| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Crypt0L0cker verschlüsselt DatenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.02.2017, 10:50
| #1 |
 |  Windows 10: Crypt0L0cker verschlüsselt Daten Hochgeschätzter Tronjaner-Board, im Jahr 2013 war der Computer meiner Mutter mit einem Trojaner befallen. Ihr habt uns damals sehr geholfen. Seit gestern hat meine Mutter nun wieder ein Problem mit einem Trojaner und ich möchte euch bitten uns noch mal zu helfen. Betriebssystem: Windows 10. 64 Bit Problem: Vermutlich durch das Öffnen eines Links in einer Fake Email wurde gestern der Crypt0L0cker Virus installiert. Folgende Botschaft erscheint "Warnung. Wir verschlüsseln Ihre Dateien mit Crypt0L0cker Virus. Ihre wichtigen Dateien (einschließlich der an den Netzwerk-Festplatten, USB, etc): Fotos, Videos, Dokumente etc wurden mit Croypt0L0cker Virus verschlüsselt..." Soweit ich verstanden habe, ist es nicht möglich die verschlüsselten Daten wiederherzustellen ohne an die Trojaner Produzenten zu zahlen. Jedoch wäre es eine große Hilfe, wenn wir den Crypt0L0cker entfernen könnten ohne den Computer neu aufsetzen zu müssen. Falls ihr das für realistisch haltet, würde ich um eure Hilfe bitten. Im Folgenden die Log-files die ich nach der Anleitung im Trojaner Board erstellt habe: Datei FRST.txt (nicht modifiziert von mir) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
durchgeführt von susanna (Administrator) auf DESKTOP-UCUGHB0 (18-02-2017 09:52:01)
Gestartet von C:\Users\susanna\Desktop
Geladene Profile: susanna (Verfügbare Profile: susanna)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Google, Inc) C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-10-31] (Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [761552 2015-10-31] (Conexant Systems, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Update] => C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Photos Backup] => C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [elediqox] => C:\ProgramData\ezrqataz.exe [420141 2017-02-17] ()
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\MountPoints2: {21bb27df-a001-11e6-9bd9-94659c8225c0} - "F:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{17ebd3bc-c7ce-4046-89a5-d93e4956d619}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7c21e3e9-6321-477e-8d68-76fb76ab94b1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9307f2c0-06fa-4da8-960f-c7d233cd6b4e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f121af7d-fab6-4796-b816-605c5b1d4f30}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: migbducy.default
FF ProfilePath: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default [2017-02-18]
FF Extension: (Firefox Hotfix) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\features\{3fd508e7-50e6-4634-b2a5-13969366ccb4}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF SearchPlugin: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\searchplugins\amazoncom-pro.xml [2015-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=3 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=9 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Brother XP spl Service; C:\WINDOWS\SysWoW64\brsvc01a.exe [57344 2015-11-07] (brother Industries Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-20] (Windows (R) Win 7 DDK provider)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2015-10-31] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370072 2015-10-31] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [243800 2015-10-26] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-10-31] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263792 2016-01-18] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [53248 2015-10-31] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [548848 2016-01-23] (Intel Corporation)
R3 hidemi; C:\WINDOWS\System32\drivers\hidemi.sys [37720 2015-10-31] (Microchip)
U5 iaStorB; C:\Windows\System32\Drivers\iaStorB.sys [559576 2015-05-21] (Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-04] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 mchpemi; C:\WINDOWS\System32\drivers\mchpemi.sys [46432 2015-10-31] (Microchip)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [6731520 2016-01-29] (Intel Corporation)
R3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [46568 2015-10-31] (Nfc GPIO Driver)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-11] (AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-11] (AMD, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [772336 2015-10-31] (Realsil Semiconductor Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-10-31] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [760832 2016-03-09] (Sunplus)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [74352 2016-01-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2016-02-17] (HP)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-18 09:52 - 2017-02-18 09:52 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arfxribw.sys
2017-02-18 09:52 - 2017-02-18 09:52 - 00015381 _____ C:\Users\susanna\Desktop\FRST.txt
2017-02-18 09:51 - 2017-02-18 09:52 - 00000000 ____D C:\FRST
2017-02-18 09:48 - 2017-02-18 09:51 - 02422272 _____ (Farbar) C:\Users\susanna\Desktop\FRST64.exe
2017-02-18 09:39 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\Desktop\ForcePad Tutorial.lnk
2017-02-18 09:39 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad Tutorial.lnk
2017-02-18 09:39 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\Desktop\ForcePad-Einstellungen.lnk
2017-02-18 09:39 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad-Einstellungen.lnk
2017-02-17 11:11 - 2017-02-17 11:14 - 00604928 _____ (Reimage) C:\Users\susanna\Downloads\ReimageRepair.exe
2017-02-17 10:42 - 2017-02-17 10:42 - 00003801 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:42 - 2017-02-17 10:42 - 00001250 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:10 - 2017-02-17 10:10 - 00003801 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:10 - 2017-02-17 10:10 - 00001250 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-18 09:40 - 00003801 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:00 - 2017-02-18 09:40 - 00001250 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-17 10:01 - 00000000 ____D C:\ProgramData\uwupefovygigylih
2017-02-02 17:02 - 2017-02-17 10:00 - 00000000 ____D C:\Users\susanna\Desktop\LOLI
2017-02-02 16:41 - 2017-02-17 10:00 - 00214608 _____ C:\Users\susanna\Desktop\Totes Gebirge 7 September 2011.JPG.jqvcak
2017-02-02 16:38 - 2017-02-17 10:00 - 00381338 _____ C:\Users\susanna\Desktop\Totes Gebirge 6 September 2011.JPG.unaban
2017-02-02 16:36 - 2017-02-17 10:00 - 00187221 _____ C:\Users\susanna\Desktop\Totes Gebirge 5 September 2011.JPG.fhemet
2017-02-02 16:33 - 2017-02-17 10:00 - 00424168 _____ C:\Users\susanna\Desktop\Totes Gebirge 3 September 2011.JPG.ggoner
2017-02-02 16:33 - 2017-02-17 10:00 - 00292373 _____ C:\Users\susanna\Desktop\Totes Gebirge 2 September 2011.JPG.dvymiw
2017-02-02 16:31 - 2017-02-17 10:00 - 00332029 _____ C:\Users\susanna\Desktop\Totes Gebirge September 2011.JPG.rtpdug
2017-02-02 16:28 - 2017-02-17 10:00 - 00111492 _____ C:\Users\susanna\Desktop\Navis Februar 2012.JPG.aridos
2017-02-02 16:16 - 2017-02-17 10:00 - 00345980 _____ C:\Users\susanna\Desktop\Kölpreinsperre 2 Mai 2012.JPG.ibbqaz
2017-02-02 16:09 - 2017-02-17 10:00 - 00200317 _____ C:\Users\susanna\Desktop\Villgratner Berge 3 September 2012.JPG.ifitin
2017-02-01 18:34 - 2017-02-17 10:00 - 00013049 _____ C:\Users\susanna\Desktop\Ansuchen Bäume.docx.umuqun
2017-01-29 11:23 - 2017-01-29 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 14:26 - 2017-02-17 10:00 - 00014448 _____ C:\Users\susanna\Desktop\MALTABERG NF.docx.ylyfiw
2017-01-26 17:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-26 17:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-26 17:18 - 2017-01-26 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-18 09:47 - 2015-10-31 13:35 - 00000000 ____D C:\Users\susanna\AppData\Roaming\Skype
2017-02-18 09:43 - 2016-12-10 21:05 - 00000000 ____D C:\Users\susanna\AppData\LocalLow\Mozilla
2017-02-18 09:43 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 09:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 09:40 - 2016-10-09 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-18 09:40 - 2015-10-31 13:35 - 00000000 ____D C:\ProgramData\Skype
2017-02-18 09:39 - 2016-09-23 06:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-18 09:39 - 2015-10-31 12:53 - 00000000 __SHD C:\Users\susanna\IntelGraphicsProfiles
2017-02-17 15:18 - 2016-09-23 06:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 11:12 - 2015-10-31 12:48 - 00000000 ____D C:\Users\susanna\AppData\Local\Packages
2017-02-17 10:42 - 2016-09-23 06:26 - 00000000 ____D C:\Users\susanna
2017-02-17 10:10 - 2016-05-17 10:51 - 00013931 _____ C:\Users\susanna\MA42_FRisterstreckung.docx.iwysuf
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Wanderungen, 60+ AV, 55+ und NF
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Schlewe
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ____D C:\Users\susanna\Documents\temporär
2017-02-17 10:10 - 2015-11-07 11:21 - 00421758 _____ C:\Users\susanna\Documents\schwarzaberg karte.docx.abiwej
2017-02-17 10:10 - 2015-11-07 11:21 - 00011523 _____ C:\Users\susanna\Documents\Teilnehmer dt f Bettina.docx.shysiw
2017-02-17 10:10 - 2015-11-07 11:21 - 00011340 _____ C:\Users\susanna\Documents\TANZLISTE.docx.epacmp
2017-02-17 10:08 - 2016-06-21 17:15 - 00350255 _____ C:\Users\susanna\Documents\Litzlkogel und Sulzenstein vom Hirschbichl.docx.utuzir
2017-02-17 10:08 - 2015-11-07 11:38 - 00000000 ____D C:\Users\susanna\Documents\Rechnungen Schlewe
2017-02-17 10:08 - 2015-11-07 11:22 - 00000000 ___RD C:\Users\susanna\Documents\MALEN
2017-02-17 10:08 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\fast alles
2017-02-17 10:08 - 2015-11-01 19:36 - 00000000 ____D C:\Users\susanna\Documents\OneNote-Notizbücher
2017-02-17 10:08 - 2015-10-31 13:45 - 00000000 ____D C:\Users\susanna\Documents\DokumentationHP.Laptop2015
2017-02-17 10:07 - 2016-09-23 09:57 - 00000000 ___RD C:\Users\susanna\3D Objects
2017-02-17 10:07 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-17 10:07 - 2015-11-07 11:21 - 00019379 _____ C:\Users\susanna\Documents\28.3.Schleweliste u Ergängzung.docx.ypujgv
2017-02-17 10:07 - 2015-11-07 11:21 - 00018366 _____ C:\Users\susanna\Documents\AV u 55+ 2016.docx.ixallh
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Deutsch
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Chor
2017-02-17 10:07 - 2015-01-16 03:58 - 00000000 ____D C:\SWSETUP
2017-02-17 10:07 - 2013-12-04 00:39 - 00000000 _RSHD C:\SYSTEM.SAV
2017-02-17 10:00 - 2017-01-09 17:18 - 00000000 ____D C:\Users\susanna\Desktop\MUSIK
2017-02-17 10:00 - 2016-12-26 09:24 - 00116956 _____ C:\Users\susanna\Desktop\Antrag um Herabsetzung der Wassergebühr 26.12.16.pdf.lfofom
2017-02-17 10:00 - 2016-12-23 20:21 - 00013322 _____ C:\Users\susanna\Desktop\AnleitungDruckerReparatur.docx.ejaqrm
2017-02-17 10:00 - 2016-12-23 19:39 - 02588790 _____ C:\Users\susanna\Desktop\DruckerWien_OfficJet6100.pdf.ubabib
2017-02-17 10:00 - 2016-12-18 11:27 - 00019253 _____ C:\Users\susanna\Desktop\NICHT FERTIG WERDEN.docx.yrepop
2017-02-17 10:00 - 2016-11-27 18:04 - 00000000 ___RD C:\Users\susanna\Desktop\RECHNUNGEN ab WIEN
2017-02-17 10:00 - 2016-11-24 17:36 - 00000000 ___RD C:\Users\susanna\Desktop\Clio Kolb
2017-02-17 10:00 - 2016-11-24 17:32 - 00000000 ___RD C:\Users\susanna\Desktop\Schlehenweg ab Nov 2016
2017-02-17 10:00 - 2016-11-14 09:19 - 00018637 _____ C:\Users\susanna\Desktop\reservierung pflersch.pdf.ecikom
2017-02-17 10:00 - 2016-02-03 17:21 - 00015733 _____ C:\Users\susanna\Desktop\lee county tax receipt.docx.ewupuq
2017-02-17 10:00 - 2015-12-17 09:35 - 00000000 ____D C:\Users\susanna\Desktop\LAURA
2017-02-17 10:00 - 2015-11-12 11:26 - 00002625 _____ C:\Users\susanna\Desktop\89525906.gma.ujelum
2017-02-09 18:02 - 2016-11-27 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-29 10:20 - 2015-10-31 13:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 19:28 - 2016-12-18 11:24 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 19:28 - 2015-10-31 12:50 - 00002400 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 19:28 - 2015-10-31 12:50 - 00000000 ___RD C:\Users\susanna\OneDrive
2017-01-26 18:03 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:18 - 2016-10-18 13:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-26 17:18 - 2016-10-17 22:07 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-23 16:42 - 2015-10-31 13:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 11:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-17 10:42 - 2017-02-17 10:42 - 0167042 _____ () C:\ProgramData\uxakedyn.png
2017-02-18 09:40 - 2017-02-18 09:40 - 0167042 _____ () C:\ProgramData\yselykeh.png
Einige Dateien in TEMP:
====================
2017-02-17 09:59 - 2017-02-17 09:59 - 0420141 _____ () C:\Users\susanna\AppData\Local\Temp\edkogi.exe
2016-12-01 16:16 - 2016-12-01 16:16 - 49781216 _____ (Garmin Ltd or its subsidiaries) C:\Users\susanna\AppData\Local\Temp\GarminExpressInstaller.exe
2017-02-17 02:21 - 2017-02-17 02:21 - 0081920 _____ (PC-Doctor, Inc.) C:\Users\susanna\AppData\Local\Temp\veterans.dll
2016-12-10 21:10 - 2016-12-10 21:10 - 30533688 _____ () C:\Users\susanna\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-17 12:43
==================== Ende von FRST.txt ============================
Datei Addition.txt (nicht modifiziert von mir) Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017
durchgeführt von susanna (18-02-2017 09:53:10)
Gestartet von C:\Users\susanna\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-23 05:34:10)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3683660684-3316546758-4205979231-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3683660684-3316546758-4205979231-503 - Limited - Disabled)
Gast (S-1-5-21-3683660684-3316546758-4205979231-501 - Limited - Disabled)
susanna (S-1-5-21-3683660684-3316546758-4205979231-1001 - Administrator - Enabled) => C:\Users\susanna
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin TOPO Austria v3 (HKLM-x32\...\{4B7C3B57-CBD5-49DA-BEA7-A915FA1643B4}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Photos Backup (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.01.801 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\MyFreeCodec) (Version: - )
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.44 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {12E6FE17-CC83-4A4D-90DD-BEC6042D0832} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA1d2588d997bf6bd => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {224CD830-CA7F-49AF-A6F9-C4D051F7DC8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {4AC0BE52-F36C-448B-A6BB-2460E5F6720C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {69434E4E-BCC5-44C5-AB95-A2ECCC96EF1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core1d2588d996efa3d => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {70DEC05D-CAE9-40A1-BBCF-3EF5B6B6CB6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9AE7084B-5526-4DAC-B7E8-691AF6EB73DF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\susanna\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {E0B29A8D-C017-411B-A2AA-FDB3E452C369} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {E33FB378-797F-4873-9D18-0ADD0F156A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22] (Adobe Systems Incorporated)
Task: {EF58117B-509E-4BB7-B7D0-EF9CDF6E9D67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {FB997945-3F15-4E01-873F-01333AC693A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {FDF687D5-B584-479D-B23E-38CC281A9696} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\susanna\Desktop\backup\backup_machen3 - Verknüpfung.lnk -> C:\Program Files (x86)\robocopy\backup_machen3.bat (Keine Datei)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-31 12:57 - 2015-10-31 12:57 - 00022528 _____ () C:\WINDOWS\system32\fpCSEvtSvc.exe
2016-11-05 21:31 - 2015-10-26 08:40 - 00243800 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 07:20 - 2016-09-23 07:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 09:57 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 09:57 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 09:57 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 09:57 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-08 18:14 - 2016-11-08 18:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 14:43 - 2017-01-16 14:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\arfxribw.sys:changelist [1026]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-01-26 17:18 - 00000859 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Control Panel\Desktop\\Wallpaper -> C:\ProgramData\yselykeh.png
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8F90A27-979A-4F5F-97DE-8BCD22D5B068}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9A8674F-27D8-4803-91AB-E1AB92A49AB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7562C4A4-0795-4BD8-A9C4-D60126AF3E5C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED4AB7D3-B38F-4F44-8D64-3CE233E52D83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE03FFD1-7168-4AF9-954A-9CC58DEA3F88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
26-01-2017 18:02:35 Windows Update
04-02-2017 11:49:11 Geplanter Prüfpunkt
17-02-2017 13:05:37 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: NXP NearFieldProximity Provider
Description: NXP NearFieldProximity Provider
Class Guid: {9a2fc585-7316-46f1-9577-500920304f9d}
Manufacturer: NXP Semiconductors(Proximity)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/17/2017 01:05:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/17/2017 12:51:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/04/2017 11:49:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/03/2017 03:44:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (01/26/2017 06:02:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (01/26/2017 06:02:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Systemfehler:
=============
Error: (02/18/2017 09:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 09:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/18/2017 09:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 03:18:59 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 03:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 01:17:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 11:45:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 09:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 09:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/17/2017 09:52:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) M-5Y51 CPU @ 1.10GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8067.11 MB
Verfügbarer physikalischer RAM: 5352.18 MB
Summe virtueller Speicher: 9347.11 MB
Verfügbarer virtueller Speicher: 6250.75 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:220.51 GB) (Free:62.49 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.96 GB) (Free:1.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: EF688436)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Users\susanna\AppData\Local\Temp\edkogi.exe
Online weitere Informationen zu diesem Element abrufen
Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\ProgramData\ezrqataz.exe
runkey:HKCU@S-1-5-21-3683660684-3316546758-4205979231-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\elediqox
regkey:HKCU@S-1-5-21-3683660684-3316546758-4205979231-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\elediqox
Online weitere Informationen zu diesem Element abrufen
Vielen Dank und ich freu mich von euch zu hören, Uli |
|
18.02.2017, 16:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 10: Crypt0L0cker verschlüsselt Daten 1. Schritt: Malwarebytes Anti-Rootkit (MBAR)
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.02.2017, 20:47
| #3 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Hallo cosinus,
__________________vielen Dank für die Anleitung. Es hat alles problemlos funktioniert. Hier die Log-files: mbar log erstes mal scannen: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.02.18.05
rootkit: v2017.02.15.01
Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
susanna :: DESKTOP-UCUGHB0 [administrator]
18.02.2017 19:09:16
mbar-log-2017-02-18 (19-09-16).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 333467
Time elapsed: 27 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\susanna\AppData\Local\Temp\veterans.dll (Ransom.Crypt0L0cker) -> Delete on reboot. [e7860e96c3e504329cadc21c67997d83]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
mbar log zweites mal scannen: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.02.18.06
rootkit: v2017.02.15.01
Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
susanna :: DESKTOP-UCUGHB0 [administrator]
18.02.2017 19:42:54
mbar-log-2017-02-18 (19-42-54).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 332886
Time elapsed: 21 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSSKiller erstes mal scannen (Teil 1 von 2): Code:
ATTFilter 20:11:13.0518 0x09f4 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
20:11:24.0950 0x09f4 ============================================================
20:11:24.0950 0x09f4 Current date / time: 2017/02/18 20:11:24.0950
20:11:24.0950 0x09f4 SystemInfo:
20:11:24.0953 0x09f4
20:11:24.0953 0x09f4 OS Version: 10.0.14393 ServicePack: 0.0
20:11:24.0953 0x09f4 Product type: Workstation
20:11:24.0953 0x09f4 ComputerName: DESKTOP-UCUGHB0
20:11:24.0953 0x09f4 UserName: susanna
20:11:24.0953 0x09f4 Windows directory: C:\WINDOWS
20:11:24.0953 0x09f4 System windows directory: C:\WINDOWS
20:11:24.0953 0x09f4 Running under WOW64
20:11:24.0953 0x09f4 Processor architecture: Intel x64
20:11:24.0954 0x09f4 Number of processors: 4
20:11:24.0954 0x09f4 Page size: 0x1000
20:11:24.0954 0x09f4 Boot type: Normal boot
20:11:24.0955 0x09f4 CodeIntegrityOptions = 0x00000001
20:11:24.0955 0x09f4 ============================================================
20:11:25.0167 0x09f4 KLMD registered as C:\WINDOWS\system32\drivers\94139930.sys
20:11:25.0167 0x09f4 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
20:11:27.0085 0x09f4 System UUID: {A37E1B6F-15F8-F7E4-D5C2-2136543FD0AC}
20:11:28.0488 0x09f4 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:28.0505 0x09f4 ============================================================
20:11:28.0505 0x09f4 \Device\Harddisk0\DR0:
20:11:28.0505 0x09f4 MBR partitions:
20:11:28.0505 0x09f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200800
20:11:28.0505 0x09f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x201000, BlocksNum 0x1B904800
20:11:28.0505 0x09f4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB05800, BlocksNum 0x1DEB000
20:11:28.0505 0x09f4 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x1D8F0800, BlocksNum 0x400000
20:11:28.0505 0x09f4 ============================================================
20:11:28.0507 0x09f4 C: <-> \Device\Harddisk0\DR0\Partition2
20:11:28.0509 0x09f4 D: <-> \Device\Harddisk0\DR0\Partition3
20:11:28.0510 0x09f4 E: <-> \Device\Harddisk0\DR0\Partition4
20:11:28.0510 0x09f4 ============================================================
20:11:28.0510 0x09f4 Initialize success
20:11:28.0510 0x09f4 ============================================================
20:12:48.0751 0x1114 ============================================================
20:12:48.0751 0x1114 Scan started
20:12:48.0751 0x1114 Mode: Manual; SigCheck; TDLFS;
20:12:48.0751 0x1114 ============================================================
20:12:48.0751 0x1114 KSN ping started
20:12:56.0004 0x1114 KSN ping finished: true
20:12:57.0065 0x1114 ================ Scan system memory ========================
20:12:57.0065 0x1114 System memory - ok
20:12:57.0066 0x1114 ================ Scan services =============================
20:12:57.0123 0x1114 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
20:12:57.0187 0x1114 1394ohci - ok
20:12:57.0198 0x1114 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
20:12:57.0215 0x1114 3ware - ok
20:12:57.0239 0x1114 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
20:12:57.0288 0x1114 ACPI - ok
20:12:57.0293 0x1114 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
20:12:57.0310 0x1114 AcpiDev - ok
20:12:57.0317 0x1114 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
20:12:57.0341 0x1114 acpiex - ok
20:12:57.0347 0x1114 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
20:12:57.0370 0x1114 acpipagr - ok
20:12:57.0377 0x1114 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:12:57.0399 0x1114 AcpiPmi - ok
20:12:57.0404 0x1114 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
20:12:57.0419 0x1114 acpitime - ok
20:12:57.0428 0x1114 [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:12:57.0439 0x1114 AdobeARMservice - ok
20:12:57.0470 0x1114 [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:12:57.0493 0x1114 AdobeFlashPlayerUpdateSvc - ok
20:12:57.0525 0x1114 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:12:57.0587 0x1114 ADP80XX - ok
20:12:57.0607 0x1114 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
20:12:57.0637 0x1114 AFD - ok
20:12:57.0652 0x1114 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:12:57.0693 0x1114 ahcache - ok
20:12:57.0698 0x1114 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
20:12:57.0716 0x1114 AJRouter - ok
20:12:57.0724 0x1114 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
20:12:57.0748 0x1114 ALG - ok
20:12:57.0758 0x1114 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
20:12:57.0789 0x1114 AmdK8 - ok
20:12:57.0796 0x1114 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
20:12:57.0816 0x1114 AmdPPM - ok
20:12:57.0823 0x1114 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
20:12:57.0838 0x1114 amdsata - ok
20:12:57.0850 0x1114 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
20:12:57.0885 0x1114 amdsbs - ok
20:12:57.0891 0x1114 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
20:12:57.0904 0x1114 amdxata - ok
20:12:57.0911 0x1114 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
20:12:57.0932 0x1114 AppHostSvc - ok
20:12:57.0942 0x1114 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
20:12:57.0967 0x1114 AppID - ok
20:12:57.0977 0x1114 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
20:12:58.0007 0x1114 AppIDSvc - ok
20:12:58.0014 0x1114 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
20:12:58.0043 0x1114 Appinfo - ok
20:12:58.0049 0x1114 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
20:12:58.0092 0x1114 applockerfltr - ok
20:12:58.0100 0x1114 [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:12:58.0125 0x1114 AppMgmt - ok
20:12:58.0143 0x1114 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
20:12:58.0199 0x1114 AppReadiness - ok
20:12:58.0222 0x1114 [ 99CA3E622070FDBD7B75EB7E86B2DE40, 12BDD092667250EBC99B4D597897C1B2C83115CD83ECCDEAC36B2D9C9BEA77B6 ] AppVClient C:\WINDOWS\system32\AppVClient.exe
20:12:58.0265 0x1114 AppVClient - ok
20:12:58.0278 0x1114 [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm C:\WINDOWS\system32\drivers\AppvStrm.sys
20:12:58.0299 0x1114 AppvStrm - ok
20:12:58.0309 0x1114 [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr C:\WINDOWS\system32\drivers\AppvVemgr.sys
20:12:58.0326 0x1114 AppvVemgr - ok
20:12:58.0334 0x1114 [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs C:\WINDOWS\system32\drivers\AppvVfs.sys
20:12:58.0356 0x1114 AppvVfs - ok
20:12:58.0419 0x1114 [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
20:12:58.0541 0x1114 AppXSvc - ok
20:12:58.0556 0x1114 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
20:12:58.0580 0x1114 arcsas - ok
20:12:58.0598 0x1114 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:12:58.0614 0x1114 aspnet_state - ok
20:12:58.0620 0x1114 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
20:12:58.0639 0x1114 AsyncMac - ok
20:12:58.0645 0x1114 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
20:12:58.0662 0x1114 atapi - ok
20:12:58.0680 0x1114 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:12:58.0717 0x1114 AudioEndpointBuilder - ok
20:12:58.0742 0x1114 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
20:12:58.0808 0x1114 Audiosrv - ok
20:12:58.0815 0x1114 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
20:12:58.0835 0x1114 AxInstSV - ok
20:12:58.0856 0x1114 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
20:12:58.0897 0x1114 b06bdrv - ok
20:12:58.0903 0x1114 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:12:58.0918 0x1114 BasicDisplay - ok
20:12:58.0925 0x1114 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
20:12:58.0943 0x1114 BasicRender - ok
20:12:58.0953 0x1114 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
20:12:58.0981 0x1114 bcmfn - ok
20:12:58.0988 0x1114 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:12:59.0005 0x1114 bcmfn2 - ok
20:12:59.0018 0x1114 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
20:12:59.0062 0x1114 BDESVC - ok
20:12:59.0069 0x1114 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:12:59.0090 0x1114 Beep - ok
20:12:59.0117 0x1114 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
20:12:59.0179 0x1114 BFE - ok
20:12:59.0210 0x1114 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
20:12:59.0282 0x1114 BITS - ok
20:12:59.0292 0x1114 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
20:12:59.0316 0x1114 bowser - ok
20:12:59.0338 0x1114 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:12:59.0406 0x1114 BrokerInfrastructure - ok
20:12:59.0412 0x1114 [ C711ED965009BDCFF9AA62CEB6FF1AAD, 083E981F983653329C2B8361963CA81D5D88E164C7738035F701A10CCB1C85CC ] Brother XP spl Service C:\WINDOWS\SysWoW64\brsvc01a.exe
20:12:59.0431 0x1114 Brother XP spl Service - ok
20:12:59.0440 0x1114 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
20:12:59.0467 0x1114 Browser - ok
20:12:59.0474 0x1114 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:12:59.0497 0x1114 BthAvrcpTg - ok
20:12:59.0505 0x1114 [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
20:12:59.0528 0x1114 BthEnum - ok
20:12:59.0533 0x1114 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:12:59.0558 0x1114 BthHFEnum - ok
20:12:59.0568 0x1114 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
20:12:59.0592 0x1114 bthhfhid - ok
20:12:59.0606 0x1114 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
20:12:59.0633 0x1114 BthHFSrv - ok
20:12:59.0644 0x1114 [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
20:12:59.0683 0x1114 BthLEEnum - ok
20:12:59.0690 0x1114 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:12:59.0707 0x1114 BTHMODEM - ok
20:12:59.0714 0x1114 [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
20:12:59.0738 0x1114 BthPan - ok
20:12:59.0777 0x1114 [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
20:12:59.0833 0x1114 BTHPORT - ok
20:12:59.0845 0x1114 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
20:12:59.0877 0x1114 bthserv - ok
20:12:59.0888 0x1114 [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
20:12:59.0905 0x1114 BTHUSB - ok
20:12:59.0910 0x1114 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:12:59.0928 0x1114 buttonconverter - ok
20:12:59.0935 0x1114 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
20:12:59.0988 0x1114 CapImg - ok
20:12:59.0995 0x1114 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:13:00.0017 0x1114 cdfs - ok
20:13:00.0030 0x1114 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
20:13:00.0087 0x1114 CDPSvc - ok
20:13:00.0100 0x1114 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
20:13:00.0127 0x1114 CDPUserSvc - ok
20:13:00.0138 0x1114 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
20:13:00.0166 0x1114 cdrom - ok
20:13:00.0181 0x1114 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
20:13:00.0212 0x1114 CertPropSvc - ok
20:13:00.0223 0x1114 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
20:13:00.0246 0x1114 cht4iscsi - ok
20:13:00.0308 0x1114 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
20:13:00.0402 0x1114 cht4vbd - ok
20:13:00.0410 0x1114 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:13:00.0425 0x1114 circlass - ok
20:13:00.0437 0x1114 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
20:13:00.0472 0x1114 CLFS - ok
20:13:00.0572 0x1114 [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:13:00.0689 0x1114 ClickToRunSvc - ok
20:13:00.0716 0x1114 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
20:13:00.0753 0x1114 ClipSVC - ok
20:13:00.0762 0x1114 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
20:13:00.0786 0x1114 clreg - ok
20:13:00.0799 0x1114 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
20:13:00.0815 0x1114 CmBatt - ok
20:13:00.0834 0x1114 [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
20:13:00.0880 0x1114 CNG - ok
20:13:00.0885 0x1114 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:13:00.0900 0x1114 cnghwassist - ok
20:13:00.0919 0x1114 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:13:00.0934 0x1114 CompositeBus - ok
20:13:00.0941 0x1114 COMSysApp - ok
20:13:00.0949 0x1114 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
20:13:00.0971 0x1114 condrv - ok
20:13:00.0998 0x1114 [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:13:01.0038 0x1114 CoreMessagingRegistrar - ok
20:13:01.0076 0x1114 [ 4709DFA8EB8F9468DC3B2A532B12677D, 09F5270FC8C5279BDE37FFA486ACFEB2F7BE2383DC4D417618BF2BB20656ACDB ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:13:01.0217 0x1114 cphs - ok
20:13:01.0224 0x1114 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
20:13:01.0249 0x1114 CryptSvc - ok
20:13:01.0275 0x1114 [ 03214883D52FAD46573233852344C72C, 63DCCDD895EB804D205ABB8EA381B34FB0879D09E4D0EB0B28F9B2BB1024BAB7 ] CSC C:\WINDOWS\system32\drivers\csc.sys
20:13:01.0313 0x1114 CSC - ok
20:13:01.0334 0x1114 [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService C:\WINDOWS\System32\cscsvc.dll
20:13:01.0396 0x1114 CscService - ok
20:13:01.0402 0x1114 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
20:13:01.0417 0x1114 dam - ok
20:13:01.0423 0x1114 [ 38ABCA069E5C5B0F3C79A974A7FE49BD, 7CD5A177DBFED46C622818452EDD4439864561B0C99323D2ACCCEC49732FB2E3 ] DbxSvc C:\WINDOWS\system32\DbxSvc.exe
20:13:01.0432 0x1114 DbxSvc - ok
20:13:01.0464 0x1114 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:13:01.0523 0x1114 DcomLaunch - ok
20:13:01.0531 0x1114 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
20:13:01.0574 0x1114 DcpSvc - ok
20:13:01.0595 0x1114 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
20:13:01.0635 0x1114 defragsvc - ok
20:13:01.0652 0x1114 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:13:01.0703 0x1114 DeviceAssociationService - ok
20:13:01.0710 0x1114 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
20:13:01.0734 0x1114 DeviceInstall - ok
20:13:01.0741 0x1114 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
20:13:01.0766 0x1114 DevQueryBroker - ok
20:13:01.0778 0x1114 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
20:13:01.0810 0x1114 Dfsc - ok
20:13:01.0823 0x1114 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
20:13:01.0865 0x1114 Dhcp - ok
20:13:01.0876 0x1114 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:13:01.0904 0x1114 diagnosticshub.standardcollector.service - ok
20:13:01.0953 0x1114 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
20:13:02.0064 0x1114 DiagTrack - ok
20:13:02.0077 0x1114 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
20:13:02.0096 0x1114 disk - ok
20:13:02.0110 0x1114 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:13:02.0150 0x1114 DmEnrollmentSvc - ok
20:13:02.0157 0x1114 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
20:13:02.0180 0x1114 dmvsc - ok
20:13:02.0186 0x1114 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:13:02.0217 0x1114 dmwappushservice - ok
20:13:02.0227 0x1114 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:13:02.0269 0x1114 Dnscache - ok
20:13:02.0285 0x1114 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
20:13:02.0313 0x1114 dot3svc - ok
20:13:02.0321 0x1114 [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:13:02.0333 0x1114 dot4 - ok
20:13:02.0339 0x1114 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\WINDOWS\System32\drivers\Dot4Prt.sys
20:13:02.0348 0x1114 Dot4Print - ok
20:13:02.0355 0x1114 [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:13:02.0370 0x1114 dot4usb - ok
20:13:02.0382 0x1114 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
20:13:02.0410 0x1114 DPS - ok
20:13:02.0420 0x1114 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:13:02.0438 0x1114 drmkaud - ok
20:13:02.0450 0x1114 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
20:13:02.0491 0x1114 DsmSvc - ok
20:13:02.0498 0x1114 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
20:13:02.0523 0x1114 DsSvc - ok
20:13:02.0589 0x1114 [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:13:02.0671 0x1114 DXGKrnl - ok
20:13:02.0698 0x1114 [ 43BEFBADEDD63234DCA58ABE93A73DD7, F9491A5516C0C445AB270741BA1ADAC18570167B0A5A8AC464C8C9966B185460 ] e1dexpress C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
20:13:02.0725 0x1114 e1dexpress - ok
20:13:02.0732 0x1114 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:13:02.0763 0x1114 EapHost - ok
20:13:02.0854 0x1114 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
20:13:02.0989 0x1114 ebdrv - ok
20:13:03.0002 0x1114 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
20:13:03.0016 0x1114 EFS - ok
20:13:03.0023 0x1114 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
20:13:03.0039 0x1114 EhStorClass - ok
20:13:03.0048 0x1114 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:13:03.0071 0x1114 EhStorTcgDrv - ok
20:13:03.0083 0x1114 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
20:13:03.0108 0x1114 embeddedmode - ok
20:13:03.0118 0x1114 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:13:03.0147 0x1114 EntAppSvc - ok
20:13:03.0153 0x1114 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
20:13:03.0177 0x1114 ErrDev - ok
20:13:03.0201 0x1114 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
20:13:03.0235 0x1114 EventSystem - ok
20:13:03.0249 0x1114 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
20:13:03.0289 0x1114 exfat - ok
20:13:03.0302 0x1114 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
20:13:03.0323 0x1114 fastfat - ok
20:13:03.0343 0x1114 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
20:13:03.0399 0x1114 Fax - ok
20:13:03.0404 0x1114 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
20:13:03.0419 0x1114 fdc - ok
20:13:03.0423 0x1114 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:13:03.0449 0x1114 fdPHost - ok
20:13:03.0456 0x1114 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:13:03.0489 0x1114 FDResPub - ok
20:13:03.0496 0x1114 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
20:13:03.0523 0x1114 fhsvc - ok
20:13:03.0530 0x1114 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
20:13:03.0558 0x1114 FileCrypt - ok
20:13:03.0566 0x1114 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
20:13:03.0587 0x1114 FileInfo - ok
20:13:03.0593 0x1114 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
20:13:03.0611 0x1114 Filetrace - ok
20:13:03.0615 0x1114 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
20:13:03.0630 0x1114 flpydisk - ok
20:13:03.0645 0x1114 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:13:03.0681 0x1114 FltMgr - ok
20:13:03.0729 0x1114 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
20:13:03.0835 0x1114 FontCache - ok
20:13:03.0846 0x1114 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:13:03.0861 0x1114 FontCache3.0.0.0 - ok
20:13:03.0868 0x1114 [ 9F2CCAE7A5FDDA948F6028829AA9AFD8, 593FF6A3FC4EFA725CE0FDA5839A47221E58C92648B22237C84C3A1BE1B418E7 ] fpCsEvtSvc C:\WINDOWS\system32\fpCSEvtSvc.exe
20:13:03.0890 0x1114 fpCsEvtSvc - ok
20:13:03.0913 0x1114 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
20:13:03.0971 0x1114 FrameServer - ok
20:13:03.0981 0x1114 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
20:13:03.0996 0x1114 FsDepends - ok
20:13:04.0001 0x1114 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:13:04.0014 0x1114 Fs_Rec - ok
20:13:04.0035 0x1114 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:13:04.0083 0x1114 fvevol - ok
20:13:04.0124 0x1114 [ 3FCE1DA0F96C183D605BDF11C70B1176, FBF7DC215ED74FE01D82B211767CA1CBB8374209000C0E180216E90DA936A347 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
20:13:04.0164 0x1114 Garmin Device Interaction Service - ok
20:13:04.0172 0x1114 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:13:04.0195 0x1114 gencounter - ok
20:13:04.0199 0x1114 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
20:13:04.0215 0x1114 genericusbfn - ok
20:13:04.0224 0x1114 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:13:04.0242 0x1114 GPIOClx0101 - ok
20:13:04.0292 0x1114 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
20:13:04.0359 0x1114 gpsvc - ok
20:13:04.0366 0x1114 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:13:04.0406 0x1114 GpuEnergyDrv - ok
20:13:04.0412 0x1114 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
20:13:04.0421 0x1114 grmnusb - ok
20:13:04.0429 0x1114 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
20:13:04.0449 0x1114 HDAudBus - ok
20:13:04.0457 0x1114 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
20:13:04.0483 0x1114 HidBatt - ok
20:13:04.0494 0x1114 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
20:13:04.0514 0x1114 HidBth - ok
20:13:04.0520 0x1114 [ 92B629AB6741AE3CE233DBD40136C6D0, 87E18A625E349FBCD58D6B61BBDD7841C5BF4595E663249C5A7A41B03EB5ED62 ] hidemi C:\WINDOWS\System32\drivers\hidemi.sys
20:13:04.0529 0x1114 hidemi - ok
20:13:04.0534 0x1114 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
20:13:04.0554 0x1114 hidi2c - ok
20:13:04.0564 0x1114 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:13:04.0589 0x1114 hidinterrupt - ok
20:13:04.0594 0x1114 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:13:04.0612 0x1114 HidIr - ok
20:13:04.0616 0x1114 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
20:13:04.0636 0x1114 hidserv - ok
20:13:04.0642 0x1114 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
20:13:04.0688 0x1114 HidUsb - ok
20:13:04.0699 0x1114 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:13:04.0730 0x1114 HomeGroupListener - ok
20:13:04.0744 0x1114 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:13:04.0790 0x1114 HomeGroupProvider - ok
20:13:04.0797 0x1114 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
20:13:04.0811 0x1114 HpSAMD - ok
20:13:04.0842 0x1114 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
20:13:04.0901 0x1114 HTTP - ok
20:13:04.0908 0x1114 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
20:13:04.0927 0x1114 HvHost - ok
20:13:04.0931 0x1114 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
20:13:04.0949 0x1114 hvservice - ok
20:13:04.0955 0x1114 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
20:13:04.0976 0x1114 hwpolicy - ok
20:13:04.0984 0x1114 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
20:13:05.0001 0x1114 hyperkbd - ok
20:13:05.0009 0x1114 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
20:13:05.0028 0x1114 i8042prt - ok
20:13:05.0033 0x1114 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
20:13:05.0052 0x1114 iagpio - ok
20:13:05.0061 0x1114 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
20:13:05.0089 0x1114 iai2c - ok
20:13:05.0095 0x1114 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:13:05.0115 0x1114 iaLPSS2i_GPIO2 - ok
20:13:05.0126 0x1114 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:13:05.0142 0x1114 iaLPSS2i_I2C - ok
20:13:05.0149 0x1114 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:13:05.0166 0x1114 iaLPSSi_GPIO - ok
20:13:05.0179 0x1114 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:13:05.0209 0x1114 iaLPSSi_I2C - ok
20:13:05.0235 0x1114 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
20:13:05.0291 0x1114 iaStorAV - ok
20:13:05.0320 0x1114 [ A25F83F6F395AF38DB89E002E2D8CFEE, 334503CCE397623CF73034601EC68EE9A1011C9A157CDFB37C927749A92F48E0 ] iaStorS C:\WINDOWS\System32\drivers\iaStorS.sys
20:13:05.0401 0x1114 iaStorS - ok
20:13:05.0419 0x1114 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
20:13:05.0452 0x1114 iaStorV - ok
20:13:05.0481 0x1114 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
20:13:05.0527 0x1114 ibbus - ok
20:13:05.0532 0x1114 ibtsiva - ok
20:13:05.0548 0x1114 [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
20:13:05.0589 0x1114 ibtusb - ok
20:13:05.0604 0x1114 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
20:13:05.0638 0x1114 icssvc - ok
20:13:05.0835 0x1114 [ 74C62314A8746B192427A961B743145C, 941007C27F7A9C215204449ABD62A4827646251264E626E90305C326D3BE5E14 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:13:06.0098 0x1114 igfx - ok
20:13:06.0127 0x1114 [ 027FFB47D28D9B6E8FFABB6AA635C184, BBDE9519901B124C0206642D3D57851807E692AE7472434BD9A5F9434DEC8432 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:13:06.0154 0x1114 igfxCUIService2.0.0.0 - ok
20:13:06.0197 0x1114 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
20:13:06.0264 0x1114 IKEEXT - ok
20:13:06.0275 0x1114 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:13:06.0300 0x1114 IndirectKmd - ok
20:13:06.0447 0x1114 [ CC64BCB199C6B130B2731A6C23B9AAFB, BFD7953F67ED0791BE54094141B9A4721B2612F6D08E425E45F26277D6CEBC98 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:13:06.0631 0x1114 IntcAzAudAddService - ok
20:13:06.0661 0x1114 [ FA06FD050994E9A42FEDFDC96992C842, 5863D218AB27032C71D5CE1315A5E7D8355316CC1D0B7BB0705E8DE00A8F0DD3 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:13:06.0701 0x1114 IntcDAud - ok
20:13:06.0708 0x1114 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
20:13:06.0723 0x1114 intelide - ok
20:13:06.0730 0x1114 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
20:13:06.0748 0x1114 intelpep - ok
20:13:06.0761 0x1114 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
20:13:06.0800 0x1114 intelppm - ok
20:13:06.0808 0x1114 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
20:13:06.0826 0x1114 iorate - ok
20:13:06.0834 0x1114 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:13:06.0862 0x1114 IpFilterDriver - ok
20:13:06.0906 0x1114 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
20:13:06.0990 0x1114 iphlpsvc - ok
20:13:06.0999 0x1114 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:13:07.0024 0x1114 IPMIDRV - ok
20:13:07.0036 0x1114 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:13:07.0082 0x1114 IPNAT - ok
20:13:07.0097 0x1114 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
20:13:07.0125 0x1114 irda - ok
20:13:07.0130 0x1114 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
20:13:07.0154 0x1114 IRENUM - ok
20:13:07.0163 0x1114 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
20:13:07.0196 0x1114 irmon - ok
20:13:07.0202 0x1114 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
20:13:07.0219 0x1114 isapnp - ok
20:13:07.0232 0x1114 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
20:13:07.0269 0x1114 iScsiPrt - ok
20:13:07.0279 0x1114 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
20:13:07.0304 0x1114 kbdclass - ok
20:13:07.0311 0x1114 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
20:13:07.0354 0x1114 kbdhid - ok
20:13:07.0363 0x1114 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
20:13:07.0400 0x1114 kdnic - ok
20:13:07.0414 0x1114 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
20:13:07.0429 0x1114 KeyIso - ok
20:13:07.0437 0x1114 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
20:13:07.0462 0x1114 KSecDD - ok
20:13:07.0477 0x1114 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:13:07.0507 0x1114 KSecPkg - ok
20:13:07.0513 0x1114 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
20:13:07.0547 0x1114 ksthunk - ok
20:13:07.0575 0x1114 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:13:07.0628 0x1114 KtmRm - ok
20:13:07.0643 0x1114 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
20:13:07.0694 0x1114 LanmanServer - ok
20:13:07.0710 0x1114 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:13:07.0753 0x1114 LanmanWorkstation - ok
20:13:07.0764 0x1114 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
20:13:07.0795 0x1114 lfsvc - ok
20:13:07.0802 0x1114 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
20:13:07.0831 0x1114 LicenseManager - ok
20:13:07.0838 0x1114 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
20:13:07.0865 0x1114 lltdio - ok
20:13:07.0886 0x1114 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
20:13:07.0923 0x1114 lltdsvc - ok
20:13:07.0929 0x1114 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
20:13:07.0956 0x1114 lmhosts - ok
20:13:07.0972 0x1114 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
20:13:08.0002 0x1114 LSI_SAS - ok
20:13:08.0012 0x1114 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:13:08.0033 0x1114 LSI_SAS2i - ok
20:13:08.0043 0x1114 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:13:08.0073 0x1114 LSI_SAS3i - ok
20:13:08.0097 0x1114 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
20:13:08.0120 0x1114 LSI_SSS - ok
20:13:08.0145 0x1114 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll
20:13:08.0218 0x1114 LSM - ok
20:13:08.0226 0x1114 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
20:13:08.0256 0x1114 luafv - ok
20:13:08.0266 0x1114 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll
20:13:08.0305 0x1114 MapsBroker - ok
20:13:08.0322 0x1114 [ 06F7CA8FCF54DED400A1E9A9222DB24F, 40FECDE3494578FFB31C6457911529C093B6BD76FF257C858A132D0E1BB4CC83 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe
20:13:08.0344 0x1114 McComponentHostService - ok
20:13:08.0353 0x1114 [ A634947A7CE6900324E78FF374B818A8, 06AC25B2428BB182C746B20C74BCA2B64ACBF2544EEFFA30D62EA6D52791F73E ] mchpemi C:\WINDOWS\System32\drivers\mchpemi.sys
20:13:08.0371 0x1114 mchpemi - ok
20:13:08.0381 0x1114 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
20:13:08.0407 0x1114 megasas - ok
20:13:08.0414 0x1114 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:13:08.0433 0x1114 megasas2i - ok
20:13:08.0458 0x1114 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
20:13:08.0515 0x1114 megasr - ok
20:13:08.0526 0x1114 [ 41661A854917E74E9FF19B41D41B4784, 1069FC1297C85ED4DBB9BE25000C3F33593CDCB76CF7C8536A7F7A3EB4F90B43 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:13:08.0545 0x1114 MEIx64 - ok
20:13:08.0554 0x1114 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:13:08.0603 0x1114 MessagingService - ok
20:13:08.0635 0x1114 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:13:08.0697 0x1114 mlx4_bus - ok
20:13:08.0708 0x1114 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
20:13:08.0729 0x1114 MMCSS - ok
20:13:08.0740 0x1114 [ DDAED861209B52A15C97BF3D22176BD6, 265C3115A59021A069CD7818D5FD13BB9273CC40E73AF2B5740CF82BFFA9B190 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
20:13:08.0765 0x1114 Mobile Broadband HL Service - ok
20:13:08.0775 0x1114 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys
20:13:08.0812 0x1114 Modem - ok
20:13:08.0819 0x1114 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
20:13:08.0839 0x1114 monitor - ok
20:13:08.0849 0x1114 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
20:13:08.0876 0x1114 mouclass - ok
20:13:08.0885 0x1114 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
20:13:08.0911 0x1114 mouhid - ok
20:13:08.0919 0x1114 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
20:13:08.0941 0x1114 mountmgr - ok
20:13:08.0952 0x1114 [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:13:08.0978 0x1114 MozillaMaintenance - ok
20:13:08.0991 0x1114 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
20:13:09.0021 0x1114 mpsdrv - ok
20:13:09.0061 0x1114 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
20:13:09.0142 0x1114 MpsSvc - ok
20:13:09.0155 0x1114 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:13:09.0219 0x1114 MRxDAV - ok
20:13:09.0235 0x1114 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:13:09.0281 0x1114 mrxsmb - ok
20:13:09.0298 0x1114 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:13:09.0337 0x1114 mrxsmb10 - ok
Geändert von umor (18.02.2017 um 20:59 Uhr) |
|
18.02.2017, 20:49
| #4 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Forsetzung erster scan TDSSKiller (Teil 2 von 2) Code:
ATTFilter 20:13:09.0350 0x1114 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:13:09.0385 0x1114 mrxsmb20 - ok
20:13:09.0397 0x1114 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
20:13:09.0423 0x1114 MsBridge - ok
20:13:09.0432 0x1114 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:13:09.0470 0x1114 MSDTC - ok
20:13:09.0486 0x1114 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:13:09.0513 0x1114 Msfs - ok
20:13:09.0520 0x1114 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:13:09.0538 0x1114 msgpiowin32 - ok
20:13:09.0545 0x1114 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:13:09.0575 0x1114 mshidkmdf - ok
20:13:09.0584 0x1114 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:13:09.0615 0x1114 mshidumdf - ok
20:13:09.0621 0x1114 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
20:13:09.0639 0x1114 msisadrv - ok
20:13:09.0652 0x1114 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
20:13:09.0702 0x1114 MSiSCSI - ok
20:13:09.0708 0x1114 msiserver - ok
20:13:09.0714 0x1114 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:13:09.0741 0x1114 MSKSSRV - ok
20:13:09.0751 0x1114 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
20:13:09.0790 0x1114 MsLldp - ok
20:13:09.0795 0x1114 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:13:09.0824 0x1114 MSPCLOCK - ok
20:13:09.0829 0x1114 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:13:09.0865 0x1114 MSPQM - ok
20:13:09.0891 0x1114 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
20:13:09.0926 0x1114 MsRPC - ok
20:13:09.0938 0x1114 [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt C:\WINDOWS\system32\drivers\mssecflt.sys
20:13:09.0966 0x1114 MsSecFlt - ok
20:13:09.0977 0x1114 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
20:13:10.0002 0x1114 mssmbios - ok
20:13:10.0008 0x1114 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:13:10.0037 0x1114 MSTEE - ok
20:13:10.0043 0x1114 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
20:13:10.0074 0x1114 MTConfig - ok
20:13:10.0086 0x1114 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
20:13:10.0117 0x1114 Mup - ok
20:13:10.0125 0x1114 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
20:13:10.0144 0x1114 mvumis - ok
20:13:10.0176 0x1114 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:13:10.0233 0x1114 NativeWifiP - ok
20:13:10.0244 0x1114 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:13:10.0283 0x1114 NcaSvc - ok
20:13:10.0302 0x1114 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
20:13:10.0341 0x1114 NcbService - ok
20:13:10.0351 0x1114 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:13:10.0408 0x1114 NcdAutoSetup - ok
20:13:10.0417 0x1114 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
20:13:10.0434 0x1114 ndfltr - ok
20:13:10.0488 0x1114 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
20:13:10.0549 0x1114 NDIS - ok
20:13:10.0564 0x1114 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
20:13:10.0594 0x1114 NdisCap - ok
20:13:10.0604 0x1114 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:13:10.0637 0x1114 NdisImPlatform - ok
20:13:10.0644 0x1114 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:13:10.0690 0x1114 NdisTapi - ok
20:13:10.0698 0x1114 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
20:13:10.0721 0x1114 Ndisuio - ok
20:13:10.0726 0x1114 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:13:10.0749 0x1114 NdisVirtualBus - ok
20:13:10.0763 0x1114 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
20:13:10.0814 0x1114 NdisWan - ok
20:13:10.0824 0x1114 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:13:10.0870 0x1114 ndiswanlegacy - ok
20:13:10.0879 0x1114 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:13:10.0919 0x1114 ndproxy - ok
20:13:10.0927 0x1114 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:13:10.0971 0x1114 Ndu - ok
20:13:10.0985 0x1114 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:13:11.0028 0x1114 NetAdapterCx - ok
20:13:11.0039 0x1114 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
20:13:11.0069 0x1114 NetBIOS - ok
20:13:11.0102 0x1114 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:13:11.0177 0x1114 NetBT - ok
20:13:11.0194 0x1114 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:13:11.0234 0x1114 Netlogon - ok
20:13:11.0259 0x1114 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
20:13:11.0338 0x1114 Netman - ok
20:13:11.0380 0x1114 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
20:13:11.0487 0x1114 netprofm - ok
20:13:11.0519 0x1114 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
20:13:11.0608 0x1114 NetSetupSvc - ok
20:13:11.0629 0x1114 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:13:11.0676 0x1114 NetTcpPortSharing - ok
20:13:12.0119 0x1114 [ F9F84522CF84CF4A4EB9DDF19200BA9B, 7C773566A4F38FF2AF9C1BC74AED680DF4F19983564987119C7468B0FAA28579 ] Netwtw02 C:\WINDOWS\System32\drivers\Netwtw02.sys
20:13:12.0565 0x1114 Netwtw02 - ok
20:13:12.0603 0x1114 [ 09531BC5A41E4537FB8CF3E09E6D6DEC, 94E516E634E980FB0C7211A2FB1675F198D0327F188556A800451D3A41CE5A75 ] nfcgpiomanager C:\WINDOWS\System32\drivers\nfcgpiomanager.sys
20:13:12.0631 0x1114 nfcgpiomanager - ok
20:13:12.0659 0x1114 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
20:13:12.0752 0x1114 NgcCtnrSvc - ok
20:13:12.0831 0x1114 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
20:13:13.0038 0x1114 NgcSvc - ok
20:13:13.0078 0x1114 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
20:13:13.0184 0x1114 NlaSvc - ok
20:13:13.0200 0x1114 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:13:13.0261 0x1114 Npfs - ok
20:13:13.0281 0x1114 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
20:13:13.0340 0x1114 npsvctrig - ok
20:13:13.0361 0x1114 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
20:13:13.0433 0x1114 nsi - ok
20:13:13.0452 0x1114 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
20:13:13.0519 0x1114 nsiproxy - ok
20:13:13.0728 0x1114 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
20:13:13.0978 0x1114 NTFS - ok
20:13:13.0999 0x1114 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:13:14.0040 0x1114 Null - ok
20:13:14.0058 0x1114 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
20:13:14.0110 0x1114 nvraid - ok
20:13:14.0135 0x1114 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
20:13:14.0183 0x1114 nvstor - ok
20:13:14.0217 0x1114 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
20:13:14.0291 0x1114 OneSyncSvc - ok
20:13:14.0320 0x1114 [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:14.0359 0x1114 ose - ok
20:13:14.0392 0x1114 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
20:13:14.0472 0x1114 p2pimsvc - ok
20:13:14.0509 0x1114 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:13:14.0593 0x1114 p2psvc - ok
20:13:14.0611 0x1114 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
20:13:14.0655 0x1114 Parport - ok
20:13:14.0671 0x1114 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
20:13:14.0713 0x1114 partmgr - ok
20:13:14.0746 0x1114 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
20:13:14.0816 0x1114 PcaSvc - ok
20:13:14.0844 0x1114 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci C:\WINDOWS\system32\drivers\pci.sys
20:13:14.0913 0x1114 pci - ok
20:13:14.0926 0x1114 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
20:13:14.0955 0x1114 pciide - ok
20:13:14.0973 0x1114 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
20:13:15.0019 0x1114 pcmcia - ok
20:13:15.0034 0x1114 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
20:13:15.0075 0x1114 pcw - ok
20:13:15.0092 0x1114 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
20:13:15.0139 0x1114 pdc - ok
20:13:15.0194 0x1114 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
20:13:15.0320 0x1114 PEAUTH - ok
20:13:15.0422 0x1114 [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
20:13:15.0588 0x1114 PeerDistSvc - ok
20:13:15.0599 0x1114 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
20:13:15.0620 0x1114 percsas2i - ok
20:13:15.0628 0x1114 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
20:13:15.0648 0x1114 percsas3i - ok
20:13:15.0681 0x1114 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:13:15.0711 0x1114 PerfHost - ok
20:13:15.0756 0x1114 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
20:13:15.0859 0x1114 PhoneSvc - ok
20:13:15.0878 0x1114 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:13:15.0925 0x1114 PimIndexMaintenanceSvc - ok
20:13:15.0991 0x1114 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
20:13:16.0109 0x1114 pla - ok
20:13:16.0118 0x1114 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
20:13:16.0153 0x1114 PlugPlay - ok
20:13:16.0163 0x1114 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:13:16.0195 0x1114 PNRPAutoReg - ok
20:13:16.0211 0x1114 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
20:13:16.0253 0x1114 PNRPsvc - ok
20:13:16.0276 0x1114 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
20:13:16.0322 0x1114 PolicyAgent - ok
20:13:16.0334 0x1114 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
20:13:16.0374 0x1114 Power - ok
20:13:16.0388 0x1114 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
20:13:16.0426 0x1114 PptpMiniport - ok
20:13:16.0544 0x1114 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:13:16.0811 0x1114 PrintNotify - ok
20:13:16.0823 0x1114 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
20:13:16.0849 0x1114 Processor - ok
20:13:16.0874 0x1114 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
20:13:16.0929 0x1114 ProfSvc - ok
20:13:16.0940 0x1114 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
20:13:16.0971 0x1114 Psched - ok
20:13:16.0991 0x1114 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:13:17.0033 0x1114 QWAVE - ok
20:13:17.0042 0x1114 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:13:17.0071 0x1114 QWAVEdrv - ok
20:13:17.0080 0x1114 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:13:17.0109 0x1114 RasAcd - ok
20:13:17.0118 0x1114 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
20:13:17.0155 0x1114 RasAgileVpn - ok
20:13:17.0169 0x1114 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:13:17.0207 0x1114 RasAuto - ok
20:13:17.0216 0x1114 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
20:13:17.0255 0x1114 Rasl2tp - ok
20:13:17.0289 0x1114 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll
20:13:17.0361 0x1114 RasMan - ok
20:13:17.0372 0x1114 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:13:17.0411 0x1114 RasPppoe - ok
20:13:17.0420 0x1114 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
20:13:17.0456 0x1114 RasSstp - ok
20:13:17.0464 0x1114 [ 9A2B1D0E416F6A07A96919BA7A1199FF, B6C2D40E5A62E2E0AD8EC3DE0878531D12EA39316B940BFAD92008A37ABD8080 ] rccfg C:\WINDOWS\System32\drivers\rccfg.sys
20:13:17.0522 0x1114 rccfg - ok
20:13:17.0552 0x1114 [ F8B5C63D09B8EC4505A592A71718069F, 3FCDF4E91A706E838475213972668AE8738437535609669CEAE857BA0E957DFE ] rcraid C:\WINDOWS\System32\drivers\rcraid.sys
20:13:17.0638 0x1114 rcraid - ok
20:13:17.0664 0x1114 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:13:17.0705 0x1114 rdbss - ok
20:13:17.0714 0x1114 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:13:17.0736 0x1114 rdpbus - ok
20:13:17.0750 0x1114 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
20:13:17.0789 0x1114 RDPDR - ok
20:13:17.0801 0x1114 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:13:17.0822 0x1114 RdpVideoMiniport - ok
20:13:17.0837 0x1114 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:13:17.0872 0x1114 rdyboost - ok
20:13:17.0914 0x1114 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
20:13:17.0994 0x1114 ReFSv1 - ok
20:13:18.0022 0x1114 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:13:18.0093 0x1114 RemoteAccess - ok
20:13:18.0104 0x1114 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:13:18.0144 0x1114 RemoteRegistry - ok
20:13:18.0178 0x1114 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll
20:13:18.0247 0x1114 RetailDemo - ok
20:13:18.0262 0x1114 [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
20:13:18.0299 0x1114 RFCOMM - ok
20:13:18.0309 0x1114 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
20:13:18.0338 0x1114 RmSvc - ok
20:13:18.0347 0x1114 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
20:13:18.0384 0x1114 RpcEptMapper - ok
20:13:18.0395 0x1114 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
20:13:18.0418 0x1114 RpcLocator - ok
20:13:18.0453 0x1114 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:13:18.0538 0x1114 RpcSs - ok
20:13:18.0552 0x1114 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
20:13:18.0585 0x1114 rspndr - ok
20:13:18.0602 0x1114 [ E10276CC13ADDC33F6D6E7670C0ED211, F567EE51D6E5DA8AC60C699A0A4629D2E6160712A115AE8F57559C9432203FB5 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
20:13:18.0625 0x1114 RtkAudioService - ok
20:13:18.0658 0x1114 [ 253FE615CD283B0779A9585B50E4B030, 7B56FE3005BC1873DC5952181BE3AD5FCC6FF75B0D6C8C54176205CF8D12C062 ] RTSPER C:\WINDOWS\system32\DRIVERS\RtsPer.sys
20:13:18.0705 0x1114 RTSPER - ok
20:13:18.0712 0x1114 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:13:18.0732 0x1114 s3cap - ok
20:13:18.0740 0x1114 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
20:13:18.0765 0x1114 SamSs - ok
20:13:18.0776 0x1114 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
20:13:18.0803 0x1114 sbp2port - ok
20:13:18.0819 0x1114 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
20:13:18.0857 0x1114 SCardSvr - ok
20:13:18.0872 0x1114 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
20:13:18.0910 0x1114 ScDeviceEnum - ok
20:13:18.0916 0x1114 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:13:18.0941 0x1114 scfilter - ok
20:13:18.0994 0x1114 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:13:19.0103 0x1114 Schedule - ok
20:13:19.0113 0x1114 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
20:13:19.0134 0x1114 scmbus - ok
20:13:19.0145 0x1114 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:13:19.0184 0x1114 scmdisk0101 - ok
20:13:19.0202 0x1114 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
20:13:19.0236 0x1114 SCPolicySvc - ok
20:13:19.0253 0x1114 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
20:13:19.0293 0x1114 sdbus - ok
20:13:19.0304 0x1114 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
20:13:19.0337 0x1114 SDRSVC - ok
20:13:19.0347 0x1114 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
20:13:19.0375 0x1114 sdstor - ok
20:13:19.0385 0x1114 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
20:13:19.0415 0x1114 seclogon - ok
20:13:19.0423 0x1114 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
20:13:19.0457 0x1114 SENS - ok
20:13:19.0462 0x1114 Sense - ok
20:13:19.0518 0x1114 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:13:19.0658 0x1114 SensorDataService - ok
20:13:19.0685 0x1114 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
20:13:19.0742 0x1114 SensorService - ok
20:13:19.0757 0x1114 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:13:19.0795 0x1114 SensrSvc - ok
20:13:19.0804 0x1114 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
20:13:19.0824 0x1114 SerCx - ok
20:13:19.0835 0x1114 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
20:13:19.0861 0x1114 SerCx2 - ok
20:13:19.0870 0x1114 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
20:13:19.0900 0x1114 Serenum - ok
20:13:19.0911 0x1114 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
20:13:19.0939 0x1114 Serial - ok
20:13:19.0947 0x1114 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
20:13:19.0976 0x1114 sermouse - ok
20:13:20.0015 0x1114 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
20:13:20.0073 0x1114 SessionEnv - ok
20:13:20.0082 0x1114 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
20:13:20.0109 0x1114 sfloppy - ok
20:13:20.0132 0x1114 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:13:20.0208 0x1114 SharedAccess - ok
20:13:20.0238 0x1114 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:13:20.0321 0x1114 ShellHWDetection - ok
20:13:20.0332 0x1114 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:13:20.0373 0x1114 shpamsvc - ok
20:13:20.0383 0x1114 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:13:20.0404 0x1114 SiSRaid2 - ok
20:13:20.0412 0x1114 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
20:13:20.0432 0x1114 SiSRaid4 - ok
20:13:20.0447 0x1114 [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:13:20.0494 0x1114 SkypeUpdate - ok
20:13:20.0502 0x1114 [ 86C475DD33893895EB878D189807F8E7, 99C5FF95AE518E6A18866C97C93E0B9EAAFF0AEECBC7AAC3C5EC5A915FACB65E ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:13:20.0517 0x1114 SmbDrvI - ok
20:13:20.0524 0x1114 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
20:13:20.0558 0x1114 smphost - ok
20:13:20.0590 0x1114 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
20:13:20.0648 0x1114 SmsRouter - ok
20:13:20.0665 0x1114 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:13:20.0698 0x1114 SNMPTRAP - ok
20:13:20.0721 0x1114 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
20:13:20.0769 0x1114 spaceport - ok
20:13:20.0782 0x1114 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
20:13:20.0806 0x1114 SpbCx - ok
20:13:20.0836 0x1114 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
20:13:20.0923 0x1114 Spooler - ok
20:13:21.0125 0x1114 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
20:13:21.0395 0x1114 sppsvc - ok
20:13:21.0432 0x1114 [ 691A113761E32DB71283B2A837E5A0F4, 84F585C0C03E4CCF4F7CAB238B0F9B75AB0441D03577F19AA3166529BC4A2E74 ] SPUVCbv C:\WINDOWS\System32\Drivers\SPUVCbv64.sys
20:13:21.0498 0x1114 SPUVCbv - ok
20:13:21.0522 0x1114 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:13:21.0568 0x1114 srv - ok
20:13:21.0601 0x1114 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
20:13:21.0671 0x1114 srv2 - ok
20:13:21.0692 0x1114 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:13:21.0726 0x1114 srvnet - ok
20:13:21.0739 0x1114 [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus C:\WINDOWS\System32\drivers\ssadbus.sys
20:13:21.0761 0x1114 ssadbus - ok
20:13:21.0769 0x1114 [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
20:13:21.0787 0x1114 ssadmdfl - ok
20:13:21.0803 0x1114 [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
20:13:21.0822 0x1114 ssadmdm - ok
20:13:21.0833 0x1114 [ FF20F67DD5644BD1D2E7FCD95AF7F03B, 23615E776D6A8C406C7DDF0E694ED3B5A2D30913AFD3C0F86A788C5004299845 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
20:13:21.0852 0x1114 ssadserd - ok
20:13:21.0871 0x1114 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:13:21.0921 0x1114 SSDPSRV - ok
20:13:21.0935 0x1114 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
20:13:21.0987 0x1114 SstpSvc - ok
20:13:22.0018 0x1114 [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
20:13:22.0070 0x1114 ss_conn_service - ok
20:13:22.0223 0x1114 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:13:22.0506 0x1114 StateRepository - ok
20:13:22.0518 0x1114 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
20:13:22.0534 0x1114 stexstor - ok
20:13:22.0567 0x1114 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
20:13:22.0631 0x1114 stisvc - ok
20:13:22.0641 0x1114 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
20:13:22.0665 0x1114 storahci - ok
20:13:22.0677 0x1114 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
20:13:22.0700 0x1114 storflt - ok
20:13:22.0709 0x1114 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
20:13:22.0730 0x1114 stornvme - ok
20:13:22.0741 0x1114 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
20:13:22.0775 0x1114 storqosflt - ok
20:13:22.0799 0x1114 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll
20:13:22.0854 0x1114 StorSvc - ok
20:13:22.0862 0x1114 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
20:13:22.0892 0x1114 storufs - ok
20:13:22.0899 0x1114 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
20:13:22.0918 0x1114 storvsc - ok
20:13:22.0926 0x1114 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
20:13:22.0961 0x1114 svsvc - ok
20:13:22.0969 0x1114 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
20:13:22.0995 0x1114 swenum - ok
20:13:23.0021 0x1114 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
20:13:23.0100 0x1114 swprv - ok
20:13:23.0109 0x1114 [ C3AE45291669788AB51BA28F93554119, 8558B5A02215348C727AF26A33E61A02CAD656DE695D82DF11486E3ECA1F4CFF ] SynRMIHID C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys
20:13:23.0125 0x1114 SynRMIHID - ok
20:13:23.0133 0x1114 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:13:23.0163 0x1114 Synth3dVsc - ok
20:13:23.0198 0x1114 [ 135B02E91F983266906D468DF9DDF1D7, C387AAFD0E7F35A3E91E1AE8CE29668C9BA0FE76EF1BC68CE0B9D750F47B6D60 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:13:23.0243 0x1114 SynTP - ok
20:13:23.0265 0x1114 [ ECDCF184867EF5E97CED317CED71C562, 2A83C7AE6F514F289070CBB6B8C32334AEBA0C541121ED205AA44A9AFF9078BC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
20:13:23.0305 0x1114 SynTPEnhService - ok
20:13:23.0343 0x1114 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
20:13:23.0440 0x1114 SysMain - ok
20:13:23.0470 0x1114 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:13:23.0522 0x1114 SystemEventsBroker - ok
20:13:23.0534 0x1114 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:13:23.0575 0x1114 TabletInputService - ok
20:13:23.0598 0x1114 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:13:23.0640 0x1114 TapiSrv - ok
20:13:23.0737 0x1114 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
20:13:23.0879 0x1114 Tcpip - ok
20:13:23.0977 0x1114 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
20:13:24.0120 0x1114 Tcpip6 - ok
20:13:24.0136 0x1114 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:13:24.0166 0x1114 tcpipreg - ok
20:13:24.0183 0x1114 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
20:13:24.0207 0x1114 tdx - ok
20:13:24.0213 0x1114 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:13:24.0232 0x1114 terminpt - ok
20:13:24.0275 0x1114 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
20:13:24.0363 0x1114 TermService - ok
20:13:24.0376 0x1114 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
20:13:24.0416 0x1114 Themes - ok
20:13:24.0430 0x1114 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:13:24.0490 0x1114 TieringEngineService - ok
20:13:24.0515 0x1114 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:13:24.0582 0x1114 tiledatamodelsvc - ok
20:13:24.0596 0x1114 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
20:13:24.0628 0x1114 TimeBrokerSvc - ok
20:13:24.0640 0x1114 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
20:13:24.0678 0x1114 TPM - ok
20:13:24.0692 0x1114 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:13:24.0722 0x1114 TrkWks - ok
20:13:24.0730 0x1114 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:13:24.0774 0x1114 TrustedInstaller - ok
20:13:24.0791 0x1114 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:13:24.0817 0x1114 tsusbflt - ok
20:13:24.0825 0x1114 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:13:24.0848 0x1114 TsUsbGD - ok
20:13:24.0861 0x1114 [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub C:\WINDOWS\system32\drivers\tsusbhub.sys
20:13:24.0898 0x1114 tsusbhub - ok
20:13:24.0908 0x1114 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
20:13:24.0942 0x1114 tunnel - ok
20:13:24.0955 0x1114 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
20:13:25.0021 0x1114 tzautoupdate - ok
20:13:25.0031 0x1114 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
20:13:25.0054 0x1114 UASPStor - ok
20:13:25.0066 0x1114 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
20:13:25.0099 0x1114 UcmCx0101 - ok
20:13:25.0110 0x1114 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:13:25.0140 0x1114 UcmTcpciCx0101 - ok
20:13:25.0150 0x1114 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:13:25.0182 0x1114 UcmUcsi - ok
20:13:25.0199 0x1114 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
20:13:25.0227 0x1114 Ucx01000 - ok
20:13:25.0235 0x1114 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
20:13:25.0264 0x1114 UdeCx - ok
20:13:25.0289 0x1114 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
20:13:25.0339 0x1114 udfs - ok
20:13:25.0349 0x1114 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
20:13:25.0373 0x1114 UEFI - ok
20:13:25.0383 0x1114 [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver C:\WINDOWS\system32\drivers\UevAgentDriver.sys
20:13:25.0409 0x1114 UevAgentDriver - ok
20:13:25.0461 0x1114 [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\WINDOWS\system32\AgentService.exe
20:13:25.0570 0x1114 UevAgentService - ok
20:13:25.0591 0x1114 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
20:13:25.0620 0x1114 Ufx01000 - ok
20:13:25.0629 0x1114 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:13:25.0650 0x1114 UfxChipidea - ok
20:13:25.0662 0x1114 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:13:25.0692 0x1114 ufxsynopsys - ok
20:13:25.0706 0x1114 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
20:13:25.0735 0x1114 UI0Detect - ok
20:13:25.0745 0x1114 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
20:13:25.0777 0x1114 umbus - ok
20:13:25.0787 0x1114 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
20:13:25.0811 0x1114 UmPass - ok
20:13:25.0827 0x1114 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
20:13:25.0875 0x1114 UmRdpService - ok
20:13:25.0926 0x1114 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
20:13:26.0032 0x1114 UnistoreSvc - ok
20:13:26.0059 0x1114 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:13:26.0123 0x1114 upnphost - ok
20:13:26.0134 0x1114 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
20:13:26.0159 0x1114 UrsChipidea - ok
20:13:26.0171 0x1114 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
20:13:26.0203 0x1114 UrsCx01000 - ok
20:13:26.0210 0x1114 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
20:13:26.0231 0x1114 UrsSynopsys - ok
20:13:26.0244 0x1114 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
20:13:26.0279 0x1114 usbccgp - ok
20:13:26.0296 0x1114 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:13:26.0323 0x1114 usbcir - ok
20:13:26.0333 0x1114 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
20:13:26.0363 0x1114 usbehci - ok
20:13:26.0395 0x1114 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
20:13:26.0437 0x1114 usbhub - ok
20:13:26.0465 0x1114 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
20:13:26.0514 0x1114 USBHUB3 - ok
20:13:26.0521 0x1114 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
20:13:26.0544 0x1114 usbohci - ok
20:13:26.0553 0x1114 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
20:13:26.0584 0x1114 usbprint - ok
20:13:26.0597 0x1114 [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:13:26.0640 0x1114 usbscan - ok
20:13:26.0651 0x1114 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
20:13:26.0690 0x1114 usbser - ok
20:13:26.0700 0x1114 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:13:26.0724 0x1114 USBSTOR - ok
20:13:26.0731 0x1114 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
20:13:26.0754 0x1114 usbuhci - ok
20:13:26.0778 0x1114 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:13:26.0817 0x1114 USBXHCI - ok
20:13:26.0824 0x1114 [ 836828E40B9EEFBC77B3032DB677555C, 8AC045B43086E800B03412895D4DBCF506D1B729791CF24EB2ECA3F0F1C9BDEB ] usb_rndisx C:\WINDOWS\System32\drivers\usb8023x.sys
20:13:26.0848 0x1114 usb_rndisx - ok
20:13:26.0917 0x1114 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
20:13:27.0034 0x1114 UserDataSvc - ok
20:13:27.0087 0x1114 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
20:13:27.0186 0x1114 UserManager - ok
20:13:27.0213 0x1114 [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\WINDOWS\system32\usocore.dll
20:13:27.0291 0x1114 UsoSvc - ok
20:13:27.0299 0x1114 [ FEA3504EEFEA7EF27C4B3EDB9986B4EC, 6957F39115C517EA4F1349A10E6CCB8B43FC72C603B8616FB30EFA36560019FF ] valWBFPolicyService C:\WINDOWS\system32\valWBFPolicyService.exe
20:13:27.0320 0x1114 valWBFPolicyService - ok
20:13:27.0327 0x1114 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
20:13:27.0349 0x1114 VaultSvc - ok
20:13:27.0360 0x1114 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
20:13:27.0390 0x1114 vdrvroot - ok
20:13:27.0420 0x1114 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
20:13:27.0504 0x1114 vds - ok
20:13:27.0517 0x1114 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
20:13:27.0543 0x1114 VerifierExt - ok
20:13:27.0583 0x1114 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
20:13:27.0636 0x1114 vhdmp - ok
20:13:27.0644 0x1114 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
20:13:27.0671 0x1114 vhf - ok
20:13:27.0685 0x1114 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
20:13:27.0708 0x1114 vmbus - ok
20:13:27.0715 0x1114 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
20:13:27.0737 0x1114 VMBusHID - ok
20:13:27.0743 0x1114 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
20:13:27.0771 0x1114 vmgid - ok
20:13:27.0792 0x1114 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:13:27.0844 0x1114 vmicguestinterface - ok
20:13:27.0864 0x1114 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
20:13:27.0913 0x1114 vmicheartbeat - ok
20:13:27.0929 0x1114 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:13:27.0968 0x1114 vmickvpexchange - ok
20:13:27.0991 0x1114 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
20:13:28.0039 0x1114 vmicrdv - ok
20:13:28.0059 0x1114 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
20:13:28.0105 0x1114 vmicshutdown - ok
20:13:28.0125 0x1114 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
20:13:28.0171 0x1114 vmictimesync - ok
20:13:28.0193 0x1114 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
20:13:28.0231 0x1114 vmicvmsession - ok
20:13:28.0253 0x1114 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
20:13:28.0306 0x1114 vmicvss - ok
20:13:28.0316 0x1114 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
20:13:28.0337 0x1114 volmgr - ok
20:13:28.0357 0x1114 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
20:13:28.0403 0x1114 volmgrx - ok
20:13:28.0422 0x1114 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
20:13:28.0466 0x1114 volsnap - ok
20:13:28.0475 0x1114 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
20:13:28.0499 0x1114 volume - ok
20:13:28.0509 0x1114 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
20:13:28.0529 0x1114 vpci - ok
20:13:28.0542 0x1114 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
20:13:28.0570 0x1114 vsmraid - ok
20:13:28.0630 0x1114 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
20:13:28.0755 0x1114 VSS - ok
20:13:28.0778 0x1114 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
20:13:28.0814 0x1114 VSTXRAID - ok
20:13:28.0821 0x1114 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
20:13:28.0841 0x1114 vwifibus - ok
20:13:28.0851 0x1114 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
20:13:28.0885 0x1114 vwififlt - ok
20:13:28.0894 0x1114 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
20:13:28.0916 0x1114 vwifimp - ok
20:13:28.0939 0x1114 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
20:13:29.0032 0x1114 W32Time - ok
20:13:29.0044 0x1114 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
20:13:29.0077 0x1114 w3logsvc - ok
20:13:29.0087 0x1114 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
20:13:29.0110 0x1114 WacomPen - ok
20:13:29.0130 0x1114 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
20:13:29.0192 0x1114 WalletService - ok
20:13:29.0200 0x1114 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:29.0236 0x1114 wanarp - ok
20:13:29.0245 0x1114 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:29.0294 0x1114 wanarpv6 - ok
20:13:29.0326 0x1114 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
20:13:29.0398 0x1114 WAS - ok
20:13:29.0457 0x1114 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
20:13:29.0578 0x1114 wbengine - ok
20:13:29.0615 0x1114 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
20:13:29.0705 0x1114 WbioSrvc - ok
20:13:29.0715 0x1114 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
20:13:29.0737 0x1114 wcifs - ok
20:13:29.0774 0x1114 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
20:13:29.0856 0x1114 Wcmsvc - ok
20:13:29.0884 0x1114 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
20:13:29.0937 0x1114 wcncsvc - ok
20:13:29.0949 0x1114 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
20:13:29.0977 0x1114 wcnfs - ok
20:13:29.0987 0x1114 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
20:13:30.0009 0x1114 WdBoot - ok
20:13:30.0045 0x1114 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
20:13:30.0109 0x1114 Wdf01000 - ok
20:13:30.0127 0x1114 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
20:13:30.0161 0x1114 WdFilter - ok
20:13:30.0172 0x1114 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:13:30.0211 0x1114 WdiServiceHost - ok
20:13:30.0220 0x1114 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:13:30.0255 0x1114 WdiSystemHost - ok
20:13:30.0291 0x1114 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:13:30.0361 0x1114 wdiwifi - ok
20:13:30.0376 0x1114 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:13:30.0404 0x1114 WdNisDrv - ok
20:13:30.0409 0x1114 WdNisSvc - ok
20:13:30.0423 0x1114 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:13:30.0475 0x1114 WebClient - ok
20:13:30.0495 0x1114 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
20:13:30.0536 0x1114 Wecsvc - ok
20:13:30.0546 0x1114 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:13:30.0581 0x1114 WEPHOSTSVC - ok
20:13:30.0595 0x1114 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
20:13:30.0632 0x1114 wercplsupport - ok
20:13:30.0643 0x1114 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
20:13:30.0687 0x1114 WerSvc - ok
20:13:30.0698 0x1114 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
20:13:30.0723 0x1114 WFPLWFS - ok
20:13:30.0733 0x1114 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
20:13:30.0768 0x1114 WiaRpc - ok
20:13:30.0779 0x1114 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
20:13:30.0806 0x1114 WIMMount - ok
20:13:30.0811 0x1114 WinDefend - ok
20:13:30.0828 0x1114 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:13:30.0853 0x1114 WindowsTrustedRT - ok
20:13:30.0863 0x1114 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:13:30.0894 0x1114 WindowsTrustedRTProxy - ok
20:13:30.0931 0x1114 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:13:31.0020 0x1114 WinHttpAutoProxySvc - ok
20:13:31.0030 0x1114 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
20:13:31.0050 0x1114 WinMad - ok
20:13:31.0075 0x1114 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:13:31.0120 0x1114 Winmgmt - ok
20:13:31.0221 0x1114 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:13:31.0431 0x1114 WinRM - ok
20:13:31.0452 0x1114 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
20:13:31.0487 0x1114 WINUSB - ok
20:13:31.0494 0x1114 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
20:13:31.0514 0x1114 WinVerbs - ok
20:13:31.0523 0x1114 [ D8F041E03B5D68BC98457F55A18F4997, 55B817FB2CC914224FC897C0B1D76930FB454902F40F10595350BCBA6FB41F7E ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
20:13:31.0539 0x1114 WirelessButtonDriver64 - ok
20:13:31.0574 0x1114 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
20:13:31.0644 0x1114 wisvc - ok
20:13:31.0733 0x1114 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
20:13:31.0911 0x1114 WlanSvc - ok
20:13:31.0999 0x1114 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
20:13:32.0159 0x1114 wlidsvc - ok
20:13:32.0172 0x1114 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
20:13:32.0196 0x1114 WmiAcpi - ok
20:13:32.0212 0x1114 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:13:32.0248 0x1114 wmiApSrv - ok
20:13:32.0258 0x1114 WMPNetworkSvc - ok
20:13:32.0287 0x1114 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
20:13:32.0334 0x1114 Wof - ok
20:13:32.0430 0x1114 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
20:13:32.0587 0x1114 workfolderssvc - ok
20:13:32.0599 0x1114 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:13:32.0629 0x1114 WPDBusEnum - ok
20:13:32.0636 0x1114 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:13:32.0657 0x1114 WpdUpFltr - ok
20:13:32.0674 0x1114 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
20:13:32.0717 0x1114 WpnService - ok
20:13:32.0728 0x1114 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
20:13:32.0760 0x1114 WpnUserService - ok
20:13:32.0774 0x1114 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:13:32.0805 0x1114 ws2ifsl - ok
20:13:32.0818 0x1114 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
20:13:32.0867 0x1114 wscsvc - ok
20:13:32.0874 0x1114 WSearch - ok
20:13:32.0977 0x1114 [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\WINDOWS\system32\wuaueng.dll
20:13:33.0154 0x1114 wuauserv - ok
20:13:33.0170 0x1114 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:13:33.0205 0x1114 WudfPf - ok
20:13:33.0218 0x1114 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
20:13:33.0254 0x1114 WUDFRd - ok
20:13:33.0270 0x1114 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
20:13:33.0308 0x1114 wudfsvc - ok
20:13:33.0320 0x1114 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:13:33.0354 0x1114 WUDFWpdFs - ok
20:13:33.0370 0x1114 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:13:33.0415 0x1114 WUDFWpdMtp - ok
20:13:33.0475 0x1114 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
20:13:33.0600 0x1114 WwanSvc - ok
20:13:33.0641 0x1114 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
20:13:33.0732 0x1114 XblAuthManager - ok
20:13:33.0787 0x1114 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
20:13:33.0889 0x1114 XblGameSave - ok
20:13:33.0905 0x1114 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
20:13:33.0974 0x1114 xboxgip - ok
20:13:34.0018 0x1114 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
20:13:34.0125 0x1114 XboxNetApiSvc - ok
20:13:34.0133 0x1114 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
20:13:34.0180 0x1114 xinputhid - ok
20:13:34.0188 0x1114 ================ Scan global ===============================
20:13:34.0196 0x1114 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:13:34.0207 0x1114 [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
20:13:34.0219 0x1114 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:13:34.0242 0x1114 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
20:13:34.0262 0x1114 [ Global ] - ok
20:13:34.0263 0x1114 ================ Scan MBR ==================================
20:13:34.0266 0x1114 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:13:34.0477 0x1114 \Device\Harddisk0\DR0 - ok
20:13:34.0477 0x1114 ================ Scan VBR ==================================
20:13:34.0480 0x1114 [ A8A6EDC0C61A8F014CA5D940A094BAFA ] \Device\Harddisk0\DR0\Partition1
20:13:34.0482 0x1114 \Device\Harddisk0\DR0\Partition1 - ok
20:13:34.0484 0x1114 [ 3AC0EAC7964BB12438A0FBFC99A1F8A8 ] \Device\Harddisk0\DR0\Partition2
20:13:34.0486 0x1114 \Device\Harddisk0\DR0\Partition2 - ok
20:13:34.0492 0x1114 [ 7BA077761FD35C34EC1F16624190450B ] \Device\Harddisk0\DR0\Partition3
20:13:34.0496 0x1114 \Device\Harddisk0\DR0\Partition3 - ok
20:13:34.0500 0x1114 [ 6F9DD6074254895E816BD677B5DC210C ] \Device\Harddisk0\DR0\Partition4
20:13:34.0501 0x1114 \Device\Harddisk0\DR0\Partition4 - ok
20:13:34.0502 0x1114 ================ Scan generic autorun ======================
20:13:34.0772 0x1114 [ 103B9C27600E7492F814FD03E805EEFC, 788542D7494F9697E4BAD0A541060B73D93C8D4A943729D6731DE074FA8A9327 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:13:35.0094 0x1114 RTHDVCPL - ok
20:13:35.0132 0x1114 [ 5AF3874DD6922F7638BFF6F7234E165C, A85AB971CE061FA02D56D8935F20BFFF431A79F12A8A440BD046AFE62D5093A9 ] C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe
20:13:35.0180 0x1114 CxAgent - ok
20:13:35.0184 0x1114 WindowsDefender - ok
20:13:35.0202 0x1114 [ 90F3260640FA377A2208AE5BA2701A67, 323A52508ACD92D11FA66467C54A2F319F0D57C82E48E49CF9CCA74FEA835288 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:13:35.0223 0x1114 KiesTrayAgent - ok
20:13:35.0537 0x1114 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:13:35.0889 0x1114 OneDriveSetup - ok
20:13:36.0197 0x1114 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:13:36.0533 0x1114 OneDriveSetup - ok
20:13:36.0608 0x1114 [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\susanna\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:13:36.0680 0x1114 OneDrive - ok
20:13:36.0738 0x1114 [ FA9A5C429858E4AD0173878CF9898D49, BBCADF15B2DD4B5FA7ADC61BA69F45B2608D93F691FF67E9857932C3ABF332CE ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:13:36.0810 0x1114 KiesPreload - ok
20:13:36.0834 0x1114 [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
20:13:36.0874 0x1114 Google Update - ok
20:13:37.0004 0x1114 [ 52CFF3274565013440E221A1DAB75847, C42E176046647438EE3C3574195D02B101A4C32ED8B292043E223540281AD0AE ] C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
20:13:37.0145 0x1114 Google Photos Backup - ok
20:13:37.0205 0x1114 [ A2B91786A24A2F285C5C41D7F9CE62D9, 5D056540C425C57B5C685174472C2329452449C8443F213704C6E67192CFA208 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
20:13:37.0269 0x1114 GarminExpressTrayApp - ok
20:13:37.0276 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:38.0277 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:39.0278 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:40.0278 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:41.0279 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:42.0279 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:43.0279 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:44.0280 0x1114 Waiting for KSN requests completion. In queue: 140
20:13:45.0319 0x1114 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
20:13:45.0323 0x1114 Win FW state via NFP2: enabled ( trusted )
20:13:52.0451 0x1114 ============================================================
20:13:52.0451 0x1114 Scan finished
20:13:52.0451 0x1114 ============================================================
20:13:52.0460 0x06d4 Detected object count: 0
20:13:52.0460 0x06d4 Actual detected object count: 0
Geändert von umor (18.02.2017 um 21:04 Uhr) |
|
18.02.2017, 20:54
| #5 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten TDSSKiller zweites mal scannen (Teil 1 von 2): Code:
ATTFilter 20:23:57.0627 0x03cc TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
20:24:02.0861 0x03cc ============================================================
20:24:02.0861 0x03cc Current date / time: 2017/02/18 20:24:02.0861
20:24:02.0861 0x03cc SystemInfo:
20:24:02.0861 0x03cc
20:24:02.0861 0x03cc OS Version: 10.0.14393 ServicePack: 0.0
20:24:02.0861 0x03cc Product type: Workstation
20:24:02.0861 0x03cc ComputerName: DESKTOP-UCUGHB0
20:24:02.0861 0x03cc UserName: susanna
20:24:02.0861 0x03cc Windows directory: C:\WINDOWS
20:24:02.0861 0x03cc System windows directory: C:\WINDOWS
20:24:02.0861 0x03cc Running under WOW64
20:24:02.0861 0x03cc Processor architecture: Intel x64
20:24:02.0861 0x03cc Number of processors: 4
20:24:02.0861 0x03cc Page size: 0x1000
20:24:02.0861 0x03cc Boot type: Normal boot
20:24:02.0861 0x03cc CodeIntegrityOptions = 0x00000001
20:24:02.0861 0x03cc ============================================================
20:24:02.0861 0x03cc KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
20:24:03.0736 0x03cc System UUID: {A37E1B6F-15F8-F7E4-D5C2-2136543FD0AC}
20:24:04.0252 0x03cc Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:24:04.0252 0x03cc ============================================================
20:24:04.0252 0x03cc \Device\Harddisk0\DR0:
20:24:04.0252 0x03cc MBR partitions:
20:24:04.0252 0x03cc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200800
20:24:04.0252 0x03cc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x201000, BlocksNum 0x1B904800
20:24:04.0252 0x03cc \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB05800, BlocksNum 0x1DEB000
20:24:04.0252 0x03cc \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x1D8F0800, BlocksNum 0x400000
20:24:04.0252 0x03cc ============================================================
20:24:04.0252 0x03cc C: <-> \Device\Harddisk0\DR0\Partition2
20:24:04.0252 0x03cc D: <-> \Device\Harddisk0\DR0\Partition3
20:24:04.0252 0x03cc E: <-> \Device\Harddisk0\DR0\Partition4
20:24:04.0252 0x03cc ============================================================
20:24:04.0252 0x03cc Initialize success
20:24:04.0252 0x03cc ============================================================
20:24:25.0002 0x16d4 ============================================================
20:24:25.0002 0x16d4 Scan started
20:24:25.0002 0x16d4 Mode: Manual; SigCheck; TDLFS;
20:24:25.0002 0x16d4 ============================================================
20:24:25.0002 0x16d4 KSN ping started
20:24:32.0144 0x16d4 KSN ping finished: true
20:24:32.0519 0x16d4 ================ Scan system memory ========================
20:24:32.0519 0x16d4 System memory - ok
20:24:32.0519 0x16d4 ================ Scan services =============================
20:24:32.0566 0x16d4 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
20:24:32.0612 0x16d4 1394ohci - ok
20:24:32.0628 0x16d4 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
20:24:32.0644 0x16d4 3ware - ok
20:24:32.0659 0x16d4 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
20:24:32.0691 0x16d4 ACPI - ok
20:24:32.0691 0x16d4 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
20:24:32.0706 0x16d4 AcpiDev - ok
20:24:32.0722 0x16d4 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
20:24:32.0737 0x16d4 acpiex - ok
20:24:32.0737 0x16d4 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
20:24:32.0753 0x16d4 acpipagr - ok
20:24:32.0753 0x16d4 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:24:32.0769 0x16d4 AcpiPmi - ok
20:24:32.0784 0x16d4 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
20:24:32.0784 0x16d4 acpitime - ok
20:24:32.0800 0x16d4 [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:24:32.0816 0x16d4 AdobeARMservice - ok
20:24:32.0847 0x16d4 [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:32.0862 0x16d4 AdobeFlashPlayerUpdateSvc - ok
20:24:32.0894 0x16d4 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:24:32.0925 0x16d4 ADP80XX - ok
20:24:32.0941 0x16d4 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
20:24:32.0972 0x16d4 AFD - ok
20:24:32.0987 0x16d4 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:24:33.0003 0x16d4 ahcache - ok
20:24:33.0019 0x16d4 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
20:24:33.0034 0x16d4 AJRouter - ok
20:24:33.0034 0x16d4 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
20:24:33.0066 0x16d4 ALG - ok
20:24:33.0066 0x16d4 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
20:24:33.0081 0x16d4 AmdK8 - ok
20:24:33.0097 0x16d4 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
20:24:33.0112 0x16d4 AmdPPM - ok
20:24:33.0112 0x16d4 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
20:24:33.0128 0x16d4 amdsata - ok
20:24:33.0144 0x16d4 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
20:24:33.0159 0x16d4 amdsbs - ok
20:24:33.0159 0x16d4 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
20:24:33.0175 0x16d4 amdxata - ok
20:24:33.0191 0x16d4 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
20:24:33.0206 0x16d4 AppHostSvc - ok
20:24:33.0222 0x16d4 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
20:24:33.0237 0x16d4 AppID - ok
20:24:33.0237 0x16d4 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
20:24:33.0269 0x16d4 AppIDSvc - ok
20:24:33.0269 0x16d4 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
20:24:33.0284 0x16d4 Appinfo - ok
20:24:33.0300 0x16d4 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
20:24:33.0316 0x16d4 applockerfltr - ok
20:24:33.0331 0x16d4 [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:24:33.0347 0x16d4 AppMgmt - ok
20:24:33.0362 0x16d4 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
20:24:33.0409 0x16d4 AppReadiness - ok
20:24:33.0441 0x16d4 [ 99CA3E622070FDBD7B75EB7E86B2DE40, 12BDD092667250EBC99B4D597897C1B2C83115CD83ECCDEAC36B2D9C9BEA77B6 ] AppVClient C:\WINDOWS\system32\AppVClient.exe
20:24:33.0472 0x16d4 AppVClient - ok
20:24:33.0472 0x16d4 [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm C:\WINDOWS\system32\drivers\AppvStrm.sys
20:24:33.0487 0x16d4 AppvStrm - ok
20:24:33.0503 0x16d4 [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr C:\WINDOWS\system32\drivers\AppvVemgr.sys
20:24:33.0519 0x16d4 AppvVemgr - ok
20:24:33.0519 0x16d4 [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs C:\WINDOWS\system32\drivers\AppvVfs.sys
20:24:33.0534 0x16d4 AppvVfs - ok
20:24:33.0581 0x16d4 [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
20:24:33.0675 0x16d4 AppXSvc - ok
20:24:33.0691 0x16d4 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
20:24:33.0706 0x16d4 arcsas - ok
20:24:33.0706 0x16d4 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:24:33.0722 0x16d4 aspnet_state - ok
20:24:33.0737 0x16d4 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
20:24:33.0753 0x16d4 AsyncMac - ok
20:24:33.0753 0x16d4 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
20:24:33.0769 0x16d4 atapi - ok
20:24:33.0784 0x16d4 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:24:33.0816 0x16d4 AudioEndpointBuilder - ok
20:24:33.0831 0x16d4 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
20:24:33.0878 0x16d4 Audiosrv - ok
20:24:33.0878 0x16d4 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
20:24:33.0909 0x16d4 AxInstSV - ok
20:24:33.0925 0x16d4 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
20:24:33.0941 0x16d4 b06bdrv - ok
20:24:33.0956 0x16d4 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:24:33.0972 0x16d4 BasicDisplay - ok
20:24:33.0972 0x16d4 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
20:24:33.0987 0x16d4 BasicRender - ok
20:24:33.0987 0x16d4 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
20:24:34.0003 0x16d4 bcmfn - ok
20:24:34.0003 0x16d4 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:24:34.0019 0x16d4 bcmfn2 - ok
20:24:34.0034 0x16d4 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
20:24:34.0066 0x16d4 BDESVC - ok
20:24:34.0066 0x16d4 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:24:34.0086 0x16d4 Beep - ok
20:24:34.0102 0x16d4 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
20:24:34.0149 0x16d4 BFE - ok
20:24:34.0180 0x16d4 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
20:24:34.0227 0x16d4 BITS - ok
20:24:34.0243 0x16d4 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
20:24:34.0258 0x16d4 bowser - ok
20:24:34.0274 0x16d4 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:24:34.0321 0x16d4 BrokerInfrastructure - ok
20:24:34.0336 0x16d4 [ C711ED965009BDCFF9AA62CEB6FF1AAD, 083E981F983653329C2B8361963CA81D5D88E164C7738035F701A10CCB1C85CC ] Brother XP spl Service C:\WINDOWS\SysWoW64\brsvc01a.exe
20:24:34.0352 0x16d4 Brother XP spl Service - ok
20:24:34.0352 0x16d4 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
20:24:34.0383 0x16d4 Browser - ok
20:24:34.0383 0x16d4 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:24:34.0399 0x16d4 BthAvrcpTg - ok
20:24:34.0399 0x16d4 [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
20:24:34.0430 0x16d4 BthEnum - ok
20:24:34.0430 0x16d4 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:24:34.0446 0x16d4 BthHFEnum - ok
20:24:34.0446 0x16d4 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
20:24:34.0461 0x16d4 bthhfhid - ok
20:24:34.0477 0x16d4 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
20:24:34.0493 0x16d4 BthHFSrv - ok
20:24:34.0508 0x16d4 [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys
20:24:34.0524 0x16d4 BthLEEnum - ok
20:24:34.0540 0x16d4 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:24:34.0555 0x16d4 BTHMODEM - ok
20:24:34.0555 0x16d4 [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys
20:24:34.0571 0x16d4 BthPan - ok
20:24:34.0602 0x16d4 [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
20:24:34.0649 0x16d4 BTHPORT - ok
20:24:34.0665 0x16d4 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
20:24:34.0680 0x16d4 bthserv - ok
20:24:34.0680 0x16d4 [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
20:24:34.0696 0x16d4 BTHUSB - ok
20:24:34.0696 0x16d4 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:24:34.0711 0x16d4 buttonconverter - ok
20:24:34.0727 0x16d4 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
20:24:34.0758 0x16d4 CapImg - ok
20:24:34.0758 0x16d4 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:24:34.0790 0x16d4 cdfs - ok
20:24:34.0790 0x16d4 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
20:24:34.0821 0x16d4 CDPSvc - ok
20:24:34.0836 0x16d4 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
20:24:34.0868 0x16d4 CDPUserSvc - ok
20:24:34.0868 0x16d4 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
20:24:34.0899 0x16d4 cdrom - ok
20:24:34.0899 0x16d4 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
20:24:34.0930 0x16d4 CertPropSvc - ok
20:24:34.0930 0x16d4 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
20:24:34.0961 0x16d4 cht4iscsi - ok
20:24:35.0008 0x16d4 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
20:24:35.0071 0x16d4 cht4vbd - ok
20:24:35.0071 0x16d4 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:24:35.0087 0x16d4 circlass - ok
20:24:35.0102 0x16d4 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
20:24:35.0133 0x16d4 CLFS - ok
20:24:35.0211 0x16d4 [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:24:35.0305 0x16d4 ClickToRunSvc - ok
20:24:35.0321 0x16d4 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
20:24:35.0352 0x16d4 ClipSVC - ok
20:24:35.0352 0x16d4 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
20:24:35.0368 0x16d4 clreg - ok
20:24:35.0383 0x16d4 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
20:24:35.0399 0x16d4 CmBatt - ok
20:24:35.0415 0x16d4 [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
20:24:35.0446 0x16d4 CNG - ok
20:24:35.0446 0x16d4 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:24:35.0461 0x16d4 cnghwassist - ok
20:24:35.0477 0x16d4 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:24:35.0493 0x16d4 CompositeBus - ok
20:24:35.0493 0x16d4 COMSysApp - ok
20:24:35.0493 0x16d4 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
20:24:35.0508 0x16d4 condrv - ok
20:24:35.0524 0x16d4 [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:24:35.0555 0x16d4 CoreMessagingRegistrar - ok
20:24:35.0586 0x16d4 [ 4709DFA8EB8F9468DC3B2A532B12677D, 09F5270FC8C5279BDE37FFA486ACFEB2F7BE2383DC4D417618BF2BB20656ACDB ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:24:35.0696 0x16d4 cphs - ok
20:24:35.0696 0x16d4 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
20:24:35.0727 0x16d4 CryptSvc - ok
20:24:35.0743 0x16d4 [ 03214883D52FAD46573233852344C72C, 63DCCDD895EB804D205ABB8EA381B34FB0879D09E4D0EB0B28F9B2BB1024BAB7 ] CSC C:\WINDOWS\system32\drivers\csc.sys
20:24:35.0774 0x16d4 CSC - ok
20:24:35.0790 0x16d4 [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService C:\WINDOWS\System32\cscsvc.dll
20:24:35.0821 0x16d4 CscService - ok
20:24:35.0836 0x16d4 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
20:24:35.0852 0x16d4 dam - ok
20:24:35.0852 0x16d4 [ 38ABCA069E5C5B0F3C79A974A7FE49BD, 7CD5A177DBFED46C622818452EDD4439864561B0C99323D2ACCCEC49732FB2E3 ] DbxSvc C:\WINDOWS\system32\DbxSvc.exe
20:24:35.0852 0x16d4 DbxSvc - ok
20:24:35.0883 0x16d4 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:24:35.0930 0x16d4 DcomLaunch - ok
20:24:35.0930 0x16d4 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
20:24:35.0961 0x16d4 DcpSvc - ok
20:24:35.0977 0x16d4 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
20:24:36.0008 0x16d4 defragsvc - ok
20:24:36.0024 0x16d4 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:24:36.0055 0x16d4 DeviceAssociationService - ok
20:24:36.0071 0x16d4 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
20:24:36.0086 0x16d4 DeviceInstall - ok
20:24:36.0086 0x16d4 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
20:24:36.0102 0x16d4 DevQueryBroker - ok
20:24:36.0118 0x16d4 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
20:24:36.0133 0x16d4 Dfsc - ok
20:24:36.0149 0x16d4 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
20:24:36.0180 0x16d4 Dhcp - ok
20:24:36.0180 0x16d4 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:24:36.0211 0x16d4 diagnosticshub.standardcollector.service - ok
20:24:36.0258 0x16d4 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
20:24:36.0336 0x16d4 DiagTrack - ok
20:24:36.0336 0x16d4 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
20:24:36.0352 0x16d4 disk - ok
20:24:36.0368 0x16d4 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:24:36.0399 0x16d4 DmEnrollmentSvc - ok
20:24:36.0415 0x16d4 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
20:24:36.0415 0x16d4 dmvsc - ok
20:24:36.0430 0x16d4 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:24:36.0461 0x16d4 dmwappushservice - ok
20:24:36.0477 0x16d4 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:24:36.0493 0x16d4 Dnscache - ok
20:24:36.0508 0x16d4 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
20:24:36.0524 0x16d4 dot3svc - ok
20:24:36.0540 0x16d4 [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:24:36.0555 0x16d4 dot4 - ok
20:24:36.0555 0x16d4 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\WINDOWS\System32\drivers\Dot4Prt.sys
20:24:36.0555 0x16d4 Dot4Print - ok
20:24:36.0571 0x16d4 [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:24:36.0571 0x16d4 dot4usb - ok
20:24:36.0586 0x16d4 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
20:24:36.0602 0x16d4 DPS - ok
20:24:36.0602 0x16d4 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:24:36.0618 0x16d4 drmkaud - ok
20:24:36.0618 0x16d4 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
20:24:36.0649 0x16d4 DsmSvc - ok
20:24:36.0665 0x16d4 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
20:24:36.0680 0x16d4 DsSvc - ok
20:24:36.0727 0x16d4 [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:24:36.0790 0x16d4 DXGKrnl - ok
20:24:36.0821 0x16d4 [ 43BEFBADEDD63234DCA58ABE93A73DD7, F9491A5516C0C445AB270741BA1ADAC18570167B0A5A8AC464C8C9966B185460 ] e1dexpress C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
20:24:36.0836 0x16d4 e1dexpress - ok
20:24:36.0836 0x16d4 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:24:36.0868 0x16d4 EapHost - ok
20:24:36.0930 0x16d4 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
20:24:37.0040 0x16d4 ebdrv - ok
20:24:37.0040 0x16d4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
20:24:37.0055 0x16d4 EFS - ok
20:24:37.0055 0x16d4 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
20:24:37.0071 0x16d4 EhStorClass - ok
20:24:37.0086 0x16d4 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:24:37.0102 0x16d4 EhStorTcgDrv - ok
20:24:37.0102 0x16d4 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
20:24:37.0118 0x16d4 embeddedmode - ok
20:24:37.0133 0x16d4 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:24:37.0165 0x16d4 EntAppSvc - ok
20:24:37.0165 0x16d4 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
20:24:37.0180 0x16d4 ErrDev - ok
20:24:37.0196 0x16d4 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
20:24:37.0227 0x16d4 EventSystem - ok
20:24:37.0243 0x16d4 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
20:24:37.0258 0x16d4 exfat - ok
20:24:37.0274 0x16d4 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
20:24:37.0290 0x16d4 fastfat - ok
20:24:37.0305 0x16d4 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
20:24:37.0352 0x16d4 Fax - ok
20:24:37.0352 0x16d4 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
20:24:37.0368 0x16d4 fdc - ok
20:24:37.0368 0x16d4 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:24:37.0399 0x16d4 fdPHost - ok
20:24:37.0399 0x16d4 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:24:37.0415 0x16d4 FDResPub - ok
20:24:37.0430 0x16d4 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
20:24:37.0446 0x16d4 fhsvc - ok
20:24:37.0446 0x16d4 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
20:24:37.0461 0x16d4 FileCrypt - ok
20:24:37.0477 0x16d4 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
20:24:37.0493 0x16d4 FileInfo - ok
20:24:37.0493 0x16d4 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
20:24:37.0508 0x16d4 Filetrace - ok
20:24:37.0508 0x16d4 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
20:24:37.0524 0x16d4 flpydisk - ok
20:24:37.0540 0x16d4 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:24:37.0555 0x16d4 FltMgr - ok
20:24:37.0602 0x16d4 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
20:24:37.0680 0x16d4 FontCache - ok
20:24:37.0680 0x16d4 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:37.0696 0x16d4 FontCache3.0.0.0 - ok
20:24:37.0696 0x16d4 [ 9F2CCAE7A5FDDA948F6028829AA9AFD8, 593FF6A3FC4EFA725CE0FDA5839A47221E58C92648B22237C84C3A1BE1B418E7 ] fpCsEvtSvc C:\WINDOWS\system32\fpCSEvtSvc.exe
20:24:37.0711 0x16d4 fpCsEvtSvc - ok
20:24:37.0727 0x16d4 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
20:24:37.0774 0x16d4 FrameServer - ok
20:24:37.0790 0x16d4 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
20:24:37.0790 0x16d4 FsDepends - ok
20:24:37.0805 0x16d4 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:24:37.0805 0x16d4 Fs_Rec - ok
20:24:37.0821 0x16d4 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:24:37.0852 0x16d4 fvevol - ok
20:24:37.0883 0x16d4 [ 3FCE1DA0F96C183D605BDF11C70B1176, FBF7DC215ED74FE01D82B211767CA1CBB8374209000C0E180216E90DA936A347 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
20:24:37.0915 0x16d4 Garmin Device Interaction Service - ok
20:24:37.0915 0x16d4 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:24:37.0943 0x16d4 gencounter - ok
20:24:37.0943 0x16d4 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
20:24:37.0959 0x16d4 genericusbfn - ok
20:24:37.0959 0x16d4 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:24:37.0974 0x16d4 GPIOClx0101 - ok
20:24:38.0005 0x16d4 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
20:24:38.0068 0x16d4 gpsvc - ok
20:24:38.0068 0x16d4 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:24:38.0084 0x16d4 GpuEnergyDrv - ok
20:24:38.0084 0x16d4 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
20:24:38.0099 0x16d4 grmnusb - ok
20:24:38.0099 0x16d4 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
20:24:38.0115 0x16d4 HDAudBus - ok
20:24:38.0115 0x16d4 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
20:24:38.0130 0x16d4 HidBatt - ok
20:24:38.0130 0x16d4 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
20:24:38.0146 0x16d4 HidBth - ok
20:24:38.0162 0x16d4 [ 92B629AB6741AE3CE233DBD40136C6D0, 87E18A625E349FBCD58D6B61BBDD7841C5BF4595E663249C5A7A41B03EB5ED62 ] hidemi C:\WINDOWS\System32\drivers\hidemi.sys
20:24:38.0162 0x16d4 hidemi - ok
20:24:38.0177 0x16d4 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
20:24:38.0193 0x16d4 hidi2c - ok
20:24:38.0193 0x16d4 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:24:38.0209 0x16d4 hidinterrupt - ok
20:24:38.0209 0x16d4 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:24:38.0224 0x16d4 HidIr - ok
20:24:38.0224 0x16d4 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
20:24:38.0255 0x16d4 hidserv - ok
20:24:38.0255 0x16d4 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
20:24:38.0287 0x16d4 HidUsb - ok
20:24:38.0287 0x16d4 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:24:38.0318 0x16d4 HomeGroupListener - ok
20:24:38.0334 0x16d4 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:24:38.0365 0x16d4 HomeGroupProvider - ok
20:24:38.0365 0x16d4 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
20:24:38.0380 0x16d4 HpSAMD - ok
20:24:38.0412 0x16d4 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
20:24:38.0443 0x16d4 HTTP - ok
20:24:38.0443 0x16d4 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
20:24:38.0474 0x16d4 HvHost - ok
20:24:38.0474 0x16d4 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
20:24:38.0490 0x16d4 hvservice - ok
20:24:38.0490 0x16d4 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
20:24:38.0505 0x16d4 hwpolicy - ok
20:24:38.0505 0x16d4 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
20:24:38.0521 0x16d4 hyperkbd - ok
20:24:38.0537 0x16d4 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
20:24:38.0552 0x16d4 i8042prt - ok
20:24:38.0552 0x16d4 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
20:24:38.0568 0x16d4 iagpio - ok
20:24:38.0568 0x16d4 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
20:24:38.0584 0x16d4 iai2c - ok
20:24:38.0599 0x16d4 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:24:38.0615 0x16d4 iaLPSS2i_GPIO2 - ok
20:24:38.0615 0x16d4 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:24:38.0630 0x16d4 iaLPSS2i_I2C - ok
20:24:38.0630 0x16d4 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:24:38.0646 0x16d4 iaLPSSi_GPIO - ok
20:24:38.0646 0x16d4 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:24:38.0662 0x16d4 iaLPSSi_I2C - ok
20:24:38.0677 0x16d4 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
20:24:38.0709 0x16d4 iaStorAV - ok
20:24:38.0740 0x16d4 [ A25F83F6F395AF38DB89E002E2D8CFEE, 334503CCE397623CF73034601EC68EE9A1011C9A157CDFB37C927749A92F48E0 ] iaStorS C:\WINDOWS\System32\drivers\iaStorS.sys
20:24:38.0771 0x16d4 iaStorS - ok
20:24:38.0787 0x16d4 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
20:24:38.0818 0x16d4 iaStorV - ok
20:24:38.0834 0x16d4 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
20:24:38.0849 0x16d4 ibbus - ok
20:24:38.0865 0x16d4 ibtsiva - ok
20:24:38.0865 0x16d4 [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb C:\WINDOWS\system32\DRIVERS\ibtusb.sys
20:24:38.0880 0x16d4 ibtusb - ok
20:24:38.0896 0x16d4 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
20:24:38.0912 0x16d4 icssvc - ok
20:24:39.0037 0x16d4 [ 74C62314A8746B192427A961B743145C, 941007C27F7A9C215204449ABD62A4827646251264E626E90305C326D3BE5E14 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:24:39.0193 0x16d4 igfx - ok
20:24:39.0209 0x16d4 [ 027FFB47D28D9B6E8FFABB6AA635C184, BBDE9519901B124C0206642D3D57851807E692AE7472434BD9A5F9434DEC8432 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:24:39.0240 0x16d4 igfxCUIService2.0.0.0 - ok
20:24:39.0255 0x16d4 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
20:24:39.0302 0x16d4 IKEEXT - ok
20:24:39.0318 0x16d4 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:24:39.0334 0x16d4 IndirectKmd - ok
20:24:39.0427 0x16d4 [ CC64BCB199C6B130B2731A6C23B9AAFB, BFD7953F67ED0791BE54094141B9A4721B2612F6D08E425E45F26277D6CEBC98 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:24:39.0537 0x16d4 IntcAzAudAddService - ok
20:24:39.0568 0x16d4 [ FA06FD050994E9A42FEDFDC96992C842, 5863D218AB27032C71D5CE1315A5E7D8355316CC1D0B7BB0705E8DE00A8F0DD3 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:24:39.0584 0x16d4 IntcDAud - ok
20:24:39.0584 0x16d4 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
20:24:39.0599 0x16d4 intelide - ok
20:24:39.0599 0x16d4 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
20:24:39.0615 0x16d4 intelpep - ok
20:24:39.0630 0x16d4 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
20:24:39.0646 0x16d4 intelppm - ok
20:24:39.0646 0x16d4 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
20:24:39.0662 0x16d4 iorate - ok
20:24:39.0662 0x16d4 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:24:39.0677 0x16d4 IpFilterDriver - ok
20:24:39.0709 0x16d4 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
20:24:39.0755 0x16d4 iphlpsvc - ok
20:24:39.0771 0x16d4 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:24:39.0771 0x16d4 IPMIDRV - ok
20:24:39.0787 0x16d4 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:24:39.0802 0x16d4 IPNAT - ok
20:24:39.0818 0x16d4 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
20:24:39.0834 0x16d4 irda - ok
20:24:39.0834 0x16d4 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
20:24:39.0849 0x16d4 IRENUM - ok
20:24:39.0849 0x16d4 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
20:24:39.0870 0x16d4 irmon - ok
20:24:39.0870 0x16d4 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
20:24:39.0886 0x16d4 isapnp - ok
20:24:39.0901 0x16d4 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
20:24:39.0917 0x16d4 iScsiPrt - ok
20:24:39.0917 0x16d4 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
20:24:39.0933 0x16d4 kbdclass - ok
20:24:39.0948 0x16d4 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
20:24:39.0964 0x16d4 kbdhid - ok
20:24:39.0980 0x16d4 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
20:24:39.0995 0x16d4 kdnic - ok
20:24:39.0995 0x16d4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
20:24:40.0011 0x16d4 KeyIso - ok
20:24:40.0026 0x16d4 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
20:24:40.0042 0x16d4 KSecDD - ok
20:24:40.0042 0x16d4 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:24:40.0073 0x16d4 KSecPkg - ok
20:24:40.0073 0x16d4 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
20:24:40.0089 0x16d4 ksthunk - ok
20:24:40.0105 0x16d4 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:24:40.0136 0x16d4 KtmRm - ok
20:24:40.0151 0x16d4 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
20:24:40.0183 0x16d4 LanmanServer - ok
20:24:40.0198 0x16d4 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:24:40.0219 0x16d4 LanmanWorkstation - ok
20:24:40.0235 0x16d4 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
20:24:40.0251 0x16d4 lfsvc - ok
20:24:40.0266 0x16d4 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
20:24:40.0282 0x16d4 LicenseManager - ok
20:24:40.0282 0x16d4 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
20:24:40.0302 0x16d4 lltdio - ok
20:24:40.0318 0x16d4 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
20:24:40.0334 0x16d4 lltdsvc - ok
20:24:40.0349 0x16d4 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
20:24:40.0365 0x16d4 lmhosts - ok
20:24:40.0365 0x16d4 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
20:24:40.0381 0x16d4 LSI_SAS - ok
20:24:40.0381 0x16d4 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:24:40.0396 0x16d4 LSI_SAS2i - ok
20:24:40.0412 0x16d4 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:24:40.0428 0x16d4 LSI_SAS3i - ok
20:24:40.0428 0x16d4 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
20:24:40.0443 0x16d4 LSI_SSS - ok
20:24:40.0459 0x16d4 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll
20:24:40.0521 0x16d4 LSM - ok
20:24:40.0521 0x16d4 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
20:24:40.0553 0x16d4 luafv - ok
20:24:40.0553 0x16d4 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll
20:24:40.0584 0x16d4 MapsBroker - ok
20:24:40.0584 0x16d4 [ 06F7CA8FCF54DED400A1E9A9222DB24F, 40FECDE3494578FFB31C6457911529C093B6BD76FF257C858A132D0E1BB4CC83 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe
20:24:40.0599 0x16d4 McComponentHostService - ok
20:24:40.0615 0x16d4 [ A634947A7CE6900324E78FF374B818A8, 06AC25B2428BB182C746B20C74BCA2B64ACBF2544EEFFA30D62EA6D52791F73E ] mchpemi C:\WINDOWS\System32\drivers\mchpemi.sys
20:24:40.0615 0x16d4 mchpemi - ok
20:24:40.0631 0x16d4 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
20:24:40.0631 0x16d4 megasas - ok
20:24:40.0646 0x16d4 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:24:40.0662 0x16d4 megasas2i - ok
20:24:40.0678 0x16d4 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
20:24:40.0709 0x16d4 megasr - ok
20:24:40.0709 0x16d4 [ 41661A854917E74E9FF19B41D41B4784, 1069FC1297C85ED4DBB9BE25000C3F33593CDCB76CF7C8536A7F7A3EB4F90B43 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:24:40.0724 0x16d4 MEIx64 - ok
20:24:40.0724 0x16d4 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:24:40.0740 0x16d4 MessagingService - ok
20:24:40.0771 0x16d4 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:24:40.0834 0x16d4 mlx4_bus - ok
20:24:40.0834 0x16d4 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
20:24:40.0865 0x16d4 MMCSS - ok
20:24:40.0865 0x16d4 [ DDAED861209B52A15C97BF3D22176BD6, 265C3115A59021A069CD7818D5FD13BB9273CC40E73AF2B5740CF82BFFA9B190 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
20:24:40.0881 0x16d4 Mobile Broadband HL Service - ok
20:24:40.0881 0x16d4 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys
20:24:40.0928 0x16d4 Modem - ok
20:24:40.0928 0x16d4 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
20:24:40.0943 0x16d4 monitor - ok
20:24:40.0943 0x16d4 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
20:24:40.0959 0x16d4 mouclass - ok
20:24:40.0959 0x16d4 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
20:24:40.0974 0x16d4 mouhid - ok
20:24:40.0990 0x16d4 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
20:24:41.0006 0x16d4 mountmgr - ok
20:24:41.0006 0x16d4 [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:41.0021 0x16d4 MozillaMaintenance - ok
20:24:41.0021 0x16d4 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
20:24:41.0053 0x16d4 mpsdrv - ok
20:24:41.0068 0x16d4 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
20:24:41.0131 0x16d4 MpsSvc - ok
20:24:41.0146 0x16d4 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:24:41.0178 0x16d4 MRxDAV - ok
20:24:41.0193 0x16d4 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:24:41.0224 0x16d4 mrxsmb - ok
20:24:41.0240 0x16d4 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:24:41.0256 0x16d4 mrxsmb10 - ok
20:24:41.0271 0x16d4 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:24:41.0287 0x16d4 mrxsmb20 - ok
20:24:41.0303 0x16d4 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
20:24:41.0318 0x16d4 MsBridge - ok
20:24:41.0318 0x16d4 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:24:41.0349 0x16d4 MSDTC - ok
20:24:41.0349 0x16d4 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:24:41.0365 0x16d4 Msfs - ok
20:24:41.0381 0x16d4 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:24:41.0396 0x16d4 msgpiowin32 - ok
20:24:41.0396 0x16d4 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:24:41.0412 0x16d4 mshidkmdf - ok
20:24:41.0412 0x16d4 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:24:41.0428 0x16d4 mshidumdf - ok
20:24:41.0428 0x16d4 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
20:24:41.0443 0x16d4 msisadrv - ok
20:24:41.0459 0x16d4 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
20:24:41.0474 0x16d4 MSiSCSI - ok
20:24:41.0474 0x16d4 msiserver - ok
20:24:41.0490 0x16d4 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:24:41.0506 0x16d4 MSKSSRV - ok
20:24:41.0521 0x16d4 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
20:24:41.0537 0x16d4 MsLldp - ok
20:24:41.0537 0x16d4 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:24:41.0568 0x16d4 MSPCLOCK - ok
20:24:41.0568 0x16d4 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:24:41.0584 0x16d4 MSPQM - ok
20:24:41.0599 0x16d4 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
20:24:41.0631 0x16d4 MsRPC - ok
20:24:41.0631 0x16d4 [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt C:\WINDOWS\system32\drivers\mssecflt.sys
20:24:41.0646 0x16d4 MsSecFlt - ok
20:24:41.0662 0x16d4 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
20:24:41.0678 0x16d4 mssmbios - ok
20:24:41.0683 0x16d4 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:24:41.0701 0x16d4 MSTEE - ok
20:24:41.0701 0x16d4 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
20:24:41.0716 0x16d4 MTConfig - ok
20:24:41.0732 0x16d4 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
20:24:41.0751 0x16d4 Mup - ok
20:24:41.0756 0x16d4 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
20:24:41.0770 0x16d4 mvumis - ok
20:24:41.0785 0x16d4 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:24:41.0817 0x16d4 NativeWifiP - ok
20:24:41.0832 0x16d4 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:24:41.0852 0x16d4 NcaSvc - ok
20:24:41.0868 0x16d4 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
20:24:41.0899 0x16d4 NcbService - ok
20:24:41.0899 0x16d4 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:24:41.0930 0x16d4 NcdAutoSetup - ok
20:24:41.0946 0x16d4 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
20:24:41.0962 0x16d4 ndfltr - ok
20:24:41.0993 0x16d4 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
20:24:42.0040 0x16d4 NDIS - ok
20:24:42.0040 0x16d4 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
20:24:42.0055 0x16d4 NdisCap - ok
20:24:42.0055 0x16d4 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:24:42.0087 0x16d4 NdisImPlatform - ok
20:24:42.0087 0x16d4 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:24:42.0118 0x16d4 NdisTapi - ok
20:24:42.0118 0x16d4 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
20:24:42.0133 0x16d4 Ndisuio - ok
20:24:42.0149 0x16d4 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:24:42.0165 0x16d4 NdisVirtualBus - ok
20:24:42.0180 0x16d4 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
20:24:42.0212 0x16d4 NdisWan - ok
20:24:42.0227 0x16d4 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:24:42.0258 0x16d4 ndiswanlegacy - ok
20:24:42.0258 0x16d4 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:24:42.0290 0x16d4 ndproxy - ok
20:24:42.0305 0x16d4 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:24:42.0337 0x16d4 Ndu - ok
20:24:42.0337 0x16d4 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:24:42.0368 0x16d4 NetAdapterCx - ok
20:24:42.0368 0x16d4 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
20:24:42.0383 0x16d4 NetBIOS - ok
20:24:42.0399 0x16d4 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:24:42.0415 0x16d4 NetBT - ok
20:24:42.0430 0x16d4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:24:42.0430 0x16d4 Netlogon - ok
20:24:42.0446 0x16d4 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
20:24:42.0462 0x16d4 Netman - ok
20:24:42.0477 0x16d4 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
20:24:42.0524 0x16d4 netprofm - ok
20:24:42.0524 0x16d4 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
20:24:42.0555 0x16d4 NetSetupSvc - ok
20:24:42.0571 0x16d4 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:42.0587 0x16d4 NetTcpPortSharing - ok
20:24:42.0727 0x16d4 [ F9F84522CF84CF4A4EB9DDF19200BA9B, 7C773566A4F38FF2AF9C1BC74AED680DF4F19983564987119C7468B0FAA28579 ] Netwtw02 C:\WINDOWS\System32\drivers\Netwtw02.sys
20:24:42.0899 0x16d4 Netwtw02 - ok
20:24:42.0914 0x16d4 [ 09531BC5A41E4537FB8CF3E09E6D6DEC, 94E516E634E980FB0C7211A2FB1675F198D0327F188556A800451D3A41CE5A75 ] nfcgpiomanager C:\WINDOWS\System32\drivers\nfcgpiomanager.sys
20:24:42.0930 0x16d4 nfcgpiomanager - ok
20:24:42.0946 0x16d4 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
20:24:42.0961 0x16d4 NgcCtnrSvc - ok
20:24:42.0993 0x16d4 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
20:24:43.0039 0x16d4 NgcSvc - ok
20:24:43.0055 0x16d4 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
20:24:43.0086 0x16d4 NlaSvc - ok
20:24:43.0086 0x16d4 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:24:43.0102 0x16d4 Npfs - ok
20:24:43.0118 0x16d4 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
20:24:43.0133 0x16d4 npsvctrig - ok
20:24:43.0133 0x16d4 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
20:24:43.0149 0x16d4 nsi - ok
20:24:43.0149 0x16d4 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
20:24:43.0171 0x16d4 nsiproxy - ok
20:24:43.0218 0x16d4 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
20:24:43.0296 0x16d4 NTFS - ok
20:24:43.0296 0x16d4 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:24:43.0312 0x16d4 Null - ok
20:24:43.0337 0x16d4 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
20:24:43.0350 0x16d4 nvraid - ok
20:24:43.0350 0x16d4 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
20:24:43.0366 0x16d4 nvstor - ok
20:24:43.0390 0x16d4 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
20:24:43.0421 0x16d4 OneSyncSvc - ok
20:24:43.0453 0x16d4 [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:43.0468 0x16d4 ose - ok
20:24:43.0468 0x16d4 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
20:24:43.0499 0x16d4 p2pimsvc - ok
20:24:43.0515 0x16d4 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:24:43.0546 0x16d4 p2psvc - ok
20:24:43.0546 0x16d4 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
20:24:43.0562 0x16d4 Parport - ok
20:24:43.0578 0x16d4 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
20:24:43.0593 0x16d4 partmgr - ok
20:24:43.0609 0x16d4 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
Geändert von umor (18.02.2017 um 21:03 Uhr) |
|
18.02.2017, 20:57
| #6 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Fortsetzung zweites mal scannen mit TDSSKiller (Teil 2 von 2) Code:
ATTFilter 20:24:43.0625 0x16d4 PcaSvc - ok
20:24:43.0640 0x16d4 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci C:\WINDOWS\system32\drivers\pci.sys
20:24:43.0656 0x16d4 pci - ok
20:24:43.0671 0x16d4 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
20:24:43.0671 0x16d4 pciide - ok
20:24:43.0687 0x16d4 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
20:24:43.0703 0x16d4 pcmcia - ok
20:24:43.0703 0x16d4 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
20:24:43.0718 0x16d4 pcw - ok
20:24:43.0718 0x16d4 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
20:24:43.0734 0x16d4 pdc - ok
20:24:43.0750 0x16d4 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
20:24:43.0796 0x16d4 PEAUTH - ok
20:24:43.0843 0x16d4 [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
20:24:43.0937 0x16d4 PeerDistSvc - ok
20:24:43.0937 0x16d4 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
20:24:43.0953 0x16d4 percsas2i - ok
20:24:43.0968 0x16d4 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
20:24:43.0968 0x16d4 percsas3i - ok
20:24:44.0000 0x16d4 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:24:44.0015 0x16d4 PerfHost - ok
20:24:44.0045 0x16d4 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
20:24:44.0108 0x16d4 PhoneSvc - ok
20:24:44.0108 0x16d4 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:24:44.0139 0x16d4 PimIndexMaintenanceSvc - ok
20:24:44.0170 0x16d4 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
20:24:44.0248 0x16d4 pla - ok
20:24:44.0248 0x16d4 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
20:24:44.0264 0x16d4 PlugPlay - ok
20:24:44.0280 0x16d4 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:24:44.0295 0x16d4 PNRPAutoReg - ok
20:24:44.0295 0x16d4 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
20:24:44.0326 0x16d4 PNRPsvc - ok
20:24:44.0342 0x16d4 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
20:24:44.0373 0x16d4 PolicyAgent - ok
20:24:44.0373 0x16d4 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
20:24:44.0405 0x16d4 Power - ok
20:24:44.0405 0x16d4 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
20:24:44.0436 0x16d4 PptpMiniport - ok
20:24:44.0498 0x16d4 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:24:44.0670 0x16d4 PrintNotify - ok
20:24:44.0686 0x16d4 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
20:24:44.0701 0x16d4 Processor - ok
20:24:44.0701 0x16d4 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
20:24:44.0733 0x16d4 ProfSvc - ok
20:24:44.0748 0x16d4 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
20:24:44.0764 0x16d4 Psched - ok
20:24:44.0764 0x16d4 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:24:44.0795 0x16d4 QWAVE - ok
20:24:44.0795 0x16d4 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:24:44.0811 0x16d4 QWAVEdrv - ok
20:24:44.0826 0x16d4 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:24:44.0858 0x16d4 RasAcd - ok
20:24:44.0873 0x16d4 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
20:24:44.0910 0x16d4 RasAgileVpn - ok
20:24:44.0920 0x16d4 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:24:44.0942 0x16d4 RasAuto - ok
20:24:44.0947 0x16d4 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
20:24:44.0973 0x16d4 Rasl2tp - ok
20:24:44.0992 0x16d4 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll
20:24:45.0037 0x16d4 RasMan - ok
20:24:45.0037 0x16d4 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:24:45.0052 0x16d4 RasPppoe - ok
20:24:45.0052 0x16d4 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
20:24:45.0088 0x16d4 RasSstp - ok
20:24:45.0088 0x16d4 [ 9A2B1D0E416F6A07A96919BA7A1199FF, B6C2D40E5A62E2E0AD8EC3DE0878531D12EA39316B940BFAD92008A37ABD8080 ] rccfg C:\WINDOWS\System32\drivers\rccfg.sys
20:24:45.0119 0x16d4 rccfg - ok
20:24:45.0135 0x16d4 [ F8B5C63D09B8EC4505A592A71718069F, 3FCDF4E91A706E838475213972668AE8738437535609669CEAE857BA0E957DFE ] rcraid C:\WINDOWS\System32\drivers\rcraid.sys
20:24:45.0182 0x16d4 rcraid - ok
20:24:45.0198 0x16d4 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:24:45.0213 0x16d4 rdbss - ok
20:24:45.0229 0x16d4 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:24:45.0244 0x16d4 rdpbus - ok
20:24:45.0244 0x16d4 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
20:24:45.0276 0x16d4 RDPDR - ok
20:24:45.0276 0x16d4 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:24:45.0291 0x16d4 RdpVideoMiniport - ok
20:24:45.0291 0x16d4 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:24:45.0323 0x16d4 rdyboost - ok
20:24:45.0354 0x16d4 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
20:24:45.0401 0x16d4 ReFSv1 - ok
20:24:45.0416 0x16d4 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:24:45.0448 0x16d4 RemoteAccess - ok
20:24:45.0463 0x16d4 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:24:45.0494 0x16d4 RemoteRegistry - ok
20:24:45.0510 0x16d4 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll
20:24:45.0557 0x16d4 RetailDemo - ok
20:24:45.0573 0x16d4 [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
20:24:45.0588 0x16d4 RFCOMM - ok
20:24:45.0604 0x16d4 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
20:24:45.0619 0x16d4 RmSvc - ok
20:24:45.0635 0x16d4 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
20:24:45.0651 0x16d4 RpcEptMapper - ok
20:24:45.0666 0x16d4 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
20:24:45.0682 0x16d4 RpcLocator - ok
20:24:45.0729 0x16d4 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:24:45.0784 0x16d4 RpcSs - ok
20:24:45.0792 0x16d4 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
20:24:45.0798 0x16d4 rspndr - ok
20:24:45.0814 0x16d4 [ E10276CC13ADDC33F6D6E7670C0ED211, F567EE51D6E5DA8AC60C699A0A4629D2E6160712A115AE8F57559C9432203FB5 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
20:24:45.0830 0x16d4 RtkAudioService - ok
20:24:45.0861 0x16d4 [ 253FE615CD283B0779A9585B50E4B030, 7B56FE3005BC1873DC5952181BE3AD5FCC6FF75B0D6C8C54176205CF8D12C062 ] RTSPER C:\WINDOWS\system32\DRIVERS\RtsPer.sys
20:24:45.0892 0x16d4 RTSPER - ok
20:24:45.0892 0x16d4 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:24:45.0908 0x16d4 s3cap - ok
20:24:45.0923 0x16d4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
20:24:45.0939 0x16d4 SamSs - ok
20:24:45.0955 0x16d4 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
20:24:45.0970 0x16d4 sbp2port - ok
20:24:46.0001 0x16d4 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
20:24:46.0033 0x16d4 SCardSvr - ok
20:24:46.0048 0x16d4 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
20:24:46.0084 0x16d4 ScDeviceEnum - ok
20:24:46.0084 0x16d4 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:24:46.0099 0x16d4 scfilter - ok
20:24:46.0131 0x16d4 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:24:46.0193 0x16d4 Schedule - ok
20:24:46.0209 0x16d4 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
20:24:46.0224 0x16d4 scmbus - ok
20:24:46.0224 0x16d4 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:24:46.0256 0x16d4 scmdisk0101 - ok
20:24:46.0256 0x16d4 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
20:24:46.0287 0x16d4 SCPolicySvc - ok
20:24:46.0302 0x16d4 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
20:24:46.0318 0x16d4 sdbus - ok
20:24:46.0334 0x16d4 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
20:24:46.0365 0x16d4 SDRSVC - ok
20:24:46.0365 0x16d4 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
20:24:46.0386 0x16d4 sdstor - ok
20:24:46.0386 0x16d4 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
20:24:46.0417 0x16d4 seclogon - ok
20:24:46.0417 0x16d4 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
20:24:46.0448 0x16d4 SENS - ok
20:24:46.0448 0x16d4 Sense - ok
20:24:46.0495 0x16d4 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:24:46.0589 0x16d4 SensorDataService - ok
20:24:46.0605 0x16d4 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
20:24:46.0652 0x16d4 SensorService - ok
20:24:46.0652 0x16d4 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:24:46.0683 0x16d4 SensrSvc - ok
20:24:46.0683 0x16d4 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
20:24:46.0698 0x16d4 SerCx - ok
20:24:46.0714 0x16d4 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
20:24:46.0730 0x16d4 SerCx2 - ok
20:24:46.0730 0x16d4 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
20:24:46.0745 0x16d4 Serenum - ok
20:24:46.0761 0x16d4 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
20:24:46.0777 0x16d4 Serial - ok
20:24:46.0777 0x16d4 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
20:24:46.0792 0x16d4 sermouse - ok
20:24:46.0823 0x16d4 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
20:24:46.0870 0x16d4 SessionEnv - ok
20:24:46.0870 0x16d4 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
20:24:46.0886 0x16d4 sfloppy - ok
20:24:46.0902 0x16d4 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:24:46.0948 0x16d4 SharedAccess - ok
20:24:46.0980 0x16d4 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:24:47.0027 0x16d4 ShellHWDetection - ok
20:24:47.0042 0x16d4 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:24:47.0058 0x16d4 shpamsvc - ok
20:24:47.0073 0x16d4 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:24:47.0073 0x16d4 SiSRaid2 - ok
20:24:47.0089 0x16d4 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
20:24:47.0105 0x16d4 SiSRaid4 - ok
20:24:47.0120 0x16d4 [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:47.0163 0x16d4 SkypeUpdate - ok
20:24:47.0169 0x16d4 [ 86C475DD33893895EB878D189807F8E7, 99C5FF95AE518E6A18866C97C93E0B9EAAFF0AEECBC7AAC3C5EC5A915FACB65E ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:24:47.0181 0x16d4 SmbDrvI - ok
20:24:47.0187 0x16d4 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
20:24:47.0213 0x16d4 smphost - ok
20:24:47.0237 0x16d4 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
20:24:47.0299 0x16d4 SmsRouter - ok
20:24:47.0299 0x16d4 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:24:47.0336 0x16d4 SNMPTRAP - ok
20:24:47.0351 0x16d4 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
20:24:47.0383 0x16d4 spaceport - ok
20:24:47.0398 0x16d4 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
20:24:47.0414 0x16d4 SpbCx - ok
20:24:47.0461 0x16d4 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
20:24:47.0523 0x16d4 Spooler - ok
20:24:47.0695 0x16d4 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
20:24:47.0914 0x16d4 sppsvc - ok
20:24:47.0945 0x16d4 [ 691A113761E32DB71283B2A837E5A0F4, 84F585C0C03E4CCF4F7CAB238B0F9B75AB0441D03577F19AA3166529BC4A2E74 ] SPUVCbv C:\WINDOWS\System32\Drivers\SPUVCbv64.sys
20:24:47.0992 0x16d4 SPUVCbv - ok
20:24:48.0008 0x16d4 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:24:48.0055 0x16d4 srv - ok
20:24:48.0070 0x16d4 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
20:24:48.0117 0x16d4 srv2 - ok
20:24:48.0133 0x16d4 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:24:48.0164 0x16d4 srvnet - ok
20:24:48.0164 0x16d4 [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus C:\WINDOWS\System32\drivers\ssadbus.sys
20:24:48.0180 0x16d4 ssadbus - ok
20:24:48.0195 0x16d4 [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
20:24:48.0195 0x16d4 ssadmdfl - ok
20:24:48.0211 0x16d4 [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
20:24:48.0227 0x16d4 ssadmdm - ok
20:24:48.0242 0x16d4 [ FF20F67DD5644BD1D2E7FCD95AF7F03B, 23615E776D6A8C406C7DDF0E694ED3B5A2D30913AFD3C0F86A788C5004299845 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
20:24:48.0258 0x16d4 ssadserd - ok
20:24:48.0258 0x16d4 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:24:48.0289 0x16d4 SSDPSRV - ok
20:24:48.0305 0x16d4 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
20:24:48.0336 0x16d4 SstpSvc - ok
20:24:48.0352 0x16d4 [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
20:24:48.0383 0x16d4 ss_conn_service - ok
20:24:48.0492 0x16d4 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:24:48.0702 0x16d4 StateRepository - ok
20:24:48.0702 0x16d4 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
20:24:48.0718 0x16d4 stexstor - ok
20:24:48.0749 0x16d4 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
20:24:48.0796 0x16d4 stisvc - ok
20:24:48.0796 0x16d4 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
20:24:48.0827 0x16d4 storahci - ok
20:24:48.0827 0x16d4 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
20:24:48.0843 0x16d4 storflt - ok
20:24:48.0843 0x16d4 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
20:24:48.0858 0x16d4 stornvme - ok
20:24:48.0874 0x16d4 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
20:24:48.0890 0x16d4 storqosflt - ok
20:24:48.0905 0x16d4 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll
20:24:48.0952 0x16d4 StorSvc - ok
20:24:48.0952 0x16d4 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
20:24:48.0968 0x16d4 storufs - ok
20:24:48.0983 0x16d4 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
20:24:48.0999 0x16d4 storvsc - ok
20:24:48.0999 0x16d4 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
20:24:49.0015 0x16d4 svsvc - ok
20:24:49.0046 0x16d4 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
20:24:49.0062 0x16d4 swenum - ok
20:24:49.0077 0x16d4 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
20:24:49.0124 0x16d4 swprv - ok
20:24:49.0124 0x16d4 [ C3AE45291669788AB51BA28F93554119, 8558B5A02215348C727AF26A33E61A02CAD656DE695D82DF11486E3ECA1F4CFF ] SynRMIHID C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys
20:24:49.0140 0x16d4 SynRMIHID - ok
20:24:49.0140 0x16d4 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:24:49.0171 0x16d4 Synth3dVsc - ok
20:24:49.0187 0x16d4 [ 135B02E91F983266906D468DF9DDF1D7, C387AAFD0E7F35A3E91E1AE8CE29668C9BA0FE76EF1BC68CE0B9D750F47B6D60 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:24:49.0218 0x16d4 SynTP - ok
20:24:49.0233 0x16d4 [ ECDCF184867EF5E97CED317CED71C562, 2A83C7AE6F514F289070CBB6B8C32334AEBA0C541121ED205AA44A9AFF9078BC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
20:24:49.0249 0x16d4 SynTPEnhService - ok
20:24:49.0280 0x16d4 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
20:24:49.0343 0x16d4 SysMain - ok
20:24:49.0359 0x16d4 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:24:49.0390 0x16d4 SystemEventsBroker - ok
20:24:49.0405 0x16d4 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:24:49.0421 0x16d4 TabletInputService - ok
20:24:49.0437 0x16d4 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:24:49.0468 0x16d4 TapiSrv - ok
20:24:49.0548 0x16d4 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
20:24:49.0658 0x16d4 Tcpip - ok
20:24:49.0736 0x16d4 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
20:24:49.0861 0x16d4 Tcpip6 - ok
20:24:49.0877 0x16d4 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:24:49.0892 0x16d4 tcpipreg - ok
20:24:49.0908 0x16d4 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
20:24:49.0939 0x16d4 tdx - ok
20:24:49.0939 0x16d4 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:24:49.0955 0x16d4 terminpt - ok
20:24:50.0002 0x16d4 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
20:24:50.0080 0x16d4 TermService - ok
20:24:50.0095 0x16d4 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
20:24:50.0127 0x16d4 Themes - ok
20:24:50.0142 0x16d4 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:24:50.0189 0x16d4 TieringEngineService - ok
20:24:50.0220 0x16d4 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:24:50.0267 0x16d4 tiledatamodelsvc - ok
20:24:50.0283 0x16d4 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
20:24:50.0314 0x16d4 TimeBrokerSvc - ok
20:24:50.0330 0x16d4 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
20:24:50.0361 0x16d4 TPM - ok
20:24:50.0361 0x16d4 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:24:50.0408 0x16d4 TrkWks - ok
20:24:50.0408 0x16d4 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:24:50.0456 0x16d4 TrustedInstaller - ok
20:24:50.0465 0x16d4 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:24:50.0487 0x16d4 tsusbflt - ok
20:24:50.0493 0x16d4 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:24:50.0508 0x16d4 TsUsbGD - ok
20:24:50.0524 0x16d4 [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub C:\WINDOWS\system32\drivers\tsusbhub.sys
20:24:50.0555 0x16d4 tsusbhub - ok
20:24:50.0555 0x16d4 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
20:24:50.0586 0x16d4 tunnel - ok
20:24:50.0602 0x16d4 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
20:24:50.0649 0x16d4 tzautoupdate - ok
20:24:50.0665 0x16d4 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
20:24:50.0671 0x16d4 UASPStor - ok
20:24:50.0687 0x16d4 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
20:24:50.0702 0x16d4 UcmCx0101 - ok
20:24:50.0718 0x16d4 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:24:50.0737 0x16d4 UcmTcpciCx0101 - ok
20:24:50.0752 0x16d4 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:24:50.0768 0x16d4 UcmUcsi - ok
20:24:50.0783 0x16d4 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
20:24:50.0803 0x16d4 Ucx01000 - ok
20:24:50.0819 0x16d4 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
20:24:50.0834 0x16d4 UdeCx - ok
20:24:50.0861 0x16d4 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
20:24:50.0896 0x16d4 udfs - ok
20:24:50.0911 0x16d4 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
20:24:50.0927 0x16d4 UEFI - ok
20:24:50.0927 0x16d4 [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver C:\WINDOWS\system32\drivers\UevAgentDriver.sys
20:24:50.0943 0x16d4 UevAgentDriver - ok
20:24:50.0989 0x16d4 [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\WINDOWS\system32\AgentService.exe
20:24:51.0068 0x16d4 UevAgentService - ok
20:24:51.0086 0x16d4 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
20:24:51.0118 0x16d4 Ufx01000 - ok
20:24:51.0118 0x16d4 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:24:51.0139 0x16d4 UfxChipidea - ok
20:24:51.0155 0x16d4 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:24:51.0170 0x16d4 ufxsynopsys - ok
20:24:51.0186 0x16d4 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
20:24:51.0217 0x16d4 UI0Detect - ok
20:24:51.0217 0x16d4 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
20:24:51.0238 0x16d4 umbus - ok
20:24:51.0238 0x16d4 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
20:24:51.0269 0x16d4 UmPass - ok
20:24:51.0269 0x16d4 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
20:24:51.0316 0x16d4 UmRdpService - ok
20:24:51.0354 0x16d4 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
20:24:51.0432 0x16d4 UnistoreSvc - ok
20:24:51.0448 0x16d4 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:24:51.0495 0x16d4 upnphost - ok
20:24:51.0511 0x16d4 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
20:24:51.0526 0x16d4 UrsChipidea - ok
20:24:51.0537 0x16d4 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
20:24:51.0539 0x16d4 UrsCx01000 - ok
20:24:51.0555 0x16d4 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
20:24:51.0571 0x16d4 UrsSynopsys - ok
20:24:51.0586 0x16d4 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
20:24:51.0602 0x16d4 usbccgp - ok
20:24:51.0602 0x16d4 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:24:51.0633 0x16d4 usbcir - ok
20:24:51.0633 0x16d4 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
20:24:51.0649 0x16d4 usbehci - ok
20:24:51.0680 0x16d4 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
20:24:51.0711 0x16d4 usbhub - ok
20:24:51.0742 0x16d4 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
20:24:51.0789 0x16d4 USBHUB3 - ok
20:24:51.0789 0x16d4 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
20:24:51.0805 0x16d4 usbohci - ok
20:24:51.0821 0x16d4 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
20:24:51.0836 0x16d4 usbprint - ok
20:24:51.0836 0x16d4 [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:24:51.0883 0x16d4 usbscan - ok
20:24:51.0883 0x16d4 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
20:24:51.0914 0x16d4 usbser - ok
20:24:51.0914 0x16d4 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:24:51.0946 0x16d4 USBSTOR - ok
20:24:51.0946 0x16d4 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
20:24:51.0961 0x16d4 usbuhci - ok
20:24:51.0977 0x16d4 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:24:52.0008 0x16d4 USBXHCI - ok
20:24:52.0008 0x16d4 [ 836828E40B9EEFBC77B3032DB677555C, 8AC045B43086E800B03412895D4DBCF506D1B729791CF24EB2ECA3F0F1C9BDEB ] usb_rndisx C:\WINDOWS\System32\drivers\usb8023x.sys
20:24:52.0024 0x16d4 usb_rndisx - ok
20:24:52.0071 0x16d4 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
20:24:52.0149 0x16d4 UserDataSvc - ok
20:24:52.0203 0x16d4 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
20:24:52.0270 0x16d4 UserManager - ok
20:24:52.0281 0x16d4 [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\WINDOWS\system32\usocore.dll
20:24:52.0328 0x16d4 UsoSvc - ok
20:24:52.0343 0x16d4 [ FEA3504EEFEA7EF27C4B3EDB9986B4EC, 6957F39115C517EA4F1349A10E6CCB8B43FC72C603B8616FB30EFA36560019FF ] valWBFPolicyService C:\WINDOWS\system32\valWBFPolicyService.exe
20:24:52.0359 0x16d4 valWBFPolicyService - ok
20:24:52.0359 0x16d4 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
20:24:52.0375 0x16d4 VaultSvc - ok
20:24:52.0375 0x16d4 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
20:24:52.0390 0x16d4 vdrvroot - ok
20:24:52.0422 0x16d4 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
20:24:52.0468 0x16d4 vds - ok
20:24:52.0468 0x16d4 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
20:24:52.0500 0x16d4 VerifierExt - ok
20:24:52.0515 0x16d4 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
20:24:52.0562 0x16d4 vhdmp - ok
20:24:52.0562 0x16d4 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
20:24:52.0594 0x16d4 vhf - ok
20:24:52.0601 0x16d4 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
20:24:52.0619 0x16d4 vmbus - ok
20:24:52.0624 0x16d4 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
20:24:52.0641 0x16d4 VMBusHID - ok
20:24:52.0645 0x16d4 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
20:24:52.0662 0x16d4 vmgid - ok
20:24:52.0676 0x16d4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:24:52.0709 0x16d4 vmicguestinterface - ok
20:24:52.0709 0x16d4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
20:24:52.0741 0x16d4 vmicheartbeat - ok
20:24:52.0756 0x16d4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:24:52.0787 0x16d4 vmickvpexchange - ok
20:24:52.0819 0x16d4 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
20:24:52.0873 0x16d4 vmicrdv - ok
20:24:52.0889 0x16d4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
20:24:52.0936 0x16d4 vmicshutdown - ok
20:24:52.0952 0x16d4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
20:24:53.0001 0x16d4 vmictimesync - ok
20:24:53.0025 0x16d4 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
20:24:53.0070 0x16d4 vmicvmsession - ok
20:24:53.0088 0x16d4 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
20:24:53.0135 0x16d4 vmicvss - ok
20:24:53.0151 0x16d4 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
20:24:53.0182 0x16d4 volmgr - ok
20:24:53.0197 0x16d4 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
20:24:53.0244 0x16d4 volmgrx - ok
20:24:53.0276 0x16d4 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
20:24:53.0322 0x16d4 volsnap - ok
20:24:53.0338 0x16d4 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
20:24:53.0354 0x16d4 volume - ok
20:24:53.0369 0x16d4 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
20:24:53.0385 0x16d4 vpci - ok
20:24:53.0401 0x16d4 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
20:24:53.0441 0x16d4 vsmraid - ok
20:24:53.0487 0x16d4 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
20:24:53.0597 0x16d4 VSS - ok
20:24:53.0612 0x16d4 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
20:24:53.0648 0x16d4 VSTXRAID - ok
20:24:53.0654 0x16d4 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
20:24:53.0673 0x16d4 vwifibus - ok
20:24:53.0682 0x16d4 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
20:24:53.0705 0x16d4 vwififlt - ok
20:24:53.0711 0x16d4 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
20:24:53.0729 0x16d4 vwifimp - ok
20:24:53.0745 0x16d4 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
20:24:53.0807 0x16d4 W32Time - ok
20:24:53.0823 0x16d4 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
20:24:53.0838 0x16d4 w3logsvc - ok
20:24:53.0854 0x16d4 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
20:24:53.0870 0x16d4 WacomPen - ok
20:24:53.0885 0x16d4 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
20:24:53.0916 0x16d4 WalletService - ok
20:24:53.0932 0x16d4 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:53.0948 0x16d4 wanarp - ok
20:24:53.0963 0x16d4 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:53.0979 0x16d4 wanarpv6 - ok
20:24:53.0995 0x16d4 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
20:24:54.0041 0x16d4 WAS - ok
20:24:54.0088 0x16d4 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
20:24:54.0182 0x16d4 wbengine - ok
20:24:54.0198 0x16d4 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
20:24:54.0260 0x16d4 WbioSrvc - ok
20:24:54.0260 0x16d4 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
20:24:54.0276 0x16d4 wcifs - ok
20:24:54.0307 0x16d4 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
20:24:54.0354 0x16d4 Wcmsvc - ok
20:24:54.0370 0x16d4 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
20:24:54.0416 0x16d4 wcncsvc - ok
20:24:54.0416 0x16d4 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
20:24:54.0450 0x16d4 wcnfs - ok
20:24:54.0456 0x16d4 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
20:24:54.0456 0x16d4 WdBoot - ok
20:24:54.0487 0x16d4 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
20:24:54.0534 0x16d4 Wdf01000 - ok
20:24:54.0550 0x16d4 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
20:24:54.0565 0x16d4 WdFilter - ok
20:24:54.0581 0x16d4 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:24:54.0597 0x16d4 WdiServiceHost - ok
20:24:54.0612 0x16d4 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:24:54.0644 0x16d4 WdiSystemHost - ok
20:24:54.0659 0x16d4 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:24:54.0706 0x16d4 wdiwifi - ok
20:24:54.0722 0x16d4 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:24:54.0737 0x16d4 WdNisDrv - ok
20:24:54.0737 0x16d4 WdNisSvc - ok
20:24:54.0753 0x16d4 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:24:54.0784 0x16d4 WebClient - ok
20:24:54.0803 0x16d4 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
20:24:54.0828 0x16d4 Wecsvc - ok
20:24:54.0828 0x16d4 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:24:54.0859 0x16d4 WEPHOSTSVC - ok
20:24:54.0859 0x16d4 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
20:24:54.0890 0x16d4 wercplsupport - ok
20:24:54.0906 0x16d4 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
20:24:54.0937 0x16d4 WerSvc - ok
20:24:54.0937 0x16d4 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
20:24:54.0953 0x16d4 WFPLWFS - ok
20:24:54.0968 0x16d4 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
20:24:54.0984 0x16d4 WiaRpc - ok
20:24:55.0000 0x16d4 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
20:24:55.0015 0x16d4 WIMMount - ok
20:24:55.0015 0x16d4 WinDefend - ok
20:24:55.0031 0x16d4 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:24:55.0047 0x16d4 WindowsTrustedRT - ok
20:24:55.0047 0x16d4 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:24:55.0062 0x16d4 WindowsTrustedRTProxy - ok
20:24:55.0093 0x16d4 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:24:55.0140 0x16d4 WinHttpAutoProxySvc - ok
20:24:55.0156 0x16d4 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
20:24:55.0172 0x16d4 WinMad - ok
20:24:55.0187 0x16d4 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:24:55.0203 0x16d4 Winmgmt - ok
20:24:55.0281 0x16d4 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:24:55.0406 0x16d4 WinRM - ok
20:24:55.0422 0x16d4 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
20:24:55.0437 0x16d4 WINUSB - ok
20:24:55.0453 0x16d4 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
20:24:55.0468 0x16d4 WinVerbs - ok
20:24:55.0468 0x16d4 [ D8F041E03B5D68BC98457F55A18F4997, 55B817FB2CC914224FC897C0B1D76930FB454902F40F10595350BCBA6FB41F7E ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
20:24:55.0484 0x16d4 WirelessButtonDriver64 - ok
20:24:55.0500 0x16d4 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
20:24:55.0547 0x16d4 wisvc - ok
20:24:55.0609 0x16d4 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
20:24:55.0750 0x16d4 WlanSvc - ok
20:24:55.0812 0x16d4 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
20:24:55.0922 0x16d4 wlidsvc - ok
20:24:55.0937 0x16d4 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
20:24:55.0953 0x16d4 WmiAcpi - ok
20:24:55.0968 0x16d4 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:24:55.0984 0x16d4 wmiApSrv - ok
20:24:56.0000 0x16d4 WMPNetworkSvc - ok
20:24:56.0000 0x16d4 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
20:24:56.0031 0x16d4 Wof - ok
20:24:56.0078 0x16d4 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
20:24:56.0203 0x16d4 workfolderssvc - ok
20:24:56.0203 0x16d4 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:24:56.0234 0x16d4 WPDBusEnum - ok
20:24:56.0234 0x16d4 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:24:56.0250 0x16d4 WpdUpFltr - ok
20:24:56.0265 0x16d4 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
20:24:56.0297 0x16d4 WpnService - ok
20:24:56.0297 0x16d4 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
20:24:56.0328 0x16d4 WpnUserService - ok
20:24:56.0328 0x16d4 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:24:56.0343 0x16d4 ws2ifsl - ok
20:24:56.0359 0x16d4 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
20:24:56.0390 0x16d4 wscsvc - ok
20:24:56.0390 0x16d4 WSearch - ok
20:24:56.0468 0x16d4 [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\WINDOWS\system32\wuaueng.dll
20:24:56.0578 0x16d4 wuauserv - ok
20:24:56.0593 0x16d4 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:24:56.0609 0x16d4 WudfPf - ok
20:24:56.0609 0x16d4 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
20:24:56.0640 0x16d4 WUDFRd - ok
20:24:56.0640 0x16d4 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
20:24:56.0672 0x16d4 wudfsvc - ok
20:24:56.0687 0x16d4 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:24:56.0703 0x16d4 WUDFWpdFs - ok
20:24:56.0718 0x16d4 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:24:56.0734 0x16d4 WUDFWpdMtp - ok
20:24:56.0781 0x16d4 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
20:24:56.0859 0x16d4 WwanSvc - ok
20:24:56.0906 0x16d4 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
20:24:56.0968 0x16d4 XblAuthManager - ok
20:24:57.0000 0x16d4 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
20:24:57.0078 0x16d4 XblGameSave - ok
20:24:57.0093 0x16d4 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
20:24:57.0172 0x16d4 xboxgip - ok
20:24:57.0218 0x16d4 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
20:24:57.0312 0x16d4 XboxNetApiSvc - ok
20:24:57.0312 0x16d4 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
20:24:57.0359 0x16d4 xinputhid - ok
20:24:57.0359 0x16d4 ================ Scan global ===============================
20:24:57.0375 0x16d4 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:24:57.0375 0x16d4 [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
20:24:57.0390 0x16d4 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:24:57.0422 0x16d4 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
20:24:57.0437 0x16d4 [ Global ] - ok
20:24:57.0437 0x16d4 ================ Scan MBR ==================================
20:24:57.0437 0x16d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:24:57.0625 0x16d4 \Device\Harddisk0\DR0 - ok
20:24:57.0625 0x16d4 ================ Scan VBR ==================================
20:24:57.0625 0x16d4 [ A8A6EDC0C61A8F014CA5D940A094BAFA ] \Device\Harddisk0\DR0\Partition1
20:24:57.0625 0x16d4 \Device\Harddisk0\DR0\Partition1 - ok
20:24:57.0640 0x16d4 [ 3AC0EAC7964BB12438A0FBFC99A1F8A8 ] \Device\Harddisk0\DR0\Partition2
20:24:57.0640 0x16d4 \Device\Harddisk0\DR0\Partition2 - ok
20:24:57.0640 0x16d4 [ 7BA077761FD35C34EC1F16624190450B ] \Device\Harddisk0\DR0\Partition3
20:24:57.0640 0x16d4 \Device\Harddisk0\DR0\Partition3 - ok
20:24:57.0656 0x16d4 [ 6F9DD6074254895E816BD677B5DC210C ] \Device\Harddisk0\DR0\Partition4
20:24:57.0656 0x16d4 \Device\Harddisk0\DR0\Partition4 - ok
20:24:57.0656 0x16d4 ================ Scan generic autorun ======================
20:24:57.0906 0x16d4 [ 103B9C27600E7492F814FD03E805EEFC, 788542D7494F9697E4BAD0A541060B73D93C8D4A943729D6731DE074FA8A9327 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:24:58.0187 0x16d4 RTHDVCPL - ok
20:24:58.0234 0x16d4 [ 5AF3874DD6922F7638BFF6F7234E165C, A85AB971CE061FA02D56D8935F20BFFF431A79F12A8A440BD046AFE62D5093A9 ] C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe
20:24:58.0265 0x16d4 CxAgent - ok
20:24:58.0265 0x16d4 WindowsDefender - ok
20:24:58.0285 0x16d4 [ 90F3260640FA377A2208AE5BA2701A67, 323A52508ACD92D11FA66467C54A2F319F0D57C82E48E49CF9CCA74FEA835288 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:24:58.0301 0x16d4 KiesTrayAgent - ok
20:24:58.0520 0x16d4 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:24:58.0754 0x16d4 OneDriveSetup - ok
20:24:58.0957 0x16d4 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:24:59.0176 0x16d4 OneDriveSetup - ok
20:24:59.0238 0x16d4 [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\susanna\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:24:59.0285 0x16d4 OneDrive - ok
20:24:59.0316 0x16d4 [ FA9A5C429858E4AD0173878CF9898D49, BBCADF15B2DD4B5FA7ADC61BA69F45B2608D93F691FF67E9857932C3ABF332CE ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:24:59.0363 0x16d4 KiesPreload - ok
20:24:59.0395 0x16d4 [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
20:24:59.0410 0x16d4 Google Update - ok
20:24:59.0504 0x16d4 [ 52CFF3274565013440E221A1DAB75847, C42E176046647438EE3C3574195D02B101A4C32ED8B292043E223540281AD0AE ] C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
20:24:59.0613 0x16d4 Google Photos Backup - ok
20:24:59.0660 0x16d4 [ A2B91786A24A2F285C5C41D7F9CE62D9, 5D056540C425C57B5C685174472C2329452449C8443F213704C6E67192CFA208 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
20:24:59.0691 0x16d4 GarminExpressTrayApp - ok
20:24:59.0691 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:00.0707 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:01.0708 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:02.0723 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:03.0732 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:04.0733 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:05.0735 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:06.0736 0x16d4 Waiting for KSN requests completion. In queue: 51
20:25:07.0784 0x16d4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
20:25:07.0805 0x16d4 Win FW state via NFP2: enabled ( trusted )
20:25:14.0945 0x16d4 ============================================================
20:25:14.0945 0x16d4 Scan finished
20:25:14.0945 0x16d4 ============================================================
20:25:14.0960 0x14d0 Detected object count: 0
20:25:14.0960 0x14d0 Actual detected object count: 0
LG, Uli Geändert von umor (18.02.2017 um 21:02 Uhr) |
|
19.02.2017, 13:25
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Crypt0L0cker verschlüsselt Daten Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.02.2017, 16:12
| #8 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Danke cosinus für die Anleitung. Es hat alles funktioniert. Im Folgenden die Log-Files. AdwCleaner Log: Code:
ATTFilter AdwCleaner Logfile: JRT Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by susanna (Administrator) on 19.02.2017 at 15:53:40,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\extensions\trash (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.02.2017 at 15:54:24,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
20.02.2017, 00:01
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Crypt0L0cker verschlüsselt Daten Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen: 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2017, 22:32
| #10 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Hallo cosinus, oh, dann haben wir doch nicht alles richtig gemacht. Danke für das aktuelle Bild. Unten die Logs von neuen Versuch (von adwCleaner gibt es ein Protokoll mit einer "S" und einer "C" Laufnummer, ich habe beide gepostet): adwCleanre[C2].txt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.043 - Bericht erstellt am 20/02/2017 um 21:53:00
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : susanna - DESKTOP-UCUGHB0
# Gestartet von : C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2205 Bytes] - [19/02/2017 15:43:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [1041 Bytes] - [20/02/2017 21:53:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [2066 Bytes] - [19/02/2017 15:34:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [19/02/2017 15:41:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1567 Bytes] - [20/02/2017 21:52:11]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1333 Bytes] ##########
adwCleaner[S2].txt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.043 - Bericht erstellt am 20/02/2017 um 21:52:11
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Lokal]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : susanna - DESKTOP-UCUGHB0
# Gestartet von : C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Keine schädlichen Ordner gefunden.
***** [ Dateien ] *****
Keine schädlichen Dateien gefunden.
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2205 Bytes] - [19/02/2017 15:43:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [2066 Bytes] - [19/02/2017 15:34:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [19/02/2017 15:41:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1415 Bytes] - [20/02/2017 21:52:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1488 Bytes] ##########
JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by susanna (Administrator) on 20.02.2017 at 21:59:00,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2017 at 21:59:45,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ich hoffe diesmal haben wir alles richtig gemacht. Was ist der nächste Schritt? Vielen Dank, Uli |
|
20.02.2017, 22:38
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Crypt0L0cker verschlüsselt Daten Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2017, 08:10
| #12 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Hallo cosinus, wir haben alle Hacken bei FRST gelassen wie sie waren (addition.txt war schon ausgewählt). Unten die beiden Logs, danke für deine Interpretation. LG, Uli FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
durchgeführt von susanna (Administrator) auf DESKTOP-UCUGHB0 (21-02-2017 07:52:20)
Gestartet von C:\Users\susanna\Desktop
Geladene Profile: susanna (Verfügbare Profile: susanna)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\ProgramData\MobileBrServ\Tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google, Inc) C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-10-31] (Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [761552 2015-10-31] (Conexant Systems, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Update] => C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Photos Backup] => C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\MountPoints2: {21bb27df-a001-11e6-9bd9-94659c8225c0} - "F:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{17ebd3bc-c7ce-4046-89a5-d93e4956d619}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7c21e3e9-6321-477e-8d68-76fb76ab94b1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9307f2c0-06fa-4da8-960f-c7d233cd6b4e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f121af7d-fab6-4796-b816-605c5b1d4f30}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: migbducy.default
FF ProfilePath: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default [2017-02-21]
FF Extension: (Firefox Hotfix) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\features\{3fd508e7-50e6-4634-b2a5-13969366ccb4}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF SearchPlugin: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\searchplugins\amazoncom-pro.xml [2015-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=3 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=9 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Brother XP spl Service; C:\WINDOWS\SysWoW64\brsvc01a.exe [57344 2015-11-07] (brother Industries Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-20] (Windows (R) Win 7 DDK provider)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2015-10-31] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370072 2015-10-31] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [243800 2015-10-26] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-10-31] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263792 2016-01-18] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [53248 2015-10-31] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [548848 2016-01-23] (Intel Corporation)
R3 hidemi; C:\WINDOWS\System32\drivers\hidemi.sys [37720 2015-10-31] (Microchip)
U5 iaStorB; C:\Windows\System32\Drivers\iaStorB.sys [559576 2015-05-21] (Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-04] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 mchpemi; C:\WINDOWS\System32\drivers\mchpemi.sys [46432 2015-10-31] (Microchip)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [6731520 2016-01-29] (Intel Corporation)
R3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [46568 2015-10-31] (Nfc GPIO Driver)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-11] (AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-11] (AMD, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [772336 2015-10-31] (Realsil Semiconductor Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-10-31] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [760832 2016-03-09] (Sunplus)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [74352 2016-01-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2016-02-17] (HP)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-21 07:50 - 2017-02-21 07:50 - 00000000 ____D C:\Users\susanna\Desktop\FRST-OlderVersion
2017-02-21 07:46 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\Desktop\ForcePad Tutorial.lnk
2017-02-21 07:46 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad Tutorial.lnk
2017-02-21 07:46 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\Desktop\ForcePad-Einstellungen.lnk
2017-02-21 07:46 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad-Einstellungen.lnk
2017-02-20 22:12 - 2017-02-20 21:55 - 00001415 _____ C:\Users\susanna\Desktop\AdwCleaner[C2].txt
2017-02-20 22:04 - 2017-02-20 22:04 - 00000000 ____H C:\Users\susanna\Documents\Default.rdp
2017-02-20 22:03 - 2017-02-20 22:03 - 01388448 _____ C:\Users\Public\VOIP.dat
2017-02-20 22:03 - 2017-02-20 22:03 - 01388448 _____ C:\Users\Public\ASR.dat
2017-02-19 15:54 - 2017-02-20 21:59 - 00000548 _____ C:\Users\susanna\Desktop\JRT.txt
2017-02-19 15:51 - 2017-02-19 15:52 - 01663040 _____ (Malwarebytes) C:\Users\susanna\Desktop\JRT.exe
2017-02-19 15:47 - 2017-02-19 15:47 - 00002205 _____ C:\Users\susanna\Desktop\AdwCleaner[C0].txt
2017-02-19 15:33 - 2017-02-20 22:00 - 00000000 ____D C:\AdwCleaner
2017-02-19 15:30 - 2017-02-19 15:33 - 04015056 _____ C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
2017-02-18 20:28 - 2017-02-18 20:28 - 00133603 _____ C:\Users\susanna\Desktop\TDSSKiller3.txt
2017-02-18 20:23 - 2017-02-18 20:30 - 00267296 _____ C:\TDSSKiller.3.1.0.12_18.02.2017_20.23.57_log.txt
2017-02-18 20:17 - 2017-02-18 20:17 - 00133694 _____ C:\Users\susanna\Desktop\TDSSKiller2.txt
2017-02-18 20:11 - 2017-02-18 20:13 - 00267390 _____ C:\TDSSKiller.3.1.0.12_18.02.2017_20.11.13_log.txt
2017-02-18 20:09 - 2017-02-18 20:11 - 04747704 _____ (AO Kaspersky Lab) C:\Users\susanna\Desktop\tdsskiller.exe
2017-02-18 19:09 - 2017-02-19 15:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-18 19:09 - 2017-02-18 19:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 19:09 - 2017-02-18 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-18 19:06 - 2017-02-18 20:05 - 00000000 ____D C:\Users\susanna\Desktop\mbar
2017-02-18 19:06 - 2017-02-18 19:42 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-18 19:04 - 2017-02-18 19:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\susanna\Desktop\mbar-1.09.3.1001.exe
2017-02-18 10:19 - 2017-02-18 10:19 - 00000868 _____ C:\Users\susanna\Desktop\Windows Defender.txt
2017-02-18 09:53 - 2017-02-18 09:54 - 00027564 _____ C:\Users\susanna\Desktop\Addition.txt
2017-02-18 09:52 - 2017-02-21 07:52 - 00015348 _____ C:\Users\susanna\Desktop\FRST.txt
2017-02-18 09:51 - 2017-02-21 07:52 - 00000000 ____D C:\FRST
2017-02-18 09:48 - 2017-02-21 07:50 - 02422784 _____ (Farbar) C:\Users\susanna\Desktop\FRST64.exe
2017-02-17 10:42 - 2017-02-17 10:42 - 00003801 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:42 - 2017-02-17 10:42 - 00001250 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:10 - 2017-02-17 10:10 - 00003801 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:10 - 2017-02-17 10:10 - 00001250 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-18 09:40 - 00003801 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:00 - 2017-02-18 09:40 - 00001250 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-17 10:01 - 00000000 ____D C:\ProgramData\uwupefovygigylih
2017-02-02 16:09 - 2017-02-17 10:00 - 00200317 _____ C:\Users\susanna\Desktop\Villgratner Berge 3 September 2012.JPG.ifitin
2017-02-01 18:34 - 2017-02-17 10:00 - 00013049 _____ C:\Users\susanna\Desktop\Ansuchen Bäume.docx.umuqun
2017-01-29 11:23 - 2017-02-18 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 14:26 - 2017-02-17 10:00 - 00014448 _____ C:\Users\susanna\Desktop\MALTABERG NF.docx.ylyfiw
2017-01-26 17:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-26 17:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-26 17:18 - 2017-01-26 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-02-21 07:50 - 2015-10-31 13:35 - 00000000 ____D C:\Users\susanna\AppData\Roaming\Skype
2017-02-21 07:47 - 2016-09-23 06:26 - 03517206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 07:47 - 2016-09-23 06:26 - 00000000 ____D C:\Users\susanna
2017-02-21 07:47 - 2016-07-16 23:51 - 01577936 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-21 07:47 - 2016-07-16 23:51 - 00402048 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-21 07:46 - 2016-12-10 21:05 - 00000000 ____D C:\Users\susanna\AppData\LocalLow\Mozilla
2017-02-21 07:46 - 2016-09-23 06:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-21 07:46 - 2015-10-31 12:53 - 00000000 __SHD C:\Users\susanna\IntelGraphicsProfiles
2017-02-20 21:53 - 2016-09-23 06:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 21:53 - 2016-09-23 06:25 - 00000000 ____D C:\ProgramData\Validity
2017-02-20 21:53 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-19 15:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 19:39 - 2016-11-27 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-18 19:39 - 2015-10-31 13:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-18 09:43 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 09:40 - 2016-10-09 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-18 09:40 - 2015-10-31 13:35 - 00000000 ____D C:\ProgramData\Skype
2017-02-17 15:18 - 2016-09-23 06:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 11:12 - 2015-10-31 12:48 - 00000000 ____D C:\Users\susanna\AppData\Local\Packages
2017-02-17 10:10 - 2016-05-17 10:51 - 00013931 _____ C:\Users\susanna\MA42_FRisterstreckung.docx.iwysuf
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Wanderungen, 60+ AV, 55+ und NF
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Schlewe
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ____D C:\Users\susanna\Documents\temporär
2017-02-17 10:10 - 2015-11-07 11:21 - 00421758 _____ C:\Users\susanna\Documents\schwarzaberg karte.docx.abiwej
2017-02-17 10:10 - 2015-11-07 11:21 - 00011523 _____ C:\Users\susanna\Documents\Teilnehmer dt f Bettina.docx.shysiw
2017-02-17 10:10 - 2015-11-07 11:21 - 00011340 _____ C:\Users\susanna\Documents\TANZLISTE.docx.epacmp
2017-02-17 10:08 - 2016-06-21 17:15 - 00350255 _____ C:\Users\susanna\Documents\Litzlkogel und Sulzenstein vom Hirschbichl.docx.utuzir
2017-02-17 10:08 - 2015-11-07 11:38 - 00000000 ____D C:\Users\susanna\Documents\Rechnungen Schlewe
2017-02-17 10:08 - 2015-11-07 11:22 - 00000000 ___RD C:\Users\susanna\Documents\MALEN
2017-02-17 10:08 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\fast alles
2017-02-17 10:08 - 2015-11-01 19:36 - 00000000 ____D C:\Users\susanna\Documents\OneNote-Notizbücher
2017-02-17 10:08 - 2015-10-31 13:45 - 00000000 ____D C:\Users\susanna\Documents\DokumentationHP.Laptop2015
2017-02-17 10:07 - 2016-09-23 09:57 - 00000000 ___RD C:\Users\susanna\3D Objects
2017-02-17 10:07 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-17 10:07 - 2015-11-07 11:21 - 00019379 _____ C:\Users\susanna\Documents\28.3.Schleweliste u Ergängzung.docx.ypujgv
2017-02-17 10:07 - 2015-11-07 11:21 - 00018366 _____ C:\Users\susanna\Documents\AV u 55+ 2016.docx.ixallh
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Deutsch
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Chor
2017-02-17 10:07 - 2015-01-16 03:58 - 00000000 ____D C:\SWSETUP
2017-02-17 10:07 - 2013-12-04 00:39 - 00000000 _RSHD C:\SYSTEM.SAV
2017-02-17 10:00 - 2017-01-09 17:18 - 00000000 ____D C:\Users\susanna\Desktop\MUSIK
2017-02-17 10:00 - 2016-12-26 09:24 - 00116956 _____ C:\Users\susanna\Desktop\Antrag um Herabsetzung der Wassergebühr 26.12.16.pdf.lfofom
2017-02-17 10:00 - 2016-11-27 18:04 - 00000000 ___RD C:\Users\susanna\Desktop\RECHNUNGEN ab WIEN
2017-02-17 10:00 - 2016-11-24 17:36 - 00000000 ___RD C:\Users\susanna\Desktop\Clio Kolb
2017-02-17 10:00 - 2016-11-24 17:32 - 00000000 ___RD C:\Users\susanna\Desktop\Schlehenweg ab Nov 2016
2017-02-17 10:00 - 2016-11-14 09:19 - 00018637 _____ C:\Users\susanna\Desktop\reservierung pflersch.pdf.ecikom
2017-02-17 10:00 - 2015-12-17 09:35 - 00000000 ____D C:\Users\susanna\Desktop\LAURA
2017-01-27 19:28 - 2016-12-18 11:24 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 19:28 - 2015-10-31 12:50 - 00002400 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 19:28 - 2015-10-31 12:50 - 00000000 ___RD C:\Users\susanna\OneDrive
2017-01-26 18:03 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:18 - 2016-10-18 13:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-26 17:18 - 2016-10-17 22:07 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-23 16:42 - 2015-10-31 13:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-17 10:42 - 2017-02-17 10:42 - 0167042 _____ () C:\ProgramData\uxakedyn.png
2017-02-18 09:40 - 2017-02-18 09:40 - 0167042 _____ () C:\ProgramData\yselykeh.png
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat
Einige Dateien in TEMP:
====================
2016-12-01 16:16 - 2016-12-01 16:16 - 49781216 _____ (Garmin Ltd or its subsidiaries) C:\Users\susanna\AppData\Local\Temp\GarminExpressInstaller.exe
2016-12-10 21:10 - 2016-12-10 21:10 - 30533688 _____ () C:\Users\susanna\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-02-17 12:43
==================== Ende von FRST.txt ============================
Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von susanna (21-02-2017 07:53:29)
Gestartet von C:\Users\susanna\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-23 05:34:10)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3683660684-3316546758-4205979231-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3683660684-3316546758-4205979231-503 - Limited - Disabled)
Gast (S-1-5-21-3683660684-3316546758-4205979231-501 - Limited - Disabled)
susanna (S-1-5-21-3683660684-3316546758-4205979231-1001 - Administrator - Enabled) => C:\Users\susanna
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin TOPO Austria v3 (HKLM-x32\...\{4B7C3B57-CBD5-49DA-BEA7-A915FA1643B4}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Photos Backup (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.01.801 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.44 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {12E6FE17-CC83-4A4D-90DD-BEC6042D0832} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA1d2588d997bf6bd => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {224CD830-CA7F-49AF-A6F9-C4D051F7DC8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {4AC0BE52-F36C-448B-A6BB-2460E5F6720C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {69434E4E-BCC5-44C5-AB95-A2ECCC96EF1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core1d2588d996efa3d => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {70DEC05D-CAE9-40A1-BBCF-3EF5B6B6CB6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9AE7084B-5526-4DAC-B7E8-691AF6EB73DF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\susanna\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {E0B29A8D-C017-411B-A2AA-FDB3E452C369} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {E33FB378-797F-4873-9D18-0ADD0F156A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22] (Adobe Systems Incorporated)
Task: {EF58117B-509E-4BB7-B7D0-EF9CDF6E9D67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {FB997945-3F15-4E01-873F-01333AC693A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {FDF687D5-B584-479D-B23E-38CC281A9696} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\susanna\Desktop\backup\backup_machen3 - Verknüpfung.lnk -> C:\Program Files (x86)\robocopy\backup_machen3.bat (Keine Datei)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-31 12:57 - 2015-10-31 12:57 - 00022528 _____ () C:\WINDOWS\system32\fpCSEvtSvc.exe
2016-11-05 21:31 - 2015-10-26 08:40 - 00243800 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 07:20 - 2016-09-23 07:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 09:57 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 09:57 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 09:57 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-05 21:31 - 2015-11-17 02:28 - 00527960 _____ () C:\ProgramData\MobileBrServ\Tray.exe
2017-02-18 09:43 - 2017-02-18 09:43 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 09:43 - 2017-02-18 09:43 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 09:43 - 2017-02-18 09:43 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-09 11:29 - 2017-02-09 11:30 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-08 18:14 - 2016-11-08 18:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 14:43 - 2017-01-16 14:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-01-26 17:18 - 00000859 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Control Panel\Desktop\\Wallpaper -> C:\ProgramData\yselykeh.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8F90A27-979A-4F5F-97DE-8BCD22D5B068}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9A8674F-27D8-4803-91AB-E1AB92A49AB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7562C4A4-0795-4BD8-A9C4-D60126AF3E5C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED4AB7D3-B38F-4F44-8D64-3CE233E52D83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE03FFD1-7168-4AF9-954A-9CC58DEA3F88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
04-02-2017 11:49:11 Geplanter Prüfpunkt
17-02-2017 13:05:37 Geplanter Prüfpunkt
18-02-2017 19:37:50 Malwarebytes Anti-Rootkit Restore Point
19-02-2017 15:53:40 JRT Pre-Junkware Removal
20-02-2017 21:59:01 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: NXP NearFieldProximity Provider
Description: NXP NearFieldProximity Provider
Class Guid: {9a2fc585-7316-46f1-9577-500920304f9d}
Manufacturer: NXP Semiconductors(Proximity)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/20/2017 09:59:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/19/2017 03:53:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/18/2017 08:40:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/18/2017 07:37:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/17/2017 01:05:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/17/2017 12:51:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Systemfehler:
=============
Error: (02/21/2017 07:46:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/21/2017 07:46:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/21/2017 07:46:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/21/2017 07:45:50 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Für den Miniport "Remote NDIS based Internet Sharing Device, {F121AF7D-FAB6-4796-B816-605C5B1D4F30}" ist das Ereignis "74" aufgetreten.
Error: (02/20/2017 10:24:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCUGHB0)
Description: Der Server "{3FCB7074-EC9E-4AAF-9BE3-C0E356942366}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/20/2017 10:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 09:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 09:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 09:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 09:53:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) M-5Y51 CPU @ 1.10GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8067.11 MB
Verfügbarer physikalischer RAM: 5554.87 MB
Summe virtueller Speicher: 9347.11 MB
Verfügbarer virtueller Speicher: 6665.43 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:220.51 GB) (Free:63.7 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.96 GB) (Free:1.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: EF688436)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)
==================== Ende von Addition.txt ============================
|
|
21.02.2017, 09:34
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Crypt0L0cker verschlüsselt Daten FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\uxakedyn.png
C:\ProgramData\yselykeh.png
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat
hosts:
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2017, 11:12
| #14 |
| | Windows 10: Crypt0L0cker verschlüsselt Daten Hallo cosinus, danke für die schnelle Antwort. Unten der Log von den FRST mit Fixes. LG, Uli Fixlog.txt Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von susanna (21-02-2017 10:52:09) Run:1
Gestartet von C:\Users\susanna\Desktop
Geladene Profile: susanna (Verfügbare Profile: susanna)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\ProgramData\uxakedyn.png
C:\ProgramData\yselykeh.png
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat
hosts:
emptytemp:
*****************
C:\ProgramData\uxakedyn.png => erfolgreich verschoben
C:\ProgramData\yselykeh.png => erfolgreich verschoben
"C:\Users\Public\ASR.dat" => nicht gefunden.
"C:\Users\Public\VOIP.dat" => nicht gefunden.
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69930661 B
Java, Flash, Steam htmlcache => 20030 B
Windows/system/drivers => 217376683 B
Edge => 643448 B
Chrome => 0 B
Firefox => 388662231 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 15168 B
susanna => 435209579 B
RecycleBin => 9742312673 B
EmptyTemp: => 10.1 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 11:02:51 ====
|
|
21.02.2017, 11:32
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Crypt0L0cker verschlüsselt Daten Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 10: Crypt0L0cker verschlüsselt Daten |
| computer, cpu, crypt0l0cker, device driver, email, entfernen, firefox, flash player, google, home, monitor, mozilla, problem, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, trojaner, trojaner board, updates, usb, virus, windows |
Linear-Darstellung
