Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mails werden automatisch versendet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.09.2015, 20:33   #1
strommueller
 
Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



Hallo zusammen,

seit ein paar Tagen werden automatisch E-Mails an einige Kontakte in EssentialsPIM Pro Network versendet, Die tauchen aber nicht in den "Gesendeten" oder anderswo auf. Die Emails haben immer den gleichen Titel: (FW:Impotant) Hey! Important message, please visit hxxp://....... hier steht immer ein anderer Link.

Windows 8.1 64bit
Virenprogramm Avira Antivirus Pro
EssentialsPIM Pro 6.55 Network Edition (u.a. zum Mailversand)

Passwörter habe ich gleich geändert, dass Problem ist aber wahrscheinlich noch da.
Habe gehört, dass es auch keine Infektion sein kann und nur die Mail-Absenderkennung
verwendet wird. Aber das erklärt leider nicht die Kenntnis über die Kontaktadressen.

Habe Euch auch gleich mal FRST nach Eurer Anleitung ausgeführt und die Log´s:
FRST.txt und Addition.txt gepostet.

Vielen Dank im vorraus.
Angehängte Dateien
Dateityp: txt FRST.txt (24,8 KB, 74x aufgerufen)
Dateityp: txt Addition.txt (23,4 KB, 102x aufgerufen)

Geändert von strommueller (26.09.2015 um 20:50 Uhr)

Alt 26.09.2015, 21:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.09.2015, 22:42   #3
strommueller
 
Mails werden automatisch versendet - Icon17

Mails werden automatisch versendet



Ok,

hier FRST.txt


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von XXXXXXX (Administrator) auf ALPHA (26-09-2015 20:25:58)
Gestartet von D:\Users\XXXXXXX\Desktop
Geladene Profile: XXXXXXX (Verfügbare Profile: XXXXXXX)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3810510583-669268903-27390416-1001\...\MountPoints2: {c2bf905c-3223-11e4-8292-002618f37a0c} - "H:\LaunchU3.exe" -a
HKU\S-1-5-21-3810510583-669268903-27390416-1001\...\MountPoints2: {f64fafd6-c77c-11e4-830e-002618f37a0c} - "H:\LGAutoRun.exe" 
HKU\S-1-5-21-3810510583-669268903-27390416-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7C9CF590-28A9-45F4-8A18-7139AC342E21}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\jg9wpz3m.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\jg9wpz3m.default\Extensions\client@anonymox.net.xpi [2014-10-19]
FF Extension: Adblock Plus - C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\jg9wpz3m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1148688 2015-09-24] (Avira Operations GmbH & Co. KG)
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2785280 2012-05-18] (Firebird Project) [Datei ist nicht signiert]
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [Datei ist nicht signiert]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-09-24] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-26 16:55 - 2015-09-26 20:26 - 00000000 ____D C:\FRST
2015-09-24 21:57 - 2015-09-25 08:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-24 21:47 - 2015-09-24 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-24 21:35 - 2015-09-24 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-12 11:49 - 2015-09-12 11:49 - 00000000 ____D C:\Users\XXXXXXX\AppData\Local\PDFCreator
2015-09-12 11:16 - 2015-09-12 11:16 - 00001484 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-09-12 11:16 - 2015-09-12 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-09-10 14:34 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 14:34 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 14:34 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 14:34 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 14:34 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 14:34 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 14:34 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 14:34 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 14:34 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 14:34 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 14:34 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 14:34 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 14:33 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 14:33 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 14:33 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 14:33 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 14:33 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 14:33 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 14:33 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 14:33 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 14:33 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 14:33 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 14:33 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 14:33 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 14:33 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 14:33 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 14:33 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-10 14:33 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-10 14:33 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-10 14:33 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-10 14:33 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-10 14:32 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 14:32 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 14:32 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 14:32 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 14:32 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 14:32 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 14:32 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 14:32 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 14:32 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 14:32 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 14:32 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 14:32 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 14:32 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 14:32 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 14:32 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 14:32 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 14:32 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 14:32 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 14:32 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 14:32 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 14:32 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 14:32 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 14:32 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 14:32 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 14:32 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 14:32 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 14:32 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 14:32 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 14:32 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 14:32 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 14:32 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 14:32 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 14:32 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 14:32 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 14:32 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 14:32 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 14:32 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 14:32 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 14:32 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 14:32 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 14:32 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 14:32 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-10 14:32 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-10 14:32 - 2015-07-13 21:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-10 14:32 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-10 14:32 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-10 14:32 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-10 14:32 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-26 20:22 - 2014-07-12 03:02 - 01674445 _____ C:\Windows\WindowsUpdate.log
2015-09-26 20:08 - 2014-07-12 04:11 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-26 20:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-26 17:39 - 2014-07-30 00:34 - 00003100 _____ C:\Windows\System32\Tasks\ZDB-JobNr-01
2015-09-26 17:39 - 2014-07-30 00:34 - 00000364 _____ C:\Windows\Tasks\ZDB-JobNr-01.job
2015-09-26 17:38 - 2014-07-12 03:17 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-26 17:38 - 2013-08-22 16:46 - 00125054 _____ C:\Windows\setupact.log
2015-09-26 17:38 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-25 10:46 - 2014-07-12 03:09 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3810510583-669268903-27390416-1001
2015-09-25 08:46 - 2014-07-12 04:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-25 08:46 - 2014-03-18 03:50 - 00419452 _____ C:\Windows\PFRO.log
2015-09-24 23:00 - 2014-10-23 22:22 - 00000362 _____ C:\Windows\Tasks\ZDB-JobNr-02.job
2015-09-24 21:53 - 2014-07-27 18:58 - 00001097 _____ C:\Users\Public\Desktop\EssentialPIM Pro.lnk
2015-09-24 21:46 - 2014-07-12 03:37 - 00137800 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-24 21:46 - 2014-07-12 03:37 - 00074440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-24 03:06 - 2014-07-12 05:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-24 00:01 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-22 09:27 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-21 21:08 - 2014-07-12 04:11 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-19 04:18 - 2014-12-27 01:57 - 00003556 _____ C:\Windows\system32\TeamViewer10_Hooks.log
2015-09-19 04:18 - 2014-12-27 01:57 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-15 03:18 - 2014-12-12 10:51 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2014-12-12 10:51 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 22:21 - 2014-07-12 05:12 - 00000000 ____D C:\Users\XXXXXXX\AppData\Roaming\KeePass
2015-09-13 11:41 - 2013-08-22 16:44 - 00467184 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-13 10:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-12 16:57 - 2014-03-18 12:03 - 01686150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 16:57 - 2014-03-18 11:25 - 00726688 _____ C:\Windows\system32\perfh007.dat
2015-09-12 16:57 - 2014-03-18 11:25 - 00151380 _____ C:\Windows\system32\perfc007.dat
2015-09-12 11:44 - 2014-07-16 16:57 - 00000000 ____D C:\Users\XXXXXXX\AppData\Roaming\vlc
2015-09-12 11:16 - 2014-12-27 01:05 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-09-11 11:31 - 2014-07-27 16:07 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-09-11 11:31 - 2014-07-27 16:07 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2015-09-11 11:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-11 11:00 - 2014-07-12 03:53 - 00000000 ____D C:\Windows\system32\MRT
2015-09-11 10:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 14:39 - 2014-03-18 11:40 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 12:44 - 2014-07-12 03:04 - 00000000 ____D C:\Users\XXXXXXX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-13 12:52 - 2015-07-24 09:34 - 0008192 _____ () C:\Users\XXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Einige Dateien in TEMP:
====================
C:\Users\XXXXXXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXXXX\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp413zlu.dll
C:\Users\XXXXXXX\AppData\Local\Temp\epim_install.exe
C:\Users\XXXXXXX\AppData\Local\Temp\FFSetup3.7.0.0.exe
C:\Users\XXXXXXX\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\XXXXXXX\AppData\Local\Temp\nvStInst.exe
C:\Users\XXXXXXX\AppData\Local\Temp\ochelper.dll
C:\Users\XXXXXXX\AppData\Local\Temp\ochelper.exe
C:\Users\XXXXXXX\AppData\Local\Temp\ose00001.exe
C:\Users\XXXXXXX\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-25 08:58

==================== Ende von FRST.txt ============================
         
--- --- ---


und hier der Addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von XXXXXXX (2015-09-26 20:26:49)
Gestartet von D:\Users\XXXXXXX\Desktop
Windows 8.1 (X64) (2014-07-12 01:04:14)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3810510583-669268903-27390416-500 - Administrator - Disabled)
XXXXXXX (S-1-5-21-3810510583-669268903-27390416-1001 - Administrator - Enabled) => C:\Users\XXXXXXX
Gast (S-1-5-21-3810510583-669268903-27390416-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.202 - Avira Operations GmbH & Co. KG)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
EssentialPIM Pro (HKLM-x32\...\EssentialPIM Pro) (Version: 6.55 - Astonsoft Ltd)
Firebird 2.1.5.18496 (Win32) (HKLM-x32\...\FBDBServer_2_1_is1) (Version: 2.1.5.18496 - Firebird Project)
FormatFactory 3.7.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.0.0 - Format Factory)
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM351_M451LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
hppToolboxProxyM351 (x32 Version: 035.024.006 - HP) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM351_M451 (x32 Version: 050.034.0131 - Hewlett-Packard) Hidden
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
LibreOffice 4.3 Help Pack (German) (HKLM-x32\...\{D46E6B22-8CB8-4ADE-B820-ADF29F4FEF21}) (Version: 4.3.7.2 - The Document Foundation)
LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
ToolboxProxy (x32 Version: 035.024.006 - HP) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Z-DBackup (HKLM-x32\...\{6AF2CB89-30AB-45E5-9A68-B6B428E0E6DF}) (Version: 6.2.0.9 - IMU Andreas Baumann)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3810510583-669268903-27390416-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay Keine Datei

==================== Wiederherstellungspunkte =========================

05-09-2015 17:58:29 Geplanter Prüfpunkt
10-09-2015 14:36:30 Windows Update
12-09-2015 11:10:38 Installed LibreOffice 4.4.5.2
20-09-2015 06:19:50 Geplanter Prüfpunkt
26-09-2015 13:14:48 Avira PC Cleaner - 26.09.2015 13:14

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {203A36AD-9904-4F00-BA98-A56331E27BE6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {20D52BC6-4B77-4019-AC5A-28B48D9AB32B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {588B9FBB-03F7-48A2-A4D5-1E43FBD783D7} - System32\Tasks\xxx => powershell
Task: {6A079E55-DE80-4F0B-BADB-EB7A10605A00} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {749AE7DD-8E77-4E86-8559-CDC20491DAC1} - System32\Tasks\ZDB-JobNr-01 => C:\Program Files (x86)\Z-DBackup\ZDBackup.exe [2015-07-17] (IMU-BerliNet)
Task: {945CAA03-1450-4D49-AB67-845D26D53E7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {AC906E1B-6975-4F0C-836E-463DB638A4D6} - System32\Tasks\Datensicherung und Herunterfahren => powershell
Task: {B74EFCB7-DE52-4148-A447-1F2BBFC00E28} - System32\Tasks\Telefonerinnerung => powershell
Task: {E2DE1B0A-B91D-437A-A227-54915F673C11} - System32\Tasks\ZDB-JobNr-02 => C:\Program Files (x86)\Z-DBackup\ZDBackup.exe [2015-07-17] (IMU-BerliNet)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ZDB-JobNr-01.job => C:\Program Files (x86)\Z-DBackup\ZDBackup.exe
Task: C:\Windows\Tasks\ZDB-JobNr-02.job => C:\Program Files (x86)\Z-DBackup\ZDBackup.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-12 03:17 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3810510583-669268903-27390416-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C0CAE8C5-A290-4E03-9EF3-2B3ABB0C4174}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{58772656-4884-41B1-8C41-6B41CB2FCE4C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89DB1A54-EAE4-43FA-ACCB-7663F77DD78C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FFAD1636-38AF-487A-8808-4B0BC0B981B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C46A09A3-803D-4217-87B3-E18AA43DAE82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA93E6F1-F2B1-45D8-B1CC-B3C0662EC8A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CBCCC2B6-D17C-4229-955C-186C5A9F7C57}C:\program files (x86)\essentialpim pro\essentialpim.exe] => (Allow) C:\program files (x86)\essentialpim pro\essentialpim.exe
FirewallRules: [UDP Query User{DAF980A1-AFD1-430F-AD91-EF249416804B}C:\program files (x86)\essentialpim pro\essentialpim.exe] => (Allow) C:\program files (x86)\essentialpim pro\essentialpim.exe
FirewallRules: [TCP Query User{13926C60-8B86-45B3-A4A8-4C8E4AEEADA4}C:\program files (x86)\essentialpim pro\essentialpim.exe] => (Block) C:\program files (x86)\essentialpim pro\essentialpim.exe
FirewallRules: [UDP Query User{085C4440-94E1-49EE-B31E-C4F2819EFF72}C:\program files (x86)\essentialpim pro\essentialpim.exe] => (Block) C:\program files (x86)\essentialpim pro\essentialpim.exe
FirewallRules: [{E68E01E3-7FC9-4C5F-AA81-EE9EF21F07F9}] => (Allow) %ProgramFiles% (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
FirewallRules: [{7232C7C9-AA73-47BD-884D-1914ACD83150}] => (Allow) %ProgramFiles% (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
FirewallRules: [{2CD0EAD2-66E7-4C60-AA90-03D6DC3A9E62}] => (Allow) %ProgramFiles% (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
FirewallRules: [{DDBF0A24-4737-4EC6-9819-C2C76903DE4D}] => (Allow) %ProgramFiles% (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
FirewallRules: [TCP Query User{96B0929B-7DA3-4A42-92F0-30032A1B627E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{F50882D9-A770-4BC0-8F3B-96CE8FF68C6E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{099AC93F-23D1-4898-927B-27D3068E1492}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4252BFF-1E09-4E95-B71E-6CC797DD8E08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F4E762C9-26FC-49CB-B454-F058FBC7771B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AD0CD26F-F535-4B4F-B36E-F472FC285F3F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F9500C20-D340-447E-99FA-9E7A07D18E46}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{7A12A1F6-D09B-4AA8-979F-9B7E309FFC7E}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{068A1E7D-2951-4F78-A265-2D63FC5DD385}D:\users\XXXXXXX\downloads\ffinstonline.exe] => (Allow) D:\users\XXXXXXX\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{4E4C6A81-B039-4D0D-8C73-26C7F9F6317F}D:\users\XXXXXXX\downloads\ffinstonline.exe] => (Allow) D:\users\XXXXXXX\downloads\ffinstonline.exe
FirewallRules: [TCP Query User{715EC787-530D-40DC-90C3-3F0975E3EDE2}C:\users\XXXXXXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\XXXXXXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [UDP Query User{6BBD44EC-C19D-473E-81ED-644F988EEB81}C:\users\XXXXXXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\XXXXXXX\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light
FirewallRules: [TCP Query User{545547EF-E346-440B-9734-2B17C704E71F}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{C7BDA4F1-9406-4806-A057-AF6E04C7DD7F}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [{D12A56C7-BB4B-4550-B116-B661192D5705}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1B947CD5-C9E2-49FB-A044-8F7A2236952E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E8ED8A31-F9DC-4E84-ADE9-59B302D8AE1F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BDBF53BE-54CB-42BE-9081-B962E8E8BC59}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/26/2015 02:02:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009311a
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (09/26/2015 02:00:56 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (09/26/2015 02:36:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.4.5.2, Zeitstempel: 0x55b155ef
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000a326c
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (09/24/2015 12:01:35 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (09/23/2015 03:11:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17924, Zeitstempel: 0x55959290
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003d86e
ID des fehlerhaften Prozesses: 0x11a4
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Vollständiger Name des fehlerhaften Pakets: GWXUX.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GWXUX.exe5

Error: (09/23/2015 12:01:32 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (09/22/2015 01:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17936, Zeitstempel: 0x55a68e0c
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009311a
ID des fehlerhaften Prozesses: 0x768
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (09/21/2015 10:28:27 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]

Error: (09/21/2015 10:27:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.3.5716, Zeitstempel: 0x55ddb213
Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.3.5716, Zeitstempel: 0x55dda062
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000e250
ID des fehlerhaften Prozesses: 0x1730
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (09/21/2015 02:49:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 4.4.5.2, Zeitstempel: 0x55b155ef
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000a326c
ID des fehlerhaften Prozesses: 0x126c
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5


Systemfehler:
=============
Error: (09/26/2015 02:02:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/26/2015 01:50:58 PM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/26/2015 01:50:28 PM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/25/2015 10:47:04 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/25/2015 10:46:34 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/24/2015 09:01:13 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/24/2015 09:00:43 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/24/2015 08:50:37 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/24/2015 08:50:06 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/24/2015 08:40:10 AM) (Source: DCOM) (EventID: 10010) (User: Alpha)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


==================== Speicherinformationen =========================== 

Prozessor: AMD Athlon(tm) II X2 240 Processor
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 4095.29 MB
Verfügbarer physikalischer RAM: 3000.27 MB
Summe virtueller Speicher: 4799.29 MB
Verfügbarer virtueller Speicher: 3263.38 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:195.31 GB) (Free:158.15 GB) NTFS
Drive d: (Daten Alpha 1) (Fixed) (Total:400.65 GB) (Free:277.2 GB) NTFS ==>[System mit Startkomponenten (eingeholt von lesen Laufwerk)]
Drive e: (Daten Alpha 2) (Fixed) (Total:400.65 GB) (Free:400.34 GB) NTFS
Drive f: (Daten Alpha 3) (Fixed) (Total:400.65 GB) (Free:400.45 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 01430143)
Partition 1: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=400.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=400.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Danke
__________________

Alt 27.09.2015, 14:57   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.09.2015, 16:52   #5
strommueller
 
Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



Hallo Schrauber,

danke für deine Hilfe am "heiligen" Sonntag

mbar.exe hat nichts gefunden:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.09.27.04
  rootkit: v2015.09.22.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18036
XXXXXXX :: ALPHA [administrator]

27.09.2015 15:47:18
mbar-log-2015-09-27 (15-47-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 366359
Time elapsed: 44 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
hier der TDSSKiller Log,
aber auch hier keine Funde:

Code:
ATTFilter
16:39:45.0333 0x04cc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
16:39:53.0188 0x04cc  ============================================================
16:39:53.0188 0x04cc  Current date / time: 2015/09/27 16:39:53.0188
16:39:53.0188 0x04cc  SystemInfo:
16:39:53.0188 0x04cc  
16:39:53.0188 0x04cc  OS Version: 6.3.9600 ServicePack: 0.0
16:39:53.0188 0x04cc  Product type: Workstation
16:39:53.0188 0x04cc  ComputerName: ALPHA
16:39:53.0188 0x04cc  UserName: XXXXXXX
16:39:53.0188 0x04cc  Windows directory: C:\Windows
16:39:53.0188 0x04cc  System windows directory: C:\Windows
16:39:53.0188 0x04cc  Running under WOW64
16:39:53.0188 0x04cc  Processor architecture: Intel x64
16:39:53.0188 0x04cc  Number of processors: 2
16:39:53.0188 0x04cc  Page size: 0x1000
16:39:53.0188 0x04cc  Boot type: Normal boot
16:39:53.0188 0x04cc  ============================================================
16:39:53.0548 0x04cc  KLMD registered as C:\Windows\system32\drivers\33539261.sys
16:39:54.0078 0x04cc  System UUID: {73F819BC-2B11-689C-21CB-8C9CD6671FC0}
16:39:55.0448 0x04cc  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:39:55.0463 0x04cc  ============================================================
16:39:55.0463 0x04cc  \Device\Harddisk0\DR0:
16:39:55.0463 0x04cc  MBR partitions:
16:39:55.0463 0x04cc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1869D800
16:39:55.0463 0x04cc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0x3214EACE
16:39:55.0463 0x04cc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4A7ED066, BlocksNum 0x3214AC0D
16:39:55.0463 0x04cc  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x7C937C73, BlocksNum 0x3214EACE
16:39:55.0463 0x04cc  ============================================================
16:39:55.0488 0x04cc  C: <-> \Device\Harddisk0\DR0\Partition1
16:39:55.0528 0x04cc  D: <-> \Device\Harddisk0\DR0\Partition2
16:39:55.0573 0x04cc  E: <-> \Device\Harddisk0\DR0\Partition3
16:39:55.0608 0x04cc  F: <-> \Device\Harddisk0\DR0\Partition4
16:39:55.0608 0x04cc  ============================================================
16:39:55.0608 0x04cc  Initialize success
16:39:55.0608 0x04cc  ============================================================
16:40:36.0413 0x10f8  ============================================================
16:40:36.0413 0x10f8  Scan started
16:40:36.0413 0x10f8  Mode: Manual; SigCheck; TDLFS; 
16:40:36.0413 0x10f8  ============================================================
16:40:36.0413 0x10f8  KSN ping started
16:40:38.0763 0x10f8  KSN ping finished: true
16:40:40.0403 0x10f8  ================ Scan system memory ========================
16:40:40.0403 0x10f8  System memory - ok
16:40:40.0408 0x10f8  ================ Scan services =============================
16:40:40.0628 0x10f8  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:40:40.0888 0x10f8  1394ohci - ok
16:40:40.0968 0x10f8  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
16:40:41.0013 0x10f8  3ware - ok
16:40:41.0098 0x10f8  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:40:41.0193 0x10f8  ACPI - ok
16:40:41.0228 0x10f8  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:40:41.0273 0x10f8  acpiex - ok
16:40:41.0288 0x10f8  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:40:41.0348 0x10f8  acpipagr - ok
16:40:41.0363 0x10f8  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
16:40:41.0428 0x10f8  AcpiPmi - ok
16:40:41.0443 0x10f8  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:40:41.0498 0x10f8  acpitime - ok
16:40:41.0613 0x10f8  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:40:41.0643 0x10f8  AdobeARMservice - ok
16:40:41.0798 0x10f8  [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:40:41.0838 0x10f8  AdobeFlashPlayerUpdateSvc - ok
16:40:41.0928 0x10f8  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
16:40:42.0038 0x10f8  ADP80XX - ok
16:40:42.0103 0x10f8  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:40:42.0223 0x10f8  AeLookupSvc - ok
16:40:42.0333 0x10f8  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
16:40:42.0508 0x10f8  AFD - ok
16:40:42.0538 0x10f8  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:40:42.0578 0x10f8  agp440 - ok
16:40:42.0603 0x10f8  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
16:40:42.0678 0x10f8  ahcache - ok
16:40:42.0713 0x10f8  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
16:40:42.0788 0x10f8  ALG - ok
16:40:42.0823 0x10f8  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
16:40:42.0908 0x10f8  AmdK8 - ok
16:40:42.0943 0x10f8  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:40:43.0008 0x10f8  AmdPPM - ok
16:40:43.0043 0x10f8  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:40:43.0088 0x10f8  amdsata - ok
16:40:43.0133 0x10f8  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:40:43.0198 0x10f8  amdsbs - ok
16:40:43.0213 0x10f8  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:40:43.0248 0x10f8  amdxata - ok
16:40:43.0378 0x10f8  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
16:40:43.0523 0x10f8  AntiVirMailService - ok
16:40:43.0583 0x10f8  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:40:43.0668 0x10f8  AntiVirSchedulerService - ok
16:40:43.0728 0x10f8  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:40:43.0808 0x10f8  AntiVirService - ok
16:40:43.0908 0x10f8  [ 9A12F8E472FE05EF653CA152050405D4, 569EA8FFDE827F850CA8E3CB747A8552FD9981E61C48C7EA55E550A6C07F770E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
16:40:44.0028 0x10f8  AntiVirWebService - ok
16:40:44.0078 0x10f8  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
16:40:44.0198 0x10f8  AppID - ok
16:40:44.0238 0x10f8  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:40:44.0293 0x10f8  AppIDSvc - ok
16:40:44.0333 0x10f8  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\Windows\System32\appinfo.dll
16:40:44.0413 0x10f8  Appinfo - ok
16:40:44.0483 0x10f8  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
16:40:44.0623 0x10f8  AppReadiness - ok
16:40:44.0758 0x10f8  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
16:40:44.0933 0x10f8  AppXSvc - ok
16:40:44.0983 0x10f8  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:40:45.0033 0x10f8  arcsas - ok
16:40:45.0058 0x10f8  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:40:45.0098 0x10f8  atapi - ok
16:40:45.0153 0x10f8  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:40:45.0258 0x10f8  AudioEndpointBuilder - ok
16:40:45.0343 0x10f8  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:40:45.0468 0x10f8  Audiosrv - ok
16:40:45.0503 0x10f8  [ AC82CC4F2A41E098EB34C0A9F8125DDC, CC416DD5FC8E14A1F99F8DF52D795CA6E16EDBF8FD7C9624B10BA83D9D954BF2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:40:45.0548 0x10f8  avgntflt - ok
16:40:45.0598 0x10f8  [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:40:45.0643 0x10f8  avipbb - ok
16:40:45.0713 0x10f8  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:40:45.0738 0x10f8  avkmgr - ok
16:40:45.0773 0x10f8  [ 74179E7C103F3A44B33D7D982E21E35D, 7F2384B065EA9959734D65426781D901CDB0DA8DFCAD13BF05044DDF33CA5688 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
16:40:45.0818 0x10f8  avnetflt - ok
16:40:45.0863 0x10f8  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:40:45.0943 0x10f8  AxInstSV - ok
16:40:45.0998 0x10f8  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:40:46.0088 0x10f8  b06bdrv - ok
16:40:46.0113 0x10f8  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:40:46.0218 0x10f8  BasicDisplay - ok
16:40:46.0233 0x10f8  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
16:40:46.0318 0x10f8  BasicRender - ok
16:40:46.0338 0x10f8  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
16:40:46.0363 0x10f8  bcmfn2 - ok
16:40:46.0428 0x10f8  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
16:40:46.0523 0x10f8  BDESVC - ok
16:40:46.0548 0x10f8  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
16:40:46.0613 0x10f8  Beep - ok
16:40:46.0718 0x10f8  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\Windows\System32\bfe.dll
16:40:46.0858 0x10f8  BFE - ok
16:40:46.0958 0x10f8  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
16:40:47.0118 0x10f8  BITS - ok
16:40:47.0153 0x10f8  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:40:47.0233 0x10f8  bowser - ok
16:40:47.0293 0x10f8  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:40:47.0378 0x10f8  BrokerInfrastructure - ok
16:40:47.0433 0x10f8  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
16:40:47.0498 0x10f8  Browser - ok
16:40:47.0528 0x10f8  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:40:47.0583 0x10f8  BthAvrcpTg - ok
16:40:47.0618 0x10f8  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
16:40:47.0673 0x10f8  BthHFEnum - ok
16:40:47.0693 0x10f8  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:40:47.0753 0x10f8  bthhfhid - ok
16:40:47.0818 0x10f8  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
16:40:47.0938 0x10f8  BthHFSrv - ok
16:40:47.0968 0x10f8  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:40:48.0038 0x10f8  BTHMODEM - ok
16:40:48.0083 0x10f8  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
16:40:48.0148 0x10f8  bthserv - ok
16:40:48.0193 0x10f8  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:40:48.0273 0x10f8  cdfs - ok
16:40:48.0308 0x10f8  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
16:40:48.0353 0x10f8  cdrom - ok
16:40:48.0393 0x10f8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:40:48.0468 0x10f8  CertPropSvc - ok
16:40:48.0493 0x10f8  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
16:40:48.0543 0x10f8  circlass - ok
16:40:48.0603 0x10f8  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:40:48.0673 0x10f8  CLFS - ok
16:40:48.0723 0x10f8  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:40:48.0778 0x10f8  CmBatt - ok
16:40:48.0858 0x10f8  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:40:48.0953 0x10f8  CNG - ok
16:40:48.0983 0x10f8  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:40:49.0038 0x10f8  CompositeBus - ok
16:40:49.0053 0x10f8  COMSysApp - ok
16:40:49.0088 0x10f8  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
16:40:49.0163 0x10f8  condrv - ok
16:40:49.0218 0x10f8  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:40:49.0308 0x10f8  CryptSvc - ok
16:40:49.0333 0x10f8  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
16:40:49.0378 0x10f8  dam - ok
16:40:49.0478 0x10f8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:40:49.0618 0x10f8  DcomLaunch - ok
16:40:49.0698 0x10f8  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
16:40:49.0853 0x10f8  defragsvc - ok
16:40:49.0923 0x10f8  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
16:40:50.0013 0x10f8  DeviceAssociationService - ok
16:40:50.0043 0x10f8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
16:40:50.0098 0x10f8  DeviceInstall - ok
16:40:50.0138 0x10f8  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:40:50.0238 0x10f8  Dfsc - ok
16:40:50.0283 0x10f8  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:40:50.0318 0x10f8  dg_ssudbus - ok
16:40:50.0388 0x10f8  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:40:50.0503 0x10f8  Dhcp - ok
16:40:50.0653 0x10f8  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\Windows\system32\diagtrack.dll
16:40:50.0868 0x10f8  DiagTrack - ok
16:40:50.0918 0x10f8  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
16:40:50.0963 0x10f8  disk - ok
16:40:50.0988 0x10f8  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
16:40:51.0083 0x10f8  dmvsc - ok
16:40:51.0138 0x10f8  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:40:51.0203 0x10f8  Dnscache - ok
16:40:51.0283 0x10f8  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:40:51.0388 0x10f8  dot3svc - ok
16:40:51.0433 0x10f8  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
16:40:51.0508 0x10f8  DPS - ok
16:40:51.0543 0x10f8  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:40:51.0578 0x10f8  drmkaud - ok
16:40:51.0628 0x10f8  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:40:51.0693 0x10f8  DsmSvc - ok
16:40:51.0843 0x10f8  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:40:52.0028 0x10f8  DXGKrnl - ok
16:40:52.0068 0x10f8  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
16:40:52.0143 0x10f8  Eaphost - ok
16:40:52.0403 0x10f8  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:40:52.0768 0x10f8  ebdrv - ok
16:40:52.0818 0x10f8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
16:40:52.0863 0x10f8  EFS - ok
16:40:52.0898 0x10f8  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
16:40:52.0943 0x10f8  EhStorClass - ok
16:40:52.0978 0x10f8  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:40:53.0028 0x10f8  EhStorTcgDrv - ok
16:40:53.0048 0x10f8  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:40:53.0093 0x10f8  ErrDev - ok
16:40:53.0148 0x10f8  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
16:40:53.0238 0x10f8  EventSystem - ok
16:40:53.0268 0x10f8  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:40:53.0358 0x10f8  exfat - ok
16:40:53.0393 0x10f8  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:40:53.0423 0x10f8  fastfat - ok
16:40:53.0483 0x10f8  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
16:40:53.0593 0x10f8  Fax - ok
16:40:53.0618 0x10f8  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
16:40:53.0668 0x10f8  fdc - ok
16:40:53.0703 0x10f8  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:40:53.0778 0x10f8  fdPHost - ok
16:40:53.0818 0x10f8  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:40:53.0868 0x10f8  FDResPub - ok
16:40:53.0913 0x10f8  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
16:40:53.0998 0x10f8  fhsvc - ok
16:40:54.0028 0x10f8  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:40:54.0073 0x10f8  FileInfo - ok
16:40:54.0108 0x10f8  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:40:54.0178 0x10f8  Filetrace - ok
16:40:54.0248 0x10f8  [ 66DDE64F0B1C738B1879FFFC3EBDC50C, 80FE8B499A1B56BE157EC094BE181E7931FD276149B43160D0560D9AEA662A0D ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
16:40:54.0268 0x10f8  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
16:40:56.0618 0x10f8  Detect skipped due to KSN trusted
16:40:56.0618 0x10f8  FirebirdGuardianDefaultInstance - ok
16:40:56.0843 0x10f8  [ 6BEFD92FDD20A9AEF21BE6CD61EF96AB, 1208F755F654B7DAA75E7CE1D2C70D4AE62CC13DA062C9A33394DFBFD7CFECCE ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
16:40:57.0093 0x10f8  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
16:40:59.0433 0x10f8  Detect skipped due to KSN trusted
16:40:59.0433 0x10f8  FirebirdServerDefaultInstance - ok
16:40:59.0453 0x10f8  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:40:59.0498 0x10f8  flpydisk - ok
16:40:59.0558 0x10f8  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:40:59.0633 0x10f8  FltMgr - ok
16:40:59.0768 0x10f8  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache       C:\Windows\system32\FntCache.dll
16:40:59.0963 0x10f8  FontCache - ok
16:41:00.0003 0x10f8  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:41:00.0043 0x10f8  FsDepends - ok
16:41:00.0078 0x10f8  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:41:00.0118 0x10f8  Fs_Rec - ok
16:41:00.0198 0x10f8  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:41:00.0293 0x10f8  fvevol - ok
16:41:00.0328 0x10f8  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
16:41:00.0373 0x10f8  FxPPM - ok
16:41:00.0403 0x10f8  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:41:00.0443 0x10f8  gagp30kx - ok
16:41:00.0478 0x10f8  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:41:00.0518 0x10f8  gencounter - ok
16:41:00.0563 0x10f8  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
16:41:00.0613 0x10f8  GPIOClx0101 - ok
16:41:00.0753 0x10f8  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:41:00.0908 0x10f8  gpsvc - ok
16:41:00.0983 0x10f8  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:41:01.0063 0x10f8  HdAudAddService - ok
16:41:01.0103 0x10f8  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:41:01.0228 0x10f8  HDAudBus - ok
16:41:01.0243 0x10f8  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
16:41:01.0293 0x10f8  HidBatt - ok
16:41:01.0348 0x10f8  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:41:01.0408 0x10f8  HidBth - ok
16:41:01.0428 0x10f8  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:41:01.0468 0x10f8  hidi2c - ok
16:41:01.0488 0x10f8  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
16:41:01.0528 0x10f8  HidIr - ok
16:41:01.0568 0x10f8  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
16:41:01.0643 0x10f8  hidserv - ok
16:41:01.0673 0x10f8  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:41:01.0758 0x10f8  HidUsb - ok
16:41:01.0808 0x10f8  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:41:01.0893 0x10f8  hkmsvc - ok
16:41:01.0938 0x10f8  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:41:02.0018 0x10f8  HomeGroupListener - ok
16:41:02.0088 0x10f8  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:41:02.0178 0x10f8  HomeGroupProvider - ok
16:41:02.0233 0x10f8  [ 86724A200BF1F08A03FB563660FCD928, E2BDD30D7AFECB0F517BB02C788C93D506FB2B180DCA239BC4A1FEDB1E986EAD ] HP DS Service   C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
16:41:02.0258 0x10f8  HP DS Service - detected UnsignedFile.Multi.Generic ( 1 )
16:41:04.0593 0x10f8  Detect skipped due to KSN trusted
16:41:04.0593 0x10f8  HP DS Service - ok
16:41:04.0643 0x10f8  [ 9C42E435F629CD8512BECFA082762425, BC817D05E5B8BE05CAB05F075A2C0B3CCF39E6BBD924BD0040C698F4D4580677 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
16:41:04.0668 0x10f8  HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 )
16:41:07.0008 0x10f8  Detect skipped due to KSN trusted
16:41:07.0008 0x10f8  HP LaserJet Service - ok
16:41:07.0038 0x10f8  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:41:07.0078 0x10f8  HpSAMD - ok
16:41:07.0183 0x10f8  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:41:07.0323 0x10f8  HTTP - ok
16:41:07.0353 0x10f8  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:41:07.0393 0x10f8  hwpolicy - ok
16:41:07.0408 0x10f8  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:41:07.0453 0x10f8  hyperkbd - ok
16:41:07.0473 0x10f8  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:41:07.0508 0x10f8  HyperVideo - ok
16:41:07.0548 0x10f8  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:41:07.0623 0x10f8  i8042prt - ok
16:41:07.0638 0x10f8  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:41:07.0668 0x10f8  iaLPSSi_GPIO - ok
16:41:07.0688 0x10f8  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:41:07.0728 0x10f8  iaLPSSi_I2C - ok
16:41:07.0798 0x10f8  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
16:41:07.0873 0x10f8  iaStorAV - ok
16:41:07.0938 0x10f8  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:41:08.0013 0x10f8  iaStorV - ok
16:41:08.0028 0x10f8  IEEtwCollectorService - ok
16:41:08.0143 0x10f8  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:41:08.0283 0x10f8  IKEEXT - ok
16:41:08.0308 0x10f8  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:41:08.0358 0x10f8  intelide - ok
16:41:08.0403 0x10f8  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
16:41:08.0438 0x10f8  intelpep - ok
16:41:08.0478 0x10f8  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:41:08.0533 0x10f8  intelppm - ok
16:41:08.0568 0x10f8  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:41:08.0693 0x10f8  IpFilterDriver - ok
16:41:08.0798 0x10f8  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:41:08.0918 0x10f8  iphlpsvc - ok
16:41:08.0963 0x10f8  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
16:41:09.0063 0x10f8  IPMIDRV - ok
16:41:09.0088 0x10f8  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:41:09.0163 0x10f8  IPNAT - ok
16:41:09.0188 0x10f8  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:41:09.0228 0x10f8  IRENUM - ok
16:41:09.0268 0x10f8  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:41:09.0313 0x10f8  isapnp - ok
16:41:09.0373 0x10f8  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:41:09.0438 0x10f8  iScsiPrt - ok
16:41:09.0473 0x10f8  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:41:09.0513 0x10f8  kbdclass - ok
16:41:09.0568 0x10f8  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:41:09.0618 0x10f8  kbdhid - ok
16:41:09.0648 0x10f8  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
16:41:09.0703 0x10f8  kdnic - ok
16:41:09.0728 0x10f8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
16:41:09.0773 0x10f8  KeyIso - ok
16:41:09.0813 0x10f8  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:41:09.0858 0x10f8  KSecDD - ok
16:41:09.0913 0x10f8  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:41:09.0963 0x10f8  KSecPkg - ok
16:41:09.0988 0x10f8  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:41:10.0033 0x10f8  ksthunk - ok
16:41:10.0088 0x10f8  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:41:10.0153 0x10f8  KtmRm - ok
16:41:10.0208 0x10f8  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:41:10.0298 0x10f8  LanmanServer - ok
16:41:10.0353 0x10f8  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:41:10.0438 0x10f8  LanmanWorkstation - ok
16:41:10.0513 0x10f8  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
16:41:10.0633 0x10f8  lfsvc - ok
16:41:10.0663 0x10f8  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:41:10.0718 0x10f8  lltdio - ok
16:41:10.0758 0x10f8  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:41:10.0838 0x10f8  lltdsvc - ok
16:41:10.0873 0x10f8  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:41:10.0938 0x10f8  lmhosts - ok
16:41:10.0978 0x10f8  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:41:11.0028 0x10f8  LSI_SAS - ok
16:41:11.0048 0x10f8  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:41:11.0093 0x10f8  LSI_SAS2 - ok
16:41:11.0113 0x10f8  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
16:41:11.0168 0x10f8  LSI_SAS3 - ok
16:41:11.0198 0x10f8  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
16:41:11.0238 0x10f8  LSI_SSS - ok
16:41:11.0343 0x10f8  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
16:41:11.0478 0x10f8  LSM - ok
16:41:11.0508 0x10f8  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:41:11.0623 0x10f8  luafv - ok
16:41:11.0643 0x10f8  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
16:41:11.0683 0x10f8  megasas - ok
16:41:11.0753 0x10f8  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
16:41:11.0853 0x10f8  megasr - ok
16:41:11.0903 0x10f8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
16:41:11.0983 0x10f8  MMCSS - ok
16:41:11.0998 0x10f8  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
16:41:12.0058 0x10f8  Modem - ok
16:41:12.0088 0x10f8  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
16:41:12.0153 0x10f8  monitor - ok
16:41:12.0178 0x10f8  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:41:12.0218 0x10f8  mouclass - ok
16:41:12.0263 0x10f8  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:41:12.0318 0x10f8  mouhid - ok
16:41:12.0353 0x10f8  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:41:12.0408 0x10f8  mountmgr - ok
16:41:12.0458 0x10f8  [ E96D4881189E3241A80EE54EFAB02E00, 13DC3174A2A5CF20C63C3EA5E2FF4060B15B40B02CCB29B41EC7A53047B69D9F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:41:12.0493 0x10f8  MozillaMaintenance - ok
16:41:12.0528 0x10f8  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:41:12.0568 0x10f8  mpsdrv - ok
16:41:12.0623 0x10f8  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:41:12.0688 0x10f8  MpsSvc - ok
16:41:12.0733 0x10f8  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:41:12.0798 0x10f8  MRxDAV - ok
16:41:12.0863 0x10f8  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:41:12.0963 0x10f8  mrxsmb - ok
16:41:13.0023 0x10f8  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:41:13.0123 0x10f8  mrxsmb10 - ok
16:41:13.0163 0x10f8  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:41:13.0228 0x10f8  mrxsmb20 - ok
16:41:13.0258 0x10f8  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:41:13.0323 0x10f8  MsBridge - ok
16:41:13.0378 0x10f8  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
16:41:13.0428 0x10f8  MSDTC - ok
16:41:13.0483 0x10f8  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:41:13.0533 0x10f8  Msfs - ok
16:41:13.0568 0x10f8  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
16:41:13.0613 0x10f8  msgpiowin32 - ok
16:41:13.0638 0x10f8  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:41:13.0693 0x10f8  mshidkmdf - ok
16:41:13.0713 0x10f8  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
16:41:13.0753 0x10f8  mshidumdf - ok
16:41:13.0793 0x10f8  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:41:13.0848 0x10f8  msisadrv - ok
16:41:13.0883 0x10f8  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:41:13.0918 0x10f8  MSiSCSI - ok
16:41:13.0928 0x10f8  msiserver - ok
16:41:13.0943 0x10f8  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:41:13.0963 0x10f8  MSKSSRV - ok
16:41:13.0983 0x10f8  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:41:14.0033 0x10f8  MsLldp - ok
16:41:14.0043 0x10f8  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:41:14.0058 0x10f8  MSPCLOCK - ok
16:41:14.0068 0x10f8  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:41:14.0098 0x10f8  MSPQM - ok
16:41:14.0133 0x10f8  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:41:14.0183 0x10f8  MsRPC - ok
16:41:14.0203 0x10f8  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:41:14.0223 0x10f8  mssmbios - ok
16:41:14.0233 0x10f8  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:41:14.0263 0x10f8  MSTEE - ok
16:41:14.0283 0x10f8  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:41:14.0313 0x10f8  MTConfig - ok
16:41:14.0343 0x10f8  [ 640617B6E682A150C36BE39D78547F6C, 784F712E9DC3EEE81F07946BBA08AA2BEAC7B3961E430B75043645EF7ECA715C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
16:41:14.0358 0x10f8  MTsensor - ok
16:41:14.0378 0x10f8  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
16:41:14.0398 0x10f8  Mup - ok
16:41:14.0418 0x10f8  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:41:14.0438 0x10f8  mvumis - ok
16:41:14.0493 0x10f8  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
16:41:14.0543 0x10f8  napagent - ok
16:41:14.0583 0x10f8  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:41:14.0633 0x10f8  NativeWifiP - ok
16:41:14.0663 0x10f8  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:41:14.0713 0x10f8  NcaSvc - ok
16:41:14.0743 0x10f8  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
16:41:14.0798 0x10f8  NcbService - ok
16:41:14.0833 0x10f8  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:41:14.0913 0x10f8  NcdAutoSetup - ok
16:41:15.0033 0x10f8  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:41:15.0178 0x10f8  NDIS - ok
16:41:15.0218 0x10f8  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:41:15.0268 0x10f8  NdisCap - ok
16:41:15.0308 0x10f8  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:41:15.0368 0x10f8  NdisImPlatform - ok
16:41:15.0398 0x10f8  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:15.0443 0x10f8  NdisTapi - ok
16:41:15.0508 0x10f8  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:15.0578 0x10f8  Ndisuio - ok
16:41:15.0603 0x10f8  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
16:41:15.0658 0x10f8  NdisVirtualBus - ok
16:41:15.0698 0x10f8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:15.0763 0x10f8  NdisWan - ok
16:41:15.0788 0x10f8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:15.0848 0x10f8  NdisWanLegacy - ok
16:41:15.0888 0x10f8  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:41:15.0938 0x10f8  NDProxy - ok
16:41:15.0978 0x10f8  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
16:41:16.0053 0x10f8  Ndu - ok
16:41:16.0098 0x10f8  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
16:41:16.0123 0x10f8  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:41:18.0478 0x10f8  Detect skipped due to KSN trusted
16:41:18.0478 0x10f8  Net Driver HPZ12 - ok
16:41:18.0508 0x10f8  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:41:18.0558 0x10f8  NetBIOS - ok
16:41:18.0608 0x10f8  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:41:18.0703 0x10f8  NetBT - ok
16:41:18.0733 0x10f8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
16:41:18.0773 0x10f8  Netlogon - ok
16:41:18.0833 0x10f8  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
16:41:18.0888 0x10f8  Netman - ok
16:41:18.0973 0x10f8  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:41:19.0053 0x10f8  netprofm - ok
16:41:19.0143 0x10f8  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:41:19.0243 0x10f8  NetTcpPortSharing - ok
16:41:19.0288 0x10f8  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
16:41:19.0358 0x10f8  netvsc - ok
16:41:19.0423 0x10f8  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:41:19.0518 0x10f8  NlaSvc - ok
16:41:19.0558 0x10f8  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:41:19.0608 0x10f8  Npfs - ok
16:41:19.0633 0x10f8  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
16:41:19.0693 0x10f8  npsvctrig - ok
16:41:19.0743 0x10f8  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
16:41:19.0808 0x10f8  nsi - ok
16:41:19.0843 0x10f8  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:41:19.0888 0x10f8  nsiproxy - ok
16:41:20.0088 0x10f8  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:41:20.0323 0x10f8  Ntfs - ok
16:41:20.0353 0x10f8  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
16:41:20.0393 0x10f8  Null - ok
16:41:21.0413 0x10f8  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:41:22.0483 0x10f8  nvlddmkm - ok
16:41:22.0613 0x10f8  [ 37B0088B8E7F2A8AD0AE2281A70E0D13, 50256EEADBBC5CCCF3EBAEB9020D91EDB9961E7404BD41067A4290362BE6962F ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
16:41:22.0673 0x10f8  NVNET - ok
16:41:22.0853 0x10f8  [ 048C6FACA905A7DF0A86D3CC31D7E6AE, 7222B301DBBDFF15B038E13FEA076759D8AC392F5145ECD60A640BDA6CFABE8C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:41:23.0003 0x10f8  NvNetworkService - ok
16:41:23.0048 0x10f8  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:41:23.0098 0x10f8  nvraid - ok
16:41:23.0148 0x10f8  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:41:23.0193 0x10f8  nvstor - ok
16:41:23.0278 0x10f8  [ 3ABCD8F8853FEB12B961E9A48FC12133, 58255D53E810EE0D89FA2F1DC9D6208BF44F3C0FDE74A9264FB740024F1EDD44 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:41:23.0308 0x10f8  NvStreamKms - ok
16:41:23.0318 0x10f8  NvStreamSvc - ok
16:41:23.0433 0x10f8  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:41:23.0548 0x10f8  nvsvc - ok
16:41:23.0578 0x10f8  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:41:23.0613 0x10f8  nvvad_WaveExtensible - ok
16:41:23.0633 0x10f8  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:41:23.0688 0x10f8  nv_agp - ok
16:41:23.0733 0x10f8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:41:23.0813 0x10f8  p2pimsvc - ok
16:41:23.0863 0x10f8  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
16:41:23.0938 0x10f8  p2psvc - ok
16:41:23.0963 0x10f8  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
16:41:24.0008 0x10f8  Parport - ok
16:41:24.0058 0x10f8  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:41:24.0108 0x10f8  partmgr - ok
16:41:24.0183 0x10f8  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:41:24.0268 0x10f8  PcaSvc - ok
16:41:24.0328 0x10f8  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
16:41:24.0393 0x10f8  pci - ok
16:41:24.0423 0x10f8  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:41:24.0458 0x10f8  pciide - ok
16:41:24.0483 0x10f8  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:41:24.0548 0x10f8  pcmcia - ok
16:41:24.0568 0x10f8  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:41:24.0608 0x10f8  pcw - ok
16:41:24.0653 0x10f8  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
16:41:24.0693 0x10f8  pdc - ok
16:41:24.0743 0x10f8  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:41:24.0833 0x10f8  PEAUTH - ok
16:41:24.0908 0x10f8  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:41:25.0003 0x10f8  PerfHost - ok
16:41:25.0168 0x10f8  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
16:41:25.0333 0x10f8  pla - ok
16:41:25.0378 0x10f8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:41:25.0423 0x10f8  PlugPlay - ok
16:41:25.0468 0x10f8  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
16:41:25.0483 0x10f8  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:41:27.0823 0x10f8  Detect skipped due to KSN trusted
16:41:27.0823 0x10f8  Pml Driver HPZ12 - ok
16:41:27.0858 0x10f8  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:41:27.0903 0x10f8  PNRPAutoReg - ok
16:41:27.0958 0x10f8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:41:28.0023 0x10f8  PNRPsvc - ok
16:41:28.0083 0x10f8  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:41:28.0153 0x10f8  PolicyAgent - ok
16:41:28.0228 0x10f8  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
16:41:28.0323 0x10f8  Power - ok
16:41:28.0638 0x10f8  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:41:28.0948 0x10f8  PrintNotify - ok
16:41:28.0993 0x10f8  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
16:41:29.0038 0x10f8  Processor - ok
16:41:29.0083 0x10f8  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:41:29.0178 0x10f8  ProfSvc - ok
16:41:29.0218 0x10f8  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:41:29.0283 0x10f8  Psched - ok
16:41:29.0338 0x10f8  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
16:41:29.0423 0x10f8  QWAVE - ok
16:41:29.0453 0x10f8  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:41:29.0493 0x10f8  QWAVEdrv - ok
16:41:29.0523 0x10f8  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:41:29.0573 0x10f8  RasAcd - ok
16:41:29.0628 0x10f8  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
16:41:29.0683 0x10f8  RasAuto - ok
16:41:29.0753 0x10f8  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
16:41:29.0843 0x10f8  RasMan - ok
16:41:29.0863 0x10f8  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:41:29.0918 0x10f8  RasPppoe - ok
16:41:29.0978 0x10f8  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:41:30.0118 0x10f8  rdbss - ok
16:41:30.0158 0x10f8  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:41:30.0213 0x10f8  rdpbus - ok
16:41:30.0253 0x10f8  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:41:30.0318 0x10f8  RDPDR - ok
16:41:30.0378 0x10f8  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:41:30.0413 0x10f8  RdpVideoMiniport - ok
16:41:30.0453 0x10f8  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:41:30.0513 0x10f8  rdyboost - ok
16:41:30.0608 0x10f8  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
16:41:30.0743 0x10f8  ReFS - ok
16:41:30.0803 0x10f8  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:41:30.0853 0x10f8  RemoteAccess - ok
16:41:30.0903 0x10f8  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:41:30.0968 0x10f8  RemoteRegistry - ok
16:41:31.0003 0x10f8  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:41:31.0063 0x10f8  RpcEptMapper - ok
16:41:31.0093 0x10f8  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
16:41:31.0158 0x10f8  RpcLocator - ok
16:41:31.0253 0x10f8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\Windows\system32\rpcss.dll
16:41:31.0353 0x10f8  RpcSs - ok
16:41:31.0383 0x10f8  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:41:31.0453 0x10f8  rspndr - ok
16:41:31.0478 0x10f8  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
16:41:31.0528 0x10f8  s3cap - ok
16:41:31.0573 0x10f8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
16:41:31.0618 0x10f8  SamSs - ok
16:41:31.0648 0x10f8  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:41:31.0698 0x10f8  sbp2port - ok
16:41:31.0753 0x10f8  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:41:31.0818 0x10f8  SCardSvr - ok
16:41:31.0853 0x10f8  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
16:41:31.0918 0x10f8  ScDeviceEnum - ok
16:41:31.0938 0x10f8  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:41:31.0978 0x10f8  scfilter - ok
16:41:32.0108 0x10f8  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
16:41:32.0268 0x10f8  Schedule - ok
16:41:32.0323 0x10f8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:41:32.0368 0x10f8  SCPolicySvc - ok
16:41:32.0433 0x10f8  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
16:41:32.0508 0x10f8  sdbus - ok
16:41:32.0543 0x10f8  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:41:32.0588 0x10f8  sdstor - ok
16:41:32.0608 0x10f8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:41:32.0688 0x10f8  secdrv - ok
16:41:32.0738 0x10f8  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
16:41:32.0798 0x10f8  seclogon - ok
16:41:32.0828 0x10f8  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
16:41:32.0888 0x10f8  SENS - ok
16:41:32.0938 0x10f8  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:41:33.0023 0x10f8  SensrSvc - ok
16:41:33.0048 0x10f8  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
16:41:33.0093 0x10f8  SerCx - ok
16:41:33.0133 0x10f8  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
16:41:33.0178 0x10f8  SerCx2 - ok
16:41:33.0203 0x10f8  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
16:41:33.0258 0x10f8  Serenum - ok
16:41:33.0278 0x10f8  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
16:41:33.0338 0x10f8  Serial - ok
16:41:33.0378 0x10f8  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:41:33.0428 0x10f8  sermouse - ok
16:41:33.0488 0x10f8  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
16:41:33.0578 0x10f8  SessionEnv - ok
16:41:33.0593 0x10f8  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
16:41:33.0618 0x10f8  sfloppy - ok
16:41:33.0673 0x10f8  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:41:33.0713 0x10f8  SharedAccess - ok
16:41:33.0768 0x10f8  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:41:33.0853 0x10f8  ShellHWDetection - ok
16:41:33.0863 0x10f8  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:41:33.0883 0x10f8  SiSRaid2 - ok
16:41:33.0893 0x10f8  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:41:33.0918 0x10f8  SiSRaid4 - ok
16:41:33.0953 0x10f8  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
16:41:33.0988 0x10f8  smphost - ok
16:41:34.0018 0x10f8  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:41:34.0058 0x10f8  SNMPTRAP - ok
16:41:34.0098 0x10f8  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
16:41:34.0128 0x10f8  spaceport - ok
16:41:34.0148 0x10f8  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
16:41:34.0168 0x10f8  SpbCx - ok
16:41:34.0218 0x10f8  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
16:41:34.0298 0x10f8  Spooler - ok
16:41:34.0543 0x10f8  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
16:41:34.0798 0x10f8  sppsvc - ok
16:41:34.0863 0x10f8  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:41:34.0998 0x10f8  srv - ok
16:41:35.0068 0x10f8  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:41:35.0193 0x10f8  srv2 - ok
16:41:35.0248 0x10f8  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:41:35.0338 0x10f8  srvnet - ok
16:41:35.0393 0x10f8  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:41:35.0463 0x10f8  SSDPSRV - ok
16:41:35.0508 0x10f8  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:41:35.0558 0x10f8  SstpSvc - ok
16:41:35.0618 0x10f8  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
16:41:35.0658 0x10f8  ssudmdm - ok
16:41:35.0758 0x10f8  [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:41:35.0813 0x10f8  Stereo Service - ok
16:41:35.0848 0x10f8  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:41:35.0883 0x10f8  stexstor - ok
16:41:35.0968 0x10f8  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
16:41:36.0093 0x10f8  stisvc - ok
16:41:36.0118 0x10f8  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:41:36.0163 0x10f8  storahci - ok
16:41:36.0208 0x10f8  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:41:36.0243 0x10f8  storflt - ok
16:41:36.0263 0x10f8  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
16:41:36.0313 0x10f8  stornvme - ok
16:41:36.0338 0x10f8  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
16:41:36.0413 0x10f8  StorSvc - ok
16:41:36.0428 0x10f8  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:41:36.0473 0x10f8  storvsc - ok
16:41:36.0498 0x10f8  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
16:41:36.0553 0x10f8  svsvc - ok
16:41:36.0603 0x10f8  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
16:41:36.0658 0x10f8  swenum - ok
16:41:36.0733 0x10f8  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
16:41:36.0848 0x10f8  swprv - ok
16:41:36.0983 0x10f8  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\Windows\system32\sysmain.dll
16:41:37.0153 0x10f8  SysMain - ok
16:41:37.0213 0x10f8  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:41:37.0303 0x10f8  SystemEventsBroker - ok
16:41:37.0353 0x10f8  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:41:37.0423 0x10f8  TabletInputService - ok
16:41:37.0483 0x10f8  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:41:37.0568 0x10f8  TapiSrv - ok
16:41:37.0788 0x10f8  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:41:38.0078 0x10f8  Tcpip - ok
16:41:38.0278 0x10f8  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:41:38.0543 0x10f8  TCPIP6 - ok
16:41:38.0603 0x10f8  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:41:38.0678 0x10f8  tcpipreg - ok
16:41:38.0758 0x10f8  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:41:38.0813 0x10f8  tdx - ok
16:41:39.0283 0x10f8  [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:41:39.0743 0x10f8  TeamViewer - ok
16:41:39.0803 0x10f8  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
16:41:39.0858 0x10f8  teamviewervpn - ok
16:41:39.0888 0x10f8  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:41:39.0928 0x10f8  terminpt - ok
16:41:40.0043 0x10f8  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
16:41:40.0168 0x10f8  TermService - ok
16:41:40.0213 0x10f8  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
16:41:40.0253 0x10f8  Themes - ok
16:41:40.0293 0x10f8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:41:40.0333 0x10f8  THREADORDER - ok
16:41:40.0393 0x10f8  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:41:40.0488 0x10f8  TimeBroker - ok
16:41:40.0533 0x10f8  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
16:41:40.0583 0x10f8  TPM - ok
16:41:40.0638 0x10f8  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
16:41:40.0683 0x10f8  TrkWks - ok
16:41:40.0728 0x10f8  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:41:40.0808 0x10f8  TrustedInstaller - ok
16:41:40.0853 0x10f8  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:41:40.0928 0x10f8  TsUsbFlt - ok
16:41:40.0973 0x10f8  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
16:41:41.0043 0x10f8  TsUsbGD - ok
16:41:41.0083 0x10f8  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:41:41.0168 0x10f8  tunnel - ok
16:41:41.0183 0x10f8  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:41:41.0223 0x10f8  uagp35 - ok
16:41:41.0263 0x10f8  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:41:41.0303 0x10f8  UASPStor - ok
16:41:41.0353 0x10f8  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:41:41.0418 0x10f8  UCX01000 - ok
16:41:41.0483 0x10f8  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:41:41.0568 0x10f8  udfs - ok
16:41:41.0598 0x10f8  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
16:41:41.0638 0x10f8  UEFI - ok
16:41:41.0693 0x10f8  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:41:41.0753 0x10f8  UI0Detect - ok
16:41:41.0773 0x10f8  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:41:41.0813 0x10f8  uliagpkx - ok
16:41:41.0838 0x10f8  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
16:41:41.0903 0x10f8  umbus - ok
16:41:41.0933 0x10f8  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:41:41.0978 0x10f8  UmPass - ok
16:41:42.0028 0x10f8  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:41:42.0113 0x10f8  UmRdpService - ok
16:41:42.0188 0x10f8  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
16:41:42.0263 0x10f8  upnphost - ok
16:41:42.0308 0x10f8  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
16:41:42.0363 0x10f8  usbccgp - ok
16:41:42.0408 0x10f8  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:41:42.0458 0x10f8  usbcir - ok
16:41:42.0498 0x10f8  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
16:41:42.0538 0x10f8  usbehci - ok
16:41:42.0608 0x10f8  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:41:42.0693 0x10f8  usbhub - ok
16:41:42.0773 0x10f8  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
16:41:42.0858 0x10f8  USBHUB3 - ok
16:41:42.0893 0x10f8  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
16:41:43.0068 0x10f8  usbohci - ok
16:41:43.0098 0x10f8  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:41:43.0153 0x10f8  usbprint - ok
16:41:43.0188 0x10f8  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\Windows\System32\drivers\usbscan.sys
16:41:43.0248 0x10f8  usbscan - ok
16:41:43.0298 0x10f8  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
16:41:43.0348 0x10f8  USBSTOR - ok
16:41:43.0383 0x10f8  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
16:41:43.0428 0x10f8  usbuhci - ok
16:41:43.0498 0x10f8  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
16:41:43.0568 0x10f8  USBXHCI - ok
16:41:43.0593 0x10f8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
16:41:43.0638 0x10f8  VaultSvc - ok
16:41:43.0658 0x10f8  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:41:43.0703 0x10f8  vdrvroot - ok
16:41:43.0843 0x10f8  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
16:41:44.0013 0x10f8  vds - ok
16:41:44.0053 0x10f8  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
16:41:44.0108 0x10f8  VerifierExt - ok
16:41:44.0183 0x10f8  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
16:41:44.0278 0x10f8  vhdmp - ok
16:41:44.0293 0x10f8  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:41:44.0333 0x10f8  viaide - ok
16:41:44.0358 0x10f8  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:41:44.0403 0x10f8  vmbus - ok
16:41:44.0428 0x10f8  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:41:44.0473 0x10f8  VMBusHID - ok
16:41:44.0538 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:41:44.0618 0x10f8  vmicguestinterface - ok
16:41:44.0663 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
16:41:44.0743 0x10f8  vmicheartbeat - ok
16:41:44.0808 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:41:44.0888 0x10f8  vmickvpexchange - ok
16:41:44.0943 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
16:41:45.0023 0x10f8  vmicrdv - ok
16:41:45.0068 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:41:45.0123 0x10f8  vmicshutdown - ok
16:41:45.0158 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:41:45.0193 0x10f8  vmictimesync - ok
16:41:45.0223 0x10f8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
16:41:45.0263 0x10f8  vmicvss - ok
16:41:45.0273 0x10f8  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:41:45.0298 0x10f8  volmgr - ok
16:41:45.0343 0x10f8  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:41:45.0383 0x10f8  volmgrx - ok
16:41:45.0433 0x10f8  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:41:45.0468 0x10f8  volsnap - ok
16:41:45.0493 0x10f8  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
16:41:45.0513 0x10f8  vpci - ok
16:41:45.0538 0x10f8  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:41:45.0563 0x10f8  vsmraid - ok
16:41:45.0658 0x10f8  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\Windows\system32\vssvc.exe
16:41:45.0753 0x10f8  VSS - ok
16:41:45.0793 0x10f8  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:41:45.0828 0x10f8  VSTXRAID - ok
16:41:45.0853 0x10f8  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:41:45.0958 0x10f8  vwifibus - ok
16:41:46.0018 0x10f8  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
16:41:46.0123 0x10f8  W32Time - ok
16:41:46.0148 0x10f8  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:41:46.0198 0x10f8  WacomPen - ok
16:41:46.0358 0x10f8  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
16:41:46.0563 0x10f8  wbengine - ok
16:41:46.0638 0x10f8  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:41:46.0733 0x10f8  WbioSrvc - ok
16:41:46.0788 0x10f8  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:41:46.0858 0x10f8  Wcmsvc - ok
16:41:46.0913 0x10f8  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:41:46.0988 0x10f8  wcncsvc - ok
16:41:47.0028 0x10f8  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:41:47.0088 0x10f8  WcsPlugInService - ok
16:41:47.0123 0x10f8  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:41:47.0168 0x10f8  WdBoot - ok
16:41:47.0268 0x10f8  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:41:47.0368 0x10f8  Wdf01000 - ok
16:41:47.0423 0x10f8  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:41:47.0483 0x10f8  WdFilter - ok
16:41:47.0528 0x10f8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:41:47.0583 0x10f8  WdiServiceHost - ok
16:41:47.0598 0x10f8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:41:47.0658 0x10f8  WdiSystemHost - ok
16:41:47.0693 0x10f8  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
16:41:47.0738 0x10f8  WdNisDrv - ok
16:41:47.0763 0x10f8  WdNisSvc - ok
16:41:47.0808 0x10f8  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\Windows\System32\webclnt.dll
16:41:47.0883 0x10f8  WebClient - ok
16:41:47.0938 0x10f8  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:41:48.0023 0x10f8  Wecsvc - ok
16:41:48.0073 0x10f8  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
16:41:48.0118 0x10f8  WEPHOSTSVC - ok
16:41:48.0173 0x10f8  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:41:48.0258 0x10f8  wercplsupport - ok
16:41:48.0298 0x10f8  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
16:41:48.0353 0x10f8  WerSvc - ok
16:41:48.0393 0x10f8  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
16:41:48.0443 0x10f8  WFPLWFS - ok
16:41:48.0488 0x10f8  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:41:48.0543 0x10f8  WiaRpc - ok
16:41:48.0568 0x10f8  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:41:48.0608 0x10f8  WIMMount - ok
16:41:48.0618 0x10f8  WinDefend - ok
16:41:48.0723 0x10f8  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:41:48.0838 0x10f8  WinHttpAutoProxySvc - ok
16:41:48.0903 0x10f8  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:41:48.0988 0x10f8  Winmgmt - ok
16:41:49.0223 0x10f8  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:41:49.0483 0x10f8  WinRM - ok
16:41:49.0558 0x10f8  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
16:41:49.0598 0x10f8  WinUsb - ok
16:41:49.0738 0x10f8  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
16:41:49.0913 0x10f8  WlanSvc - ok
16:41:50.0078 0x10f8  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
16:41:50.0248 0x10f8  wlidsvc - ok
16:41:50.0288 0x10f8  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
16:41:50.0333 0x10f8  WmiAcpi - ok
16:41:50.0393 0x10f8  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:41:50.0453 0x10f8  wmiApSrv - ok
16:41:50.0483 0x10f8  WMPNetworkSvc - ok
16:41:50.0543 0x10f8  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
16:41:50.0598 0x10f8  Wof - ok
16:41:50.0773 0x10f8  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
16:41:50.0988 0x10f8  workfolderssvc - ok
16:41:51.0048 0x10f8  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
16:41:51.0088 0x10f8  wpcfltr - ok
16:41:51.0123 0x10f8  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:41:51.0168 0x10f8  WPCSvc - ok
16:41:51.0193 0x10f8  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:41:51.0283 0x10f8  WPDBusEnum - ok
16:41:51.0313 0x10f8  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
16:41:51.0353 0x10f8  WpdUpFltr - ok
16:41:51.0373 0x10f8  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:41:51.0428 0x10f8  ws2ifsl - ok
16:41:51.0478 0x10f8  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:41:51.0573 0x10f8  wscsvc - ok
16:41:51.0608 0x10f8  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
16:41:51.0643 0x10f8  WSDPrintDevice - ok
16:41:51.0663 0x10f8  WSearch - ok
16:41:51.0978 0x10f8  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
16:41:52.0388 0x10f8  WSService - ok
16:41:52.0708 0x10f8  [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:41:53.0088 0x10f8  wuauserv - ok
16:41:53.0143 0x10f8  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:41:53.0213 0x10f8  WudfPf - ok
16:41:53.0253 0x10f8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:41:53.0318 0x10f8  WUDFRd - ok
16:41:53.0373 0x10f8  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:41:53.0423 0x10f8  wudfsvc - ok
16:41:53.0458 0x10f8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
16:41:53.0508 0x10f8  WUDFWpdFs - ok
16:41:53.0538 0x10f8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
16:41:53.0593 0x10f8  WUDFWpdMtp - ok
16:41:53.0663 0x10f8  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:41:53.0743 0x10f8  WwanSvc - ok
16:41:53.0773 0x10f8  ================ Scan global ===============================
16:41:53.0813 0x10f8  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\Windows\system32\basesrv.dll
16:41:53.0868 0x10f8  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
16:41:53.0918 0x10f8  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
16:41:53.0988 0x10f8  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:41:54.0018 0x10f8  [ Global ] - ok
16:41:54.0023 0x10f8  ================ Scan MBR ==================================
16:41:54.0043 0x10f8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:41:54.0438 0x10f8  \Device\Harddisk0\DR0 - ok
16:41:54.0438 0x10f8  ================ Scan VBR ==================================
16:41:54.0443 0x10f8  [ 7DDD718E6CD1D4349C5D5C4868BFDDBD ] \Device\Harddisk0\DR0\Partition1
16:41:54.0513 0x10f8  \Device\Harddisk0\DR0\Partition1 - ok
16:41:54.0523 0x10f8  [ 95614751B1AB417401D8BCE7E2E12A90 ] \Device\Harddisk0\DR0\Partition2
16:41:54.0583 0x10f8  \Device\Harddisk0\DR0\Partition2 - ok
16:41:54.0593 0x10f8  [ 75D0F1A15C66C9FE7D66DE790D0E4058 ] \Device\Harddisk0\DR0\Partition3
16:41:54.0598 0x10f8  \Device\Harddisk0\DR0\Partition3 - ok
16:41:54.0608 0x10f8  [ B180D628F7B4878FC9FC446AE9171A23 ] \Device\Harddisk0\DR0\Partition4
16:41:54.0613 0x10f8  \Device\Harddisk0\DR0\Partition4 - ok
16:41:54.0618 0x10f8  ================ Scan generic autorun ======================
16:41:54.0843 0x10f8  [ 436A83E5555A8449B9BFBE1AAB314654, DE956310B2EF80B43399E63E309E659018879942EBBA5063B9A366C2314E8158 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:41:55.0043 0x10f8  NvBackend - ok
16:41:55.0108 0x10f8  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
16:41:55.0183 0x10f8  ShadowPlay - ok
16:41:55.0318 0x10f8  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
16:41:55.0408 0x10f8  avgnt - ok
16:41:55.0488 0x10f8  [ 9C99AF6C0C4892A83066FFA04265F95C, 18E94B8322960C56A7D0BEDF77D026F0318904ECC230B6121E97E6993B999B4F ] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
16:41:55.0528 0x10f8  StatusAlerts - ok
16:41:55.0788 0x10f8  [ F1021BD18F1F726DAD6E00398FD1CCB6, A76FC4DFB1E9BFE0B920C78E36C1E77D4AA2224D37A26B26AD843D60949D2214 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
16:41:56.0038 0x10f8  KeePass 2 PreLoad - ok
16:41:56.0103 0x10f8  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
16:41:56.0133 0x10f8  HP Software Update - ok
16:41:56.0138 0x10f8  Waiting for KSN requests completion. In queue: 312
16:41:57.0143 0x10f8  Waiting for KSN requests completion. In queue: 312
16:41:58.0148 0x10f8  Waiting for KSN requests completion. In queue: 312
16:41:59.0193 0x10f8  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
16:41:59.0193 0x10f8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
16:41:59.0203 0x10f8  Win FW state via NFP2: enabled ( trusted )
16:42:01.0558 0x10f8  ============================================================
16:42:01.0558 0x10f8  Scan finished
16:42:01.0558 0x10f8  ============================================================
16:42:01.0588 0x13f8  Detected object count: 0
16:42:01.0588 0x13f8  Actual detected object count: 0
         
Mir ist noch eingefallen, dass der Mailaccount auch über mein Android-Smartphone verwaltet wird, nur dass ich den Mailversand so gut wie nie benutzt habe. Vielleicht sollte ich mir
das mal genauer anschauen.

Vielen Dank für deine Unterstützung


Alt 28.09.2015, 14:38   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



Account vom Handy löschen, neu anlegen, Passwort ändern.

Malware ist da keine
__________________
--> Mails werden automatisch versendet

Alt 28.09.2015, 16:56   #7
strommueller
 
Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



Hi Schrauber,

supi , werde den Account vom Handy löschen und neu anlegen.
PW ist eh schon geändert worden.

Nochmals vielen vielen Dank für Deine Hilfe

Alt 29.09.2015, 13:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Mails werden automatisch versendet - Standard

Mails werden automatisch versendet



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Mails werden automatisch versendet
anderer, anleitung, antivirus, ausgeführt, automatisch, avira, code, edition, emails, essen, geändert, hallo zusammen, important, important message, infektion, mails, message, network, please, problem, programm, tagen, tauchen, titel, wahrscheinlich, zusammen



Ähnliche Themen: Mails werden automatisch versendet


  1. Outlook versendet automatisch Mails
    Plagegeister aller Art und deren Bekämpfung - 22.10.2015 (18)
  2. Mails werden automatisch versendet
    Plagegeister aller Art und deren Bekämpfung - 15.10.2015 (9)
  3. Win7-HomePremium - Outlook2010 versendet automatisch Mails
    Log-Analyse und Auswertung - 22.08.2015 (21)
  4. Spam-Mails werden von meiner web.de Adresse versendet
    Log-Analyse und Auswertung - 19.04.2015 (2)
  5. MSN Mails werden mehrfach versendet aber blieben gleichzeitig im Ausgang
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (23)
  6. Yahoo-Account versendet automatisch Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  7. GMX versendet automatisch Spam Mails + Rechner extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 27.05.2013 (5)
  8. Trojaner? Yahoo-Mail versendet automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (11)
  9. Trojaner? Mails werden automatisch von Outlook versendet
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  10. seltsame Mails mit meinem gmx Absender werden versendet
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  11. E-Mails werden ohne mein Zutun versendet
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (1)
  12. Web.de versendet automatisch E-Mails, obwohl ich mich seit 2 Jahren nicht angemeldet hab
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (1)
  13. Computer versendet automatisch mit Hotmail an alle Kontakte Spam-Mails
    Log-Analyse und Auswertung - 08.02.2011 (13)
  14. Infizierte E-Mails werden von meinem Konto versendet an alle Kontakte.
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (3)
  15. Mein Hotmail versendet automatisch mails VIRUS?
    Log-Analyse und Auswertung - 10.10.2010 (59)
  16. Es werden Spam Mails von meiner E-Mail Adresse versendet.
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (20)
  17. Tausende Mails werden versendet, System lahmgelegt!
    Plagegeister aller Art und deren Bekämpfung - 26.04.2007 (4)

Zum Thema Mails werden automatisch versendet - Hallo zusammen, seit ein paar Tagen werden automatisch E-Mails an einige Kontakte in EssentialsPIM Pro Network versendet, Die tauchen aber nicht in den "Gesendeten" oder anderswo auf. Die Emails haben - Mails werden automatisch versendet...
Archiv
Du betrachtest: Mails werden automatisch versendet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.