ======================
17:18:32.0491 0x0cfc  [ CE56F859CEF04D23458FC9C175D5F18B, 85358687BD0E35142FE9C414E98A26740BA3F5028CF82C06B5CA2A4DB9CB22F4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:18:32.0734 0x0cfc  RTHDVCPL - ok
17:18:32.0745 0x0cfc  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
17:18:32.0753 0x0cfc  ShadowPlay - ok
17:18:32.0764 0x0cfc  [ 48515EEA1608ECD83FE26C7490460F59, C7C552D13ED12B4165FDE45F69E170D4F18B746D84B3B08E7254AAF8D9671D0C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
17:18:32.0778 0x0cfc  AdobeAAMUpdater-1.0 - ok
17:18:32.0935 0x0cfc  [ 1710A603D1EEBF86D738D1C6283C39B3, 5427A41AB64122FC119A42D7E4954A04A650FE88BD2B7FD2D4CDD1E823433268 ] E:\Programme\ITunes\iTunesHelper.exe
17:18:32.0949 0x0cfc  iTunesHelper - ok
17:18:32.0957 0x0cfc  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
17:18:32.0966 0x0cfc  USB3MON - ok
17:18:32.0984 0x0cfc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:18:33.0011 0x0cfc  Sidebar - ok
17:18:33.0015 0x0cfc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:18:33.0026 0x0cfc  mctadmin - ok
17:18:33.0044 0x0cfc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:18:33.0067 0x0cfc  Sidebar - ok
17:18:33.0071 0x0cfc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:18:33.0080 0x0cfc  mctadmin - ok
17:18:33.0268 0x0cfc  [ 2269768074F6A93E454BA384ED9652E2, 3BB698018941471327A3031CC0F4011D69EBA03B00E9E6F2D99922639DCCDA59 ] C:\Program Files\CCleaner\CCleaner64.exe
17:18:33.0408 0x0cfc  CCleaner Monitoring - ok
17:18:33.0420 0x0cfc  [ 6DB9A0FBDA5556B925D64651D57031D3, AE4C9196EFD61B973F93FDDAA001F7C239100EDD7E3F840927C0C07B08C69C04 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
17:18:33.0427 0x0cfc  iCloudServices - ok
17:18:33.0427 0x0cfc  Waiting for KSN requests completion. In queue: 135
17:18:34.0427 0x0cfc  Waiting for KSN requests completion. In queue: 135
17:18:35.0427 0x0cfc  Waiting for KSN requests completion. In queue: 135
17:18:36.0440 0x0cfc  AV detected via SS2: ESET Smart Security 9.0.408.1, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 9.0.407.0 ), 0x41000 ( enabled : updated )
17:18:36.0441 0x0cfc  FW detected via SS2: ESET Personal Firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 9.0.407.0 ), 0x41010 ( enabled )
17:18:37.0520 0x0cfc  ============================================================
17:18:37.0520 0x0cfc  Scan finished
17:18:37.0520 0x0cfc  ============================================================
17:18:37.0524 0x0d08  Detected object count: 0
17:18:37.0524 0x0d08  Actual detected object count: 0

fertig oder ?

cosinus · 02.01.2017, 20:38

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Erwin80 · 03.01.2017, 03:44

adwCleaner hat garnichts gefunden!
also auch keinen neustart verlangt

bin aber auch noch hier nach der meinung das nicht alles wieder ordnungs gemäß funktioniert

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64 
Ran by Erwin(Administrator) on 03.01.2017 at  3:32:08,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8 

Successfully deleted: C:\Users\Erwin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M6D122B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erwin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNKE5M17 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erwin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LUXPAX (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Erwin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUATORIA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M6D122B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNKE5M17 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1LUXPAX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUATORIA (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.01.2017 at  3:33:59,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus · 03.01.2017, 09:00

Einfach die Logs posten wie es in der Anleitung steht. Egal ob Fund oder kein Fund.

Dass alles wieder normal sei nach adwCleaner und JRT wurde übrigens nicht behauptet.

Erwin80 · 03.01.2017, 12:28

Code:

ATTFilter

# AdwCleaner v6.041 - Logfile created 18/12/2016 at 21:12:58
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-18.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Erwin - Erwin-PC
# Running from : C:\Users\Erwin\Desktop\AdwCleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\Software\AppDataLow\Software\adawarebp
Key Found:  HKCU\Software\AppDataLow\Software\adawarebp
Key Found:  [x64] HKCU\Software\AppDataLow\Software\adawarebp


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [852 Bytes] - [02/08/2016 13:54:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [938 Bytes] - [03/08/2016 22:59:27]
C:\AdwCleaner\AdwCleaner[S3].txt - [1311 Bytes] - [13/08/2016 10:18:24]
C:\AdwCleaner\AdwCleaner[S4].txt - [1384 Bytes] - [24/08/2016 22:43:18]
C:\AdwCleaner\AdwCleaner[S5].txt - [1457 Bytes] - [07/09/2016 22:16:43]
C:\AdwCleaner\AdwCleaner[S6].txt - [1544 Bytes] - [30/10/2016 10:03:48]
C:\AdwCleaner\AdwCleaner[S7].txt - [1776 Bytes] - [18/12/2016 21:12:15]
C:\AdwCleaner\AdwCleaner[S8].txt - [1718 Bytes] - [18/12/2016 21:12:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1791 Bytes] ##########

ok dann muss es jetzt wie weiter gehen?

cosinus · 03.01.2017, 13:09

Zitat:

Key Found: HKU\S-1-5-21-3372468986-2828329476-3420813562-1000\Software\AppDataLow\Software\adawarebp
Key Found: HKCU\Software\AppDataLow\Software\adawarebp
Key Found: [x64] HKCU\Software\AppDataLow\Software\adawarebp

Soviel zum Thema da wurde nix gefunden!

Erwin80 · 03.01.2017, 14:11

Zitat:

Zitat von cosinus

Soviel zum Thema da wurde nix gefunden!

Sorry übersehen!
da das programm sagte es sei nix gefunden worden doch der bericht sagt und zeigt dir was anderes, was ich dann erst auch gesehen habe...

wie geht es jetzt weiter ?

02.01.2017, 15:43	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win 7 in Troja ? Was sollst du machen, wenn MBAR fündig wurde? __________________ Logfiles bitte immer in CODE-Tags posten

03.01.2017, 09:00	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win 7 in Troja ? Einfach die Logs posten wie es in der Anleitung steht. Egal ob Fund oder kein Fund. Dass alles wieder normal sei nach adwCleaner und JRT wurde übrigens nicht behauptet. __________________ Logfiles bitte immer in CODE-Tags posten

Win 7 in Troja ?

Log-Analyse und Auswertung: Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Win 7 in Troja ?

Ähnliche Themen: Win 7 in Troja ?

31.12.2016, 14:24	#1
Erwin80	Win 7 in Troja ? hi ich glaube ich habe trojaner ...daher frage ich um hilfe Welche angaben sind nötig um das Problem zu erkennen?