Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 10: Crypt0L0cker verschlüsselt Daten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.02.2017, 10:50   #1
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Hochgeschätzter Tronjaner-Board,

im Jahr 2013 war der Computer meiner Mutter mit einem Trojaner befallen. Ihr habt uns damals sehr geholfen. Seit gestern hat meine Mutter nun wieder ein Problem mit einem Trojaner und ich möchte euch bitten uns noch mal zu helfen.

Betriebssystem: Windows 10. 64 Bit

Problem: Vermutlich durch das Öffnen eines Links in einer Fake Email wurde gestern der Crypt0L0cker Virus installiert.
Folgende Botschaft erscheint "Warnung. Wir verschlüsseln Ihre Dateien mit Crypt0L0cker Virus. Ihre wichtigen Dateien (einschließlich der an den Netzwerk-Festplatten, USB, etc): Fotos, Videos, Dokumente etc wurden mit Croypt0L0cker Virus verschlüsselt..."

Soweit ich verstanden habe, ist es nicht möglich die verschlüsselten Daten wiederherzustellen ohne an die Trojaner Produzenten zu zahlen. Jedoch wäre es eine große Hilfe, wenn wir den Crypt0L0cker entfernen könnten ohne den Computer neu aufsetzen zu müssen. Falls ihr das für realistisch haltet, würde ich um eure Hilfe bitten.

Im Folgenden die Log-files die ich nach der Anleitung im Trojaner Board erstellt habe:

Datei FRST.txt (nicht modifiziert von mir)
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
durchgeführt von susanna (Administrator) auf DESKTOP-UCUGHB0 (18-02-2017 09:52:01)
Gestartet von C:\Users\susanna\Desktop
Geladene Profile: susanna (Verfügbare Profile: susanna)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Google, Inc) C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-10-31] (Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [761552 2015-10-31] (Conexant Systems, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Update] => C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Photos Backup] => C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [elediqox] => C:\ProgramData\ezrqataz.exe [420141 2017-02-17] ()
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\MountPoints2: {21bb27df-a001-11e6-9bd9-94659c8225c0} - "F:\AutoRun.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{17ebd3bc-c7ce-4046-89a5-d93e4956d619}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7c21e3e9-6321-477e-8d68-76fb76ab94b1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9307f2c0-06fa-4da8-960f-c7d233cd6b4e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f121af7d-fab6-4796-b816-605c5b1d4f30}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: migbducy.default
FF ProfilePath: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default [2017-02-18]
FF Extension: (Firefox Hotfix) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\features\{3fd508e7-50e6-4634-b2a5-13969366ccb4}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF SearchPlugin: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\searchplugins\amazoncom-pro.xml [2015-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=3 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=9 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Brother XP spl Service; C:\WINDOWS\SysWoW64\brsvc01a.exe [57344 2015-11-07] (brother Industries Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-20] (Windows (R) Win 7 DDK provider)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2015-10-31] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370072 2015-10-31] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [243800 2015-10-26] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-10-31] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263792 2016-01-18] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [53248 2015-10-31] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [548848 2016-01-23] (Intel Corporation)
R3 hidemi; C:\WINDOWS\System32\drivers\hidemi.sys [37720 2015-10-31] (Microchip)
U5 iaStorB; C:\Windows\System32\Drivers\iaStorB.sys [559576 2015-05-21] (Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-04] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 mchpemi; C:\WINDOWS\System32\drivers\mchpemi.sys [46432 2015-10-31] (Microchip)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [6731520 2016-01-29] (Intel Corporation)
R3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [46568 2015-10-31] (Nfc GPIO Driver)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-11] (AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-11] (AMD, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [772336 2015-10-31] (Realsil Semiconductor Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-10-31] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [760832 2016-03-09] (Sunplus)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [74352 2016-01-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2016-02-17] (HP)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-18 09:52 - 2017-02-18 09:52 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arfxribw.sys
2017-02-18 09:52 - 2017-02-18 09:52 - 00015381 _____ C:\Users\susanna\Desktop\FRST.txt
2017-02-18 09:51 - 2017-02-18 09:52 - 00000000 ____D C:\FRST
2017-02-18 09:48 - 2017-02-18 09:51 - 02422272 _____ (Farbar) C:\Users\susanna\Desktop\FRST64.exe
2017-02-18 09:39 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\Desktop\ForcePad Tutorial.lnk
2017-02-18 09:39 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad Tutorial.lnk
2017-02-18 09:39 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\Desktop\ForcePad-Einstellungen.lnk
2017-02-18 09:39 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad-Einstellungen.lnk
2017-02-17 11:11 - 2017-02-17 11:14 - 00604928 _____ (Reimage) C:\Users\susanna\Downloads\ReimageRepair.exe
2017-02-17 10:42 - 2017-02-17 10:42 - 00003801 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:42 - 2017-02-17 10:42 - 00001250 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:10 - 2017-02-17 10:10 - 00003801 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:10 - 2017-02-17 10:10 - 00001250 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-18 09:40 - 00003801 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:00 - 2017-02-18 09:40 - 00001250 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-17 10:01 - 00000000 ____D C:\ProgramData\uwupefovygigylih
2017-02-02 17:02 - 2017-02-17 10:00 - 00000000 ____D C:\Users\susanna\Desktop\LOLI
2017-02-02 16:41 - 2017-02-17 10:00 - 00214608 _____ C:\Users\susanna\Desktop\Totes Gebirge 7 September 2011.JPG.jqvcak
2017-02-02 16:38 - 2017-02-17 10:00 - 00381338 _____ C:\Users\susanna\Desktop\Totes Gebirge 6 September 2011.JPG.unaban
2017-02-02 16:36 - 2017-02-17 10:00 - 00187221 _____ C:\Users\susanna\Desktop\Totes Gebirge 5 September 2011.JPG.fhemet
2017-02-02 16:33 - 2017-02-17 10:00 - 00424168 _____ C:\Users\susanna\Desktop\Totes Gebirge 3 September 2011.JPG.ggoner
2017-02-02 16:33 - 2017-02-17 10:00 - 00292373 _____ C:\Users\susanna\Desktop\Totes Gebirge 2 September 2011.JPG.dvymiw
2017-02-02 16:31 - 2017-02-17 10:00 - 00332029 _____ C:\Users\susanna\Desktop\Totes Gebirge September 2011.JPG.rtpdug
2017-02-02 16:28 - 2017-02-17 10:00 - 00111492 _____ C:\Users\susanna\Desktop\Navis Februar 2012.JPG.aridos
2017-02-02 16:16 - 2017-02-17 10:00 - 00345980 _____ C:\Users\susanna\Desktop\Kölpreinsperre 2 Mai 2012.JPG.ibbqaz
2017-02-02 16:09 - 2017-02-17 10:00 - 00200317 _____ C:\Users\susanna\Desktop\Villgratner Berge 3 September 2012.JPG.ifitin
2017-02-01 18:34 - 2017-02-17 10:00 - 00013049 _____ C:\Users\susanna\Desktop\Ansuchen Bäume.docx.umuqun
2017-01-29 11:23 - 2017-01-29 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 14:26 - 2017-02-17 10:00 - 00014448 _____ C:\Users\susanna\Desktop\MALTABERG NF.docx.ylyfiw
2017-01-26 17:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-26 17:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-26 17:18 - 2017-01-26 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-18 09:47 - 2015-10-31 13:35 - 00000000 ____D C:\Users\susanna\AppData\Roaming\Skype
2017-02-18 09:43 - 2016-12-10 21:05 - 00000000 ____D C:\Users\susanna\AppData\LocalLow\Mozilla
2017-02-18 09:43 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 09:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 09:40 - 2016-10-09 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-18 09:40 - 2015-10-31 13:35 - 00000000 ____D C:\ProgramData\Skype
2017-02-18 09:39 - 2016-09-23 06:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-18 09:39 - 2015-10-31 12:53 - 00000000 __SHD C:\Users\susanna\IntelGraphicsProfiles
2017-02-17 15:18 - 2016-09-23 06:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 11:12 - 2015-10-31 12:48 - 00000000 ____D C:\Users\susanna\AppData\Local\Packages
2017-02-17 10:42 - 2016-09-23 06:26 - 00000000 ____D C:\Users\susanna
2017-02-17 10:10 - 2016-05-17 10:51 - 00013931 _____ C:\Users\susanna\MA42_FRisterstreckung.docx.iwysuf
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Wanderungen, 60+ AV, 55+ und NF
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Schlewe
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ____D C:\Users\susanna\Documents\temporär
2017-02-17 10:10 - 2015-11-07 11:21 - 00421758 _____ C:\Users\susanna\Documents\schwarzaberg karte.docx.abiwej
2017-02-17 10:10 - 2015-11-07 11:21 - 00011523 _____ C:\Users\susanna\Documents\Teilnehmer dt f Bettina.docx.shysiw
2017-02-17 10:10 - 2015-11-07 11:21 - 00011340 _____ C:\Users\susanna\Documents\TANZLISTE.docx.epacmp
2017-02-17 10:08 - 2016-06-21 17:15 - 00350255 _____ C:\Users\susanna\Documents\Litzlkogel  und Sulzenstein vom Hirschbichl.docx.utuzir
2017-02-17 10:08 - 2015-11-07 11:38 - 00000000 ____D C:\Users\susanna\Documents\Rechnungen Schlewe
2017-02-17 10:08 - 2015-11-07 11:22 - 00000000 ___RD C:\Users\susanna\Documents\MALEN
2017-02-17 10:08 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\fast alles
2017-02-17 10:08 - 2015-11-01 19:36 - 00000000 ____D C:\Users\susanna\Documents\OneNote-Notizbücher
2017-02-17 10:08 - 2015-10-31 13:45 - 00000000 ____D C:\Users\susanna\Documents\DokumentationHP.Laptop2015
2017-02-17 10:07 - 2016-09-23 09:57 - 00000000 ___RD C:\Users\susanna\3D Objects
2017-02-17 10:07 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-17 10:07 - 2015-11-07 11:21 - 00019379 _____ C:\Users\susanna\Documents\28.3.Schleweliste u Ergängzung.docx.ypujgv
2017-02-17 10:07 - 2015-11-07 11:21 - 00018366 _____ C:\Users\susanna\Documents\AV u 55+ 2016.docx.ixallh
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Deutsch
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Chor
2017-02-17 10:07 - 2015-01-16 03:58 - 00000000 ____D C:\SWSETUP
2017-02-17 10:07 - 2013-12-04 00:39 - 00000000 _RSHD C:\SYSTEM.SAV
2017-02-17 10:00 - 2017-01-09 17:18 - 00000000 ____D C:\Users\susanna\Desktop\MUSIK
2017-02-17 10:00 - 2016-12-26 09:24 - 00116956 _____ C:\Users\susanna\Desktop\Antrag um Herabsetzung der Wassergebühr 26.12.16.pdf.lfofom
2017-02-17 10:00 - 2016-12-23 20:21 - 00013322 _____ C:\Users\susanna\Desktop\AnleitungDruckerReparatur.docx.ejaqrm
2017-02-17 10:00 - 2016-12-23 19:39 - 02588790 _____ C:\Users\susanna\Desktop\DruckerWien_OfficJet6100.pdf.ubabib
2017-02-17 10:00 - 2016-12-18 11:27 - 00019253 _____ C:\Users\susanna\Desktop\NICHT FERTIG WERDEN.docx.yrepop
2017-02-17 10:00 - 2016-11-27 18:04 - 00000000 ___RD C:\Users\susanna\Desktop\RECHNUNGEN ab WIEN
2017-02-17 10:00 - 2016-11-24 17:36 - 00000000 ___RD C:\Users\susanna\Desktop\Clio Kolb
2017-02-17 10:00 - 2016-11-24 17:32 - 00000000 ___RD C:\Users\susanna\Desktop\Schlehenweg ab Nov 2016
2017-02-17 10:00 - 2016-11-14 09:19 - 00018637 _____ C:\Users\susanna\Desktop\reservierung pflersch.pdf.ecikom
2017-02-17 10:00 - 2016-02-03 17:21 - 00015733 _____ C:\Users\susanna\Desktop\lee county tax receipt.docx.ewupuq
2017-02-17 10:00 - 2015-12-17 09:35 - 00000000 ____D C:\Users\susanna\Desktop\LAURA
2017-02-17 10:00 - 2015-11-12 11:26 - 00002625 _____ C:\Users\susanna\Desktop\89525906.gma.ujelum
2017-02-09 18:02 - 2016-11-27 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-29 10:20 - 2015-10-31 13:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 19:28 - 2016-12-18 11:24 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 19:28 - 2015-10-31 12:50 - 00002400 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 19:28 - 2015-10-31 12:50 - 00000000 ___RD C:\Users\susanna\OneDrive
2017-01-26 18:03 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:18 - 2016-10-18 13:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-26 17:18 - 2016-10-17 22:07 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-23 16:42 - 2015-10-31 13:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 11:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-17 10:42 - 2017-02-17 10:42 - 0167042 _____ () C:\ProgramData\uxakedyn.png
2017-02-18 09:40 - 2017-02-18 09:40 - 0167042 _____ () C:\ProgramData\yselykeh.png

Einige Dateien in TEMP:
====================
2017-02-17 09:59 - 2017-02-17 09:59 - 0420141 _____ () C:\Users\susanna\AppData\Local\Temp\edkogi.exe
2016-12-01 16:16 - 2016-12-01 16:16 - 49781216 _____ (Garmin Ltd or its subsidiaries) C:\Users\susanna\AppData\Local\Temp\GarminExpressInstaller.exe
2017-02-17 02:21 - 2017-02-17 02:21 - 0081920 _____ (PC-Doctor, Inc.) C:\Users\susanna\AppData\Local\Temp\veterans.dll
2016-12-10 21:10 - 2016-12-10 21:10 - 30533688 _____ () C:\Users\susanna\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-17 12:43

==================== Ende von FRST.txt ============================
         

Datei Addition.txt (nicht modifiziert von mir)
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017
durchgeführt von susanna (18-02-2017 09:53:10)
Gestartet von C:\Users\susanna\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-23 05:34:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3683660684-3316546758-4205979231-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3683660684-3316546758-4205979231-503 - Limited - Disabled)
Gast (S-1-5-21-3683660684-3316546758-4205979231-501 - Limited - Disabled)
susanna (S-1-5-21-3683660684-3316546758-4205979231-1001 - Administrator - Enabled) => C:\Users\susanna

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin TOPO Austria v3 (HKLM-x32\...\{4B7C3B57-CBD5-49DA-BEA7-A915FA1643B4}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Photos Backup (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.01.801 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\MyFreeCodec) (Version:  - )
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.44 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {12E6FE17-CC83-4A4D-90DD-BEC6042D0832} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA1d2588d997bf6bd => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {224CD830-CA7F-49AF-A6F9-C4D051F7DC8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {4AC0BE52-F36C-448B-A6BB-2460E5F6720C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {69434E4E-BCC5-44C5-AB95-A2ECCC96EF1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core1d2588d996efa3d => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {70DEC05D-CAE9-40A1-BBCF-3EF5B6B6CB6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9AE7084B-5526-4DAC-B7E8-691AF6EB73DF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\susanna\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {E0B29A8D-C017-411B-A2AA-FDB3E452C369} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {E33FB378-797F-4873-9D18-0ADD0F156A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22] (Adobe Systems Incorporated)
Task: {EF58117B-509E-4BB7-B7D0-EF9CDF6E9D67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {FB997945-3F15-4E01-873F-01333AC693A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {FDF687D5-B584-479D-B23E-38CC281A9696} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\susanna\Desktop\backup\backup_machen3 - Verknüpfung.lnk -> C:\Program Files (x86)\robocopy\backup_machen3.bat (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-31 12:57 - 2015-10-31 12:57 - 00022528 _____ () C:\WINDOWS\system32\fpCSEvtSvc.exe
2016-11-05 21:31 - 2015-10-26 08:40 - 00243800 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 07:20 - 2016-09-23 07:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 09:57 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 09:57 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 09:57 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 09:57 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-08 18:14 - 2016-11-08 18:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 14:43 - 2017-01-16 14:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\arfxribw.sys:changelist [1026]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-07-10 12:04 - 2017-01-26 17:18 - 00000859 ____A C:\WINDOWS\system32\Drivers\etc\hosts


0.0.0.1	mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Control Panel\Desktop\\Wallpaper -> C:\ProgramData\yselykeh.png
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8F90A27-979A-4F5F-97DE-8BCD22D5B068}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9A8674F-27D8-4803-91AB-E1AB92A49AB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7562C4A4-0795-4BD8-A9C4-D60126AF3E5C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED4AB7D3-B38F-4F44-8D64-3CE233E52D83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE03FFD1-7168-4AF9-954A-9CC58DEA3F88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Wiederherstellungspunkte =========================

26-01-2017 18:02:35 Windows Update
04-02-2017 11:49:11 Geplanter Prüfpunkt
17-02-2017 13:05:37 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: NXP NearFieldProximity Provider
Description: NXP NearFieldProximity Provider
Class Guid: {9a2fc585-7316-46f1-9577-500920304f9d}
Manufacturer: NXP Semiconductors(Proximity)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/17/2017 01:05:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/17/2017 12:51:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/04/2017 11:49:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/03/2017 03:44:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/26/2017 06:02:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (01/26/2017 06:02:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (02/18/2017 09:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 09:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 09:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 03:18:59 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 03:14:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 01:17:58 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 11:45:13 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 09:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 09:52:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/17/2017 09:52:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) M-5Y51 CPU @ 1.10GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8067.11 MB
Verfügbarer physikalischer RAM: 5352.18 MB
Summe virtueller Speicher: 9347.11 MB
Verfügbarer virtueller Speicher: 6250.75 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:220.51 GB) (Free:62.49 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.96 GB) (Free:1.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: EF688436)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         
Auf dem Computer ist der Windows Defender installiert. Folgende Element werden dort als in Quarantäne befindliche Elemente aufgezählt (ein richtiges Log-file konnte ich nicht finden).

Code:
ATTFilter
Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
file:C:\Users\susanna\AppData\Local\Temp\edkogi.exe

Online weitere Informationen zu diesem Element abrufen
         
und

Code:
ATTFilter
Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
file:C:\ProgramData\ezrqataz.exe
runkey:HKCU@S-1-5-21-3683660684-3316546758-4205979231-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\elediqox
regkey:HKCU@S-1-5-21-3683660684-3316546758-4205979231-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\elediqox

Online weitere Informationen zu diesem Element abrufen
         

Vielen Dank und ich freu mich von euch zu hören,

Uli

Alt 18.02.2017, 16:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.02.2017, 20:47   #3
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Hallo cosinus,

vielen Dank für die Anleitung. Es hat alles problemlos funktioniert.
Hier die Log-files:

mbar log erstes mal scannen:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.18.05
  rootkit: v2017.02.15.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
susanna :: DESKTOP-UCUGHB0 [administrator]

18.02.2017 19:09:16
mbar-log-2017-02-18 (19-09-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 333467
Time elapsed: 27 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\susanna\AppData\Local\Temp\veterans.dll (Ransom.Crypt0L0cker) -> Delete on reboot. [e7860e96c3e504329cadc21c67997d83]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

mbar log zweites mal scannen:


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.18.06
  rootkit: v2017.02.15.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
susanna :: DESKTOP-UCUGHB0 [administrator]

18.02.2017 19:42:54
mbar-log-2017-02-18 (19-42-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 332886
Time elapsed: 21 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

TDSSKiller erstes mal scannen (Teil 1 von 2):

Code:
ATTFilter
20:11:13.0518 0x09f4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
20:11:24.0950 0x09f4  ============================================================
20:11:24.0950 0x09f4  Current date / time: 2017/02/18 20:11:24.0950
20:11:24.0950 0x09f4  SystemInfo:
20:11:24.0953 0x09f4  
20:11:24.0953 0x09f4  OS Version: 10.0.14393 ServicePack: 0.0
20:11:24.0953 0x09f4  Product type: Workstation
20:11:24.0953 0x09f4  ComputerName: DESKTOP-UCUGHB0
20:11:24.0953 0x09f4  UserName: susanna
20:11:24.0953 0x09f4  Windows directory: C:\WINDOWS
20:11:24.0953 0x09f4  System windows directory: C:\WINDOWS
20:11:24.0953 0x09f4  Running under WOW64
20:11:24.0953 0x09f4  Processor architecture: Intel x64
20:11:24.0954 0x09f4  Number of processors: 4
20:11:24.0954 0x09f4  Page size: 0x1000
20:11:24.0954 0x09f4  Boot type: Normal boot
20:11:24.0955 0x09f4  CodeIntegrityOptions = 0x00000001
20:11:24.0955 0x09f4  ============================================================
20:11:25.0167 0x09f4  KLMD registered as C:\WINDOWS\system32\drivers\94139930.sys
20:11:25.0167 0x09f4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
20:11:27.0085 0x09f4  System UUID: {A37E1B6F-15F8-F7E4-D5C2-2136543FD0AC}
20:11:28.0488 0x09f4  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:11:28.0505 0x09f4  ============================================================
20:11:28.0505 0x09f4  \Device\Harddisk0\DR0:
20:11:28.0505 0x09f4  MBR partitions:
20:11:28.0505 0x09f4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200800
20:11:28.0505 0x09f4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x201000, BlocksNum 0x1B904800
20:11:28.0505 0x09f4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB05800, BlocksNum 0x1DEB000
20:11:28.0505 0x09f4  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x1D8F0800, BlocksNum 0x400000
20:11:28.0505 0x09f4  ============================================================
20:11:28.0507 0x09f4  C: <-> \Device\Harddisk0\DR0\Partition2
20:11:28.0509 0x09f4  D: <-> \Device\Harddisk0\DR0\Partition3
20:11:28.0510 0x09f4  E: <-> \Device\Harddisk0\DR0\Partition4
20:11:28.0510 0x09f4  ============================================================
20:11:28.0510 0x09f4  Initialize success
20:11:28.0510 0x09f4  ============================================================
20:12:48.0751 0x1114  ============================================================
20:12:48.0751 0x1114  Scan started
20:12:48.0751 0x1114  Mode: Manual; SigCheck; TDLFS; 
20:12:48.0751 0x1114  ============================================================
20:12:48.0751 0x1114  KSN ping started
20:12:56.0004 0x1114  KSN ping finished: true
20:12:57.0065 0x1114  ================ Scan system memory ========================
20:12:57.0065 0x1114  System memory - ok
20:12:57.0066 0x1114  ================ Scan services =============================
20:12:57.0123 0x1114  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:12:57.0187 0x1114  1394ohci - ok
20:12:57.0198 0x1114  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:12:57.0215 0x1114  3ware - ok
20:12:57.0239 0x1114  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:12:57.0288 0x1114  ACPI - ok
20:12:57.0293 0x1114  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
20:12:57.0310 0x1114  AcpiDev - ok
20:12:57.0317 0x1114  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:12:57.0341 0x1114  acpiex - ok
20:12:57.0347 0x1114  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:12:57.0370 0x1114  acpipagr - ok
20:12:57.0377 0x1114  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:12:57.0399 0x1114  AcpiPmi - ok
20:12:57.0404 0x1114  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:12:57.0419 0x1114  acpitime - ok
20:12:57.0428 0x1114  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:12:57.0439 0x1114  AdobeARMservice - ok
20:12:57.0470 0x1114  [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:12:57.0493 0x1114  AdobeFlashPlayerUpdateSvc - ok
20:12:57.0525 0x1114  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:12:57.0587 0x1114  ADP80XX - ok
20:12:57.0607 0x1114  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:12:57.0637 0x1114  AFD - ok
20:12:57.0652 0x1114  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:12:57.0693 0x1114  ahcache - ok
20:12:57.0698 0x1114  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
20:12:57.0716 0x1114  AJRouter - ok
20:12:57.0724 0x1114  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
20:12:57.0748 0x1114  ALG - ok
20:12:57.0758 0x1114  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:12:57.0789 0x1114  AmdK8 - ok
20:12:57.0796 0x1114  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:12:57.0816 0x1114  AmdPPM - ok
20:12:57.0823 0x1114  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:12:57.0838 0x1114  amdsata - ok
20:12:57.0850 0x1114  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:12:57.0885 0x1114  amdsbs - ok
20:12:57.0891 0x1114  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:12:57.0904 0x1114  amdxata - ok
20:12:57.0911 0x1114  [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
20:12:57.0932 0x1114  AppHostSvc - ok
20:12:57.0942 0x1114  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:12:57.0967 0x1114  AppID - ok
20:12:57.0977 0x1114  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:12:58.0007 0x1114  AppIDSvc - ok
20:12:58.0014 0x1114  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:12:58.0043 0x1114  Appinfo - ok
20:12:58.0049 0x1114  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
20:12:58.0092 0x1114  applockerfltr - ok
20:12:58.0100 0x1114  [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:12:58.0125 0x1114  AppMgmt - ok
20:12:58.0143 0x1114  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:12:58.0199 0x1114  AppReadiness - ok
20:12:58.0222 0x1114  [ 99CA3E622070FDBD7B75EB7E86B2DE40, 12BDD092667250EBC99B4D597897C1B2C83115CD83ECCDEAC36B2D9C9BEA77B6 ] AppVClient      C:\WINDOWS\system32\AppVClient.exe
20:12:58.0265 0x1114  AppVClient - ok
20:12:58.0278 0x1114  [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm        C:\WINDOWS\system32\drivers\AppvStrm.sys
20:12:58.0299 0x1114  AppvStrm - ok
20:12:58.0309 0x1114  [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr       C:\WINDOWS\system32\drivers\AppvVemgr.sys
20:12:58.0326 0x1114  AppvVemgr - ok
20:12:58.0334 0x1114  [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs         C:\WINDOWS\system32\drivers\AppvVfs.sys
20:12:58.0356 0x1114  AppvVfs - ok
20:12:58.0419 0x1114  [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:12:58.0541 0x1114  AppXSvc - ok
20:12:58.0556 0x1114  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:12:58.0580 0x1114  arcsas - ok
20:12:58.0598 0x1114  [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:12:58.0614 0x1114  aspnet_state - ok
20:12:58.0620 0x1114  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
20:12:58.0639 0x1114  AsyncMac - ok
20:12:58.0645 0x1114  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:12:58.0662 0x1114  atapi - ok
20:12:58.0680 0x1114  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:12:58.0717 0x1114  AudioEndpointBuilder - ok
20:12:58.0742 0x1114  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:12:58.0808 0x1114  Audiosrv - ok
20:12:58.0815 0x1114  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:12:58.0835 0x1114  AxInstSV - ok
20:12:58.0856 0x1114  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:12:58.0897 0x1114  b06bdrv - ok
20:12:58.0903 0x1114  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:12:58.0918 0x1114  BasicDisplay - ok
20:12:58.0925 0x1114  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:12:58.0943 0x1114  BasicRender - ok
20:12:58.0953 0x1114  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
20:12:58.0981 0x1114  bcmfn - ok
20:12:58.0988 0x1114  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:12:59.0005 0x1114  bcmfn2 - ok
20:12:59.0018 0x1114  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:12:59.0062 0x1114  BDESVC - ok
20:12:59.0069 0x1114  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:12:59.0090 0x1114  Beep - ok
20:12:59.0117 0x1114  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
20:12:59.0179 0x1114  BFE - ok
20:12:59.0210 0x1114  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\WINDOWS\System32\qmgr.dll
20:12:59.0282 0x1114  BITS - ok
20:12:59.0292 0x1114  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:12:59.0316 0x1114  bowser - ok
20:12:59.0338 0x1114  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:12:59.0406 0x1114  BrokerInfrastructure - ok
20:12:59.0412 0x1114  [ C711ED965009BDCFF9AA62CEB6FF1AAD, 083E981F983653329C2B8361963CA81D5D88E164C7738035F701A10CCB1C85CC ] Brother XP spl Service C:\WINDOWS\SysWoW64\brsvc01a.exe
20:12:59.0431 0x1114  Brother XP spl Service - ok
20:12:59.0440 0x1114  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
20:12:59.0467 0x1114  Browser - ok
20:12:59.0474 0x1114  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:12:59.0497 0x1114  BthAvrcpTg - ok
20:12:59.0505 0x1114  [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
20:12:59.0528 0x1114  BthEnum - ok
20:12:59.0533 0x1114  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:12:59.0558 0x1114  BthHFEnum - ok
20:12:59.0568 0x1114  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:12:59.0592 0x1114  bthhfhid - ok
20:12:59.0606 0x1114  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:12:59.0633 0x1114  BthHFSrv - ok
20:12:59.0644 0x1114  [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
20:12:59.0683 0x1114  BthLEEnum - ok
20:12:59.0690 0x1114  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:12:59.0707 0x1114  BTHMODEM - ok
20:12:59.0714 0x1114  [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
20:12:59.0738 0x1114  BthPan - ok
20:12:59.0777 0x1114  [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
20:12:59.0833 0x1114  BTHPORT - ok
20:12:59.0845 0x1114  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:12:59.0877 0x1114  bthserv - ok
20:12:59.0888 0x1114  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
20:12:59.0905 0x1114  BTHUSB - ok
20:12:59.0910 0x1114  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:12:59.0928 0x1114  buttonconverter - ok
20:12:59.0935 0x1114  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
20:12:59.0988 0x1114  CapImg - ok
20:12:59.0995 0x1114  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:13:00.0017 0x1114  cdfs - ok
20:13:00.0030 0x1114  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
20:13:00.0087 0x1114  CDPSvc - ok
20:13:00.0100 0x1114  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
20:13:00.0127 0x1114  CDPUserSvc - ok
20:13:00.0138 0x1114  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:13:00.0166 0x1114  cdrom - ok
20:13:00.0181 0x1114  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:13:00.0212 0x1114  CertPropSvc - ok
20:13:00.0223 0x1114  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
20:13:00.0246 0x1114  cht4iscsi - ok
20:13:00.0308 0x1114  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
20:13:00.0402 0x1114  cht4vbd - ok
20:13:00.0410 0x1114  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:13:00.0425 0x1114  circlass - ok
20:13:00.0437 0x1114  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:13:00.0472 0x1114  CLFS - ok
20:13:00.0572 0x1114  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:13:00.0689 0x1114  ClickToRunSvc - ok
20:13:00.0716 0x1114  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
20:13:00.0753 0x1114  ClipSVC - ok
20:13:00.0762 0x1114  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
20:13:00.0786 0x1114  clreg - ok
20:13:00.0799 0x1114  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:13:00.0815 0x1114  CmBatt - ok
20:13:00.0834 0x1114  [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:13:00.0880 0x1114  CNG - ok
20:13:00.0885 0x1114  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:13:00.0900 0x1114  cnghwassist - ok
20:13:00.0919 0x1114  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:13:00.0934 0x1114  CompositeBus - ok
20:13:00.0941 0x1114  COMSysApp - ok
20:13:00.0949 0x1114  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:13:00.0971 0x1114  condrv - ok
20:13:00.0998 0x1114  [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:13:01.0038 0x1114  CoreMessagingRegistrar - ok
20:13:01.0076 0x1114  [ 4709DFA8EB8F9468DC3B2A532B12677D, 09F5270FC8C5279BDE37FFA486ACFEB2F7BE2383DC4D417618BF2BB20656ACDB ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:13:01.0217 0x1114  cphs - ok
20:13:01.0224 0x1114  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:13:01.0249 0x1114  CryptSvc - ok
20:13:01.0275 0x1114  [ 03214883D52FAD46573233852344C72C, 63DCCDD895EB804D205ABB8EA381B34FB0879D09E4D0EB0B28F9B2BB1024BAB7 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
20:13:01.0313 0x1114  CSC - ok
20:13:01.0334 0x1114  [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService      C:\WINDOWS\System32\cscsvc.dll
20:13:01.0396 0x1114  CscService - ok
20:13:01.0402 0x1114  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:13:01.0417 0x1114  dam - ok
20:13:01.0423 0x1114  [ 38ABCA069E5C5B0F3C79A974A7FE49BD, 7CD5A177DBFED46C622818452EDD4439864561B0C99323D2ACCCEC49732FB2E3 ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
20:13:01.0432 0x1114  DbxSvc - ok
20:13:01.0464 0x1114  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:13:01.0523 0x1114  DcomLaunch - ok
20:13:01.0531 0x1114  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
20:13:01.0574 0x1114  DcpSvc - ok
20:13:01.0595 0x1114  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:13:01.0635 0x1114  defragsvc - ok
20:13:01.0652 0x1114  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:13:01.0703 0x1114  DeviceAssociationService - ok
20:13:01.0710 0x1114  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:13:01.0734 0x1114  DeviceInstall - ok
20:13:01.0741 0x1114  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
20:13:01.0766 0x1114  DevQueryBroker - ok
20:13:01.0778 0x1114  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:13:01.0810 0x1114  Dfsc - ok
20:13:01.0823 0x1114  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:13:01.0865 0x1114  Dhcp - ok
20:13:01.0876 0x1114  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:13:01.0904 0x1114  diagnosticshub.standardcollector.service - ok
20:13:01.0953 0x1114  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:13:02.0064 0x1114  DiagTrack - ok
20:13:02.0077 0x1114  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:13:02.0096 0x1114  disk - ok
20:13:02.0110 0x1114  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:13:02.0150 0x1114  DmEnrollmentSvc - ok
20:13:02.0157 0x1114  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:13:02.0180 0x1114  dmvsc - ok
20:13:02.0186 0x1114  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:13:02.0217 0x1114  dmwappushservice - ok
20:13:02.0227 0x1114  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:13:02.0269 0x1114  Dnscache - ok
20:13:02.0285 0x1114  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:13:02.0313 0x1114  dot3svc - ok
20:13:02.0321 0x1114  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:13:02.0333 0x1114  dot4 - ok
20:13:02.0339 0x1114  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
20:13:02.0348 0x1114  Dot4Print - ok
20:13:02.0355 0x1114  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:13:02.0370 0x1114  dot4usb - ok
20:13:02.0382 0x1114  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
20:13:02.0410 0x1114  DPS - ok
20:13:02.0420 0x1114  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:13:02.0438 0x1114  drmkaud - ok
20:13:02.0450 0x1114  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:13:02.0491 0x1114  DsmSvc - ok
20:13:02.0498 0x1114  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
20:13:02.0523 0x1114  DsSvc - ok
20:13:02.0589 0x1114  [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:13:02.0671 0x1114  DXGKrnl - ok
20:13:02.0698 0x1114  [ 43BEFBADEDD63234DCA58ABE93A73DD7, F9491A5516C0C445AB270741BA1ADAC18570167B0A5A8AC464C8C9966B185460 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
20:13:02.0725 0x1114  e1dexpress - ok
20:13:02.0732 0x1114  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:13:02.0763 0x1114  EapHost - ok
20:13:02.0854 0x1114  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:13:02.0989 0x1114  ebdrv - ok
20:13:03.0002 0x1114  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
20:13:03.0016 0x1114  EFS - ok
20:13:03.0023 0x1114  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:13:03.0039 0x1114  EhStorClass - ok
20:13:03.0048 0x1114  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:13:03.0071 0x1114  EhStorTcgDrv - ok
20:13:03.0083 0x1114  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
20:13:03.0108 0x1114  embeddedmode - ok
20:13:03.0118 0x1114  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:13:03.0147 0x1114  EntAppSvc - ok
20:13:03.0153 0x1114  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:13:03.0177 0x1114  ErrDev - ok
20:13:03.0201 0x1114  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
20:13:03.0235 0x1114  EventSystem - ok
20:13:03.0249 0x1114  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:13:03.0289 0x1114  exfat - ok
20:13:03.0302 0x1114  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:13:03.0323 0x1114  fastfat - ok
20:13:03.0343 0x1114  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:13:03.0399 0x1114  Fax - ok
20:13:03.0404 0x1114  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:13:03.0419 0x1114  fdc - ok
20:13:03.0423 0x1114  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:13:03.0449 0x1114  fdPHost - ok
20:13:03.0456 0x1114  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:13:03.0489 0x1114  FDResPub - ok
20:13:03.0496 0x1114  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:13:03.0523 0x1114  fhsvc - ok
20:13:03.0530 0x1114  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
20:13:03.0558 0x1114  FileCrypt - ok
20:13:03.0566 0x1114  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:13:03.0587 0x1114  FileInfo - ok
20:13:03.0593 0x1114  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:13:03.0611 0x1114  Filetrace - ok
20:13:03.0615 0x1114  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:13:03.0630 0x1114  flpydisk - ok
20:13:03.0645 0x1114  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:13:03.0681 0x1114  FltMgr - ok
20:13:03.0729 0x1114  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:13:03.0835 0x1114  FontCache - ok
20:13:03.0846 0x1114  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:13:03.0861 0x1114  FontCache3.0.0.0 - ok
20:13:03.0868 0x1114  [ 9F2CCAE7A5FDDA948F6028829AA9AFD8, 593FF6A3FC4EFA725CE0FDA5839A47221E58C92648B22237C84C3A1BE1B418E7 ] fpCsEvtSvc      C:\WINDOWS\system32\fpCSEvtSvc.exe
20:13:03.0890 0x1114  fpCsEvtSvc - ok
20:13:03.0913 0x1114  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
20:13:03.0971 0x1114  FrameServer - ok
20:13:03.0981 0x1114  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:13:03.0996 0x1114  FsDepends - ok
20:13:04.0001 0x1114  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:13:04.0014 0x1114  Fs_Rec - ok
20:13:04.0035 0x1114  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:13:04.0083 0x1114  fvevol - ok
20:13:04.0124 0x1114  [ 3FCE1DA0F96C183D605BDF11C70B1176, FBF7DC215ED74FE01D82B211767CA1CBB8374209000C0E180216E90DA936A347 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
20:13:04.0164 0x1114  Garmin Device Interaction Service - ok
20:13:04.0172 0x1114  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:13:04.0195 0x1114  gencounter - ok
20:13:04.0199 0x1114  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
20:13:04.0215 0x1114  genericusbfn - ok
20:13:04.0224 0x1114  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:13:04.0242 0x1114  GPIOClx0101 - ok
20:13:04.0292 0x1114  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:13:04.0359 0x1114  gpsvc - ok
20:13:04.0366 0x1114  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:13:04.0406 0x1114  GpuEnergyDrv - ok
20:13:04.0412 0x1114  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
20:13:04.0421 0x1114  grmnusb - ok
20:13:04.0429 0x1114  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:13:04.0449 0x1114  HDAudBus - ok
20:13:04.0457 0x1114  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:13:04.0483 0x1114  HidBatt - ok
20:13:04.0494 0x1114  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:13:04.0514 0x1114  HidBth - ok
20:13:04.0520 0x1114  [ 92B629AB6741AE3CE233DBD40136C6D0, 87E18A625E349FBCD58D6B61BBDD7841C5BF4595E663249C5A7A41B03EB5ED62 ] hidemi          C:\WINDOWS\System32\drivers\hidemi.sys
20:13:04.0529 0x1114  hidemi - ok
20:13:04.0534 0x1114  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:13:04.0554 0x1114  hidi2c - ok
20:13:04.0564 0x1114  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:13:04.0589 0x1114  hidinterrupt - ok
20:13:04.0594 0x1114  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:13:04.0612 0x1114  HidIr - ok
20:13:04.0616 0x1114  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:13:04.0636 0x1114  hidserv - ok
20:13:04.0642 0x1114  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:13:04.0688 0x1114  HidUsb - ok
20:13:04.0699 0x1114  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:13:04.0730 0x1114  HomeGroupListener - ok
20:13:04.0744 0x1114  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:13:04.0790 0x1114  HomeGroupProvider - ok
20:13:04.0797 0x1114  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:13:04.0811 0x1114  HpSAMD - ok
20:13:04.0842 0x1114  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:13:04.0901 0x1114  HTTP - ok
20:13:04.0908 0x1114  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
20:13:04.0927 0x1114  HvHost - ok
20:13:04.0931 0x1114  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
20:13:04.0949 0x1114  hvservice - ok
20:13:04.0955 0x1114  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:13:04.0976 0x1114  hwpolicy - ok
20:13:04.0984 0x1114  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:13:05.0001 0x1114  hyperkbd - ok
20:13:05.0009 0x1114  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:13:05.0028 0x1114  i8042prt - ok
20:13:05.0033 0x1114  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
20:13:05.0052 0x1114  iagpio - ok
20:13:05.0061 0x1114  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
20:13:05.0089 0x1114  iai2c - ok
20:13:05.0095 0x1114  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:13:05.0115 0x1114  iaLPSS2i_GPIO2 - ok
20:13:05.0126 0x1114  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:13:05.0142 0x1114  iaLPSS2i_I2C - ok
20:13:05.0149 0x1114  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:13:05.0166 0x1114  iaLPSSi_GPIO - ok
20:13:05.0179 0x1114  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:13:05.0209 0x1114  iaLPSSi_I2C - ok
20:13:05.0235 0x1114  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:13:05.0291 0x1114  iaStorAV - ok
20:13:05.0320 0x1114  [ A25F83F6F395AF38DB89E002E2D8CFEE, 334503CCE397623CF73034601EC68EE9A1011C9A157CDFB37C927749A92F48E0 ] iaStorS         C:\WINDOWS\System32\drivers\iaStorS.sys
20:13:05.0401 0x1114  iaStorS - ok
20:13:05.0419 0x1114  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:13:05.0452 0x1114  iaStorV - ok
20:13:05.0481 0x1114  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
20:13:05.0527 0x1114  ibbus - ok
20:13:05.0532 0x1114  ibtsiva - ok
20:13:05.0548 0x1114  [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
20:13:05.0589 0x1114  ibtusb - ok
20:13:05.0604 0x1114  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
20:13:05.0638 0x1114  icssvc - ok
20:13:05.0835 0x1114  [ 74C62314A8746B192427A961B743145C, 941007C27F7A9C215204449ABD62A4827646251264E626E90305C326D3BE5E14 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:13:06.0098 0x1114  igfx - ok
20:13:06.0127 0x1114  [ 027FFB47D28D9B6E8FFABB6AA635C184, BBDE9519901B124C0206642D3D57851807E692AE7472434BD9A5F9434DEC8432 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:13:06.0154 0x1114  igfxCUIService2.0.0.0 - ok
20:13:06.0197 0x1114  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:13:06.0264 0x1114  IKEEXT - ok
20:13:06.0275 0x1114  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:13:06.0300 0x1114  IndirectKmd - ok
20:13:06.0447 0x1114  [ CC64BCB199C6B130B2731A6C23B9AAFB, BFD7953F67ED0791BE54094141B9A4721B2612F6D08E425E45F26277D6CEBC98 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:13:06.0631 0x1114  IntcAzAudAddService - ok
20:13:06.0661 0x1114  [ FA06FD050994E9A42FEDFDC96992C842, 5863D218AB27032C71D5CE1315A5E7D8355316CC1D0B7BB0705E8DE00A8F0DD3 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:13:06.0701 0x1114  IntcDAud - ok
20:13:06.0708 0x1114  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:13:06.0723 0x1114  intelide - ok
20:13:06.0730 0x1114  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:13:06.0748 0x1114  intelpep - ok
20:13:06.0761 0x1114  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:13:06.0800 0x1114  intelppm - ok
20:13:06.0808 0x1114  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
20:13:06.0826 0x1114  iorate - ok
20:13:06.0834 0x1114  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:13:06.0862 0x1114  IpFilterDriver - ok
20:13:06.0906 0x1114  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:13:06.0990 0x1114  iphlpsvc - ok
20:13:06.0999 0x1114  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:13:07.0024 0x1114  IPMIDRV - ok
20:13:07.0036 0x1114  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:13:07.0082 0x1114  IPNAT - ok
20:13:07.0097 0x1114  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
20:13:07.0125 0x1114  irda - ok
20:13:07.0130 0x1114  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:13:07.0154 0x1114  IRENUM - ok
20:13:07.0163 0x1114  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
20:13:07.0196 0x1114  irmon - ok
20:13:07.0202 0x1114  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:13:07.0219 0x1114  isapnp - ok
20:13:07.0232 0x1114  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:13:07.0269 0x1114  iScsiPrt - ok
20:13:07.0279 0x1114  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:13:07.0304 0x1114  kbdclass - ok
20:13:07.0311 0x1114  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:13:07.0354 0x1114  kbdhid - ok
20:13:07.0363 0x1114  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
20:13:07.0400 0x1114  kdnic - ok
20:13:07.0414 0x1114  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:13:07.0429 0x1114  KeyIso - ok
20:13:07.0437 0x1114  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:13:07.0462 0x1114  KSecDD - ok
20:13:07.0477 0x1114  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:13:07.0507 0x1114  KSecPkg - ok
20:13:07.0513 0x1114  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:13:07.0547 0x1114  ksthunk - ok
20:13:07.0575 0x1114  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:13:07.0628 0x1114  KtmRm - ok
20:13:07.0643 0x1114  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:13:07.0694 0x1114  LanmanServer - ok
20:13:07.0710 0x1114  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:13:07.0753 0x1114  LanmanWorkstation - ok
20:13:07.0764 0x1114  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
20:13:07.0795 0x1114  lfsvc - ok
20:13:07.0802 0x1114  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
20:13:07.0831 0x1114  LicenseManager - ok
20:13:07.0838 0x1114  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
20:13:07.0865 0x1114  lltdio - ok
20:13:07.0886 0x1114  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:13:07.0923 0x1114  lltdsvc - ok
20:13:07.0929 0x1114  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:13:07.0956 0x1114  lmhosts - ok
20:13:07.0972 0x1114  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:13:08.0002 0x1114  LSI_SAS - ok
20:13:08.0012 0x1114  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:13:08.0033 0x1114  LSI_SAS2i - ok
20:13:08.0043 0x1114  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:13:08.0073 0x1114  LSI_SAS3i - ok
20:13:08.0097 0x1114  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:13:08.0120 0x1114  LSI_SSS - ok
20:13:08.0145 0x1114  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\WINDOWS\System32\lsm.dll
20:13:08.0218 0x1114  LSM - ok
20:13:08.0226 0x1114  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:13:08.0256 0x1114  luafv - ok
20:13:08.0266 0x1114  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\WINDOWS\System32\moshost.dll
20:13:08.0305 0x1114  MapsBroker - ok
20:13:08.0322 0x1114  [ 06F7CA8FCF54DED400A1E9A9222DB24F, 40FECDE3494578FFB31C6457911529C093B6BD76FF257C858A132D0E1BB4CC83 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe
20:13:08.0344 0x1114  McComponentHostService - ok
20:13:08.0353 0x1114  [ A634947A7CE6900324E78FF374B818A8, 06AC25B2428BB182C746B20C74BCA2B64ACBF2544EEFFA30D62EA6D52791F73E ] mchpemi         C:\WINDOWS\System32\drivers\mchpemi.sys
20:13:08.0371 0x1114  mchpemi - ok
20:13:08.0381 0x1114  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:13:08.0407 0x1114  megasas - ok
20:13:08.0414 0x1114  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:13:08.0433 0x1114  megasas2i - ok
20:13:08.0458 0x1114  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:13:08.0515 0x1114  megasr - ok
20:13:08.0526 0x1114  [ 41661A854917E74E9FF19B41D41B4784, 1069FC1297C85ED4DBB9BE25000C3F33593CDCB76CF7C8536A7F7A3EB4F90B43 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:13:08.0545 0x1114  MEIx64 - ok
20:13:08.0554 0x1114  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:13:08.0603 0x1114  MessagingService - ok
20:13:08.0635 0x1114  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:13:08.0697 0x1114  mlx4_bus - ok
20:13:08.0708 0x1114  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
20:13:08.0729 0x1114  MMCSS - ok
20:13:08.0740 0x1114  [ DDAED861209B52A15C97BF3D22176BD6, 265C3115A59021A069CD7818D5FD13BB9273CC40E73AF2B5740CF82BFFA9B190 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
20:13:08.0765 0x1114  Mobile Broadband HL Service - ok
20:13:08.0775 0x1114  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:13:08.0812 0x1114  Modem - ok
20:13:08.0819 0x1114  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:13:08.0839 0x1114  monitor - ok
20:13:08.0849 0x1114  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:13:08.0876 0x1114  mouclass - ok
20:13:08.0885 0x1114  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:13:08.0911 0x1114  mouhid - ok
20:13:08.0919 0x1114  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:13:08.0941 0x1114  mountmgr - ok
20:13:08.0952 0x1114  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:13:08.0978 0x1114  MozillaMaintenance - ok
20:13:08.0991 0x1114  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:13:09.0021 0x1114  mpsdrv - ok
20:13:09.0061 0x1114  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:13:09.0142 0x1114  MpsSvc - ok
20:13:09.0155 0x1114  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:13:09.0219 0x1114  MRxDAV - ok
20:13:09.0235 0x1114  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:13:09.0281 0x1114  mrxsmb - ok
20:13:09.0298 0x1114  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:13:09.0337 0x1114  mrxsmb10 - ok
         
Forsetzung erster scan TDSSKiller in nächstem Post
__________________

Geändert von umor (18.02.2017 um 20:59 Uhr)

Alt 18.02.2017, 20:49   #4
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Forsetzung erster scan TDSSKiller (Teil 2 von 2)
Code:
ATTFilter
20:13:09.0350 0x1114  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:13:09.0385 0x1114  mrxsmb20 - ok
20:13:09.0397 0x1114  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
20:13:09.0423 0x1114  MsBridge - ok
20:13:09.0432 0x1114  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:13:09.0470 0x1114  MSDTC - ok
20:13:09.0486 0x1114  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:13:09.0513 0x1114  Msfs - ok
20:13:09.0520 0x1114  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:13:09.0538 0x1114  msgpiowin32 - ok
20:13:09.0545 0x1114  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:13:09.0575 0x1114  mshidkmdf - ok
20:13:09.0584 0x1114  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:13:09.0615 0x1114  mshidumdf - ok
20:13:09.0621 0x1114  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:13:09.0639 0x1114  msisadrv - ok
20:13:09.0652 0x1114  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:13:09.0702 0x1114  MSiSCSI - ok
20:13:09.0708 0x1114  msiserver - ok
20:13:09.0714 0x1114  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:13:09.0741 0x1114  MSKSSRV - ok
20:13:09.0751 0x1114  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
20:13:09.0790 0x1114  MsLldp - ok
20:13:09.0795 0x1114  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:13:09.0824 0x1114  MSPCLOCK - ok
20:13:09.0829 0x1114  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:13:09.0865 0x1114  MSPQM - ok
20:13:09.0891 0x1114  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:13:09.0926 0x1114  MsRPC - ok
20:13:09.0938 0x1114  [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt        C:\WINDOWS\system32\drivers\mssecflt.sys
20:13:09.0966 0x1114  MsSecFlt - ok
20:13:09.0977 0x1114  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:13:10.0002 0x1114  mssmbios - ok
20:13:10.0008 0x1114  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:13:10.0037 0x1114  MSTEE - ok
20:13:10.0043 0x1114  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:13:10.0074 0x1114  MTConfig - ok
20:13:10.0086 0x1114  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:13:10.0117 0x1114  Mup - ok
20:13:10.0125 0x1114  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:13:10.0144 0x1114  mvumis - ok
20:13:10.0176 0x1114  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:13:10.0233 0x1114  NativeWifiP - ok
20:13:10.0244 0x1114  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:13:10.0283 0x1114  NcaSvc - ok
20:13:10.0302 0x1114  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:13:10.0341 0x1114  NcbService - ok
20:13:10.0351 0x1114  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:13:10.0408 0x1114  NcdAutoSetup - ok
20:13:10.0417 0x1114  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
20:13:10.0434 0x1114  ndfltr - ok
20:13:10.0488 0x1114  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:13:10.0549 0x1114  NDIS - ok
20:13:10.0564 0x1114  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
20:13:10.0594 0x1114  NdisCap - ok
20:13:10.0604 0x1114  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:13:10.0637 0x1114  NdisImPlatform - ok
20:13:10.0644 0x1114  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:13:10.0690 0x1114  NdisTapi - ok
20:13:10.0698 0x1114  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
20:13:10.0721 0x1114  Ndisuio - ok
20:13:10.0726 0x1114  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:13:10.0749 0x1114  NdisVirtualBus - ok
20:13:10.0763 0x1114  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
20:13:10.0814 0x1114  NdisWan - ok
20:13:10.0824 0x1114  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:13:10.0870 0x1114  ndiswanlegacy - ok
20:13:10.0879 0x1114  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:13:10.0919 0x1114  ndproxy - ok
20:13:10.0927 0x1114  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:13:10.0971 0x1114  Ndu - ok
20:13:10.0985 0x1114  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:13:11.0028 0x1114  NetAdapterCx - ok
20:13:11.0039 0x1114  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
20:13:11.0069 0x1114  NetBIOS - ok
20:13:11.0102 0x1114  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:13:11.0177 0x1114  NetBT - ok
20:13:11.0194 0x1114  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:13:11.0234 0x1114  Netlogon - ok
20:13:11.0259 0x1114  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
20:13:11.0338 0x1114  Netman - ok
20:13:11.0380 0x1114  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:13:11.0487 0x1114  netprofm - ok
20:13:11.0519 0x1114  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
20:13:11.0608 0x1114  NetSetupSvc - ok
20:13:11.0629 0x1114  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:13:11.0676 0x1114  NetTcpPortSharing - ok
20:13:12.0119 0x1114  [ F9F84522CF84CF4A4EB9DDF19200BA9B, 7C773566A4F38FF2AF9C1BC74AED680DF4F19983564987119C7468B0FAA28579 ] Netwtw02        C:\WINDOWS\System32\drivers\Netwtw02.sys
20:13:12.0565 0x1114  Netwtw02 - ok
20:13:12.0603 0x1114  [ 09531BC5A41E4537FB8CF3E09E6D6DEC, 94E516E634E980FB0C7211A2FB1675F198D0327F188556A800451D3A41CE5A75 ] nfcgpiomanager  C:\WINDOWS\System32\drivers\nfcgpiomanager.sys
20:13:12.0631 0x1114  nfcgpiomanager - ok
20:13:12.0659 0x1114  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
20:13:12.0752 0x1114  NgcCtnrSvc - ok
20:13:12.0831 0x1114  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
20:13:13.0038 0x1114  NgcSvc - ok
20:13:13.0078 0x1114  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:13:13.0184 0x1114  NlaSvc - ok
20:13:13.0200 0x1114  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:13:13.0261 0x1114  Npfs - ok
20:13:13.0281 0x1114  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:13:13.0340 0x1114  npsvctrig - ok
20:13:13.0361 0x1114  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:13:13.0433 0x1114  nsi - ok
20:13:13.0452 0x1114  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:13:13.0519 0x1114  nsiproxy - ok
20:13:13.0728 0x1114  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
20:13:13.0978 0x1114  NTFS - ok
20:13:13.0999 0x1114  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:13:14.0040 0x1114  Null - ok
20:13:14.0058 0x1114  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:13:14.0110 0x1114  nvraid - ok
20:13:14.0135 0x1114  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:13:14.0183 0x1114  nvstor - ok
20:13:14.0217 0x1114  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
20:13:14.0291 0x1114  OneSyncSvc - ok
20:13:14.0320 0x1114  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:14.0359 0x1114  ose - ok
20:13:14.0392 0x1114  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:13:14.0472 0x1114  p2pimsvc - ok
20:13:14.0509 0x1114  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:13:14.0593 0x1114  p2psvc - ok
20:13:14.0611 0x1114  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:13:14.0655 0x1114  Parport - ok
20:13:14.0671 0x1114  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:13:14.0713 0x1114  partmgr - ok
20:13:14.0746 0x1114  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
20:13:14.0816 0x1114  PcaSvc - ok
20:13:14.0844 0x1114  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:13:14.0913 0x1114  pci - ok
20:13:14.0926 0x1114  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:13:14.0955 0x1114  pciide - ok
20:13:14.0973 0x1114  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:13:15.0019 0x1114  pcmcia - ok
20:13:15.0034 0x1114  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:13:15.0075 0x1114  pcw - ok
20:13:15.0092 0x1114  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:13:15.0139 0x1114  pdc - ok
20:13:15.0194 0x1114  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:13:15.0320 0x1114  PEAUTH - ok
20:13:15.0422 0x1114  [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
20:13:15.0588 0x1114  PeerDistSvc - ok
20:13:15.0599 0x1114  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
20:13:15.0620 0x1114  percsas2i - ok
20:13:15.0628 0x1114  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
20:13:15.0648 0x1114  percsas3i - ok
20:13:15.0681 0x1114  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:13:15.0711 0x1114  PerfHost - ok
20:13:15.0756 0x1114  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
20:13:15.0859 0x1114  PhoneSvc - ok
20:13:15.0878 0x1114  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:13:15.0925 0x1114  PimIndexMaintenanceSvc - ok
20:13:15.0991 0x1114  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
20:13:16.0109 0x1114  pla - ok
20:13:16.0118 0x1114  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
20:13:16.0153 0x1114  PlugPlay - ok
20:13:16.0163 0x1114  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:13:16.0195 0x1114  PNRPAutoReg - ok
20:13:16.0211 0x1114  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:13:16.0253 0x1114  PNRPsvc - ok
20:13:16.0276 0x1114  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:13:16.0322 0x1114  PolicyAgent - ok
20:13:16.0334 0x1114  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
20:13:16.0374 0x1114  Power - ok
20:13:16.0388 0x1114  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
20:13:16.0426 0x1114  PptpMiniport - ok
20:13:16.0544 0x1114  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:13:16.0811 0x1114  PrintNotify - ok
20:13:16.0823 0x1114  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:13:16.0849 0x1114  Processor - ok
20:13:16.0874 0x1114  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:13:16.0929 0x1114  ProfSvc - ok
20:13:16.0940 0x1114  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
20:13:16.0971 0x1114  Psched - ok
20:13:16.0991 0x1114  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:13:17.0033 0x1114  QWAVE - ok
20:13:17.0042 0x1114  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:13:17.0071 0x1114  QWAVEdrv - ok
20:13:17.0080 0x1114  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:13:17.0109 0x1114  RasAcd - ok
20:13:17.0118 0x1114  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
20:13:17.0155 0x1114  RasAgileVpn - ok
20:13:17.0169 0x1114  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:13:17.0207 0x1114  RasAuto - ok
20:13:17.0216 0x1114  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
20:13:17.0255 0x1114  Rasl2tp - ok
20:13:17.0289 0x1114  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:13:17.0361 0x1114  RasMan - ok
20:13:17.0372 0x1114  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:13:17.0411 0x1114  RasPppoe - ok
20:13:17.0420 0x1114  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
20:13:17.0456 0x1114  RasSstp - ok
20:13:17.0464 0x1114  [ 9A2B1D0E416F6A07A96919BA7A1199FF, B6C2D40E5A62E2E0AD8EC3DE0878531D12EA39316B940BFAD92008A37ABD8080 ] rccfg           C:\WINDOWS\System32\drivers\rccfg.sys
20:13:17.0522 0x1114  rccfg - ok
20:13:17.0552 0x1114  [ F8B5C63D09B8EC4505A592A71718069F, 3FCDF4E91A706E838475213972668AE8738437535609669CEAE857BA0E957DFE ] rcraid          C:\WINDOWS\System32\drivers\rcraid.sys
20:13:17.0638 0x1114  rcraid - ok
20:13:17.0664 0x1114  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:13:17.0705 0x1114  rdbss - ok
20:13:17.0714 0x1114  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:13:17.0736 0x1114  rdpbus - ok
20:13:17.0750 0x1114  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:13:17.0789 0x1114  RDPDR - ok
20:13:17.0801 0x1114  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:13:17.0822 0x1114  RdpVideoMiniport - ok
20:13:17.0837 0x1114  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:13:17.0872 0x1114  rdyboost - ok
20:13:17.0914 0x1114  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
20:13:17.0994 0x1114  ReFSv1 - ok
20:13:18.0022 0x1114  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:13:18.0093 0x1114  RemoteAccess - ok
20:13:18.0104 0x1114  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:13:18.0144 0x1114  RemoteRegistry - ok
20:13:18.0178 0x1114  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
20:13:18.0247 0x1114  RetailDemo - ok
20:13:18.0262 0x1114  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
20:13:18.0299 0x1114  RFCOMM - ok
20:13:18.0309 0x1114  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
20:13:18.0338 0x1114  RmSvc - ok
20:13:18.0347 0x1114  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:13:18.0384 0x1114  RpcEptMapper - ok
20:13:18.0395 0x1114  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:13:18.0418 0x1114  RpcLocator - ok
20:13:18.0453 0x1114  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:13:18.0538 0x1114  RpcSs - ok
20:13:18.0552 0x1114  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
20:13:18.0585 0x1114  rspndr - ok
20:13:18.0602 0x1114  [ E10276CC13ADDC33F6D6E7670C0ED211, F567EE51D6E5DA8AC60C699A0A4629D2E6160712A115AE8F57559C9432203FB5 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
20:13:18.0625 0x1114  RtkAudioService - ok
20:13:18.0658 0x1114  [ 253FE615CD283B0779A9585B50E4B030, 7B56FE3005BC1873DC5952181BE3AD5FCC6FF75B0D6C8C54176205CF8D12C062 ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
20:13:18.0705 0x1114  RTSPER - ok
20:13:18.0712 0x1114  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:13:18.0732 0x1114  s3cap - ok
20:13:18.0740 0x1114  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:13:18.0765 0x1114  SamSs - ok
20:13:18.0776 0x1114  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:13:18.0803 0x1114  sbp2port - ok
20:13:18.0819 0x1114  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:13:18.0857 0x1114  SCardSvr - ok
20:13:18.0872 0x1114  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:13:18.0910 0x1114  ScDeviceEnum - ok
20:13:18.0916 0x1114  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:13:18.0941 0x1114  scfilter - ok
20:13:18.0994 0x1114  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:13:19.0103 0x1114  Schedule - ok
20:13:19.0113 0x1114  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
20:13:19.0134 0x1114  scmbus - ok
20:13:19.0145 0x1114  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:13:19.0184 0x1114  scmdisk0101 - ok
20:13:19.0202 0x1114  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:13:19.0236 0x1114  SCPolicySvc - ok
20:13:19.0253 0x1114  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:13:19.0293 0x1114  sdbus - ok
20:13:19.0304 0x1114  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
20:13:19.0337 0x1114  SDRSVC - ok
20:13:19.0347 0x1114  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:13:19.0375 0x1114  sdstor - ok
20:13:19.0385 0x1114  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:13:19.0415 0x1114  seclogon - ok
20:13:19.0423 0x1114  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
20:13:19.0457 0x1114  SENS - ok
20:13:19.0462 0x1114  Sense - ok
20:13:19.0518 0x1114  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:13:19.0658 0x1114  SensorDataService - ok
20:13:19.0685 0x1114  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
20:13:19.0742 0x1114  SensorService - ok
20:13:19.0757 0x1114  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:13:19.0795 0x1114  SensrSvc - ok
20:13:19.0804 0x1114  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:13:19.0824 0x1114  SerCx - ok
20:13:19.0835 0x1114  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:13:19.0861 0x1114  SerCx2 - ok
20:13:19.0870 0x1114  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:13:19.0900 0x1114  Serenum - ok
20:13:19.0911 0x1114  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:13:19.0939 0x1114  Serial - ok
20:13:19.0947 0x1114  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:13:19.0976 0x1114  sermouse - ok
20:13:20.0015 0x1114  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:13:20.0073 0x1114  SessionEnv - ok
20:13:20.0082 0x1114  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:13:20.0109 0x1114  sfloppy - ok
20:13:20.0132 0x1114  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:13:20.0208 0x1114  SharedAccess - ok
20:13:20.0238 0x1114  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:13:20.0321 0x1114  ShellHWDetection - ok
20:13:20.0332 0x1114  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:13:20.0373 0x1114  shpamsvc - ok
20:13:20.0383 0x1114  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:13:20.0404 0x1114  SiSRaid2 - ok
20:13:20.0412 0x1114  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:13:20.0432 0x1114  SiSRaid4 - ok
20:13:20.0447 0x1114  [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:13:20.0494 0x1114  SkypeUpdate - ok
20:13:20.0502 0x1114  [ 86C475DD33893895EB878D189807F8E7, 99C5FF95AE518E6A18866C97C93E0B9EAAFF0AEECBC7AAC3C5EC5A915FACB65E ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:13:20.0517 0x1114  SmbDrvI - ok
20:13:20.0524 0x1114  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
20:13:20.0558 0x1114  smphost - ok
20:13:20.0590 0x1114  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
20:13:20.0648 0x1114  SmsRouter - ok
20:13:20.0665 0x1114  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:13:20.0698 0x1114  SNMPTRAP - ok
20:13:20.0721 0x1114  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:13:20.0769 0x1114  spaceport - ok
20:13:20.0782 0x1114  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:13:20.0806 0x1114  SpbCx - ok
20:13:20.0836 0x1114  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:13:20.0923 0x1114  Spooler - ok
20:13:21.0125 0x1114  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:13:21.0395 0x1114  sppsvc - ok
20:13:21.0432 0x1114  [ 691A113761E32DB71283B2A837E5A0F4, 84F585C0C03E4CCF4F7CAB238B0F9B75AB0441D03577F19AA3166529BC4A2E74 ] SPUVCbv         C:\WINDOWS\System32\Drivers\SPUVCbv64.sys
20:13:21.0498 0x1114  SPUVCbv - ok
20:13:21.0522 0x1114  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:13:21.0568 0x1114  srv - ok
20:13:21.0601 0x1114  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:13:21.0671 0x1114  srv2 - ok
20:13:21.0692 0x1114  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:13:21.0726 0x1114  srvnet - ok
20:13:21.0739 0x1114  [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus         C:\WINDOWS\System32\drivers\ssadbus.sys
20:13:21.0761 0x1114  ssadbus - ok
20:13:21.0769 0x1114  [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
20:13:21.0787 0x1114  ssadmdfl - ok
20:13:21.0803 0x1114  [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
20:13:21.0822 0x1114  ssadmdm - ok
20:13:21.0833 0x1114  [ FF20F67DD5644BD1D2E7FCD95AF7F03B, 23615E776D6A8C406C7DDF0E694ED3B5A2D30913AFD3C0F86A788C5004299845 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
20:13:21.0852 0x1114  ssadserd - ok
20:13:21.0871 0x1114  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:13:21.0921 0x1114  SSDPSRV - ok
20:13:21.0935 0x1114  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:13:21.0987 0x1114  SstpSvc - ok
20:13:22.0018 0x1114  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
20:13:22.0070 0x1114  ss_conn_service - ok
20:13:22.0223 0x1114  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:13:22.0506 0x1114  StateRepository - ok
20:13:22.0518 0x1114  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:13:22.0534 0x1114  stexstor - ok
20:13:22.0567 0x1114  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:13:22.0631 0x1114  stisvc - ok
20:13:22.0641 0x1114  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:13:22.0665 0x1114  storahci - ok
20:13:22.0677 0x1114  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:13:22.0700 0x1114  storflt - ok
20:13:22.0709 0x1114  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:13:22.0730 0x1114  stornvme - ok
20:13:22.0741 0x1114  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
20:13:22.0775 0x1114  storqosflt - ok
20:13:22.0799 0x1114  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:13:22.0854 0x1114  StorSvc - ok
20:13:22.0862 0x1114  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
20:13:22.0892 0x1114  storufs - ok
20:13:22.0899 0x1114  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:13:22.0918 0x1114  storvsc - ok
20:13:22.0926 0x1114  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:13:22.0961 0x1114  svsvc - ok
20:13:22.0969 0x1114  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:13:22.0995 0x1114  swenum - ok
20:13:23.0021 0x1114  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
20:13:23.0100 0x1114  swprv - ok
20:13:23.0109 0x1114  [ C3AE45291669788AB51BA28F93554119, 8558B5A02215348C727AF26A33E61A02CAD656DE695D82DF11486E3ECA1F4CFF ] SynRMIHID       C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys
20:13:23.0125 0x1114  SynRMIHID - ok
20:13:23.0133 0x1114  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:13:23.0163 0x1114  Synth3dVsc - ok
20:13:23.0198 0x1114  [ 135B02E91F983266906D468DF9DDF1D7, C387AAFD0E7F35A3E91E1AE8CE29668C9BA0FE76EF1BC68CE0B9D750F47B6D60 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:13:23.0243 0x1114  SynTP - ok
20:13:23.0265 0x1114  [ ECDCF184867EF5E97CED317CED71C562, 2A83C7AE6F514F289070CBB6B8C32334AEBA0C541121ED205AA44A9AFF9078BC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
20:13:23.0305 0x1114  SynTPEnhService - ok
20:13:23.0343 0x1114  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:13:23.0440 0x1114  SysMain - ok
20:13:23.0470 0x1114  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:13:23.0522 0x1114  SystemEventsBroker - ok
20:13:23.0534 0x1114  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:13:23.0575 0x1114  TabletInputService - ok
20:13:23.0598 0x1114  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:13:23.0640 0x1114  TapiSrv - ok
20:13:23.0737 0x1114  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:13:23.0879 0x1114  Tcpip - ok
20:13:23.0977 0x1114  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
20:13:24.0120 0x1114  Tcpip6 - ok
20:13:24.0136 0x1114  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:13:24.0166 0x1114  tcpipreg - ok
20:13:24.0183 0x1114  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:13:24.0207 0x1114  tdx - ok
20:13:24.0213 0x1114  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:13:24.0232 0x1114  terminpt - ok
20:13:24.0275 0x1114  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
20:13:24.0363 0x1114  TermService - ok
20:13:24.0376 0x1114  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
20:13:24.0416 0x1114  Themes - ok
20:13:24.0430 0x1114  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:13:24.0490 0x1114  TieringEngineService - ok
20:13:24.0515 0x1114  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:13:24.0582 0x1114  tiledatamodelsvc - ok
20:13:24.0596 0x1114  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
20:13:24.0628 0x1114  TimeBrokerSvc - ok
20:13:24.0640 0x1114  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
20:13:24.0678 0x1114  TPM - ok
20:13:24.0692 0x1114  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:13:24.0722 0x1114  TrkWks - ok
20:13:24.0730 0x1114  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:13:24.0774 0x1114  TrustedInstaller - ok
20:13:24.0791 0x1114  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:13:24.0817 0x1114  tsusbflt - ok
20:13:24.0825 0x1114  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:13:24.0848 0x1114  TsUsbGD - ok
20:13:24.0861 0x1114  [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub        C:\WINDOWS\system32\drivers\tsusbhub.sys
20:13:24.0898 0x1114  tsusbhub - ok
20:13:24.0908 0x1114  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
20:13:24.0942 0x1114  tunnel - ok
20:13:24.0955 0x1114  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
20:13:25.0021 0x1114  tzautoupdate - ok
20:13:25.0031 0x1114  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:13:25.0054 0x1114  UASPStor - ok
20:13:25.0066 0x1114  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
20:13:25.0099 0x1114  UcmCx0101 - ok
20:13:25.0110 0x1114  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:13:25.0140 0x1114  UcmTcpciCx0101 - ok
20:13:25.0150 0x1114  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:13:25.0182 0x1114  UcmUcsi - ok
20:13:25.0199 0x1114  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
20:13:25.0227 0x1114  Ucx01000 - ok
20:13:25.0235 0x1114  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
20:13:25.0264 0x1114  UdeCx - ok
20:13:25.0289 0x1114  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:13:25.0339 0x1114  udfs - ok
20:13:25.0349 0x1114  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:13:25.0373 0x1114  UEFI - ok
20:13:25.0383 0x1114  [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver  C:\WINDOWS\system32\drivers\UevAgentDriver.sys
20:13:25.0409 0x1114  UevAgentDriver - ok
20:13:25.0461 0x1114  [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\WINDOWS\system32\AgentService.exe
20:13:25.0570 0x1114  UevAgentService - ok
20:13:25.0591 0x1114  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
20:13:25.0620 0x1114  Ufx01000 - ok
20:13:25.0629 0x1114  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:13:25.0650 0x1114  UfxChipidea - ok
20:13:25.0662 0x1114  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:13:25.0692 0x1114  ufxsynopsys - ok
20:13:25.0706 0x1114  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:13:25.0735 0x1114  UI0Detect - ok
20:13:25.0745 0x1114  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:13:25.0777 0x1114  umbus - ok
20:13:25.0787 0x1114  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:13:25.0811 0x1114  UmPass - ok
20:13:25.0827 0x1114  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:13:25.0875 0x1114  UmRdpService - ok
20:13:25.0926 0x1114  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
20:13:26.0032 0x1114  UnistoreSvc - ok
20:13:26.0059 0x1114  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:13:26.0123 0x1114  upnphost - ok
20:13:26.0134 0x1114  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
20:13:26.0159 0x1114  UrsChipidea - ok
20:13:26.0171 0x1114  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
20:13:26.0203 0x1114  UrsCx01000 - ok
20:13:26.0210 0x1114  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
20:13:26.0231 0x1114  UrsSynopsys - ok
20:13:26.0244 0x1114  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:13:26.0279 0x1114  usbccgp - ok
20:13:26.0296 0x1114  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:13:26.0323 0x1114  usbcir - ok
20:13:26.0333 0x1114  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:13:26.0363 0x1114  usbehci - ok
20:13:26.0395 0x1114  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:13:26.0437 0x1114  usbhub - ok
20:13:26.0465 0x1114  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:13:26.0514 0x1114  USBHUB3 - ok
20:13:26.0521 0x1114  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:13:26.0544 0x1114  usbohci - ok
20:13:26.0553 0x1114  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:13:26.0584 0x1114  usbprint - ok
20:13:26.0597 0x1114  [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:13:26.0640 0x1114  usbscan - ok
20:13:26.0651 0x1114  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
20:13:26.0690 0x1114  usbser - ok
20:13:26.0700 0x1114  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:13:26.0724 0x1114  USBSTOR - ok
20:13:26.0731 0x1114  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:13:26.0754 0x1114  usbuhci - ok
20:13:26.0778 0x1114  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:13:26.0817 0x1114  USBXHCI - ok
20:13:26.0824 0x1114  [ 836828E40B9EEFBC77B3032DB677555C, 8AC045B43086E800B03412895D4DBCF506D1B729791CF24EB2ECA3F0F1C9BDEB ] usb_rndisx      C:\WINDOWS\System32\drivers\usb8023x.sys
20:13:26.0848 0x1114  usb_rndisx - ok
20:13:26.0917 0x1114  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
20:13:27.0034 0x1114  UserDataSvc - ok
20:13:27.0087 0x1114  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
20:13:27.0186 0x1114  UserManager - ok
20:13:27.0213 0x1114  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\WINDOWS\system32\usocore.dll
20:13:27.0291 0x1114  UsoSvc - ok
20:13:27.0299 0x1114  [ FEA3504EEFEA7EF27C4B3EDB9986B4EC, 6957F39115C517EA4F1349A10E6CCB8B43FC72C603B8616FB30EFA36560019FF ] valWBFPolicyService C:\WINDOWS\system32\valWBFPolicyService.exe
20:13:27.0320 0x1114  valWBFPolicyService - ok
20:13:27.0327 0x1114  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:13:27.0349 0x1114  VaultSvc - ok
20:13:27.0360 0x1114  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:13:27.0390 0x1114  vdrvroot - ok
20:13:27.0420 0x1114  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
20:13:27.0504 0x1114  vds - ok
20:13:27.0517 0x1114  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:13:27.0543 0x1114  VerifierExt - ok
20:13:27.0583 0x1114  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:13:27.0636 0x1114  vhdmp - ok
20:13:27.0644 0x1114  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
20:13:27.0671 0x1114  vhf - ok
20:13:27.0685 0x1114  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:13:27.0708 0x1114  vmbus - ok
20:13:27.0715 0x1114  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:13:27.0737 0x1114  VMBusHID - ok
20:13:27.0743 0x1114  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
20:13:27.0771 0x1114  vmgid - ok
20:13:27.0792 0x1114  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:13:27.0844 0x1114  vmicguestinterface - ok
20:13:27.0864 0x1114  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
20:13:27.0913 0x1114  vmicheartbeat - ok
20:13:27.0929 0x1114  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:13:27.0968 0x1114  vmickvpexchange - ok
20:13:27.0991 0x1114  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
20:13:28.0039 0x1114  vmicrdv - ok
20:13:28.0059 0x1114  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
20:13:28.0105 0x1114  vmicshutdown - ok
20:13:28.0125 0x1114  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
20:13:28.0171 0x1114  vmictimesync - ok
20:13:28.0193 0x1114  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
20:13:28.0231 0x1114  vmicvmsession - ok
20:13:28.0253 0x1114  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
20:13:28.0306 0x1114  vmicvss - ok
20:13:28.0316 0x1114  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:13:28.0337 0x1114  volmgr - ok
20:13:28.0357 0x1114  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:13:28.0403 0x1114  volmgrx - ok
20:13:28.0422 0x1114  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:13:28.0466 0x1114  volsnap - ok
20:13:28.0475 0x1114  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
20:13:28.0499 0x1114  volume - ok
20:13:28.0509 0x1114  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:13:28.0529 0x1114  vpci - ok
20:13:28.0542 0x1114  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:13:28.0570 0x1114  vsmraid - ok
20:13:28.0630 0x1114  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:13:28.0755 0x1114  VSS - ok
20:13:28.0778 0x1114  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:13:28.0814 0x1114  VSTXRAID - ok
20:13:28.0821 0x1114  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:13:28.0841 0x1114  vwifibus - ok
20:13:28.0851 0x1114  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
20:13:28.0885 0x1114  vwififlt - ok
20:13:28.0894 0x1114  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
20:13:28.0916 0x1114  vwifimp - ok
20:13:28.0939 0x1114  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:13:29.0032 0x1114  W32Time - ok
20:13:29.0044 0x1114  [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
20:13:29.0077 0x1114  w3logsvc - ok
20:13:29.0087 0x1114  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:13:29.0110 0x1114  WacomPen - ok
20:13:29.0130 0x1114  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
20:13:29.0192 0x1114  WalletService - ok
20:13:29.0200 0x1114  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:29.0236 0x1114  wanarp - ok
20:13:29.0245 0x1114  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:29.0294 0x1114  wanarpv6 - ok
20:13:29.0326 0x1114  [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
20:13:29.0398 0x1114  WAS - ok
20:13:29.0457 0x1114  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:13:29.0578 0x1114  wbengine - ok
20:13:29.0615 0x1114  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:13:29.0705 0x1114  WbioSrvc - ok
20:13:29.0715 0x1114  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
20:13:29.0737 0x1114  wcifs - ok
20:13:29.0774 0x1114  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:13:29.0856 0x1114  Wcmsvc - ok
20:13:29.0884 0x1114  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:13:29.0937 0x1114  wcncsvc - ok
20:13:29.0949 0x1114  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
20:13:29.0977 0x1114  wcnfs - ok
20:13:29.0987 0x1114  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:13:30.0009 0x1114  WdBoot - ok
20:13:30.0045 0x1114  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:13:30.0109 0x1114  Wdf01000 - ok
20:13:30.0127 0x1114  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:13:30.0161 0x1114  WdFilter - ok
20:13:30.0172 0x1114  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:13:30.0211 0x1114  WdiServiceHost - ok
20:13:30.0220 0x1114  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:13:30.0255 0x1114  WdiSystemHost - ok
20:13:30.0291 0x1114  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:13:30.0361 0x1114  wdiwifi - ok
20:13:30.0376 0x1114  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:13:30.0404 0x1114  WdNisDrv - ok
20:13:30.0409 0x1114  WdNisSvc - ok
20:13:30.0423 0x1114  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:13:30.0475 0x1114  WebClient - ok
20:13:30.0495 0x1114  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:13:30.0536 0x1114  Wecsvc - ok
20:13:30.0546 0x1114  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:13:30.0581 0x1114  WEPHOSTSVC - ok
20:13:30.0595 0x1114  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:13:30.0632 0x1114  wercplsupport - ok
20:13:30.0643 0x1114  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:13:30.0687 0x1114  WerSvc - ok
20:13:30.0698 0x1114  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
20:13:30.0723 0x1114  WFPLWFS - ok
20:13:30.0733 0x1114  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:13:30.0768 0x1114  WiaRpc - ok
20:13:30.0779 0x1114  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:13:30.0806 0x1114  WIMMount - ok
20:13:30.0811 0x1114  WinDefend - ok
20:13:30.0828 0x1114  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:13:30.0853 0x1114  WindowsTrustedRT - ok
20:13:30.0863 0x1114  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:13:30.0894 0x1114  WindowsTrustedRTProxy - ok
20:13:30.0931 0x1114  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:13:31.0020 0x1114  WinHttpAutoProxySvc - ok
20:13:31.0030 0x1114  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
20:13:31.0050 0x1114  WinMad - ok
20:13:31.0075 0x1114  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:13:31.0120 0x1114  Winmgmt - ok
20:13:31.0221 0x1114  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:13:31.0431 0x1114  WinRM - ok
20:13:31.0452 0x1114  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
20:13:31.0487 0x1114  WINUSB - ok
20:13:31.0494 0x1114  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
20:13:31.0514 0x1114  WinVerbs - ok
20:13:31.0523 0x1114  [ D8F041E03B5D68BC98457F55A18F4997, 55B817FB2CC914224FC897C0B1D76930FB454902F40F10595350BCBA6FB41F7E ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
20:13:31.0539 0x1114  WirelessButtonDriver64 - ok
20:13:31.0574 0x1114  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
20:13:31.0644 0x1114  wisvc - ok
20:13:31.0733 0x1114  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:13:31.0911 0x1114  WlanSvc - ok
20:13:31.0999 0x1114  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:13:32.0159 0x1114  wlidsvc - ok
20:13:32.0172 0x1114  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:13:32.0196 0x1114  WmiAcpi - ok
20:13:32.0212 0x1114  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:13:32.0248 0x1114  wmiApSrv - ok
20:13:32.0258 0x1114  WMPNetworkSvc - ok
20:13:32.0287 0x1114  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:13:32.0334 0x1114  Wof - ok
20:13:32.0430 0x1114  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:13:32.0587 0x1114  workfolderssvc - ok
20:13:32.0599 0x1114  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:13:32.0629 0x1114  WPDBusEnum - ok
20:13:32.0636 0x1114  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:13:32.0657 0x1114  WpdUpFltr - ok
20:13:32.0674 0x1114  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
20:13:32.0717 0x1114  WpnService - ok
20:13:32.0728 0x1114  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
20:13:32.0760 0x1114  WpnUserService - ok
20:13:32.0774 0x1114  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:13:32.0805 0x1114  ws2ifsl - ok
20:13:32.0818 0x1114  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:13:32.0867 0x1114  wscsvc - ok
20:13:32.0874 0x1114  WSearch - ok
20:13:32.0977 0x1114  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:13:33.0154 0x1114  wuauserv - ok
20:13:33.0170 0x1114  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:13:33.0205 0x1114  WudfPf - ok
20:13:33.0218 0x1114  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
20:13:33.0254 0x1114  WUDFRd - ok
20:13:33.0270 0x1114  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:13:33.0308 0x1114  wudfsvc - ok
20:13:33.0320 0x1114  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:13:33.0354 0x1114  WUDFWpdFs - ok
20:13:33.0370 0x1114  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:13:33.0415 0x1114  WUDFWpdMtp - ok
20:13:33.0475 0x1114  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:13:33.0600 0x1114  WwanSvc - ok
20:13:33.0641 0x1114  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
20:13:33.0732 0x1114  XblAuthManager - ok
20:13:33.0787 0x1114  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
20:13:33.0889 0x1114  XblGameSave - ok
20:13:33.0905 0x1114  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
20:13:33.0974 0x1114  xboxgip - ok
20:13:34.0018 0x1114  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
20:13:34.0125 0x1114  XboxNetApiSvc - ok
20:13:34.0133 0x1114  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
20:13:34.0180 0x1114  xinputhid - ok
20:13:34.0188 0x1114  ================ Scan global ===============================
20:13:34.0196 0x1114  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:13:34.0207 0x1114  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
20:13:34.0219 0x1114  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:13:34.0242 0x1114  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
20:13:34.0262 0x1114  [ Global ] - ok
20:13:34.0263 0x1114  ================ Scan MBR ==================================
20:13:34.0266 0x1114  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:13:34.0477 0x1114  \Device\Harddisk0\DR0 - ok
20:13:34.0477 0x1114  ================ Scan VBR ==================================
20:13:34.0480 0x1114  [ A8A6EDC0C61A8F014CA5D940A094BAFA ] \Device\Harddisk0\DR0\Partition1
20:13:34.0482 0x1114  \Device\Harddisk0\DR0\Partition1 - ok
20:13:34.0484 0x1114  [ 3AC0EAC7964BB12438A0FBFC99A1F8A8 ] \Device\Harddisk0\DR0\Partition2
20:13:34.0486 0x1114  \Device\Harddisk0\DR0\Partition2 - ok
20:13:34.0492 0x1114  [ 7BA077761FD35C34EC1F16624190450B ] \Device\Harddisk0\DR0\Partition3
20:13:34.0496 0x1114  \Device\Harddisk0\DR0\Partition3 - ok
20:13:34.0500 0x1114  [ 6F9DD6074254895E816BD677B5DC210C ] \Device\Harddisk0\DR0\Partition4
20:13:34.0501 0x1114  \Device\Harddisk0\DR0\Partition4 - ok
20:13:34.0502 0x1114  ================ Scan generic autorun ======================
20:13:34.0772 0x1114  [ 103B9C27600E7492F814FD03E805EEFC, 788542D7494F9697E4BAD0A541060B73D93C8D4A943729D6731DE074FA8A9327 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:13:35.0094 0x1114  RTHDVCPL - ok
20:13:35.0132 0x1114  [ 5AF3874DD6922F7638BFF6F7234E165C, A85AB971CE061FA02D56D8935F20BFFF431A79F12A8A440BD046AFE62D5093A9 ] C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe
20:13:35.0180 0x1114  CxAgent - ok
20:13:35.0184 0x1114  WindowsDefender - ok
20:13:35.0202 0x1114  [ 90F3260640FA377A2208AE5BA2701A67, 323A52508ACD92D11FA66467C54A2F319F0D57C82E48E49CF9CCA74FEA835288 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:13:35.0223 0x1114  KiesTrayAgent - ok
20:13:35.0537 0x1114  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:13:35.0889 0x1114  OneDriveSetup - ok
20:13:36.0197 0x1114  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:13:36.0533 0x1114  OneDriveSetup - ok
20:13:36.0608 0x1114  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\susanna\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:13:36.0680 0x1114  OneDrive - ok
20:13:36.0738 0x1114  [ FA9A5C429858E4AD0173878CF9898D49, BBCADF15B2DD4B5FA7ADC61BA69F45B2608D93F691FF67E9857932C3ABF332CE ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:13:36.0810 0x1114  KiesPreload - ok
20:13:36.0834 0x1114  [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
20:13:36.0874 0x1114  Google Update - ok
20:13:37.0004 0x1114  [ 52CFF3274565013440E221A1DAB75847, C42E176046647438EE3C3574195D02B101A4C32ED8B292043E223540281AD0AE ] C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
20:13:37.0145 0x1114  Google Photos Backup - ok
20:13:37.0205 0x1114  [ A2B91786A24A2F285C5C41D7F9CE62D9, 5D056540C425C57B5C685174472C2329452449C8443F213704C6E67192CFA208 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
20:13:37.0269 0x1114  GarminExpressTrayApp - ok
20:13:37.0276 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:38.0277 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:39.0278 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:40.0278 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:41.0279 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:42.0279 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:43.0279 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:44.0280 0x1114  Waiting for KSN requests completion. In queue: 140
20:13:45.0319 0x1114  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
20:13:45.0323 0x1114  Win FW state via NFP2: enabled ( trusted )
20:13:52.0451 0x1114  ============================================================
20:13:52.0451 0x1114  Scan finished
20:13:52.0451 0x1114  ============================================================
20:13:52.0460 0x06d4  Detected object count: 0
20:13:52.0460 0x06d4  Actual detected object count: 0
         
Zweiter scan von TDSSKiller in nächstem Post, da zu lange.

Geändert von umor (18.02.2017 um 21:04 Uhr)

Alt 18.02.2017, 20:54   #5
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



TDSSKiller zweites mal scannen (Teil 1 von 2):


Code:
ATTFilter
20:23:57.0627 0x03cc  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
20:24:02.0861 0x03cc  ============================================================
20:24:02.0861 0x03cc  Current date / time: 2017/02/18 20:24:02.0861
20:24:02.0861 0x03cc  SystemInfo:
20:24:02.0861 0x03cc  
20:24:02.0861 0x03cc  OS Version: 10.0.14393 ServicePack: 0.0
20:24:02.0861 0x03cc  Product type: Workstation
20:24:02.0861 0x03cc  ComputerName: DESKTOP-UCUGHB0
20:24:02.0861 0x03cc  UserName: susanna
20:24:02.0861 0x03cc  Windows directory: C:\WINDOWS
20:24:02.0861 0x03cc  System windows directory: C:\WINDOWS
20:24:02.0861 0x03cc  Running under WOW64
20:24:02.0861 0x03cc  Processor architecture: Intel x64
20:24:02.0861 0x03cc  Number of processors: 4
20:24:02.0861 0x03cc  Page size: 0x1000
20:24:02.0861 0x03cc  Boot type: Normal boot
20:24:02.0861 0x03cc  CodeIntegrityOptions = 0x00000001
20:24:02.0861 0x03cc  ============================================================
20:24:02.0861 0x03cc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
20:24:03.0736 0x03cc  System UUID: {A37E1B6F-15F8-F7E4-D5C2-2136543FD0AC}
20:24:04.0252 0x03cc  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:24:04.0252 0x03cc  ============================================================
20:24:04.0252 0x03cc  \Device\Harddisk0\DR0:
20:24:04.0252 0x03cc  MBR partitions:
20:24:04.0252 0x03cc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x200800
20:24:04.0252 0x03cc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x201000, BlocksNum 0x1B904800
20:24:04.0252 0x03cc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB05800, BlocksNum 0x1DEB000
20:24:04.0252 0x03cc  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x1D8F0800, BlocksNum 0x400000
20:24:04.0252 0x03cc  ============================================================
20:24:04.0252 0x03cc  C: <-> \Device\Harddisk0\DR0\Partition2
20:24:04.0252 0x03cc  D: <-> \Device\Harddisk0\DR0\Partition3
20:24:04.0252 0x03cc  E: <-> \Device\Harddisk0\DR0\Partition4
20:24:04.0252 0x03cc  ============================================================
20:24:04.0252 0x03cc  Initialize success
20:24:04.0252 0x03cc  ============================================================
20:24:25.0002 0x16d4  ============================================================
20:24:25.0002 0x16d4  Scan started
20:24:25.0002 0x16d4  Mode: Manual; SigCheck; TDLFS; 
20:24:25.0002 0x16d4  ============================================================
20:24:25.0002 0x16d4  KSN ping started
20:24:32.0144 0x16d4  KSN ping finished: true
20:24:32.0519 0x16d4  ================ Scan system memory ========================
20:24:32.0519 0x16d4  System memory - ok
20:24:32.0519 0x16d4  ================ Scan services =============================
20:24:32.0566 0x16d4  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:24:32.0612 0x16d4  1394ohci - ok
20:24:32.0628 0x16d4  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:24:32.0644 0x16d4  3ware - ok
20:24:32.0659 0x16d4  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:24:32.0691 0x16d4  ACPI - ok
20:24:32.0691 0x16d4  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
20:24:32.0706 0x16d4  AcpiDev - ok
20:24:32.0722 0x16d4  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:24:32.0737 0x16d4  acpiex - ok
20:24:32.0737 0x16d4  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:24:32.0753 0x16d4  acpipagr - ok
20:24:32.0753 0x16d4  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:24:32.0769 0x16d4  AcpiPmi - ok
20:24:32.0784 0x16d4  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:24:32.0784 0x16d4  acpitime - ok
20:24:32.0800 0x16d4  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:24:32.0816 0x16d4  AdobeARMservice - ok
20:24:32.0847 0x16d4  [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:32.0862 0x16d4  AdobeFlashPlayerUpdateSvc - ok
20:24:32.0894 0x16d4  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:24:32.0925 0x16d4  ADP80XX - ok
20:24:32.0941 0x16d4  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:24:32.0972 0x16d4  AFD - ok
20:24:32.0987 0x16d4  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:24:33.0003 0x16d4  ahcache - ok
20:24:33.0019 0x16d4  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
20:24:33.0034 0x16d4  AJRouter - ok
20:24:33.0034 0x16d4  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
20:24:33.0066 0x16d4  ALG - ok
20:24:33.0066 0x16d4  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:24:33.0081 0x16d4  AmdK8 - ok
20:24:33.0097 0x16d4  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:24:33.0112 0x16d4  AmdPPM - ok
20:24:33.0112 0x16d4  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:24:33.0128 0x16d4  amdsata - ok
20:24:33.0144 0x16d4  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:24:33.0159 0x16d4  amdsbs - ok
20:24:33.0159 0x16d4  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:24:33.0175 0x16d4  amdxata - ok
20:24:33.0191 0x16d4  [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
20:24:33.0206 0x16d4  AppHostSvc - ok
20:24:33.0222 0x16d4  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:24:33.0237 0x16d4  AppID - ok
20:24:33.0237 0x16d4  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:24:33.0269 0x16d4  AppIDSvc - ok
20:24:33.0269 0x16d4  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:24:33.0284 0x16d4  Appinfo - ok
20:24:33.0300 0x16d4  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
20:24:33.0316 0x16d4  applockerfltr - ok
20:24:33.0331 0x16d4  [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:24:33.0347 0x16d4  AppMgmt - ok
20:24:33.0362 0x16d4  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:24:33.0409 0x16d4  AppReadiness - ok
20:24:33.0441 0x16d4  [ 99CA3E622070FDBD7B75EB7E86B2DE40, 12BDD092667250EBC99B4D597897C1B2C83115CD83ECCDEAC36B2D9C9BEA77B6 ] AppVClient      C:\WINDOWS\system32\AppVClient.exe
20:24:33.0472 0x16d4  AppVClient - ok
20:24:33.0472 0x16d4  [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm        C:\WINDOWS\system32\drivers\AppvStrm.sys
20:24:33.0487 0x16d4  AppvStrm - ok
20:24:33.0503 0x16d4  [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr       C:\WINDOWS\system32\drivers\AppvVemgr.sys
20:24:33.0519 0x16d4  AppvVemgr - ok
20:24:33.0519 0x16d4  [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs         C:\WINDOWS\system32\drivers\AppvVfs.sys
20:24:33.0534 0x16d4  AppvVfs - ok
20:24:33.0581 0x16d4  [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:24:33.0675 0x16d4  AppXSvc - ok
20:24:33.0691 0x16d4  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:24:33.0706 0x16d4  arcsas - ok
20:24:33.0706 0x16d4  [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:24:33.0722 0x16d4  aspnet_state - ok
20:24:33.0737 0x16d4  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
20:24:33.0753 0x16d4  AsyncMac - ok
20:24:33.0753 0x16d4  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:24:33.0769 0x16d4  atapi - ok
20:24:33.0784 0x16d4  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:24:33.0816 0x16d4  AudioEndpointBuilder - ok
20:24:33.0831 0x16d4  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:24:33.0878 0x16d4  Audiosrv - ok
20:24:33.0878 0x16d4  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:24:33.0909 0x16d4  AxInstSV - ok
20:24:33.0925 0x16d4  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:24:33.0941 0x16d4  b06bdrv - ok
20:24:33.0956 0x16d4  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:24:33.0972 0x16d4  BasicDisplay - ok
20:24:33.0972 0x16d4  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:24:33.0987 0x16d4  BasicRender - ok
20:24:33.0987 0x16d4  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
20:24:34.0003 0x16d4  bcmfn - ok
20:24:34.0003 0x16d4  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:24:34.0019 0x16d4  bcmfn2 - ok
20:24:34.0034 0x16d4  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:24:34.0066 0x16d4  BDESVC - ok
20:24:34.0066 0x16d4  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:24:34.0086 0x16d4  Beep - ok
20:24:34.0102 0x16d4  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
20:24:34.0149 0x16d4  BFE - ok
20:24:34.0180 0x16d4  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\WINDOWS\System32\qmgr.dll
20:24:34.0227 0x16d4  BITS - ok
20:24:34.0243 0x16d4  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:24:34.0258 0x16d4  bowser - ok
20:24:34.0274 0x16d4  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:24:34.0321 0x16d4  BrokerInfrastructure - ok
20:24:34.0336 0x16d4  [ C711ED965009BDCFF9AA62CEB6FF1AAD, 083E981F983653329C2B8361963CA81D5D88E164C7738035F701A10CCB1C85CC ] Brother XP spl Service C:\WINDOWS\SysWoW64\brsvc01a.exe
20:24:34.0352 0x16d4  Brother XP spl Service - ok
20:24:34.0352 0x16d4  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
20:24:34.0383 0x16d4  Browser - ok
20:24:34.0383 0x16d4  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:24:34.0399 0x16d4  BthAvrcpTg - ok
20:24:34.0399 0x16d4  [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
20:24:34.0430 0x16d4  BthEnum - ok
20:24:34.0430 0x16d4  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:24:34.0446 0x16d4  BthHFEnum - ok
20:24:34.0446 0x16d4  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:24:34.0461 0x16d4  bthhfhid - ok
20:24:34.0477 0x16d4  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:24:34.0493 0x16d4  BthHFSrv - ok
20:24:34.0508 0x16d4  [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
20:24:34.0524 0x16d4  BthLEEnum - ok
20:24:34.0540 0x16d4  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:24:34.0555 0x16d4  BTHMODEM - ok
20:24:34.0555 0x16d4  [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
20:24:34.0571 0x16d4  BthPan - ok
20:24:34.0602 0x16d4  [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
20:24:34.0649 0x16d4  BTHPORT - ok
20:24:34.0665 0x16d4  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:24:34.0680 0x16d4  bthserv - ok
20:24:34.0680 0x16d4  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
20:24:34.0696 0x16d4  BTHUSB - ok
20:24:34.0696 0x16d4  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:24:34.0711 0x16d4  buttonconverter - ok
20:24:34.0727 0x16d4  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
20:24:34.0758 0x16d4  CapImg - ok
20:24:34.0758 0x16d4  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:24:34.0790 0x16d4  cdfs - ok
20:24:34.0790 0x16d4  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
20:24:34.0821 0x16d4  CDPSvc - ok
20:24:34.0836 0x16d4  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
20:24:34.0868 0x16d4  CDPUserSvc - ok
20:24:34.0868 0x16d4  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:24:34.0899 0x16d4  cdrom - ok
20:24:34.0899 0x16d4  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:24:34.0930 0x16d4  CertPropSvc - ok
20:24:34.0930 0x16d4  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
20:24:34.0961 0x16d4  cht4iscsi - ok
20:24:35.0008 0x16d4  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
20:24:35.0071 0x16d4  cht4vbd - ok
20:24:35.0071 0x16d4  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:24:35.0087 0x16d4  circlass - ok
20:24:35.0102 0x16d4  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:24:35.0133 0x16d4  CLFS - ok
20:24:35.0211 0x16d4  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:24:35.0305 0x16d4  ClickToRunSvc - ok
20:24:35.0321 0x16d4  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
20:24:35.0352 0x16d4  ClipSVC - ok
20:24:35.0352 0x16d4  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
20:24:35.0368 0x16d4  clreg - ok
20:24:35.0383 0x16d4  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:24:35.0399 0x16d4  CmBatt - ok
20:24:35.0415 0x16d4  [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:24:35.0446 0x16d4  CNG - ok
20:24:35.0446 0x16d4  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:24:35.0461 0x16d4  cnghwassist - ok
20:24:35.0477 0x16d4  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:24:35.0493 0x16d4  CompositeBus - ok
20:24:35.0493 0x16d4  COMSysApp - ok
20:24:35.0493 0x16d4  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:24:35.0508 0x16d4  condrv - ok
20:24:35.0524 0x16d4  [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:24:35.0555 0x16d4  CoreMessagingRegistrar - ok
20:24:35.0586 0x16d4  [ 4709DFA8EB8F9468DC3B2A532B12677D, 09F5270FC8C5279BDE37FFA486ACFEB2F7BE2383DC4D417618BF2BB20656ACDB ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:24:35.0696 0x16d4  cphs - ok
20:24:35.0696 0x16d4  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:24:35.0727 0x16d4  CryptSvc - ok
20:24:35.0743 0x16d4  [ 03214883D52FAD46573233852344C72C, 63DCCDD895EB804D205ABB8EA381B34FB0879D09E4D0EB0B28F9B2BB1024BAB7 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
20:24:35.0774 0x16d4  CSC - ok
20:24:35.0790 0x16d4  [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService      C:\WINDOWS\System32\cscsvc.dll
20:24:35.0821 0x16d4  CscService - ok
20:24:35.0836 0x16d4  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:24:35.0852 0x16d4  dam - ok
20:24:35.0852 0x16d4  [ 38ABCA069E5C5B0F3C79A974A7FE49BD, 7CD5A177DBFED46C622818452EDD4439864561B0C99323D2ACCCEC49732FB2E3 ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
20:24:35.0852 0x16d4  DbxSvc - ok
20:24:35.0883 0x16d4  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:24:35.0930 0x16d4  DcomLaunch - ok
20:24:35.0930 0x16d4  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
20:24:35.0961 0x16d4  DcpSvc - ok
20:24:35.0977 0x16d4  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:24:36.0008 0x16d4  defragsvc - ok
20:24:36.0024 0x16d4  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:24:36.0055 0x16d4  DeviceAssociationService - ok
20:24:36.0071 0x16d4  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:24:36.0086 0x16d4  DeviceInstall - ok
20:24:36.0086 0x16d4  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
20:24:36.0102 0x16d4  DevQueryBroker - ok
20:24:36.0118 0x16d4  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:24:36.0133 0x16d4  Dfsc - ok
20:24:36.0149 0x16d4  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:24:36.0180 0x16d4  Dhcp - ok
20:24:36.0180 0x16d4  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:24:36.0211 0x16d4  diagnosticshub.standardcollector.service - ok
20:24:36.0258 0x16d4  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:24:36.0336 0x16d4  DiagTrack - ok
20:24:36.0336 0x16d4  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:24:36.0352 0x16d4  disk - ok
20:24:36.0368 0x16d4  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:24:36.0399 0x16d4  DmEnrollmentSvc - ok
20:24:36.0415 0x16d4  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:24:36.0415 0x16d4  dmvsc - ok
20:24:36.0430 0x16d4  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:24:36.0461 0x16d4  dmwappushservice - ok
20:24:36.0477 0x16d4  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:24:36.0493 0x16d4  Dnscache - ok
20:24:36.0508 0x16d4  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:24:36.0524 0x16d4  dot3svc - ok
20:24:36.0540 0x16d4  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:24:36.0555 0x16d4  dot4 - ok
20:24:36.0555 0x16d4  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
20:24:36.0555 0x16d4  Dot4Print - ok
20:24:36.0571 0x16d4  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:24:36.0571 0x16d4  dot4usb - ok
20:24:36.0586 0x16d4  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
20:24:36.0602 0x16d4  DPS - ok
20:24:36.0602 0x16d4  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:24:36.0618 0x16d4  drmkaud - ok
20:24:36.0618 0x16d4  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:24:36.0649 0x16d4  DsmSvc - ok
20:24:36.0665 0x16d4  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
20:24:36.0680 0x16d4  DsSvc - ok
20:24:36.0727 0x16d4  [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:24:36.0790 0x16d4  DXGKrnl - ok
20:24:36.0821 0x16d4  [ 43BEFBADEDD63234DCA58ABE93A73DD7, F9491A5516C0C445AB270741BA1ADAC18570167B0A5A8AC464C8C9966B185460 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
20:24:36.0836 0x16d4  e1dexpress - ok
20:24:36.0836 0x16d4  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:24:36.0868 0x16d4  EapHost - ok
20:24:36.0930 0x16d4  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:24:37.0040 0x16d4  ebdrv - ok
20:24:37.0040 0x16d4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
20:24:37.0055 0x16d4  EFS - ok
20:24:37.0055 0x16d4  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:24:37.0071 0x16d4  EhStorClass - ok
20:24:37.0086 0x16d4  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:24:37.0102 0x16d4  EhStorTcgDrv - ok
20:24:37.0102 0x16d4  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
20:24:37.0118 0x16d4  embeddedmode - ok
20:24:37.0133 0x16d4  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:24:37.0165 0x16d4  EntAppSvc - ok
20:24:37.0165 0x16d4  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:24:37.0180 0x16d4  ErrDev - ok
20:24:37.0196 0x16d4  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
20:24:37.0227 0x16d4  EventSystem - ok
20:24:37.0243 0x16d4  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:24:37.0258 0x16d4  exfat - ok
20:24:37.0274 0x16d4  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:24:37.0290 0x16d4  fastfat - ok
20:24:37.0305 0x16d4  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:24:37.0352 0x16d4  Fax - ok
20:24:37.0352 0x16d4  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:24:37.0368 0x16d4  fdc - ok
20:24:37.0368 0x16d4  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:24:37.0399 0x16d4  fdPHost - ok
20:24:37.0399 0x16d4  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:24:37.0415 0x16d4  FDResPub - ok
20:24:37.0430 0x16d4  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:24:37.0446 0x16d4  fhsvc - ok
20:24:37.0446 0x16d4  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
20:24:37.0461 0x16d4  FileCrypt - ok
20:24:37.0477 0x16d4  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:24:37.0493 0x16d4  FileInfo - ok
20:24:37.0493 0x16d4  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:24:37.0508 0x16d4  Filetrace - ok
20:24:37.0508 0x16d4  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:24:37.0524 0x16d4  flpydisk - ok
20:24:37.0540 0x16d4  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:24:37.0555 0x16d4  FltMgr - ok
20:24:37.0602 0x16d4  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:24:37.0680 0x16d4  FontCache - ok
20:24:37.0680 0x16d4  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:24:37.0696 0x16d4  FontCache3.0.0.0 - ok
20:24:37.0696 0x16d4  [ 9F2CCAE7A5FDDA948F6028829AA9AFD8, 593FF6A3FC4EFA725CE0FDA5839A47221E58C92648B22237C84C3A1BE1B418E7 ] fpCsEvtSvc      C:\WINDOWS\system32\fpCSEvtSvc.exe
20:24:37.0711 0x16d4  fpCsEvtSvc - ok
20:24:37.0727 0x16d4  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
20:24:37.0774 0x16d4  FrameServer - ok
20:24:37.0790 0x16d4  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:24:37.0790 0x16d4  FsDepends - ok
20:24:37.0805 0x16d4  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:24:37.0805 0x16d4  Fs_Rec - ok
20:24:37.0821 0x16d4  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:24:37.0852 0x16d4  fvevol - ok
20:24:37.0883 0x16d4  [ 3FCE1DA0F96C183D605BDF11C70B1176, FBF7DC215ED74FE01D82B211767CA1CBB8374209000C0E180216E90DA936A347 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
20:24:37.0915 0x16d4  Garmin Device Interaction Service - ok
20:24:37.0915 0x16d4  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:24:37.0943 0x16d4  gencounter - ok
20:24:37.0943 0x16d4  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
20:24:37.0959 0x16d4  genericusbfn - ok
20:24:37.0959 0x16d4  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:24:37.0974 0x16d4  GPIOClx0101 - ok
20:24:38.0005 0x16d4  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:24:38.0068 0x16d4  gpsvc - ok
20:24:38.0068 0x16d4  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:24:38.0084 0x16d4  GpuEnergyDrv - ok
20:24:38.0084 0x16d4  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
20:24:38.0099 0x16d4  grmnusb - ok
20:24:38.0099 0x16d4  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:24:38.0115 0x16d4  HDAudBus - ok
20:24:38.0115 0x16d4  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:24:38.0130 0x16d4  HidBatt - ok
20:24:38.0130 0x16d4  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:24:38.0146 0x16d4  HidBth - ok
20:24:38.0162 0x16d4  [ 92B629AB6741AE3CE233DBD40136C6D0, 87E18A625E349FBCD58D6B61BBDD7841C5BF4595E663249C5A7A41B03EB5ED62 ] hidemi          C:\WINDOWS\System32\drivers\hidemi.sys
20:24:38.0162 0x16d4  hidemi - ok
20:24:38.0177 0x16d4  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:24:38.0193 0x16d4  hidi2c - ok
20:24:38.0193 0x16d4  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:24:38.0209 0x16d4  hidinterrupt - ok
20:24:38.0209 0x16d4  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:24:38.0224 0x16d4  HidIr - ok
20:24:38.0224 0x16d4  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:24:38.0255 0x16d4  hidserv - ok
20:24:38.0255 0x16d4  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:24:38.0287 0x16d4  HidUsb - ok
20:24:38.0287 0x16d4  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:24:38.0318 0x16d4  HomeGroupListener - ok
20:24:38.0334 0x16d4  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:24:38.0365 0x16d4  HomeGroupProvider - ok
20:24:38.0365 0x16d4  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:24:38.0380 0x16d4  HpSAMD - ok
20:24:38.0412 0x16d4  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:24:38.0443 0x16d4  HTTP - ok
20:24:38.0443 0x16d4  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
20:24:38.0474 0x16d4  HvHost - ok
20:24:38.0474 0x16d4  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
20:24:38.0490 0x16d4  hvservice - ok
20:24:38.0490 0x16d4  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:24:38.0505 0x16d4  hwpolicy - ok
20:24:38.0505 0x16d4  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:24:38.0521 0x16d4  hyperkbd - ok
20:24:38.0537 0x16d4  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:24:38.0552 0x16d4  i8042prt - ok
20:24:38.0552 0x16d4  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
20:24:38.0568 0x16d4  iagpio - ok
20:24:38.0568 0x16d4  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
20:24:38.0584 0x16d4  iai2c - ok
20:24:38.0599 0x16d4  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:24:38.0615 0x16d4  iaLPSS2i_GPIO2 - ok
20:24:38.0615 0x16d4  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:24:38.0630 0x16d4  iaLPSS2i_I2C - ok
20:24:38.0630 0x16d4  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:24:38.0646 0x16d4  iaLPSSi_GPIO - ok
20:24:38.0646 0x16d4  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:24:38.0662 0x16d4  iaLPSSi_I2C - ok
20:24:38.0677 0x16d4  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:24:38.0709 0x16d4  iaStorAV - ok
20:24:38.0740 0x16d4  [ A25F83F6F395AF38DB89E002E2D8CFEE, 334503CCE397623CF73034601EC68EE9A1011C9A157CDFB37C927749A92F48E0 ] iaStorS         C:\WINDOWS\System32\drivers\iaStorS.sys
20:24:38.0771 0x16d4  iaStorS - ok
20:24:38.0787 0x16d4  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:24:38.0818 0x16d4  iaStorV - ok
20:24:38.0834 0x16d4  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
20:24:38.0849 0x16d4  ibbus - ok
20:24:38.0865 0x16d4  ibtsiva - ok
20:24:38.0865 0x16d4  [ 17CF9460BCF23BB4F96EAE3E160D7DB9, 68ABB485CBFCC22B9A5A5847557424937E5001086AB30EE5A717B18EDB81DE18 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
20:24:38.0880 0x16d4  ibtusb - ok
20:24:38.0896 0x16d4  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
20:24:38.0912 0x16d4  icssvc - ok
20:24:39.0037 0x16d4  [ 74C62314A8746B192427A961B743145C, 941007C27F7A9C215204449ABD62A4827646251264E626E90305C326D3BE5E14 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:24:39.0193 0x16d4  igfx - ok
20:24:39.0209 0x16d4  [ 027FFB47D28D9B6E8FFABB6AA635C184, BBDE9519901B124C0206642D3D57851807E692AE7472434BD9A5F9434DEC8432 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:24:39.0240 0x16d4  igfxCUIService2.0.0.0 - ok
20:24:39.0255 0x16d4  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:24:39.0302 0x16d4  IKEEXT - ok
20:24:39.0318 0x16d4  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:24:39.0334 0x16d4  IndirectKmd - ok
20:24:39.0427 0x16d4  [ CC64BCB199C6B130B2731A6C23B9AAFB, BFD7953F67ED0791BE54094141B9A4721B2612F6D08E425E45F26277D6CEBC98 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:24:39.0537 0x16d4  IntcAzAudAddService - ok
20:24:39.0568 0x16d4  [ FA06FD050994E9A42FEDFDC96992C842, 5863D218AB27032C71D5CE1315A5E7D8355316CC1D0B7BB0705E8DE00A8F0DD3 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:24:39.0584 0x16d4  IntcDAud - ok
20:24:39.0584 0x16d4  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:24:39.0599 0x16d4  intelide - ok
20:24:39.0599 0x16d4  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:24:39.0615 0x16d4  intelpep - ok
20:24:39.0630 0x16d4  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:24:39.0646 0x16d4  intelppm - ok
20:24:39.0646 0x16d4  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
20:24:39.0662 0x16d4  iorate - ok
20:24:39.0662 0x16d4  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:24:39.0677 0x16d4  IpFilterDriver - ok
20:24:39.0709 0x16d4  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:24:39.0755 0x16d4  iphlpsvc - ok
20:24:39.0771 0x16d4  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:24:39.0771 0x16d4  IPMIDRV - ok
20:24:39.0787 0x16d4  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:24:39.0802 0x16d4  IPNAT - ok
20:24:39.0818 0x16d4  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
20:24:39.0834 0x16d4  irda - ok
20:24:39.0834 0x16d4  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:24:39.0849 0x16d4  IRENUM - ok
20:24:39.0849 0x16d4  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
20:24:39.0870 0x16d4  irmon - ok
20:24:39.0870 0x16d4  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:24:39.0886 0x16d4  isapnp - ok
20:24:39.0901 0x16d4  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:24:39.0917 0x16d4  iScsiPrt - ok
20:24:39.0917 0x16d4  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:24:39.0933 0x16d4  kbdclass - ok
20:24:39.0948 0x16d4  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:24:39.0964 0x16d4  kbdhid - ok
20:24:39.0980 0x16d4  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
20:24:39.0995 0x16d4  kdnic - ok
20:24:39.0995 0x16d4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:24:40.0011 0x16d4  KeyIso - ok
20:24:40.0026 0x16d4  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:24:40.0042 0x16d4  KSecDD - ok
20:24:40.0042 0x16d4  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:24:40.0073 0x16d4  KSecPkg - ok
20:24:40.0073 0x16d4  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:24:40.0089 0x16d4  ksthunk - ok
20:24:40.0105 0x16d4  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:24:40.0136 0x16d4  KtmRm - ok
20:24:40.0151 0x16d4  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:24:40.0183 0x16d4  LanmanServer - ok
20:24:40.0198 0x16d4  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:24:40.0219 0x16d4  LanmanWorkstation - ok
20:24:40.0235 0x16d4  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
20:24:40.0251 0x16d4  lfsvc - ok
20:24:40.0266 0x16d4  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
20:24:40.0282 0x16d4  LicenseManager - ok
20:24:40.0282 0x16d4  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
20:24:40.0302 0x16d4  lltdio - ok
20:24:40.0318 0x16d4  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:24:40.0334 0x16d4  lltdsvc - ok
20:24:40.0349 0x16d4  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:24:40.0365 0x16d4  lmhosts - ok
20:24:40.0365 0x16d4  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:24:40.0381 0x16d4  LSI_SAS - ok
20:24:40.0381 0x16d4  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:24:40.0396 0x16d4  LSI_SAS2i - ok
20:24:40.0412 0x16d4  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:24:40.0428 0x16d4  LSI_SAS3i - ok
20:24:40.0428 0x16d4  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:24:40.0443 0x16d4  LSI_SSS - ok
20:24:40.0459 0x16d4  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\WINDOWS\System32\lsm.dll
20:24:40.0521 0x16d4  LSM - ok
20:24:40.0521 0x16d4  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:24:40.0553 0x16d4  luafv - ok
20:24:40.0553 0x16d4  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\WINDOWS\System32\moshost.dll
20:24:40.0584 0x16d4  MapsBroker - ok
20:24:40.0584 0x16d4  [ 06F7CA8FCF54DED400A1E9A9222DB24F, 40FECDE3494578FFB31C6457911529C093B6BD76FF257C858A132D0E1BB4CC83 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe
20:24:40.0599 0x16d4  McComponentHostService - ok
20:24:40.0615 0x16d4  [ A634947A7CE6900324E78FF374B818A8, 06AC25B2428BB182C746B20C74BCA2B64ACBF2544EEFFA30D62EA6D52791F73E ] mchpemi         C:\WINDOWS\System32\drivers\mchpemi.sys
20:24:40.0615 0x16d4  mchpemi - ok
20:24:40.0631 0x16d4  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:24:40.0631 0x16d4  megasas - ok
20:24:40.0646 0x16d4  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:24:40.0662 0x16d4  megasas2i - ok
20:24:40.0678 0x16d4  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:24:40.0709 0x16d4  megasr - ok
20:24:40.0709 0x16d4  [ 41661A854917E74E9FF19B41D41B4784, 1069FC1297C85ED4DBB9BE25000C3F33593CDCB76CF7C8536A7F7A3EB4F90B43 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:24:40.0724 0x16d4  MEIx64 - ok
20:24:40.0724 0x16d4  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:24:40.0740 0x16d4  MessagingService - ok
20:24:40.0771 0x16d4  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:24:40.0834 0x16d4  mlx4_bus - ok
20:24:40.0834 0x16d4  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
20:24:40.0865 0x16d4  MMCSS - ok
20:24:40.0865 0x16d4  [ DDAED861209B52A15C97BF3D22176BD6, 265C3115A59021A069CD7818D5FD13BB9273CC40E73AF2B5740CF82BFFA9B190 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
20:24:40.0881 0x16d4  Mobile Broadband HL Service - ok
20:24:40.0881 0x16d4  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:24:40.0928 0x16d4  Modem - ok
20:24:40.0928 0x16d4  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:24:40.0943 0x16d4  monitor - ok
20:24:40.0943 0x16d4  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:24:40.0959 0x16d4  mouclass - ok
20:24:40.0959 0x16d4  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:24:40.0974 0x16d4  mouhid - ok
20:24:40.0990 0x16d4  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:24:41.0006 0x16d4  mountmgr - ok
20:24:41.0006 0x16d4  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:24:41.0021 0x16d4  MozillaMaintenance - ok
20:24:41.0021 0x16d4  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:24:41.0053 0x16d4  mpsdrv - ok
20:24:41.0068 0x16d4  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:24:41.0131 0x16d4  MpsSvc - ok
20:24:41.0146 0x16d4  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:24:41.0178 0x16d4  MRxDAV - ok
20:24:41.0193 0x16d4  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:24:41.0224 0x16d4  mrxsmb - ok
20:24:41.0240 0x16d4  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:24:41.0256 0x16d4  mrxsmb10 - ok
20:24:41.0271 0x16d4  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:24:41.0287 0x16d4  mrxsmb20 - ok
20:24:41.0303 0x16d4  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
20:24:41.0318 0x16d4  MsBridge - ok
20:24:41.0318 0x16d4  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:24:41.0349 0x16d4  MSDTC - ok
20:24:41.0349 0x16d4  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:24:41.0365 0x16d4  Msfs - ok
20:24:41.0381 0x16d4  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:24:41.0396 0x16d4  msgpiowin32 - ok
20:24:41.0396 0x16d4  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:24:41.0412 0x16d4  mshidkmdf - ok
20:24:41.0412 0x16d4  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:24:41.0428 0x16d4  mshidumdf - ok
20:24:41.0428 0x16d4  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:24:41.0443 0x16d4  msisadrv - ok
20:24:41.0459 0x16d4  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:24:41.0474 0x16d4  MSiSCSI - ok
20:24:41.0474 0x16d4  msiserver - ok
20:24:41.0490 0x16d4  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:24:41.0506 0x16d4  MSKSSRV - ok
20:24:41.0521 0x16d4  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
20:24:41.0537 0x16d4  MsLldp - ok
20:24:41.0537 0x16d4  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:24:41.0568 0x16d4  MSPCLOCK - ok
20:24:41.0568 0x16d4  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:24:41.0584 0x16d4  MSPQM - ok
20:24:41.0599 0x16d4  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:24:41.0631 0x16d4  MsRPC - ok
20:24:41.0631 0x16d4  [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt        C:\WINDOWS\system32\drivers\mssecflt.sys
20:24:41.0646 0x16d4  MsSecFlt - ok
20:24:41.0662 0x16d4  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:24:41.0678 0x16d4  mssmbios - ok
20:24:41.0683 0x16d4  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:24:41.0701 0x16d4  MSTEE - ok
20:24:41.0701 0x16d4  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:24:41.0716 0x16d4  MTConfig - ok
20:24:41.0732 0x16d4  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:24:41.0751 0x16d4  Mup - ok
20:24:41.0756 0x16d4  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:24:41.0770 0x16d4  mvumis - ok
20:24:41.0785 0x16d4  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:24:41.0817 0x16d4  NativeWifiP - ok
20:24:41.0832 0x16d4  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:24:41.0852 0x16d4  NcaSvc - ok
20:24:41.0868 0x16d4  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:24:41.0899 0x16d4  NcbService - ok
20:24:41.0899 0x16d4  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:24:41.0930 0x16d4  NcdAutoSetup - ok
20:24:41.0946 0x16d4  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
20:24:41.0962 0x16d4  ndfltr - ok
20:24:41.0993 0x16d4  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:24:42.0040 0x16d4  NDIS - ok
20:24:42.0040 0x16d4  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
20:24:42.0055 0x16d4  NdisCap - ok
20:24:42.0055 0x16d4  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:24:42.0087 0x16d4  NdisImPlatform - ok
20:24:42.0087 0x16d4  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:24:42.0118 0x16d4  NdisTapi - ok
20:24:42.0118 0x16d4  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
20:24:42.0133 0x16d4  Ndisuio - ok
20:24:42.0149 0x16d4  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:24:42.0165 0x16d4  NdisVirtualBus - ok
20:24:42.0180 0x16d4  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
20:24:42.0212 0x16d4  NdisWan - ok
20:24:42.0227 0x16d4  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:24:42.0258 0x16d4  ndiswanlegacy - ok
20:24:42.0258 0x16d4  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:24:42.0290 0x16d4  ndproxy - ok
20:24:42.0305 0x16d4  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:24:42.0337 0x16d4  Ndu - ok
20:24:42.0337 0x16d4  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:24:42.0368 0x16d4  NetAdapterCx - ok
20:24:42.0368 0x16d4  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
20:24:42.0383 0x16d4  NetBIOS - ok
20:24:42.0399 0x16d4  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:24:42.0415 0x16d4  NetBT - ok
20:24:42.0430 0x16d4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:24:42.0430 0x16d4  Netlogon - ok
20:24:42.0446 0x16d4  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
20:24:42.0462 0x16d4  Netman - ok
20:24:42.0477 0x16d4  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:24:42.0524 0x16d4  netprofm - ok
20:24:42.0524 0x16d4  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
20:24:42.0555 0x16d4  NetSetupSvc - ok
20:24:42.0571 0x16d4  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:24:42.0587 0x16d4  NetTcpPortSharing - ok
20:24:42.0727 0x16d4  [ F9F84522CF84CF4A4EB9DDF19200BA9B, 7C773566A4F38FF2AF9C1BC74AED680DF4F19983564987119C7468B0FAA28579 ] Netwtw02        C:\WINDOWS\System32\drivers\Netwtw02.sys
20:24:42.0899 0x16d4  Netwtw02 - ok
20:24:42.0914 0x16d4  [ 09531BC5A41E4537FB8CF3E09E6D6DEC, 94E516E634E980FB0C7211A2FB1675F198D0327F188556A800451D3A41CE5A75 ] nfcgpiomanager  C:\WINDOWS\System32\drivers\nfcgpiomanager.sys
20:24:42.0930 0x16d4  nfcgpiomanager - ok
20:24:42.0946 0x16d4  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
20:24:42.0961 0x16d4  NgcCtnrSvc - ok
20:24:42.0993 0x16d4  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
20:24:43.0039 0x16d4  NgcSvc - ok
20:24:43.0055 0x16d4  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:24:43.0086 0x16d4  NlaSvc - ok
20:24:43.0086 0x16d4  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:24:43.0102 0x16d4  Npfs - ok
20:24:43.0118 0x16d4  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:24:43.0133 0x16d4  npsvctrig - ok
20:24:43.0133 0x16d4  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:24:43.0149 0x16d4  nsi - ok
20:24:43.0149 0x16d4  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:24:43.0171 0x16d4  nsiproxy - ok
20:24:43.0218 0x16d4  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
20:24:43.0296 0x16d4  NTFS - ok
20:24:43.0296 0x16d4  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:24:43.0312 0x16d4  Null - ok
20:24:43.0337 0x16d4  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:24:43.0350 0x16d4  nvraid - ok
20:24:43.0350 0x16d4  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:24:43.0366 0x16d4  nvstor - ok
20:24:43.0390 0x16d4  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
20:24:43.0421 0x16d4  OneSyncSvc - ok
20:24:43.0453 0x16d4  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:24:43.0468 0x16d4  ose - ok
20:24:43.0468 0x16d4  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:24:43.0499 0x16d4  p2pimsvc - ok
20:24:43.0515 0x16d4  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:24:43.0546 0x16d4  p2psvc - ok
20:24:43.0546 0x16d4  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:24:43.0562 0x16d4  Parport - ok
20:24:43.0578 0x16d4  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:24:43.0593 0x16d4  partmgr - ok
20:24:43.0609 0x16d4  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
         
Fortsetzung zweites mal scannen mit TDSSKiller in nächstem Post


Geändert von umor (18.02.2017 um 21:03 Uhr)

Alt 18.02.2017, 20:57   #6
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Fortsetzung zweites mal scannen mit TDSSKiller (Teil 2 von 2)
Code:
ATTFilter
20:24:43.0625 0x16d4  PcaSvc - ok
20:24:43.0640 0x16d4  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:24:43.0656 0x16d4  pci - ok
20:24:43.0671 0x16d4  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:24:43.0671 0x16d4  pciide - ok
20:24:43.0687 0x16d4  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:24:43.0703 0x16d4  pcmcia - ok
20:24:43.0703 0x16d4  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:24:43.0718 0x16d4  pcw - ok
20:24:43.0718 0x16d4  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:24:43.0734 0x16d4  pdc - ok
20:24:43.0750 0x16d4  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:24:43.0796 0x16d4  PEAUTH - ok
20:24:43.0843 0x16d4  [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
20:24:43.0937 0x16d4  PeerDistSvc - ok
20:24:43.0937 0x16d4  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
20:24:43.0953 0x16d4  percsas2i - ok
20:24:43.0968 0x16d4  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
20:24:43.0968 0x16d4  percsas3i - ok
20:24:44.0000 0x16d4  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:24:44.0015 0x16d4  PerfHost - ok
20:24:44.0045 0x16d4  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
20:24:44.0108 0x16d4  PhoneSvc - ok
20:24:44.0108 0x16d4  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:24:44.0139 0x16d4  PimIndexMaintenanceSvc - ok
20:24:44.0170 0x16d4  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
20:24:44.0248 0x16d4  pla - ok
20:24:44.0248 0x16d4  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
20:24:44.0264 0x16d4  PlugPlay - ok
20:24:44.0280 0x16d4  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:24:44.0295 0x16d4  PNRPAutoReg - ok
20:24:44.0295 0x16d4  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:24:44.0326 0x16d4  PNRPsvc - ok
20:24:44.0342 0x16d4  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:24:44.0373 0x16d4  PolicyAgent - ok
20:24:44.0373 0x16d4  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
20:24:44.0405 0x16d4  Power - ok
20:24:44.0405 0x16d4  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
20:24:44.0436 0x16d4  PptpMiniport - ok
20:24:44.0498 0x16d4  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:24:44.0670 0x16d4  PrintNotify - ok
20:24:44.0686 0x16d4  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:24:44.0701 0x16d4  Processor - ok
20:24:44.0701 0x16d4  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:24:44.0733 0x16d4  ProfSvc - ok
20:24:44.0748 0x16d4  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
20:24:44.0764 0x16d4  Psched - ok
20:24:44.0764 0x16d4  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:24:44.0795 0x16d4  QWAVE - ok
20:24:44.0795 0x16d4  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:24:44.0811 0x16d4  QWAVEdrv - ok
20:24:44.0826 0x16d4  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:24:44.0858 0x16d4  RasAcd - ok
20:24:44.0873 0x16d4  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
20:24:44.0910 0x16d4  RasAgileVpn - ok
20:24:44.0920 0x16d4  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:24:44.0942 0x16d4  RasAuto - ok
20:24:44.0947 0x16d4  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
20:24:44.0973 0x16d4  Rasl2tp - ok
20:24:44.0992 0x16d4  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:24:45.0037 0x16d4  RasMan - ok
20:24:45.0037 0x16d4  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:24:45.0052 0x16d4  RasPppoe - ok
20:24:45.0052 0x16d4  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
20:24:45.0088 0x16d4  RasSstp - ok
20:24:45.0088 0x16d4  [ 9A2B1D0E416F6A07A96919BA7A1199FF, B6C2D40E5A62E2E0AD8EC3DE0878531D12EA39316B940BFAD92008A37ABD8080 ] rccfg           C:\WINDOWS\System32\drivers\rccfg.sys
20:24:45.0119 0x16d4  rccfg - ok
20:24:45.0135 0x16d4  [ F8B5C63D09B8EC4505A592A71718069F, 3FCDF4E91A706E838475213972668AE8738437535609669CEAE857BA0E957DFE ] rcraid          C:\WINDOWS\System32\drivers\rcraid.sys
20:24:45.0182 0x16d4  rcraid - ok
20:24:45.0198 0x16d4  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:24:45.0213 0x16d4  rdbss - ok
20:24:45.0229 0x16d4  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:24:45.0244 0x16d4  rdpbus - ok
20:24:45.0244 0x16d4  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:24:45.0276 0x16d4  RDPDR - ok
20:24:45.0276 0x16d4  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:24:45.0291 0x16d4  RdpVideoMiniport - ok
20:24:45.0291 0x16d4  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:24:45.0323 0x16d4  rdyboost - ok
20:24:45.0354 0x16d4  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
20:24:45.0401 0x16d4  ReFSv1 - ok
20:24:45.0416 0x16d4  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:24:45.0448 0x16d4  RemoteAccess - ok
20:24:45.0463 0x16d4  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:24:45.0494 0x16d4  RemoteRegistry - ok
20:24:45.0510 0x16d4  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
20:24:45.0557 0x16d4  RetailDemo - ok
20:24:45.0573 0x16d4  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
20:24:45.0588 0x16d4  RFCOMM - ok
20:24:45.0604 0x16d4  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
20:24:45.0619 0x16d4  RmSvc - ok
20:24:45.0635 0x16d4  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:24:45.0651 0x16d4  RpcEptMapper - ok
20:24:45.0666 0x16d4  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:24:45.0682 0x16d4  RpcLocator - ok
20:24:45.0729 0x16d4  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:24:45.0784 0x16d4  RpcSs - ok
20:24:45.0792 0x16d4  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
20:24:45.0798 0x16d4  rspndr - ok
20:24:45.0814 0x16d4  [ E10276CC13ADDC33F6D6E7670C0ED211, F567EE51D6E5DA8AC60C699A0A4629D2E6160712A115AE8F57559C9432203FB5 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
20:24:45.0830 0x16d4  RtkAudioService - ok
20:24:45.0861 0x16d4  [ 253FE615CD283B0779A9585B50E4B030, 7B56FE3005BC1873DC5952181BE3AD5FCC6FF75B0D6C8C54176205CF8D12C062 ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
20:24:45.0892 0x16d4  RTSPER - ok
20:24:45.0892 0x16d4  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:24:45.0908 0x16d4  s3cap - ok
20:24:45.0923 0x16d4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:24:45.0939 0x16d4  SamSs - ok
20:24:45.0955 0x16d4  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:24:45.0970 0x16d4  sbp2port - ok
20:24:46.0001 0x16d4  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:24:46.0033 0x16d4  SCardSvr - ok
20:24:46.0048 0x16d4  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:24:46.0084 0x16d4  ScDeviceEnum - ok
20:24:46.0084 0x16d4  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:24:46.0099 0x16d4  scfilter - ok
20:24:46.0131 0x16d4  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:24:46.0193 0x16d4  Schedule - ok
20:24:46.0209 0x16d4  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
20:24:46.0224 0x16d4  scmbus - ok
20:24:46.0224 0x16d4  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:24:46.0256 0x16d4  scmdisk0101 - ok
20:24:46.0256 0x16d4  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:24:46.0287 0x16d4  SCPolicySvc - ok
20:24:46.0302 0x16d4  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:24:46.0318 0x16d4  sdbus - ok
20:24:46.0334 0x16d4  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
20:24:46.0365 0x16d4  SDRSVC - ok
20:24:46.0365 0x16d4  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:24:46.0386 0x16d4  sdstor - ok
20:24:46.0386 0x16d4  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:24:46.0417 0x16d4  seclogon - ok
20:24:46.0417 0x16d4  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
20:24:46.0448 0x16d4  SENS - ok
20:24:46.0448 0x16d4  Sense - ok
20:24:46.0495 0x16d4  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:24:46.0589 0x16d4  SensorDataService - ok
20:24:46.0605 0x16d4  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
20:24:46.0652 0x16d4  SensorService - ok
20:24:46.0652 0x16d4  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:24:46.0683 0x16d4  SensrSvc - ok
20:24:46.0683 0x16d4  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:24:46.0698 0x16d4  SerCx - ok
20:24:46.0714 0x16d4  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:24:46.0730 0x16d4  SerCx2 - ok
20:24:46.0730 0x16d4  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:24:46.0745 0x16d4  Serenum - ok
20:24:46.0761 0x16d4  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:24:46.0777 0x16d4  Serial - ok
20:24:46.0777 0x16d4  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:24:46.0792 0x16d4  sermouse - ok
20:24:46.0823 0x16d4  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:24:46.0870 0x16d4  SessionEnv - ok
20:24:46.0870 0x16d4  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:24:46.0886 0x16d4  sfloppy - ok
20:24:46.0902 0x16d4  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:24:46.0948 0x16d4  SharedAccess - ok
20:24:46.0980 0x16d4  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:24:47.0027 0x16d4  ShellHWDetection - ok
20:24:47.0042 0x16d4  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:24:47.0058 0x16d4  shpamsvc - ok
20:24:47.0073 0x16d4  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:24:47.0073 0x16d4  SiSRaid2 - ok
20:24:47.0089 0x16d4  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:24:47.0105 0x16d4  SiSRaid4 - ok
20:24:47.0120 0x16d4  [ B72B80E6FF423C5011E745CB76DA9A08, 18A6B9D46E91AD4D463EB5CB832702392D2E162577F90C328B515FCE69FABD15 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:24:47.0163 0x16d4  SkypeUpdate - ok
20:24:47.0169 0x16d4  [ 86C475DD33893895EB878D189807F8E7, 99C5FF95AE518E6A18866C97C93E0B9EAAFF0AEECBC7AAC3C5EC5A915FACB65E ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:24:47.0181 0x16d4  SmbDrvI - ok
20:24:47.0187 0x16d4  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
20:24:47.0213 0x16d4  smphost - ok
20:24:47.0237 0x16d4  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
20:24:47.0299 0x16d4  SmsRouter - ok
20:24:47.0299 0x16d4  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:24:47.0336 0x16d4  SNMPTRAP - ok
20:24:47.0351 0x16d4  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:24:47.0383 0x16d4  spaceport - ok
20:24:47.0398 0x16d4  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:24:47.0414 0x16d4  SpbCx - ok
20:24:47.0461 0x16d4  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:24:47.0523 0x16d4  Spooler - ok
20:24:47.0695 0x16d4  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:24:47.0914 0x16d4  sppsvc - ok
20:24:47.0945 0x16d4  [ 691A113761E32DB71283B2A837E5A0F4, 84F585C0C03E4CCF4F7CAB238B0F9B75AB0441D03577F19AA3166529BC4A2E74 ] SPUVCbv         C:\WINDOWS\System32\Drivers\SPUVCbv64.sys
20:24:47.0992 0x16d4  SPUVCbv - ok
20:24:48.0008 0x16d4  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:24:48.0055 0x16d4  srv - ok
20:24:48.0070 0x16d4  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:24:48.0117 0x16d4  srv2 - ok
20:24:48.0133 0x16d4  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:24:48.0164 0x16d4  srvnet - ok
20:24:48.0164 0x16d4  [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus         C:\WINDOWS\System32\drivers\ssadbus.sys
20:24:48.0180 0x16d4  ssadbus - ok
20:24:48.0195 0x16d4  [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl        C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
20:24:48.0195 0x16d4  ssadmdfl - ok
20:24:48.0211 0x16d4  [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm         C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
20:24:48.0227 0x16d4  ssadmdm - ok
20:24:48.0242 0x16d4  [ FF20F67DD5644BD1D2E7FCD95AF7F03B, 23615E776D6A8C406C7DDF0E694ED3B5A2D30913AFD3C0F86A788C5004299845 ] ssadserd        C:\WINDOWS\system32\DRIVERS\ssadserd.sys
20:24:48.0258 0x16d4  ssadserd - ok
20:24:48.0258 0x16d4  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:24:48.0289 0x16d4  SSDPSRV - ok
20:24:48.0305 0x16d4  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:24:48.0336 0x16d4  SstpSvc - ok
20:24:48.0352 0x16d4  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
20:24:48.0383 0x16d4  ss_conn_service - ok
20:24:48.0492 0x16d4  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:24:48.0702 0x16d4  StateRepository - ok
20:24:48.0702 0x16d4  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:24:48.0718 0x16d4  stexstor - ok
20:24:48.0749 0x16d4  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:24:48.0796 0x16d4  stisvc - ok
20:24:48.0796 0x16d4  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:24:48.0827 0x16d4  storahci - ok
20:24:48.0827 0x16d4  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:24:48.0843 0x16d4  storflt - ok
20:24:48.0843 0x16d4  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:24:48.0858 0x16d4  stornvme - ok
20:24:48.0874 0x16d4  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
20:24:48.0890 0x16d4  storqosflt - ok
20:24:48.0905 0x16d4  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:24:48.0952 0x16d4  StorSvc - ok
20:24:48.0952 0x16d4  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
20:24:48.0968 0x16d4  storufs - ok
20:24:48.0983 0x16d4  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:24:48.0999 0x16d4  storvsc - ok
20:24:48.0999 0x16d4  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:24:49.0015 0x16d4  svsvc - ok
20:24:49.0046 0x16d4  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:24:49.0062 0x16d4  swenum - ok
20:24:49.0077 0x16d4  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
20:24:49.0124 0x16d4  swprv - ok
20:24:49.0124 0x16d4  [ C3AE45291669788AB51BA28F93554119, 8558B5A02215348C727AF26A33E61A02CAD656DE695D82DF11486E3ECA1F4CFF ] SynRMIHID       C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys
20:24:49.0140 0x16d4  SynRMIHID - ok
20:24:49.0140 0x16d4  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:24:49.0171 0x16d4  Synth3dVsc - ok
20:24:49.0187 0x16d4  [ 135B02E91F983266906D468DF9DDF1D7, C387AAFD0E7F35A3E91E1AE8CE29668C9BA0FE76EF1BC68CE0B9D750F47B6D60 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:24:49.0218 0x16d4  SynTP - ok
20:24:49.0233 0x16d4  [ ECDCF184867EF5E97CED317CED71C562, 2A83C7AE6F514F289070CBB6B8C32334AEBA0C541121ED205AA44A9AFF9078BC ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
20:24:49.0249 0x16d4  SynTPEnhService - ok
20:24:49.0280 0x16d4  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:24:49.0343 0x16d4  SysMain - ok
20:24:49.0359 0x16d4  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:24:49.0390 0x16d4  SystemEventsBroker - ok
20:24:49.0405 0x16d4  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:24:49.0421 0x16d4  TabletInputService - ok
20:24:49.0437 0x16d4  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:24:49.0468 0x16d4  TapiSrv - ok
20:24:49.0548 0x16d4  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:24:49.0658 0x16d4  Tcpip - ok
20:24:49.0736 0x16d4  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
20:24:49.0861 0x16d4  Tcpip6 - ok
20:24:49.0877 0x16d4  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:24:49.0892 0x16d4  tcpipreg - ok
20:24:49.0908 0x16d4  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:24:49.0939 0x16d4  tdx - ok
20:24:49.0939 0x16d4  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:24:49.0955 0x16d4  terminpt - ok
20:24:50.0002 0x16d4  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
20:24:50.0080 0x16d4  TermService - ok
20:24:50.0095 0x16d4  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
20:24:50.0127 0x16d4  Themes - ok
20:24:50.0142 0x16d4  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:24:50.0189 0x16d4  TieringEngineService - ok
20:24:50.0220 0x16d4  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:24:50.0267 0x16d4  tiledatamodelsvc - ok
20:24:50.0283 0x16d4  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
20:24:50.0314 0x16d4  TimeBrokerSvc - ok
20:24:50.0330 0x16d4  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
20:24:50.0361 0x16d4  TPM - ok
20:24:50.0361 0x16d4  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:24:50.0408 0x16d4  TrkWks - ok
20:24:50.0408 0x16d4  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:24:50.0456 0x16d4  TrustedInstaller - ok
20:24:50.0465 0x16d4  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:24:50.0487 0x16d4  tsusbflt - ok
20:24:50.0493 0x16d4  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:24:50.0508 0x16d4  TsUsbGD - ok
20:24:50.0524 0x16d4  [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub        C:\WINDOWS\system32\drivers\tsusbhub.sys
20:24:50.0555 0x16d4  tsusbhub - ok
20:24:50.0555 0x16d4  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
20:24:50.0586 0x16d4  tunnel - ok
20:24:50.0602 0x16d4  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
20:24:50.0649 0x16d4  tzautoupdate - ok
20:24:50.0665 0x16d4  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:24:50.0671 0x16d4  UASPStor - ok
20:24:50.0687 0x16d4  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
20:24:50.0702 0x16d4  UcmCx0101 - ok
20:24:50.0718 0x16d4  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:24:50.0737 0x16d4  UcmTcpciCx0101 - ok
20:24:50.0752 0x16d4  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:24:50.0768 0x16d4  UcmUcsi - ok
20:24:50.0783 0x16d4  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
20:24:50.0803 0x16d4  Ucx01000 - ok
20:24:50.0819 0x16d4  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
20:24:50.0834 0x16d4  UdeCx - ok
20:24:50.0861 0x16d4  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:24:50.0896 0x16d4  udfs - ok
20:24:50.0911 0x16d4  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:24:50.0927 0x16d4  UEFI - ok
20:24:50.0927 0x16d4  [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver  C:\WINDOWS\system32\drivers\UevAgentDriver.sys
20:24:50.0943 0x16d4  UevAgentDriver - ok
20:24:50.0989 0x16d4  [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\WINDOWS\system32\AgentService.exe
20:24:51.0068 0x16d4  UevAgentService - ok
20:24:51.0086 0x16d4  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
20:24:51.0118 0x16d4  Ufx01000 - ok
20:24:51.0118 0x16d4  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:24:51.0139 0x16d4  UfxChipidea - ok
20:24:51.0155 0x16d4  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:24:51.0170 0x16d4  ufxsynopsys - ok
20:24:51.0186 0x16d4  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:24:51.0217 0x16d4  UI0Detect - ok
20:24:51.0217 0x16d4  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:24:51.0238 0x16d4  umbus - ok
20:24:51.0238 0x16d4  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:24:51.0269 0x16d4  UmPass - ok
20:24:51.0269 0x16d4  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:24:51.0316 0x16d4  UmRdpService - ok
20:24:51.0354 0x16d4  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
20:24:51.0432 0x16d4  UnistoreSvc - ok
20:24:51.0448 0x16d4  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:24:51.0495 0x16d4  upnphost - ok
20:24:51.0511 0x16d4  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
20:24:51.0526 0x16d4  UrsChipidea - ok
20:24:51.0537 0x16d4  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
20:24:51.0539 0x16d4  UrsCx01000 - ok
20:24:51.0555 0x16d4  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
20:24:51.0571 0x16d4  UrsSynopsys - ok
20:24:51.0586 0x16d4  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:24:51.0602 0x16d4  usbccgp - ok
20:24:51.0602 0x16d4  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:24:51.0633 0x16d4  usbcir - ok
20:24:51.0633 0x16d4  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:24:51.0649 0x16d4  usbehci - ok
20:24:51.0680 0x16d4  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:24:51.0711 0x16d4  usbhub - ok
20:24:51.0742 0x16d4  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:24:51.0789 0x16d4  USBHUB3 - ok
20:24:51.0789 0x16d4  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:24:51.0805 0x16d4  usbohci - ok
20:24:51.0821 0x16d4  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:24:51.0836 0x16d4  usbprint - ok
20:24:51.0836 0x16d4  [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:24:51.0883 0x16d4  usbscan - ok
20:24:51.0883 0x16d4  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
20:24:51.0914 0x16d4  usbser - ok
20:24:51.0914 0x16d4  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:24:51.0946 0x16d4  USBSTOR - ok
20:24:51.0946 0x16d4  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:24:51.0961 0x16d4  usbuhci - ok
20:24:51.0977 0x16d4  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:24:52.0008 0x16d4  USBXHCI - ok
20:24:52.0008 0x16d4  [ 836828E40B9EEFBC77B3032DB677555C, 8AC045B43086E800B03412895D4DBCF506D1B729791CF24EB2ECA3F0F1C9BDEB ] usb_rndisx      C:\WINDOWS\System32\drivers\usb8023x.sys
20:24:52.0024 0x16d4  usb_rndisx - ok
20:24:52.0071 0x16d4  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
20:24:52.0149 0x16d4  UserDataSvc - ok
20:24:52.0203 0x16d4  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
20:24:52.0270 0x16d4  UserManager - ok
20:24:52.0281 0x16d4  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\WINDOWS\system32\usocore.dll
20:24:52.0328 0x16d4  UsoSvc - ok
20:24:52.0343 0x16d4  [ FEA3504EEFEA7EF27C4B3EDB9986B4EC, 6957F39115C517EA4F1349A10E6CCB8B43FC72C603B8616FB30EFA36560019FF ] valWBFPolicyService C:\WINDOWS\system32\valWBFPolicyService.exe
20:24:52.0359 0x16d4  valWBFPolicyService - ok
20:24:52.0359 0x16d4  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:24:52.0375 0x16d4  VaultSvc - ok
20:24:52.0375 0x16d4  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:24:52.0390 0x16d4  vdrvroot - ok
20:24:52.0422 0x16d4  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
20:24:52.0468 0x16d4  vds - ok
20:24:52.0468 0x16d4  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:24:52.0500 0x16d4  VerifierExt - ok
20:24:52.0515 0x16d4  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:24:52.0562 0x16d4  vhdmp - ok
20:24:52.0562 0x16d4  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
20:24:52.0594 0x16d4  vhf - ok
20:24:52.0601 0x16d4  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:24:52.0619 0x16d4  vmbus - ok
20:24:52.0624 0x16d4  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:24:52.0641 0x16d4  VMBusHID - ok
20:24:52.0645 0x16d4  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
20:24:52.0662 0x16d4  vmgid - ok
20:24:52.0676 0x16d4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:24:52.0709 0x16d4  vmicguestinterface - ok
20:24:52.0709 0x16d4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
20:24:52.0741 0x16d4  vmicheartbeat - ok
20:24:52.0756 0x16d4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:24:52.0787 0x16d4  vmickvpexchange - ok
20:24:52.0819 0x16d4  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
20:24:52.0873 0x16d4  vmicrdv - ok
20:24:52.0889 0x16d4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
20:24:52.0936 0x16d4  vmicshutdown - ok
20:24:52.0952 0x16d4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
20:24:53.0001 0x16d4  vmictimesync - ok
20:24:53.0025 0x16d4  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
20:24:53.0070 0x16d4  vmicvmsession - ok
20:24:53.0088 0x16d4  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
20:24:53.0135 0x16d4  vmicvss - ok
20:24:53.0151 0x16d4  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:24:53.0182 0x16d4  volmgr - ok
20:24:53.0197 0x16d4  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:24:53.0244 0x16d4  volmgrx - ok
20:24:53.0276 0x16d4  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:24:53.0322 0x16d4  volsnap - ok
20:24:53.0338 0x16d4  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
20:24:53.0354 0x16d4  volume - ok
20:24:53.0369 0x16d4  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:24:53.0385 0x16d4  vpci - ok
20:24:53.0401 0x16d4  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:24:53.0441 0x16d4  vsmraid - ok
20:24:53.0487 0x16d4  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:24:53.0597 0x16d4  VSS - ok
20:24:53.0612 0x16d4  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:24:53.0648 0x16d4  VSTXRAID - ok
20:24:53.0654 0x16d4  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:24:53.0673 0x16d4  vwifibus - ok
20:24:53.0682 0x16d4  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
20:24:53.0705 0x16d4  vwififlt - ok
20:24:53.0711 0x16d4  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
20:24:53.0729 0x16d4  vwifimp - ok
20:24:53.0745 0x16d4  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:24:53.0807 0x16d4  W32Time - ok
20:24:53.0823 0x16d4  [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
20:24:53.0838 0x16d4  w3logsvc - ok
20:24:53.0854 0x16d4  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:24:53.0870 0x16d4  WacomPen - ok
20:24:53.0885 0x16d4  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
20:24:53.0916 0x16d4  WalletService - ok
20:24:53.0932 0x16d4  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:53.0948 0x16d4  wanarp - ok
20:24:53.0963 0x16d4  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:53.0979 0x16d4  wanarpv6 - ok
20:24:53.0995 0x16d4  [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
20:24:54.0041 0x16d4  WAS - ok
20:24:54.0088 0x16d4  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:24:54.0182 0x16d4  wbengine - ok
20:24:54.0198 0x16d4  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:24:54.0260 0x16d4  WbioSrvc - ok
20:24:54.0260 0x16d4  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
20:24:54.0276 0x16d4  wcifs - ok
20:24:54.0307 0x16d4  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:24:54.0354 0x16d4  Wcmsvc - ok
20:24:54.0370 0x16d4  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:24:54.0416 0x16d4  wcncsvc - ok
20:24:54.0416 0x16d4  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
20:24:54.0450 0x16d4  wcnfs - ok
20:24:54.0456 0x16d4  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:24:54.0456 0x16d4  WdBoot - ok
20:24:54.0487 0x16d4  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:24:54.0534 0x16d4  Wdf01000 - ok
20:24:54.0550 0x16d4  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:24:54.0565 0x16d4  WdFilter - ok
20:24:54.0581 0x16d4  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:24:54.0597 0x16d4  WdiServiceHost - ok
20:24:54.0612 0x16d4  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:24:54.0644 0x16d4  WdiSystemHost - ok
20:24:54.0659 0x16d4  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:24:54.0706 0x16d4  wdiwifi - ok
20:24:54.0722 0x16d4  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:24:54.0737 0x16d4  WdNisDrv - ok
20:24:54.0737 0x16d4  WdNisSvc - ok
20:24:54.0753 0x16d4  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:24:54.0784 0x16d4  WebClient - ok
20:24:54.0803 0x16d4  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:24:54.0828 0x16d4  Wecsvc - ok
20:24:54.0828 0x16d4  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:24:54.0859 0x16d4  WEPHOSTSVC - ok
20:24:54.0859 0x16d4  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:24:54.0890 0x16d4  wercplsupport - ok
20:24:54.0906 0x16d4  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:24:54.0937 0x16d4  WerSvc - ok
20:24:54.0937 0x16d4  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
20:24:54.0953 0x16d4  WFPLWFS - ok
20:24:54.0968 0x16d4  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:24:54.0984 0x16d4  WiaRpc - ok
20:24:55.0000 0x16d4  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:24:55.0015 0x16d4  WIMMount - ok
20:24:55.0015 0x16d4  WinDefend - ok
20:24:55.0031 0x16d4  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:24:55.0047 0x16d4  WindowsTrustedRT - ok
20:24:55.0047 0x16d4  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:24:55.0062 0x16d4  WindowsTrustedRTProxy - ok
20:24:55.0093 0x16d4  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:24:55.0140 0x16d4  WinHttpAutoProxySvc - ok
20:24:55.0156 0x16d4  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
20:24:55.0172 0x16d4  WinMad - ok
20:24:55.0187 0x16d4  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:24:55.0203 0x16d4  Winmgmt - ok
20:24:55.0281 0x16d4  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:24:55.0406 0x16d4  WinRM - ok
20:24:55.0422 0x16d4  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
20:24:55.0437 0x16d4  WINUSB - ok
20:24:55.0453 0x16d4  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
20:24:55.0468 0x16d4  WinVerbs - ok
20:24:55.0468 0x16d4  [ D8F041E03B5D68BC98457F55A18F4997, 55B817FB2CC914224FC897C0B1D76930FB454902F40F10595350BCBA6FB41F7E ] WirelessButtonDriver64 C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
20:24:55.0484 0x16d4  WirelessButtonDriver64 - ok
20:24:55.0500 0x16d4  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
20:24:55.0547 0x16d4  wisvc - ok
20:24:55.0609 0x16d4  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:24:55.0750 0x16d4  WlanSvc - ok
20:24:55.0812 0x16d4  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:24:55.0922 0x16d4  wlidsvc - ok
20:24:55.0937 0x16d4  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:24:55.0953 0x16d4  WmiAcpi - ok
20:24:55.0968 0x16d4  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:24:55.0984 0x16d4  wmiApSrv - ok
20:24:56.0000 0x16d4  WMPNetworkSvc - ok
20:24:56.0000 0x16d4  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:24:56.0031 0x16d4  Wof - ok
20:24:56.0078 0x16d4  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:24:56.0203 0x16d4  workfolderssvc - ok
20:24:56.0203 0x16d4  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:24:56.0234 0x16d4  WPDBusEnum - ok
20:24:56.0234 0x16d4  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:24:56.0250 0x16d4  WpdUpFltr - ok
20:24:56.0265 0x16d4  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
20:24:56.0297 0x16d4  WpnService - ok
20:24:56.0297 0x16d4  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
20:24:56.0328 0x16d4  WpnUserService - ok
20:24:56.0328 0x16d4  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:24:56.0343 0x16d4  ws2ifsl - ok
20:24:56.0359 0x16d4  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:24:56.0390 0x16d4  wscsvc - ok
20:24:56.0390 0x16d4  WSearch - ok
20:24:56.0468 0x16d4  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:24:56.0578 0x16d4  wuauserv - ok
20:24:56.0593 0x16d4  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:24:56.0609 0x16d4  WudfPf - ok
20:24:56.0609 0x16d4  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
20:24:56.0640 0x16d4  WUDFRd - ok
20:24:56.0640 0x16d4  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:24:56.0672 0x16d4  wudfsvc - ok
20:24:56.0687 0x16d4  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:24:56.0703 0x16d4  WUDFWpdFs - ok
20:24:56.0718 0x16d4  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:24:56.0734 0x16d4  WUDFWpdMtp - ok
20:24:56.0781 0x16d4  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:24:56.0859 0x16d4  WwanSvc - ok
20:24:56.0906 0x16d4  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
20:24:56.0968 0x16d4  XblAuthManager - ok
20:24:57.0000 0x16d4  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
20:24:57.0078 0x16d4  XblGameSave - ok
20:24:57.0093 0x16d4  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
20:24:57.0172 0x16d4  xboxgip - ok
20:24:57.0218 0x16d4  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
20:24:57.0312 0x16d4  XboxNetApiSvc - ok
20:24:57.0312 0x16d4  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
20:24:57.0359 0x16d4  xinputhid - ok
20:24:57.0359 0x16d4  ================ Scan global ===============================
20:24:57.0375 0x16d4  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:24:57.0375 0x16d4  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
20:24:57.0390 0x16d4  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:24:57.0422 0x16d4  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
20:24:57.0437 0x16d4  [ Global ] - ok
20:24:57.0437 0x16d4  ================ Scan MBR ==================================
20:24:57.0437 0x16d4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:24:57.0625 0x16d4  \Device\Harddisk0\DR0 - ok
20:24:57.0625 0x16d4  ================ Scan VBR ==================================
20:24:57.0625 0x16d4  [ A8A6EDC0C61A8F014CA5D940A094BAFA ] \Device\Harddisk0\DR0\Partition1
20:24:57.0625 0x16d4  \Device\Harddisk0\DR0\Partition1 - ok
20:24:57.0640 0x16d4  [ 3AC0EAC7964BB12438A0FBFC99A1F8A8 ] \Device\Harddisk0\DR0\Partition2
20:24:57.0640 0x16d4  \Device\Harddisk0\DR0\Partition2 - ok
20:24:57.0640 0x16d4  [ 7BA077761FD35C34EC1F16624190450B ] \Device\Harddisk0\DR0\Partition3
20:24:57.0640 0x16d4  \Device\Harddisk0\DR0\Partition3 - ok
20:24:57.0656 0x16d4  [ 6F9DD6074254895E816BD677B5DC210C ] \Device\Harddisk0\DR0\Partition4
20:24:57.0656 0x16d4  \Device\Harddisk0\DR0\Partition4 - ok
20:24:57.0656 0x16d4  ================ Scan generic autorun ======================
20:24:57.0906 0x16d4  [ 103B9C27600E7492F814FD03E805EEFC, 788542D7494F9697E4BAD0A541060B73D93C8D4A943729D6731DE074FA8A9327 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:24:58.0187 0x16d4  RTHDVCPL - ok
20:24:58.0234 0x16d4  [ 5AF3874DD6922F7638BFF6F7234E165C, A85AB971CE061FA02D56D8935F20BFFF431A79F12A8A440BD046AFE62D5093A9 ] C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe
20:24:58.0265 0x16d4  CxAgent - ok
20:24:58.0265 0x16d4  WindowsDefender - ok
20:24:58.0285 0x16d4  [ 90F3260640FA377A2208AE5BA2701A67, 323A52508ACD92D11FA66467C54A2F319F0D57C82E48E49CF9CCA74FEA835288 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
20:24:58.0301 0x16d4  KiesTrayAgent - ok
20:24:58.0520 0x16d4  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:24:58.0754 0x16d4  OneDriveSetup - ok
20:24:58.0957 0x16d4  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:24:59.0176 0x16d4  OneDriveSetup - ok
20:24:59.0238 0x16d4  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\susanna\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:24:59.0285 0x16d4  OneDrive - ok
20:24:59.0316 0x16d4  [ FA9A5C429858E4AD0173878CF9898D49, BBCADF15B2DD4B5FA7ADC61BA69F45B2608D93F691FF67E9857932C3ABF332CE ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
20:24:59.0363 0x16d4  KiesPreload - ok
20:24:59.0395 0x16d4  [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
20:24:59.0410 0x16d4  Google Update - ok
20:24:59.0504 0x16d4  [ 52CFF3274565013440E221A1DAB75847, C42E176046647438EE3C3574195D02B101A4C32ED8B292043E223540281AD0AE ] C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
20:24:59.0613 0x16d4  Google Photos Backup - ok
20:24:59.0660 0x16d4  [ A2B91786A24A2F285C5C41D7F9CE62D9, 5D056540C425C57B5C685174472C2329452449C8443F213704C6E67192CFA208 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
20:24:59.0691 0x16d4  GarminExpressTrayApp - ok
20:24:59.0691 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:00.0707 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:01.0708 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:02.0723 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:03.0732 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:04.0733 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:05.0735 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:06.0736 0x16d4  Waiting for KSN requests completion. In queue: 51
20:25:07.0784 0x16d4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
20:25:07.0805 0x16d4  Win FW state via NFP2: enabled ( trusted )
20:25:14.0945 0x16d4  ============================================================
20:25:14.0945 0x16d4  Scan finished
20:25:14.0945 0x16d4  ============================================================
20:25:14.0960 0x14d0  Detected object count: 0
20:25:14.0960 0x14d0  Actual detected object count: 0
         
Vielen dank schon mal bis jetzt. Was müssen wir jetzt tun?

LG, Uli

Geändert von umor (18.02.2017 um 21:02 Uhr)

Alt 19.02.2017, 13:25   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.02.2017, 16:12   #8
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Danke cosinus für die Anleitung. Es hat alles funktioniert. Im Folgenden die Log-Files.

AdwCleaner Log:

Code:
ATTFilter
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 19/02/2017 um 15:43:42
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : susanna - DESKTOP-UCUGHB0
# Gestartet von : C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Ordner gelöscht: C:\Program Files (x86)\myfree codec


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\susanna\Downloads\ReimageRepair.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Schlüssel gelöscht: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Software\Myfree Codec
[-] Schlüssel gelöscht: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Myfree Codec
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Myfree Codec
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Myfree Codec
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1896 Bytes] - [19/02/2017 15:43:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [2066 Bytes] - [19/02/2017 15:34:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [19/02/2017 15:41:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2115 Bytes] ##########
         
--- --- ---


JRT Log

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by susanna (Administrator) on 19.02.2017 at 15:53:40,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\extensions\trash (Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.02.2017 at 15:54:24,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 20.02.2017, 00:01   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen:

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2017, 22:32   #10
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Hallo cosinus,

oh, dann haben wir doch nicht alles richtig gemacht. Danke für das aktuelle Bild.
Unten die Logs von neuen Versuch (von adwCleaner gibt es ein Protokoll mit einer "S" und einer "C" Laufnummer, ich habe beide gepostet):

adwCleanre[C2].txt

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 20/02/2017 um 21:53:00
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : susanna - DESKTOP-UCUGHB0
# Gestartet von : C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****



***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****



***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2205 Bytes] - [19/02/2017 15:43:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [1041 Bytes] - [20/02/2017 21:53:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [2066 Bytes] - [19/02/2017 15:34:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [19/02/2017 15:41:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1567 Bytes] - [20/02/2017 21:52:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1333 Bytes] ##########
         
--- --- ---

adwCleaner[S2].txt

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 20/02/2017 um 21:52:11
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-01-27.1 [Lokal]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : susanna - DESKTOP-UCUGHB0
# Gestartet von : C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2205 Bytes] - [19/02/2017 15:43:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [2066 Bytes] - [19/02/2017 15:34:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [19/02/2017 15:41:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [1415 Bytes] - [20/02/2017 21:52:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1488 Bytes] ##########
         
--- --- ---



JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by susanna (Administrator) on 20.02.2017 at 21:59:00,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2017 at 21:59:45,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Ich hoffe diesmal haben wir alles richtig gemacht.
Was ist der nächste Schritt?
Vielen Dank, Uli

Alt 20.02.2017, 22:38   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2017, 08:10   #12
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Hallo cosinus,
wir haben alle Hacken bei FRST gelassen wie sie waren (addition.txt war schon ausgewählt).
Unten die beiden Logs, danke für deine Interpretation.

LG, Uli

FRST.txt
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
durchgeführt von susanna (Administrator) auf DESKTOP-UCUGHB0 (21-02-2017 07:52:20)
Gestartet von C:\Users\susanna\Desktop
Geladene Profile: susanna (Verfügbare Profile: susanna)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
() C:\Windows\System32\fpCSEvtSvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\ProgramData\MobileBrServ\Tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google, Inc) C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-10-31] (Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\HDA\CXAPOAgent64.exe [761552 2015-10-31] (Conexant Systems, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Update] => C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [Google Photos Backup] => C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\MountPoints2: {21bb27df-a001-11e6-9bd9-94659c8225c0} - "F:\AutoRun.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2016-06-03]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-10-02]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{17ebd3bc-c7ce-4046-89a5-d93e4956d619}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7c21e3e9-6321-477e-8d68-76fb76ab94b1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9307f2c0-06fa-4da8-960f-c7d233cd6b4e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f121af7d-fab6-4796-b816-605c5b1d4f30}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: migbducy.default
FF ProfilePath: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default [2017-02-21]
FF Extension: (Firefox Hotfix) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\features\{3fd508e7-50e6-4634-b2a5-13969366ccb4}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF SearchPlugin: C:\Users\susanna\AppData\Roaming\Mozilla\Firefox\Profiles\migbducy.default\searchplugins\amazoncom-pro.xml [2015-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=3 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3683660684-3316546758-4205979231-1001: @tools.google.com/Google Update;version=9 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Brother XP spl Service; C:\WINDOWS\SysWoW64\brsvc01a.exe [57344 2015-11-07] (brother Industries Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-20] (Windows (R) Win 7 DDK provider)
R2 fpCsEvtSvc; C:\WINDOWS\system32\fpCSEvtSvc.exe [22528 2015-10-31] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370072 2015-10-31] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [243800 2015-10-26] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-10-31] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263792 2016-01-18] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [53248 2015-10-31] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [548848 2016-01-23] (Intel Corporation)
R3 hidemi; C:\WINDOWS\System32\drivers\hidemi.sys [37720 2015-10-31] (Microchip)
U5 iaStorB; C:\Windows\System32\Drivers\iaStorB.sys [559576 2015-05-21] (Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-04] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 mchpemi; C:\WINDOWS\System32\drivers\mchpemi.sys [46432 2015-10-31] (Microchip)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [6731520 2016-01-29] (Intel Corporation)
R3 nfcgpiomanager; C:\WINDOWS\System32\drivers\nfcgpiomanager.sys [46568 2015-10-31] (Nfc GPIO Driver)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-11] (AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-11] (AMD, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [772336 2015-10-31] (Realsil Semiconductor Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-10-31] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [760832 2016-03-09] (Sunplus)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [74352 2016-01-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2016-02-17] (HP)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-21 07:50 - 2017-02-21 07:50 - 00000000 ____D C:\Users\susanna\Desktop\FRST-OlderVersion
2017-02-21 07:46 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\Desktop\ForcePad Tutorial.lnk
2017-02-21 07:46 - 2016-01-18 19:06 - 00003199 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad Tutorial.lnk
2017-02-21 07:46 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\Desktop\ForcePad-Einstellungen.lnk
2017-02-21 07:46 - 2016-01-18 19:06 - 00002274 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ForcePad-Einstellungen.lnk
2017-02-20 22:12 - 2017-02-20 21:55 - 00001415 _____ C:\Users\susanna\Desktop\AdwCleaner[C2].txt
2017-02-20 22:04 - 2017-02-20 22:04 - 00000000 ____H C:\Users\susanna\Documents\Default.rdp
2017-02-20 22:03 - 2017-02-20 22:03 - 01388448 _____ C:\Users\Public\VOIP.dat
2017-02-20 22:03 - 2017-02-20 22:03 - 01388448 _____ C:\Users\Public\ASR.dat
2017-02-19 15:54 - 2017-02-20 21:59 - 00000548 _____ C:\Users\susanna\Desktop\JRT.txt
2017-02-19 15:51 - 2017-02-19 15:52 - 01663040 _____ (Malwarebytes) C:\Users\susanna\Desktop\JRT.exe
2017-02-19 15:47 - 2017-02-19 15:47 - 00002205 _____ C:\Users\susanna\Desktop\AdwCleaner[C0].txt
2017-02-19 15:33 - 2017-02-20 22:00 - 00000000 ____D C:\AdwCleaner
2017-02-19 15:30 - 2017-02-19 15:33 - 04015056 _____ C:\Users\susanna\Desktop\AdwCleaner_6.043.exe
2017-02-18 20:28 - 2017-02-18 20:28 - 00133603 _____ C:\Users\susanna\Desktop\TDSSKiller3.txt
2017-02-18 20:23 - 2017-02-18 20:30 - 00267296 _____ C:\TDSSKiller.3.1.0.12_18.02.2017_20.23.57_log.txt
2017-02-18 20:17 - 2017-02-18 20:17 - 00133694 _____ C:\Users\susanna\Desktop\TDSSKiller2.txt
2017-02-18 20:11 - 2017-02-18 20:13 - 00267390 _____ C:\TDSSKiller.3.1.0.12_18.02.2017_20.11.13_log.txt
2017-02-18 20:09 - 2017-02-18 20:11 - 04747704 _____ (AO Kaspersky Lab) C:\Users\susanna\Desktop\tdsskiller.exe
2017-02-18 19:09 - 2017-02-19 15:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-18 19:09 - 2017-02-18 19:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 19:09 - 2017-02-18 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-18 19:06 - 2017-02-18 20:05 - 00000000 ____D C:\Users\susanna\Desktop\mbar
2017-02-18 19:06 - 2017-02-18 19:42 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-18 19:04 - 2017-02-18 19:05 - 16563352 _____ (Malwarebytes Corp.) C:\Users\susanna\Desktop\mbar-1.09.3.1001.exe
2017-02-18 10:19 - 2017-02-18 10:19 - 00000868 _____ C:\Users\susanna\Desktop\Windows Defender.txt
2017-02-18 09:53 - 2017-02-18 09:54 - 00027564 _____ C:\Users\susanna\Desktop\Addition.txt
2017-02-18 09:52 - 2017-02-21 07:52 - 00015348 _____ C:\Users\susanna\Desktop\FRST.txt
2017-02-18 09:51 - 2017-02-21 07:52 - 00000000 ____D C:\FRST
2017-02-18 09:48 - 2017-02-21 07:50 - 02422784 _____ (Farbar) C:\Users\susanna\Desktop\FRST64.exe
2017-02-17 10:42 - 2017-02-17 10:42 - 00003801 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:42 - 2017-02-17 10:42 - 00001250 _____ C:\Users\susanna\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:10 - 2017-02-17 10:10 - 00003801 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:10 - 2017-02-17 10:10 - 00001250 _____ C:\Users\susanna\Documents\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-18 09:40 - 00003801 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.html
2017-02-17 10:00 - 2017-02-18 09:40 - 00001250 _____ C:\Users\susanna\Desktop\wie_zum_Wiederherstellen_von_Dateien.txt
2017-02-17 10:00 - 2017-02-17 10:01 - 00000000 ____D C:\ProgramData\uwupefovygigylih
2017-02-02 16:09 - 2017-02-17 10:00 - 00200317 _____ C:\Users\susanna\Desktop\Villgratner Berge 3 September 2012.JPG.ifitin
2017-02-01 18:34 - 2017-02-17 10:00 - 00013049 _____ C:\Users\susanna\Desktop\Ansuchen Bäume.docx.umuqun
2017-01-29 11:23 - 2017-02-18 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 14:26 - 2017-02-17 10:00 - 00014448 _____ C:\Users\susanna\Desktop\MALTABERG NF.docx.ylyfiw
2017-01-26 17:21 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-26 17:21 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-26 17:18 - 2017-01-26 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-21 07:50 - 2015-10-31 13:35 - 00000000 ____D C:\Users\susanna\AppData\Roaming\Skype
2017-02-21 07:47 - 2016-09-23 06:26 - 03517206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 07:47 - 2016-09-23 06:26 - 00000000 ____D C:\Users\susanna
2017-02-21 07:47 - 2016-07-16 23:51 - 01577936 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-21 07:47 - 2016-07-16 23:51 - 00402048 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-21 07:46 - 2016-12-10 21:05 - 00000000 ____D C:\Users\susanna\AppData\LocalLow\Mozilla
2017-02-21 07:46 - 2016-09-23 06:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-21 07:46 - 2015-10-31 12:53 - 00000000 __SHD C:\Users\susanna\IntelGraphicsProfiles
2017-02-20 21:53 - 2016-09-23 06:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 21:53 - 2016-09-23 06:25 - 00000000 ____D C:\ProgramData\Validity
2017-02-20 21:53 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-19 15:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 19:39 - 2016-11-27 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-18 19:39 - 2015-10-31 13:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-18 09:43 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 09:40 - 2016-10-09 19:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-18 09:40 - 2015-10-31 13:35 - 00000000 ____D C:\ProgramData\Skype
2017-02-17 15:18 - 2016-09-23 06:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 11:12 - 2015-10-31 12:48 - 00000000 ____D C:\Users\susanna\AppData\Local\Packages
2017-02-17 10:10 - 2016-05-17 10:51 - 00013931 _____ C:\Users\susanna\MA42_FRisterstreckung.docx.iwysuf
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Wanderungen, 60+ AV, 55+ und NF
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ___RD C:\Users\susanna\Documents\Schlewe
2017-02-17 10:10 - 2015-11-07 11:39 - 00000000 ____D C:\Users\susanna\Documents\temporär
2017-02-17 10:10 - 2015-11-07 11:21 - 00421758 _____ C:\Users\susanna\Documents\schwarzaberg karte.docx.abiwej
2017-02-17 10:10 - 2015-11-07 11:21 - 00011523 _____ C:\Users\susanna\Documents\Teilnehmer dt f Bettina.docx.shysiw
2017-02-17 10:10 - 2015-11-07 11:21 - 00011340 _____ C:\Users\susanna\Documents\TANZLISTE.docx.epacmp
2017-02-17 10:08 - 2016-06-21 17:15 - 00350255 _____ C:\Users\susanna\Documents\Litzlkogel  und Sulzenstein vom Hirschbichl.docx.utuzir
2017-02-17 10:08 - 2015-11-07 11:38 - 00000000 ____D C:\Users\susanna\Documents\Rechnungen Schlewe
2017-02-17 10:08 - 2015-11-07 11:22 - 00000000 ___RD C:\Users\susanna\Documents\MALEN
2017-02-17 10:08 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\fast alles
2017-02-17 10:08 - 2015-11-01 19:36 - 00000000 ____D C:\Users\susanna\Documents\OneNote-Notizbücher
2017-02-17 10:08 - 2015-10-31 13:45 - 00000000 ____D C:\Users\susanna\Documents\DokumentationHP.Laptop2015
2017-02-17 10:07 - 2016-09-23 09:57 - 00000000 ___RD C:\Users\susanna\3D Objects
2017-02-17 10:07 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-17 10:07 - 2015-11-07 11:21 - 00019379 _____ C:\Users\susanna\Documents\28.3.Schleweliste u Ergängzung.docx.ypujgv
2017-02-17 10:07 - 2015-11-07 11:21 - 00018366 _____ C:\Users\susanna\Documents\AV u 55+ 2016.docx.ixallh
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Deutsch
2017-02-17 10:07 - 2015-11-07 11:21 - 00000000 ___RD C:\Users\susanna\Documents\Chor
2017-02-17 10:07 - 2015-01-16 03:58 - 00000000 ____D C:\SWSETUP
2017-02-17 10:07 - 2013-12-04 00:39 - 00000000 _RSHD C:\SYSTEM.SAV
2017-02-17 10:00 - 2017-01-09 17:18 - 00000000 ____D C:\Users\susanna\Desktop\MUSIK
2017-02-17 10:00 - 2016-12-26 09:24 - 00116956 _____ C:\Users\susanna\Desktop\Antrag um Herabsetzung der Wassergebühr 26.12.16.pdf.lfofom
2017-02-17 10:00 - 2016-11-27 18:04 - 00000000 ___RD C:\Users\susanna\Desktop\RECHNUNGEN ab WIEN
2017-02-17 10:00 - 2016-11-24 17:36 - 00000000 ___RD C:\Users\susanna\Desktop\Clio Kolb
2017-02-17 10:00 - 2016-11-24 17:32 - 00000000 ___RD C:\Users\susanna\Desktop\Schlehenweg ab Nov 2016
2017-02-17 10:00 - 2016-11-14 09:19 - 00018637 _____ C:\Users\susanna\Desktop\reservierung pflersch.pdf.ecikom
2017-02-17 10:00 - 2015-12-17 09:35 - 00000000 ____D C:\Users\susanna\Desktop\LAURA
2017-01-27 19:28 - 2016-12-18 11:24 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 19:28 - 2015-10-31 12:50 - 00002400 _____ C:\Users\susanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 19:28 - 2015-10-31 12:50 - 00000000 ___RD C:\Users\susanna\OneDrive
2017-01-26 18:03 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-26 17:18 - 2016-10-18 13:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-26 17:18 - 2016-10-17 22:07 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-23 16:42 - 2015-10-31 13:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-17 10:42 - 2017-02-17 10:42 - 0167042 _____ () C:\ProgramData\uxakedyn.png
2017-02-18 09:40 - 2017-02-18 09:40 - 0167042 _____ () C:\ProgramData\yselykeh.png

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat


Einige Dateien in TEMP:
====================
2016-12-01 16:16 - 2016-12-01 16:16 - 49781216 _____ (Garmin Ltd or its subsidiaries) C:\Users\susanna\AppData\Local\Temp\GarminExpressInstaller.exe
2016-12-10 21:10 - 2016-12-10 21:10 - 30533688 _____ () C:\Users\susanna\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-17 12:43

==================== Ende von FRST.txt ============================
         


Addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von susanna (21-02-2017 07:53:29)
Gestartet von C:\Users\susanna\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-23 05:34:10)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3683660684-3316546758-4205979231-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3683660684-3316546758-4205979231-503 - Limited - Disabled)
Gast (S-1-5-21-3683660684-3316546758-4205979231-501 - Limited - Disabled)
susanna (S-1-5-21-3683660684-3316546758-4205979231-1001 - Administrator - Enabled) => C:\Users\susanna

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin TOPO Austria v3 (HKLM-x32\...\{4B7C3B57-CBD5-49DA-BEA7-A915FA1643B4}) (Version: 3.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Photos Backup (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.01.801 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 de)) (Version: 45.7.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.44 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3683660684-3316546758-4205979231-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\susanna\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {12E6FE17-CC83-4A4D-90DD-BEC6042D0832} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA1d2588d997bf6bd => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {224CD830-CA7F-49AF-A6F9-C4D051F7DC8A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {4AC0BE52-F36C-448B-A6BB-2460E5F6720C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {69434E4E-BCC5-44C5-AB95-A2ECCC96EF1B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core1d2588d996efa3d => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {70DEC05D-CAE9-40A1-BBCF-3EF5B6B6CB6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9AE7084B-5526-4DAC-B7E8-691AF6EB73DF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\susanna\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {E0B29A8D-C017-411B-A2AA-FDB3E452C369} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {E33FB378-797F-4873-9D18-0ADD0F156A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22] (Adobe Systems Incorporated)
Task: {EF58117B-509E-4BB7-B7D0-EF9CDF6E9D67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {FB997945-3F15-4E01-873F-01333AC693A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-12] (Google Inc.)
Task: {FDF687D5-B584-479D-B23E-38CC281A9696} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001Core.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3683660684-3316546758-4205979231-1001UA.job => C:\Users\susanna\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\susanna\Desktop\backup\backup_machen3 - Verknüpfung.lnk -> C:\Program Files (x86)\robocopy\backup_machen3.bat (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-31 12:57 - 2015-10-31 12:57 - 00022528 _____ () C:\WINDOWS\system32\fpCSEvtSvc.exe
2016-11-05 21:31 - 2015-10-26 08:40 - 00243800 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 18:38 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 07:20 - 2016-09-23 07:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 09:57 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 09:57 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 09:57 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 09:57 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-05 21:31 - 2015-11-17 02:28 - 00527960 _____ () C:\ProgramData\MobileBrServ\Tray.exe
2017-02-18 09:43 - 2017-02-18 09:43 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 09:43 - 2017-02-18 09:43 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 09:43 - 2017-02-18 09:43 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-09 11:29 - 2017-02-09 11:30 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-08 18:14 - 2016-11-08 18:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 14:43 - 2017-01-16 14:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\susanna\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-07-10 12:04 - 2017-01-26 17:18 - 00000859 ____A C:\WINDOWS\system32\Drivers\etc\hosts


0.0.0.1	mssplus.mcafee.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3683660684-3316546758-4205979231-1001\Control Panel\Desktop\\Wallpaper -> C:\ProgramData\yselykeh.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E8F90A27-979A-4F5F-97DE-8BCD22D5B068}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F9A8674F-27D8-4803-91AB-E1AB92A49AB7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7562C4A4-0795-4BD8-A9C4-D60126AF3E5C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED4AB7D3-B38F-4F44-8D64-3CE233E52D83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE03FFD1-7168-4AF9-954A-9CC58DEA3F88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Wiederherstellungspunkte =========================

04-02-2017 11:49:11 Geplanter Prüfpunkt
17-02-2017 13:05:37 Geplanter Prüfpunkt
18-02-2017 19:37:50 Malwarebytes Anti-Rootkit Restore Point
19-02-2017 15:53:40 JRT Pre-Junkware Removal
20-02-2017 21:59:01 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: NXP NearFieldProximity Provider
Description: NXP NearFieldProximity Provider
Class Guid: {9a2fc585-7316-46f1-9577-500920304f9d}
Manufacturer: NXP Semiconductors(Proximity)
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/20/2017 09:59:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/19/2017 03:53:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/18/2017 08:40:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/18/2017 07:37:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/17/2017 01:05:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/17/2017 12:51:50 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/12/2017 10:42:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCUGHB0)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (02/21/2017 07:46:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/21/2017 07:46:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/21/2017 07:46:00 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/21/2017 07:45:50 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT-AUTORITÄT)
Description: Für den Miniport "Remote NDIS based Internet Sharing Device, {F121AF7D-FAB6-4796-B816-605C5B1D4F30}" ist das Ereignis "74" aufgetreten.

Error: (02/20/2017 10:24:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCUGHB0)
Description: Der Server "{3FCB7074-EC9E-4AAF-9BE3-C0E356942366}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/20/2017 10:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 09:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 09:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 09:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 09:53:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) M-5Y51 CPU @ 1.10GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8067.11 MB
Verfügbarer physikalischer RAM: 5554.87 MB
Summe virtueller Speicher: 9347.11 MB
Verfügbarer virtueller Speicher: 6665.43 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:220.51 GB) (Free:63.7 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.96 GB) (Free:1.66 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: EF688436)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         

Alt 21.02.2017, 09:34   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\uxakedyn.png
C:\ProgramData\yselykeh.png
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat
hosts:
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2017, 11:12   #14
umor
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Hallo cosinus,

danke für die schnelle Antwort.

Unten der Log von den FRST mit Fixes.

LG, Uli

Fixlog.txt

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von susanna (21-02-2017 10:52:09) Run:1
Gestartet von C:\Users\susanna\Desktop
Geladene Profile: susanna (Verfügbare Profile: susanna)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\ProgramData\uxakedyn.png
C:\ProgramData\yselykeh.png
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat
hosts:
emptytemp:
*****************

C:\ProgramData\uxakedyn.png => erfolgreich verschoben
C:\ProgramData\yselykeh.png => erfolgreich verschoben
"C:\Users\Public\ASR.dat" => nicht gefunden.
"C:\Users\Public\VOIP.dat" => nicht gefunden.
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69930661 B
Java, Flash, Steam htmlcache => 20030 B
Windows/system/drivers => 217376683 B
Edge => 643448 B
Chrome => 0 B
Firefox => 388662231 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 15168 B
susanna => 435209579 B

RecycleBin => 9742312673 B
EmptyTemp: => 10.1 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:02:51 ====
         

Alt 21.02.2017, 11:32   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10:  Crypt0L0cker verschlüsselt Daten - Standard

Windows 10: Crypt0L0cker verschlüsselt Daten



Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 10: Crypt0L0cker verschlüsselt Daten
computer, cpu, crypt0l0cker, device driver, email, entfernen, firefox, flash player, google, home, monitor, mozilla, problem, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, trojaner, trojaner board, updates, usb, virus, windows



Ähnliche Themen: Windows 10: Crypt0L0cker verschlüsselt Daten


  1. Crypt0L0cker Virus und verschlüsselte Daten
    Plagegeister aller Art und deren Bekämpfung - 14.02.2017 (1)
  2. Daten verschlüsselt durch RSA-2048 using CryptoWall 3.0
    Plagegeister aller Art und deren Bekämpfung - 08.07.2016 (13)
  3. help file decrypt Daten verschlüsselt
    Log-Analyse und Auswertung - 14.08.2015 (9)
  4. TR/Gamarue.A.1002 hat Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (3)
  5. Daten entschlüsseln die vom CTB Locker verschlüsselt wurden
    Plagegeister aller Art und deren Bekämpfung - 23.01.2015 (3)
  6. daten durch trojaner verschlüsselt
    Log-Analyse und Auswertung - 18.06.2014 (1)
  7. Bundespolizeivirus hat Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (1)
  8. daten willkürlich verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (1)
  9. Bundesplizei virus HILLLLLFE daten verschlüsselt
    Log-Analyse und Auswertung - 30.10.2012 (19)
  10. BKA Trojaner verschlüsselt Daten
    Log-Analyse und Auswertung - 30.07.2012 (3)
  11. Virus verschlüsselt Daten
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  12. BKA-Trojaner Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  13. Trojaner hat alle Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (2)
  14. Daten verschlüsselt
    Log-Analyse und Auswertung - 26.06.2012 (2)
  15. Alle Daten durch Windows-Verschlüsselungs Trojaner gesperrt/verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (5)
  16. trojaner hat meine daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (1)
  17. Windows-Verschlüsselungs-Trojaner entfernt - Daten sind verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (7)

Zum Thema Windows 10: Crypt0L0cker verschlüsselt Daten - Hochgeschätzter Tronjaner-Board, im Jahr 2013 war der Computer meiner Mutter mit einem Trojaner befallen. Ihr habt uns damals sehr geholfen. Seit gestern hat meine Mutter nun wieder ein Problem mit - Windows 10: Crypt0L0cker verschlüsselt Daten...
Archiv
Du betrachtest: Windows 10: Crypt0L0cker verschlüsselt Daten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.