Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8.1/Rechner extrem langsam, Neuinstallation wird verhindert, Virenscanner können nicht gestartet werden. (https://www.trojaner-board.de/183351-windows-8-1-rechner-extrem-langsam-neuinstallation-verhindert-virenscanner-gestartet.html)

Vigilante 06.12.2016 08:34
Windows 8.1/Rechner extrem langsam, Neuinstallation wird verhindert, Virenscanner können nicht gestartet werden.
 
Guten Morgen Leute,

ich scheine mir was richtig Bösartiges eingefangen zu haben. Wo soll ich anfangen?

Mein Bildschirm wird unregelmäßig auf "Unscharf" gestellt. Auflösung bleibt gleich, aber ich kann keine Texte mehr lesen.

Also, was es auch immer ist, es hat meine Recovery Partition geschreddert, die ist einfach nicht mehr da, dann meine E: Partition das gleiche Spiel, aber sie ist noch sichtbar, kann aber nicht mehr angesteuert werden. Jeder Versuch endet in einem Systemcrash. Der Rechner ist extrem langsam.

Der Bootvorgang dauert ca. 15 - 20 Minuten. Bei jedem Bootvorgang kommt die Meldung: "E:" auf Fehler überprüft 100%.
Es wird das starten und installieren von der Windows DvD verhindert. Beim Startvorgang und in Windows selber. Ich kann die Installations DvD einlegen, sobald die DvD startet wird aber das DvD Laufwerk einfach ausgeschaltet. DvD stoppt, keine Blinkelichter mehr und kann auch nur noch manuell geöffnet werden.

Das starten von Malewarebytes und Antivir wird verhindert. Das passiert indem plötzlich 100+ Aviranwendungen geöffnet werden, die aber dann nicht nach C: Antivir/Malewarebytes führen, sondern nach C:\Windows\Sys\WOW64\*.

Das Sternchen steht dann für Sachen wie abhoc.dll, dpapy.dll, Windows_Private.sqm usw. usw. usw.. Das Gleiche bei GoogleUpdate.exe. Ich habe irgendwas über 300+ Exe Dateien von Programmen zeitgleich aktiv.

Dann wird meine CPU Taktfrequenz permanent auf 100%+ gesetzt. Habe teilweise eine Taktfrequenz von 158%, aber nur eine CPU Auslastung von 3%.

Ich glaube das Teil sitzt auch in den Bootsektoren, anders kann ich mir das Installationsverhindern beim PC Neustart einfach nicht erklären.

Ich weiß echt nicht mehr weiter und könnte Hilfe gebrauchen.

Vielen vielen Dank im Voraus.


FRST brauchte zum Beispiel fast 10 Minuten, nur um zu starten.


FRST LOG:

Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
durchgeführt von Pierre (Administrator) auf DERDOCTOR (06-12-2016 08:07:03)
Gestartet von C:\Users\Pierre\Downloads
Geladene Profile: Pierre &  (Verfügbare Profile: Pierre)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51984 2016-11-18] (Copyright (c) 2016 Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1193008 2016-11-28] (CyberGhost S.R.L.)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\MountPoints2: {093ceff9-8377-11e6-824f-806e6f6e6963} - "F:\setup.exe"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\MountPoints2: {b22c8734-8377-11e6-8250-08edb9c70b4a} - "G:\pushinst.exe"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1193008 2016-11-28] (CyberGhost S.R.L.)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {093ceff9-8377-11e6-824f-806e6f6e6963} - "F:\setup.exe"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b22c8734-8377-11e6-8250-08edb9c70b4a} - "G:\pushinst.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{4F68CB9A-693D-49BB-9500-63BD34CF8490}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-10-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-10-09] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-10-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-10-09] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxps://www.google.de/"
CHR Profile: C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Präsentationen) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-26]
CHR Extension: (Google Docs) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-26]
CHR Extension: (Google Drive) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-26]
CHR Extension: (YouTube) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Tabellen) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-26]
CHR Extension: (Google Mail) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-26]
CHR Extension: (Chrome Media Router) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-23]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349512 2016-11-15] (Avira Operations GmbH & Co. KG)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76336 2016-11-28] (CyberGhost S.R.L)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [229648 2016-09-22] (EasyAntiCheat Ltd)
S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55056 2016-11-18] (Copyright (c) 2016 Plays.tv, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [151352 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-10-17] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23640 2016-10-17] (Avira Operations GmbH & Co. KG)
R3 fwlanusb5; C:\Windows\system32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-06] (Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-06 08:07 - 2016-12-06 08:07 - 00014352 _____ C:\Users\Pierre\Downloads\FRST.txt
2016-12-06 08:05 - 2016-12-06 08:07 - 00000000 ____D C:\FRST
2016-12-06 08:01 - 2016-12-06 08:01 - 02419712 _____ (Farbar) C:\Users\Pierre\Downloads\FRST64.exe
2016-12-06 01:42 - 2016-12-06 01:51 - 00000000 ____D C:\Users\Pierre\Downloads\TEST
2016-12-05 22:44 - 2016-12-05 22:44 - 00579286 _____ C:\Users\Pierre\Downloads\yosenecig_com-yosen-75w-pluto-26650-box-mod_p0051_html.pdf
2016-12-05 05:17 - 2016-12-05 05:17 - 00000000 ____D C:\Program Files (x86)\Wiimm
2016-12-05 05:14 - 2016-12-05 05:15 - 09215719 _____ C:\Users\Pierre\Downloads\wit-v2.31a-r6005-cygwin.zip
2016-11-30 20:19 - 2016-11-30 20:38 - 260700168 _____ C:\Users\Pierre\Downloads\Nicht bestätigt 270984.crdownload
2016-11-30 02:31 - 2016-11-30 02:32 - 01825399 _____ C:\Users\Pierre\Downloads\gcit_Win32_Build7.zip
2016-11-29 18:13 - 2016-11-29 18:13 - 00000000 ____D C:\Users\Pierre\.QtWebEngineProcess
2016-11-29 18:13 - 2016-11-29 18:13 - 00000000 ____D C:\Users\Pierre\.Plays.tv
2016-11-29 18:13 - 2016-11-29 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-11-29 17:57 - 2016-11-29 17:57 - 00004238 _____ C:\Windows\System32\Tasks\AMD Updater
2016-11-29 17:50 - 2016-11-29 17:50 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-27 18:13 - 2016-11-27 18:13 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\25980
2016-11-27 18:09 - 2016-12-06 01:55 - 00000000 ____D C:\Users\Pierre\Desktop\Neuer Ordner
2016-11-27 18:09 - 2016-11-27 18:09 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\25287
2016-11-27 17:46 - 2016-11-28 17:59 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\dvdcss
2016-11-27 10:10 - 2016-11-27 10:10 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\29706
2016-11-26 22:47 - 2016-11-27 08:30 - 00000000 ____D C:\Users\Pierre\Downloads\Lets Play - Metroid Prime (Deutsch) [Teil 1]
2016-11-26 03:48 - 2016-11-26 03:48 - 00000000 ____D C:\Users\Pierre\Downloads\UndertaleWrapper
2016-11-26 03:41 - 2016-11-26 03:41 - 00000000 ____D C:\ProgramData\D708C6ACBAF242D8C2E243FC770F9781
2016-11-26 03:35 - 2016-11-26 03:35 - 12789449 _____ C:\Users\Pierre\Downloads\UndertaleWrapper.rar
2016-11-24 10:54 - 2016-11-24 10:54 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\11122
2016-11-24 10:25 - 2016-11-24 10:25 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\5257
2016-11-24 10:21 - 2016-11-24 10:21 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\4653
2016-11-24 06:21 - 2016-11-24 06:24 - 12902394 _____ C:\Users\Pierre\Downloads\UndertaleWrapper.apk
2016-11-23 19:30 - 2016-11-24 05:45 - 00000000 ____D C:\Users\Pierre\AppData\Local\AM2R
2016-11-23 14:19 - 2016-11-23 14:19 - 00001152 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-11-20 13:25 - 2016-11-20 13:25 - 00000000 ____D C:\Users\Pierre\AppData\LocalLow\Temp
2016-11-20 07:37 - 2016-11-22 07:05 - 00000000 ____D C:\Users\Pierre\Downloads\Let's Play Dead Rising 2 off the Record Deutsch #33 - Das Ende mit Nachschlag
2016-11-18 14:59 - 2016-10-28 22:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-18 14:59 - 2016-10-28 22:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-18 12:19 - 2016-11-18 12:19 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-18 12:19 - 2016-11-18 12:19 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-18 12:19 - 2016-11-18 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-18 12:19 - 2016-11-18 12:19 - 00000000 ____D C:\Program Files\CCleaner
2016-11-18 12:16 - 2016-11-18 12:16 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Avira
2016-11-18 12:15 - 2016-11-23 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-18 12:15 - 2016-11-18 12:17 - 05931608 _____ (Piriform Ltd) C:\Users\Pierre\Downloads\ccsetup523_slim.exe
2016-11-18 12:15 - 2016-11-18 12:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-18 12:15 - 2016-10-17 11:18 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-11-18 12:14 - 2016-11-18 12:16 - 00000000 ____D C:\ProgramData\Avira
2016-11-18 12:14 - 2016-11-18 12:16 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-18 12:14 - 2016-10-17 11:18 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-11-18 12:14 - 2016-10-17 11:18 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-11-18 12:14 - 2016-10-17 11:18 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-11-18 12:14 - 2016-10-17 11:18 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-11-14 02:35 - 2016-11-14 02:36 - 10528649 _____ C:\Users\Pierre\Downloads\video-1479086783.mp4
2016-11-14 00:15 - 2016-11-14 00:15 - 00000000 ____D C:\Users\Pierre\AppData\Local\CAPCOM
2016-11-13 14:56 - 2016-11-13 14:56 - 00000201 _____ C:\Users\Pierre\Desktop\Dead Rising 2.url
2016-11-13 14:42 - 2016-11-13 14:42 - 00000201 _____ C:\Users\Pierre\Desktop\Dead Rising 2 Off the Record.url
2016-11-13 13:17 - 2016-11-13 13:17 - 00000202 _____ C:\Users\Pierre\Desktop\Dead Rising.url
2016-11-12 12:33 - 2016-11-12 12:45 - 00000000 ____D C:\Users\Pierre\Documents\dragoon
2016-11-11 05:48 - 2016-11-29 17:57 - 00020992 ___SH C:\Users\Pierre\Desktop\Thumbs.db
2016-11-11 04:22 - 2016-11-11 04:22 - 00000000 ____D C:\Users\Pierre\AppData\LocalLow\PinoklGames
2016-11-11 04:21 - 2016-11-11 04:21 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-11-09 11:09 - 2016-11-11 05:29 - 00002652 _____ C:\Users\Pierre\Desktop\Neues Textdokument.txt
2016-11-09 05:20 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 05:20 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 05:20 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 05:20 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 05:20 - 2016-10-25 15:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 05:20 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 05:20 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 05:19 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 05:19 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 05:19 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 05:19 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 05:19 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 05:19 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 05:19 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 05:19 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 05:19 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-09 05:19 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 05:19 - 2016-10-27 18:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 05:19 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 05:19 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 05:19 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 05:19 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 05:19 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 05:19 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 05:19 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 05:19 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 05:19 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 05:19 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 05:19 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 05:19 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 05:19 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 05:19 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-09 05:19 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 05:19 - 2016-10-22 17:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 05:19 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 05:19 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 05:19 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 05:19 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 05:19 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 05:19 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 05:19 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 05:19 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 05:19 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 05:19 - 2016-10-12 09:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-09 05:19 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-09 05:19 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-09 05:19 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-09 05:19 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 05:19 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 05:19 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 05:19 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 05:19 - 2016-10-09 23:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-09 05:19 - 2016-10-09 00:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 05:19 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 05:19 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 05:19 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-11-09 05:19 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 05:19 - 2016-10-08 23:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 05:19 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 05:19 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 05:19 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-09 05:19 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-09 05:19 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 05:19 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 05:19 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-09 05:19 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-09 05:19 - 2016-09-09 23:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-11-09 05:19 - 2016-09-09 23:14 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-11-09 05:19 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-11-09 05:19 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-11-09 05:19 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 05:19 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2016-11-09 05:19 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2016-11-09 05:19 - 2016-09-09 14:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-09 05:19 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll
2016-11-09 05:19 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2016-11-09 05:19 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll
2016-11-09 05:19 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-11-09 05:19 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-11-09 05:19 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-11-09 05:19 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-11-09 05:19 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-11-09 05:19 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-11-09 05:19 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-11-09 05:19 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-11-09 05:19 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2016-11-09 05:19 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2016-11-09 05:19 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-11-09 05:19 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-11-09 05:19 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-11-09 05:19 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-07 10:19 - 2016-11-07 10:19 - 00000202 _____ C:\Users\Pierre\Desktop\South Park The Stick of Truth.url
2016-11-06 13:54 - 2016-11-06 13:54 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\GOG
2016-11-06 13:52 - 2016-11-06 13:54 - 00000661 _____ C:\Users\Public\Desktop\Dungeon Keeper 2.lnk
2016-11-06 13:52 - 2016-11-06 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-11-06 11:09 - 2016-11-06 11:09 - 00000626 _____ C:\Users\Pierre\Desktop\Dungeon Keeper FX Gold.lnk
2016-11-06 09:56 - 2016-11-06 09:56 - 00000000 ____D C:\Users\Pierre\AppData\Local\ElevatedDiagnostics
2016-11-06 09:32 - 2016-11-06 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-11-06 09:32 - 2016-11-06 09:32 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-06 08:07 - 2016-09-26 00:40 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA1AC22C-A92B-4ABE-AFD6-12AB52A068A0}
2016-12-06 07:51 - 2016-09-26 00:44 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-06 07:36 - 2016-10-04 17:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-06 07:17 - 2016-09-26 17:42 - 00000000 ___RD C:\Users\Pierre\OneDrive
2016-12-06 07:16 - 2016-09-26 00:44 - 00001126 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-06 07:12 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-06 05:26 - 2016-09-26 00:32 - 00000000 ____D C:\Users\Pierre
2016-12-06 03:54 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-06 03:44 - 2016-09-26 01:40 - 00000000 ____D C:\Users\Pierre\AppData\Local\ClassicShell
2016-12-06 03:32 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-12-06 01:32 - 2016-09-26 01:42 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\vlc
2016-12-05 11:04 - 2016-09-26 04:13 - 00000000 ____D C:\Program Files\AMD
2016-12-05 11:00 - 2016-09-26 04:14 - 00000000 ____D C:\AMD
2016-12-05 07:16 - 2016-09-26 01:46 - 03157504 ___SH C:\Users\Pierre\Downloads\Thumbs.db
2016-12-04 19:03 - 2016-10-28 14:49 - 00000000 ____D C:\Users\Pierre\AppData\Local\CyberGhost
2016-12-03 10:03 - 2014-11-21 04:35 - 01779662 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-03 10:03 - 2014-11-21 03:45 - 00766480 _____ C:\Windows\system32\perfh007.dat
2016-12-03 10:03 - 2014-11-21 03:45 - 00159704 _____ C:\Windows\system32\perfc007.dat
2016-11-29 19:58 - 2016-09-26 00:39 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1270318777-2372364311-1805106945-1001
2016-11-29 18:13 - 2016-09-26 12:48 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\PlaysTV
2016-11-29 18:13 - 2016-09-26 04:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-29 18:12 - 2016-09-26 12:29 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Raptr
2016-11-28 15:01 - 2016-10-28 14:48 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-11-23 17:18 - 2016-09-26 00:33 - 00000000 ____D C:\Users\Pierre\AppData\Local\Packages
2016-11-23 17:18 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-23 17:18 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-20 13:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-11-18 14:58 - 2013-08-22 15:44 - 00338016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-18 14:53 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-18 12:24 - 2016-09-26 01:22 - 00000000 ____D C:\Windows\Panther
2016-11-18 12:24 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-11-18 01:48 - 2016-10-26 22:42 - 00000000 ____D C:\Users\Pierre\Desktop\Filme
2016-11-14 21:51 - 2016-09-26 00:52 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 21:51 - 2016-09-26 00:52 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 04:49 - 2016-10-18 15:40 - 00000000 ____D C:\Users\Pierre\Documents\My Games
2016-11-13 14:56 - 2016-10-17 12:55 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-09 09:15 - 2016-09-26 04:40 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 09:15 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-09 09:13 - 2016-09-26 04:40 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-06 10:07 - 2016-09-26 00:33 - 00000000 ____D C:\Users\Pierre\AppData\Local\VirtualStore
2016-11-06 10:06 - 2014-11-21 05:05 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2016-11-06 10:06 - 2014-11-21 05:05 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2016-11-06 10:06 - 2014-11-21 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2016-11-06 10:06 - 2014-11-21 05:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2016-11-06 10:06 - 2013-08-22 12:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2016-11-06 10:06 - 2013-08-22 12:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2016-11-06 10:06 - 2013-08-22 12:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2016-11-06 10:06 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2016-11-06 10:06 - 2013-08-22 12:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2016-11-06 10:06 - 2013-08-22 04:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2016-11-06 10:06 - 2013-08-22 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2016-11-06 10:06 - 2013-08-22 04:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2016-11-06 10:06 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2016-11-06 10:06 - 2013-08-22 04:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2016-11-06 09:50 - 2016-10-24 15:26 - 00000000 ____D C:\Users\Pierre\Downloads\SOMA

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-10-31 05:21 - 2016-10-31 05:21 - 0007601 _____ () C:\Users\Pierre\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\Pierre\AppData\Local\Temp\proxy_vole1163353198252740085.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-02 04:30

==================== Ende von FRST.txt ============================

Addition:

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-12-2016
durchgeführt von Pierre (06-12-2016 08:10:05)
Gestartet von C:\Users\Pierre\Downloads
Windows 8.1 (Update) (X64) (2016-09-25 23:32:44)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1270318777-2372364311-1805106945-500 - Administrator - Disabled)
Gast (S-1-5-21-1270318777-2372364311-1805106945-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1270318777-2372364311-1805106945-1003 - Limited - Enabled)
Pierre (S-1-5-21-1270318777-2372364311-1805106945-1001 - Administrator - Enabled) => C:\Users\Pierre

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG) Hidden
Avira Launcher (HKLM-x32\...\{af1966e2-5e60-4d93-8a48-c21462a87e3c}) (Version: 1.2.71.9779 - Avira Operations GmbH & Co. KG)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Dead Rising (HKLM\...\Steam App 427190) (Version:  - Capcom)
Dead Rising 2 (HKLM\...\Steam App 45740) (Version:  - Capcom Vancouver)
Dead Rising 2: Off the Record (HKLM\...\Steam App 45770) (Version:  - Capcom Vancouver)
Deus Ex: Game of the Year Edition (HKLM\...\Steam App 6910) (Version:  - Ion Storm)
Deus Ex: Revision (HKLM\...\Steam App 397550) (Version:  - Ion Storm)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Dungeon Keeper 2 (HKLM\...\{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kerbal Space Program (HKLM\...\Steam App 220200) (Version:  - Squad)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.16.8-r118433-release - Plays.tv, LLC)
Prison Architect (HKLM\...\Steam App 233450) (Version:  - Introversion Software)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
SOMA (HKLM\...\Steam App 282140) (Version:  - Frictional Games)
South Park™: The Stick of Truth™ (HKLM\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War for the Overworld (HKLM\...\Steam App 230190) (Version:  - Brightrock Games)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {8D4CAE6D-4B79-4639-B430-0648E8CC4BC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {A73A17A0-FBE1-4F50-824F-3175BBB433DE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {A9F8087C-A1BE-4257-A936-CFC4456FA1B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.)
Task: {B0CB48D2-316F-41F7-8FD9-485B2426CAC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-11-14 21:51 - 2016-11-08 22:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 21:51 - 2016-11-08 22:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pierre\Downloads\Rex.jpg
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Pierre\Downloads\Rex.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1270318777-2372364311-1805106945-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CyberGhost"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{045C7281-CDB6-4B58-9C53-46CC8C9B69A9}] => D:\Steam\Steam.exe
FirewallRules: [{498274C6-C9D2-43B7-B739-B2A7C22AACF5}] => D:\Steam\Steam.exe
FirewallRules: [TCP Query User{A0083C9D-D5C9-461B-8531-63F644EEC38D}D:\steam\steamapps\common\subnautica\subnautica.exe] => D:\steam\steamapps\common\subnautica\subnautica.exe
FirewallRules: [UDP Query User{95BE1F73-317F-438A-B4E0-336395B9D6E2}D:\steam\steamapps\common\subnautica\subnautica.exe] => D:\steam\steamapps\common\subnautica\subnautica.exe
FirewallRules: [{CAB19A4D-3302-4CB7-A299-019E1FEB0B1F}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{68560DA7-F17B-434B-A5A4-065DA79AE29C}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{30E3B7F3-0E62-4CA7-B4DB-92234F60D5B1}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9F62A21A-C3AC-4ED5-ABC1-15C362EA81E8}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BCDE17E8-F165-43EA-B1ED-1705D2D5925B}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{93A14847-A138-48E1-A352-BC1C08E9DEDA}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1435A81A-E3E1-4EED-98F7-63D58A6CA3B5}] => D:\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{91629789-6A00-4ED9-B1F1-8DB29ED6BB93}] => D:\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{7205CB94-1048-464A-9982-C94ED353A877}] => D:\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{61A17965-0CFC-47C6-847A-5D55E9EEF9BC}] => D:\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{FABCF3D8-B4B4-452C-AE77-00E29EFB6C84}] => D:\Steam\steamapps\common\SOMA\Soma.exe
FirewallRules: [{5C4D880B-A807-4031-A6B4-E419BE1259C7}] => D:\Steam\steamapps\common\SOMA\Soma.exe
FirewallRules: [{274D6A34-7263-42CB-BC71-C437CCA5DBB9}] => D:\Steam\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{A863339B-F7E3-4986-9430-4E5F59C99C58}] => D:\Steam\steamapps\common\SOMA\ModLauncher.exe
FirewallRules: [{8EB7AFBC-4499-4456-8638-1BFA816D5397}] => D:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{D0B09988-B91B-46EC-BD46-BF87C398B6CC}] => D:\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{72076674-37F7-45E7-8D41-E443137FFCB4}] => D:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{D7057462-6747-4F93-AAE7-61B0D1E9D59E}] => D:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{D801F37D-E86E-4279-9829-887EC443FB2C}] => D:\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{9C7E32DD-9DD0-4805-B347-0F78C7FD7580}] => D:\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{414B2C6D-CFAD-49DD-93CA-7B975452D969}] => D:\Steam\steamapps\common\Deus Ex\System\Revision.exe
FirewallRules: [{CCEB408C-5906-4A86-B99F-5898DE19F3EC}] => D:\Steam\steamapps\common\Deus Ex\System\Revision.exe
FirewallRules: [{9405117B-04F9-4FEC-BE0E-ACA207B9CAB4}] => D:\Steam\steamapps\common\War For The Overworld\WFTO.exe
FirewallRules: [{B2AEE00F-474D-4D16-B91D-814944ABA3EA}] => D:\Steam\steamapps\common\War For The Overworld\WFTO.exe
FirewallRules: [{A32B222E-889B-4AF3-A7E8-343BA8503466}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D40C89FB-FE69-4CF5-A1C0-338A9CA4E0B3}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{6064621D-473F-46E2-810F-1BA52C6B8AA9}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{CB919E98-A0A9-412E-9A0E-84431485D085}] => D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{932FB03E-D365-4CC7-9155-73CBE82FB3E9}] => D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{76CDEC09-D0FA-4145-8FEF-34C50CDFBC0D}] => D:\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{F6C5DB8F-D96A-4B3F-AC14-1BB9EA14750F}] => D:\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{440CED1F-18FF-4471-A136-BEB95D8EBDBD}] => D:\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{925A7FE2-EE03-44C0-AB5F-71785E7EEBB1}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{BFE88E05-F682-44C9-8D36-45B8FC0F4C2E}] => D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{F2CCB84D-AD24-4E1F-8E9F-91F677177C58}D:\dragon's prophet\launcher.exe] => D:\dragon's prophet\launcher.exe
FirewallRules: [UDP Query User{35A4B48E-7C2B-4B91-8E28-6CCFF8D1F871}D:\dragon's prophet\launcher.exe] => D:\dragon's prophet\launcher.exe
FirewallRules: [TCP Query User{CB9B1BEB-44F4-4122-9DD7-3CD30941E5FC}D:\dragon's prophet\dp_x64.exe] => D:\dragon's prophet\dp_x64.exe
FirewallRules: [UDP Query User{453FC595-393C-432D-8503-47065A8CAFE8}D:\dragon's prophet\dp_x64.exe] => D:\dragon's prophet\dp_x64.exe
FirewallRules: [{EC211C6C-0F5F-4DBE-96B7-C9E3380CBB7C}] => D:\Steam\steamapps\common\Dead Rising 2 Off the Record\deadrising2otr.exe
FirewallRules: [{80BBEC17-0E1C-4C0A-972B-AE2EDB0BE0B9}] => D:\Steam\steamapps\common\Dead Rising 2 Off the Record\deadrising2otr.exe
FirewallRules: [{4B93B156-5A35-40D5-BE0E-B4A2CFA13728}] => D:\Steam\steamapps\common\Dead Rising\DeadRising.exe
FirewallRules: [{F00871BA-F21F-4BD9-B873-AA6E253186AE}] => D:\Steam\steamapps\common\Dead Rising\DeadRising.exe
FirewallRules: [{569E295B-8F8B-45BB-8E88-E5B97C3873FB}] => D:\Steam\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{91CB819C-1269-4980-83CD-E58D8E08C14B}] => D:\Steam\steamapps\common\Dead Rising 2\deadrising2.exe
FirewallRules: [{F03BE95B-F235-45E1-B5AE-04C8CDE35A73}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{D6E8E4B9-1F72-40A0-8EC8-E6297091AB66}D:\dragon's prophet\launcher.exe] => D:\dragon's prophet\launcher.exe
FirewallRules: [UDP Query User{25502552-55FD-45A6-B3AF-0A6900A2776C}D:\dragon's prophet\launcher.exe] => D:\dragon's prophet\launcher.exe
FirewallRules: [TCP Query User{0894AD86-5460-43B8-B10B-D1031A5EA2B6}D:\dragon's prophet\dp_x64.exe] => D:\dragon's prophet\dp_x64.exe
FirewallRules: [UDP Query User{45FF151F-EDD0-4C1D-BDD3-08DEF8307542}D:\dragon's prophet\dp_x64.exe] => D:\dragon's prophet\dp_x64.exe
FirewallRules: [{67BC52BF-AED4-4B0F-8C8A-300BC1B26D3F}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{EE8FEE5C-0596-4D50-BFAB-C6EC3F0E424A}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{07594D07-1506-4ED4-8C31-CB3E7231592C}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4BF34108-C68B-4338-90A8-018DFF97F3DE}] => C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6EB7F9C3-ACC4-4E3D-BB60-934EA99AAC96}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6945E115-8326-4926-A27B-9DAFCFB90392}] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

==================== Wiederherstellungspunkte =========================

05-12-2016 17:29:29 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/06/2016 07:35:52 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\Steam\bin\steamwebhelper.exe

Error: (12/06/2016 07:33:47 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\Steam\bin\steamwebhelper.exe

Error: (12/06/2016 07:31:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: eb0

Startzeit: 01d24f89b6d8f0ea

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: aa5acec6-bb7d-11e6-8273-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/06/2016 07:20:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b4c

Startzeit: 01d24f882575a4fa

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 179c79ca-bb7c-11e6-8273-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/06/2016 05:43:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 324

Startzeit: 01d24f7a82b0ce0a

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 764095d3-bb6e-11e6-8272-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/06/2016 04:32:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 874

Startzeit: 01d24f6d503dae8e

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 38d73dfd-bb61-11e6-8271-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/06/2016 04:25:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.18460 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7f8

Startzeit: 01d24f6d2b88f994

Endzeit: 9204

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a219f010-bb63-11e6-8271-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/06/2016 04:19:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20911 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f04

Startzeit: 01d24f6eddd6bd20

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: d49a7c5c-bb62-11e6-8271-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/06/2016 04:13:46 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for D:\Steam\bin\steamwebhelper.exe

Error: (12/06/2016 03:45:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.18460 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 540

Startzeit: 01d24f68cf4ea3f1

Endzeit: 4294967295

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 90f1e8ad-bb5d-11e6-8270-08edb9c70b4a

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (12/06/2016 07:21:34 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (12/06/2016 07:19:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (12/06/2016 07:19:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (12/06/2016 07:18:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (12/06/2016 07:18:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (12/06/2016 07:15:23 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/06/2016 07:14:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (12/06/2016 07:13:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Plays.tv Update Service (PlaysService)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/06/2016 07:13:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Plays.tv Update Service (PlaysService) erreicht.

Error: (12/06/2016 07:08:24 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8139.28 MB
Verfügbarer physikalischer RAM: 5754.89 MB
Summe virtueller Speicher: 9419.28 MB
Verfügbarer virtueller Speicher: 6997.41 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:204.06 GB) (Free:95.05 GB) NTFS
Drive d: () (Fixed) (Total:401 GB) (Free:3.82 GB) NTFS
Drive e: () (Fixed) (Total:325.45 GB) (Free:4.58 GB) NTFS
Drive f: (ESD-ISO) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 31600180)

Partition: GPT.

==================== Ende von Addition.txt ============================

Tician 06.12.2016 14:19
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

Tician 06.12.2016 19:24
Hallo und :hallo:

Bevor wir beginnen beachte bitte Folgendes:
  • Installiere/Deinstalliere bitte nichts während wir hier an deinem Problem arbeiten
  • Speicher alle unsere Tools auf dem Desktop ab (das ist später wichtig!)
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach auf mehrere Posts aufteilen
  • Falls vorhanden: Logs die jünger als 1 Monat sind bitte posten
  • Verwende keine weiteren Tools ohne Aufforderung
  • Wichtig: Auch wenn dein Problem behoben scheint kann dein System noch infiziert sein, arbeite also bitte weiter bis ich dir ein "Clean" gebe

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst



Schritt 1:

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
[/QUOTE]

Vigilante 06.12.2016 20:40
Danke Tician, für die Hilfe und deinem Advisor natürlich auch. :)

So, erst mal ein Update, weil es wichtig ist. Ich konnte meinen PC nach meinem Thread gar nicht mehr starten. Nach dem Bootlogo von Sony war Ende. Also bin ich zum Nachbar, der hat mir nun mit einem Linux Bootstick/Rescuestick geholfen Windows wieder ans laufen zu bekommen.

Die Rescue Partition ist wirklich weg. Die wurde gelöscht und in über 50 Sekundärlaufwerke verwandelt. Mal mit 1MB Größe, dann mal mit 10MB, dann wiederum mit 512kb usw..

Der Startsektor bestand nur aus irgendeinem kryptischen Blödsinn und war dazu nicht mehr herzustellen. Wir haben die 50+ Partitionen mit dem Rescue Tool entfernt, dann den zerstörten Bereich mit dem Schädling drauf in einen 50MB großen unpartitionierten Bereich verwandelt. Dann einen neuen Startsektor erstellt und die Reste der Rescuepartition nun im C: Laufwerk integriert und neu formatiert. Damit habe ich nun was mehr Speicherplatz. Aber eben auf Verlust meiner Rescuepartition.

Mein Nachbar vermutet eine Art von SystemNuke. Oder irgendwas in der Art, konnte ihm ehrlich gesagt nicht so ganz folgen. Er kann mir nicht weiter helfen, hat mir aber angeraten, das System trotzdem noch checken zu lassen..

Gut, also Windows ist Neu drauf, was denkt ihr?

TDSKiller LOG:

Code:
20:15:42.0857 0x0ed8  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
20:15:42.0857 0x0ed8  UEFI system
20:15:47.0103 0x0ed8  ============================================================
20:15:47.0103 0x0ed8  Current date / time: 2016/12/06 20:15:47.0103
20:15:47.0103 0x0ed8  SystemInfo:
20:15:47.0103 0x0ed8 
20:15:47.0103 0x0ed8  OS Version: 6.3.9600 ServicePack: 0.0
20:15:47.0103 0x0ed8  Product type: Workstation
20:15:47.0103 0x0ed8  ComputerName: DERNEUEDOCTOR
20:15:47.0103 0x0ed8  UserName: Pierre
20:15:47.0103 0x0ed8  Windows directory: C:\Windows
20:15:47.0103 0x0ed8  System windows directory: C:\Windows
20:15:47.0103 0x0ed8  Running under WOW64
20:15:47.0103 0x0ed8  Processor architecture: Intel x64
20:15:47.0103 0x0ed8  Number of processors: 8
20:15:47.0103 0x0ed8  Page size: 0x1000
20:15:47.0103 0x0ed8  Boot type: Normal boot
20:15:47.0103 0x0ed8  CodeIntegrityOptions = 0x00000001
20:15:47.0103 0x0ed8  ============================================================
20:15:47.0491 0x0ed8  KLMD registered as C:\Windows\system32\drivers\47039381.sys
20:15:47.0491 0x0ed8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.17415, osProperties = 0x19
20:15:48.0006 0x0ed8  System UUID: {ACFB870E-72B2-9097-0A62-8D49089170F9}
20:15:48.0784 0x0ed8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:48.0787 0x0ed8  ============================================================
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0:
20:15:48.0787 0x0ed8  GPT partitions:
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E1DEB805-9C38-4CBC-BCF3-589CF33E21D2}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BF3DF373-39D0-420B-B7FE-B544526AEC13}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C207FF65-C9BA-4E4A-AFF2-08779CC6CDF2}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DE1A011C-A4E8-4F4C-B5A4-600DC9FE65D5}, Name: Basic data partition, StartLBA 0x124000, BlocksNum 0x198FC000
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {255EAB98-BF00-9FB3-72AE-D0013057BD4A}, Name: Basic data partition, StartLBA 0x19A20000, BlocksNum 0x32201800
20:15:48.0787 0x0ed8  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DFCE5D80-AE72-01D0-3B59-AF1277B25E25}, Name: Basic data partition, StartLBA 0x4BC21800, BlocksNum 0x28AE4000
20:15:48.0787 0x0ed8  MBR partitions:
20:15:48.0787 0x0ed8  ============================================================
20:15:48.0810 0x0ed8  C: <-> \Device\Harddisk0\DR0\Partition4
20:15:48.0859 0x0ed8  D: <-> \Device\Harddisk0\DR0\Partition5
20:15:49.0017 0x0ed8  E: <-> \Device\Harddisk0\DR0\Partition6
20:15:49.0017 0x0ed8  ============================================================
20:15:49.0017 0x0ed8  Initialize success
20:15:49.0017 0x0ed8  ============================================================
20:17:00.0276 0x07d4  ============================================================
20:17:00.0276 0x07d4  Scan started
20:17:00.0276 0x07d4  Mode: Manual; SigCheck; TDLFS;
20:17:00.0276 0x07d4  ============================================================
20:17:00.0276 0x07d4  KSN ping started
20:17:02.0785 0x07d4  KSN ping finished: true
20:17:04.0220 0x07d4  ================ Scan system memory ========================
20:17:04.0220 0x07d4  System memory - ok
20:17:04.0221 0x07d4  ================ Scan services =============================
20:17:04.0362 0x07d4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
20:17:04.0387 0x07d4  1394ohci - ok
20:17:04.0451 0x07d4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
20:17:04.0461 0x07d4  3ware - ok
20:17:04.0486 0x07d4  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:17:04.0505 0x07d4  ACPI - ok
20:17:04.0509 0x07d4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
20:17:04.0518 0x07d4  acpiex - ok
20:17:04.0532 0x07d4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
20:17:04.0569 0x07d4  acpipagr - ok
20:17:04.0585 0x07d4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
20:17:04.0619 0x07d4  AcpiPmi - ok
20:17:04.0622 0x07d4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
20:17:04.0630 0x07d4  acpitime - ok
20:17:04.0666 0x07d4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
20:17:04.0691 0x07d4  ADP80XX - ok
20:17:04.0724 0x07d4  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:17:04.0737 0x07d4  AeLookupSvc - ok
20:17:04.0765 0x07d4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
20:17:04.0792 0x07d4  AFD - ok
20:17:04.0813 0x07d4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:17:04.0821 0x07d4  agp440 - ok
20:17:04.0840 0x07d4  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
20:17:04.0850 0x07d4  ahcache - ok
20:17:04.0873 0x07d4  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG            C:\Windows\System32\alg.exe
20:17:04.0894 0x07d4  ALG - ok
20:17:04.0943 0x07d4  [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:17:04.0959 0x07d4  AMD External Events Utility - ok
20:17:04.0971 0x07d4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
20:17:04.0992 0x07d4  AmdK8 - ok
20:17:05.0023 0x07d4  [ F2FF8C1B41B3784EDBD5C6D5397F403C, 104873700D2BDF4812DC48200B4609F46A63E7A50594A0599100EF1438863708 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
20:17:05.0048 0x07d4  amdkmafd - ok
20:17:05.0064 0x07d4  amdkmdag - ok
20:17:05.0114 0x07d4  [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:17:05.0154 0x07d4  amdkmdap - ok
20:17:05.0172 0x07d4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
20:17:05.0181 0x07d4  AmdPPM - ok
20:17:05.0193 0x07d4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
20:17:05.0202 0x07d4  amdsata - ok
20:17:05.0209 0x07d4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:17:05.0222 0x07d4  amdsbs - ok
20:17:05.0236 0x07d4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
20:17:05.0243 0x07d4  amdxata - ok
20:17:05.0254 0x07d4  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID          C:\Windows\system32\drivers\appid.sys
20:17:05.0280 0x07d4  AppID - ok
20:17:05.0311 0x07d4  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:17:05.0319 0x07d4  AppIDSvc - ok
20:17:05.0333 0x07d4  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo        C:\Windows\System32\appinfo.dll
20:17:05.0353 0x07d4  Appinfo - ok
20:17:05.0380 0x07d4  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
20:17:05.0405 0x07d4  AppReadiness - ok
20:17:05.0455 0x07d4  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
20:17:05.0502 0x07d4  AppXSvc - ok
20:17:05.0514 0x07d4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:17:05.0524 0x07d4  arcsas - ok
20:17:05.0548 0x07d4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\Windows\system32\drivers\atapi.sys
20:17:05.0555 0x07d4  atapi - ok
20:17:05.0678 0x07d4  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
20:17:05.0794 0x07d4  athr - ok
20:17:05.0840 0x07d4  [ AF6DD5993D46AF2492C19E1FF6D9A04C, 720F27791FF5D486AD07A447A4BC44D137AA245B91CE1D624E40B1DA78B6CACF ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
20:17:05.0858 0x07d4  AtiHDAudioService - ok
20:17:05.0888 0x07d4  [ CAC8CD93EF239AA68D92AEB5C17FDA8A, 48CA6135868A2351BBD48F2AC8622A7654B83AFD0661B266B684B19113B7D5D5 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
20:17:05.0904 0x07d4  AudioEndpointBuilder - ok
20:17:05.0940 0x07d4  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:17:05.0971 0x07d4  Audiosrv - ok
20:17:06.0018 0x07d4  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
20:17:06.0029 0x07d4  avmeject - ok
20:17:06.0058 0x07d4  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:17:06.0085 0x07d4  AxInstSV - ok
20:17:06.0111 0x07d4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
20:17:06.0130 0x07d4  b06bdrv - ok
20:17:06.0149 0x07d4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
20:17:06.0157 0x07d4  BasicDisplay - ok
20:17:06.0160 0x07d4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
20:17:06.0172 0x07d4  BasicRender - ok
20:17:06.0191 0x07d4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
20:17:06.0197 0x07d4  bcmfn2 - ok
20:17:06.0231 0x07d4  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
20:17:06.0256 0x07d4  BDESVC - ok
20:17:06.0278 0x07d4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
20:17:06.0298 0x07d4  Beep - ok
20:17:06.0337 0x07d4  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE            C:\Windows\System32\bfe.dll
20:17:06.0371 0x07d4  BFE - ok
20:17:06.0417 0x07d4  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
20:17:06.0490 0x07d4  BITS - ok
20:17:06.0500 0x07d4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:17:06.0519 0x07d4  bowser - ok
20:17:06.0547 0x07d4  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
20:17:06.0566 0x07d4  BrokerInfrastructure - ok
20:17:06.0581 0x07d4  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser        C:\Windows\System32\browser.dll
20:17:06.0617 0x07d4  Browser - ok
20:17:06.0631 0x07d4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
20:17:06.0645 0x07d4  BthAvrcpTg - ok
20:17:06.0664 0x07d4  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
20:17:06.0671 0x07d4  BthEnum - ok
20:17:06.0675 0x07d4  [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
20:17:06.0691 0x07d4  BthHFEnum - ok
20:17:06.0694 0x07d4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
20:17:06.0711 0x07d4  bthhfhid - ok
20:17:06.0734 0x07d4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
20:17:06.0754 0x07d4  BthHFSrv - ok
20:17:06.0780 0x07d4  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
20:17:06.0788 0x07d4  BTHMODEM - ok
20:17:06.0812 0x07d4  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:17:06.0828 0x07d4  BthPan - ok
20:17:06.0883 0x07d4  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
20:17:06.0918 0x07d4  BTHPORT - ok
20:17:06.0942 0x07d4  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv        C:\Windows\system32\bthserv.dll
20:17:06.0964 0x07d4  bthserv - ok
20:17:06.0987 0x07d4  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:17:07.0009 0x07d4  BTHUSB - ok
20:17:07.0028 0x07d4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:17:07.0038 0x07d4  cdfs - ok
20:17:07.0061 0x07d4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\Windows\System32\drivers\cdrom.sys
20:17:07.0072 0x07d4  cdrom - ok
20:17:07.0093 0x07d4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc    C:\Windows\System32\certprop.dll
20:17:07.0110 0x07d4  CertPropSvc - ok
20:17:07.0127 0x07d4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
20:17:07.0143 0x07d4  circlass - ok
20:17:07.0181 0x07d4  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
20:17:07.0197 0x07d4  CLFS - ok
20:17:07.0202 0x07d4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
20:17:07.0209 0x07d4  CmBatt - ok
20:17:07.0221 0x07d4  [ 114AAF528D3D87D306F3682E618E8091, A030AC04AF042F8F4BB95A9CE2B442D31432C4EEE60502279F169B0FA2E52AAB ] CNG            C:\Windows\system32\Drivers\cng.sys
20:17:07.0241 0x07d4  CNG - ok
20:17:07.0255 0x07d4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
20:17:07.0273 0x07d4  CompositeBus - ok
20:17:07.0276 0x07d4  COMSysApp - ok
20:17:07.0304 0x07d4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
20:17:07.0326 0x07d4  condrv - ok
20:17:07.0347 0x07d4  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:17:07.0358 0x07d4  CryptSvc - ok
20:17:07.0378 0x07d4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam            C:\Windows\system32\drivers\dam.sys
20:17:07.0386 0x07d4  dam - ok
20:17:07.0424 0x07d4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:17:07.0447 0x07d4  DcomLaunch - ok
20:17:07.0477 0x07d4  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc      C:\Windows\System32\defragsvc.dll
20:17:07.0512 0x07d4  defragsvc - ok
20:17:07.0544 0x07d4  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
20:17:07.0560 0x07d4  DeviceAssociationService - ok
20:17:07.0576 0x07d4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
20:17:07.0604 0x07d4  DeviceInstall - ok
20:17:07.0621 0x07d4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
20:17:07.0656 0x07d4  Dfsc - ok
20:17:07.0694 0x07d4  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:17:07.0720 0x07d4  Dhcp - ok
20:17:07.0732 0x07d4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
20:17:07.0741 0x07d4  disk - ok
20:17:07.0767 0x07d4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
20:17:07.0787 0x07d4  dmvsc - ok
20:17:07.0814 0x07d4  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:17:07.0827 0x07d4  Dnscache - ok
20:17:07.0857 0x07d4  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc        C:\Windows\System32\dot3svc.dll
20:17:07.0883 0x07d4  dot3svc - ok
20:17:07.0899 0x07d4  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS            C:\Windows\system32\dps.dll
20:17:07.0911 0x07d4  DPS - ok
20:17:07.0924 0x07d4  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:17:07.0931 0x07d4  drmkaud - ok
20:17:07.0948 0x07d4  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
20:17:07.0973 0x07d4  DsmSvc - ok
20:17:08.0027 0x07d4  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:17:08.0069 0x07d4  DXGKrnl - ok
20:17:08.0090 0x07d4  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost        C:\Windows\System32\eapsvc.dll
20:17:08.0112 0x07d4  Eaphost - ok
20:17:08.0222 0x07d4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
20:17:08.0342 0x07d4  ebdrv - ok
20:17:08.0368 0x07d4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS            C:\Windows\System32\lsass.exe
20:17:08.0376 0x07d4  EFS - ok
20:17:08.0404 0x07d4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
20:17:08.0413 0x07d4  EhStorClass - ok
20:17:08.0423 0x07d4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
20:17:08.0433 0x07d4  EhStorTcgDrv - ok
20:17:08.0438 0x07d4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
20:17:08.0457 0x07d4  ErrDev - ok
20:17:08.0493 0x07d4  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem    C:\Windows\system32\es.dll
20:17:08.0520 0x07d4  EventSystem - ok
20:17:08.0536 0x07d4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\Windows\system32\drivers\exfat.sys
20:17:08.0573 0x07d4  exfat - ok
20:17:08.0592 0x07d4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:17:08.0603 0x07d4  fastfat - ok
20:17:08.0646 0x07d4  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax            C:\Windows\system32\fxssvc.exe
20:17:08.0672 0x07d4  Fax - ok
20:17:08.0684 0x07d4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\Windows\System32\drivers\fdc.sys
20:17:08.0708 0x07d4  fdc - ok
20:17:08.0738 0x07d4  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost        C:\Windows\system32\fdPHost.dll
20:17:08.0767 0x07d4  fdPHost - ok
20:17:08.0779 0x07d4  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:17:08.0792 0x07d4  FDResPub - ok
20:17:08.0816 0x07d4  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc          C:\Windows\system32\fhsvc.dll
20:17:08.0844 0x07d4  fhsvc - ok
20:17:08.0869 0x07d4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:17:08.0878 0x07d4  FileInfo - ok
20:17:08.0881 0x07d4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:17:08.0900 0x07d4  Filetrace - ok
20:17:08.0909 0x07d4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
20:17:08.0927 0x07d4  flpydisk - ok
20:17:08.0943 0x07d4  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:17:08.0958 0x07d4  FltMgr - ok
20:17:09.0013 0x07d4  [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache      C:\Windows\system32\FntCache.dll
20:17:09.0058 0x07d4  FontCache - ok
20:17:09.0084 0x07d4  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
20:17:09.0093 0x07d4  FsDepends - ok
20:17:09.0096 0x07d4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:17:09.0103 0x07d4  Fs_Rec - ok
20:17:09.0115 0x07d4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:17:09.0135 0x07d4  fvevol - ok
20:17:09.0293 0x07d4  [ 8A3DB33B2FA1D0CAF7A70256E00EB996, 13F51EEB0088A8891620388843A8C3BA1D1526CF8AF1C5960E167FC4C877563A ] fwlanusb5      C:\Windows\system32\DRIVERS\fwlanusb5.sys
20:17:09.0331 0x07d4  fwlanusb5 - ok
20:17:09.0354 0x07d4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\Windows\System32\drivers\fxppm.sys
20:17:09.0363 0x07d4  FxPPM - ok
20:17:09.0370 0x07d4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:17:09.0378 0x07d4  gagp30kx - ok
20:17:09.0397 0x07d4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
20:17:09.0418 0x07d4  gencounter - ok
20:17:09.0441 0x07d4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
20:17:09.0451 0x07d4  GPIOClx0101 - ok
20:17:09.0502 0x07d4  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc          C:\Windows\System32\gpsvc.dll
20:17:09.0550 0x07d4  gpsvc - ok
20:17:09.0616 0x07d4  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:09.0624 0x07d4  gupdate - ok
20:17:09.0633 0x07d4  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:17:09.0640 0x07d4  gupdatem - ok
20:17:09.0667 0x07d4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:09.0682 0x07d4  HdAudAddService - ok
20:17:09.0710 0x07d4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
20:17:09.0725 0x07d4  HDAudBus - ok
20:17:09.0744 0x07d4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
20:17:09.0760 0x07d4  HidBatt - ok
20:17:09.0774 0x07d4  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
20:17:09.0798 0x07d4  HidBth - ok
20:17:09.0801 0x07d4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
20:17:09.0810 0x07d4  hidi2c - ok
20:17:09.0813 0x07d4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\Windows\System32\drivers\hidir.sys
20:17:09.0822 0x07d4  HidIr - ok
20:17:09.0835 0x07d4  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv        C:\Windows\system32\hidserv.dll
20:17:09.0844 0x07d4  hidserv - ok
20:17:09.0869 0x07d4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
20:17:09.0882 0x07d4  HidUsb - ok
20:17:09.0909 0x07d4  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:17:09.0920 0x07d4  hkmsvc - ok
20:17:09.0938 0x07d4  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:09.0964 0x07d4  HomeGroupListener - ok
20:17:09.0991 0x07d4  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:10.0016 0x07d4  HomeGroupProvider - ok
20:17:10.0039 0x07d4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:17:10.0048 0x07d4  HpSAMD - ok
20:17:10.0094 0x07d4  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:17:10.0123 0x07d4  HTTP - ok
20:17:10.0136 0x07d4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:17:10.0143 0x07d4  hwpolicy - ok
20:17:10.0154 0x07d4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
20:17:10.0170 0x07d4  hyperkbd - ok
20:17:10.0182 0x07d4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
20:17:10.0190 0x07d4  HyperVideo - ok
20:17:10.0207 0x07d4  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
20:17:10.0224 0x07d4  i8042prt - ok
20:17:10.0235 0x07d4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
20:17:10.0253 0x07d4  iaLPSSi_GPIO - ok
20:17:10.0265 0x07d4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
20:17:10.0272 0x07d4  iaLPSSi_I2C - ok
20:17:10.0286 0x07d4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
20:17:10.0304 0x07d4  iaStorAV - ok
20:17:10.0314 0x07d4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
20:17:10.0330 0x07d4  iaStorV - ok
20:17:10.0333 0x07d4  IEEtwCollectorService - ok
20:17:10.0370 0x07d4  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:17:10.0399 0x07d4  IKEEXT - ok
20:17:10.0424 0x07d4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:17:10.0431 0x07d4  intelide - ok
20:17:10.0448 0x07d4  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
20:17:10.0455 0x07d4  intelpep - ok
20:17:10.0477 0x07d4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
20:17:10.0486 0x07d4  intelppm - ok
20:17:10.0496 0x07d4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:10.0514 0x07d4  IpFilterDriver - ok
20:17:10.0559 0x07d4  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:17:10.0599 0x07d4  iphlpsvc - ok
20:17:10.0632 0x07d4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
20:17:10.0653 0x07d4  IPMIDRV - ok
20:17:10.0665 0x07d4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
20:17:10.0689 0x07d4  IPNAT - ok
20:17:10.0714 0x07d4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:17:10.0724 0x07d4  IRENUM - ok
20:17:10.0735 0x07d4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:17:10.0743 0x07d4  isapnp - ok
20:17:10.0755 0x07d4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
20:17:10.0768 0x07d4  iScsiPrt - ok
20:17:10.0797 0x07d4  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
20:17:10.0805 0x07d4  kbdclass - ok
20:17:10.0814 0x07d4  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
20:17:10.0822 0x07d4  kbdhid - ok
20:17:10.0825 0x07d4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\Windows\system32\DRIVERS\kdnic.sys
20:17:10.0847 0x07d4  kdnic - ok
20:17:10.0856 0x07d4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
20:17:10.0865 0x07d4  KeyIso - ok
20:17:10.0891 0x07d4  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:17:10.0900 0x07d4  KSecDD - ok
20:17:10.0905 0x07d4  [ CA3F19E4B0765135B0F3C99384C535B9, 16441986C4E91F272E5876121272366476DB0496117C5AB4FBC82B07A06C0EC0 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
20:17:10.0916 0x07d4  KSecPkg - ok
20:17:10.0919 0x07d4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
20:17:10.0939 0x07d4  ksthunk - ok
20:17:10.0971 0x07d4  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:17:10.0987 0x07d4  KtmRm - ok
20:17:11.0016 0x07d4  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:17:11.0044 0x07d4  LanmanServer - ok
20:17:11.0072 0x07d4  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:11.0086 0x07d4  LanmanWorkstation - ok
20:17:11.0125 0x07d4  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc          C:\Windows\System32\GeofenceMonitorService.dll
20:17:11.0157 0x07d4  lfsvc - ok
20:17:11.0177 0x07d4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:17:11.0200 0x07d4  lltdio - ok
20:17:11.0224 0x07d4  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:17:11.0238 0x07d4  lltdsvc - ok
20:17:11.0246 0x07d4  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:17:11.0255 0x07d4  lmhosts - ok
20:17:11.0277 0x07d4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
20:17:11.0287 0x07d4  LSI_SAS - ok
20:17:11.0291 0x07d4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:17:11.0300 0x07d4  LSI_SAS2 - ok
20:17:11.0303 0x07d4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
20:17:11.0312 0x07d4  LSI_SAS3 - ok
20:17:11.0316 0x07d4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
20:17:11.0324 0x07d4  LSI_SSS - ok
20:17:11.0351 0x07d4  [ 9B231CD3E52DF29EE50086FF676D3D6F, A47449CA6C88FE089A6953D05FA33A55A55E0306335A7A102A4CD75429FF0515 ] LSM            C:\Windows\System32\lsm.dll
20:17:11.0375 0x07d4  LSM - ok
20:17:11.0395 0x07d4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\Windows\system32\drivers\luafv.sys
20:17:11.0412 0x07d4  luafv - ok
20:17:11.0437 0x07d4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\Windows\system32\drivers\megasas.sys
20:17:11.0445 0x07d4  megasas - ok
20:17:11.0458 0x07d4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
20:17:11.0478 0x07d4  megasr - ok
20:17:11.0537 0x07d4  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
20:17:11.0543 0x07d4  MEIx64 - ok
20:17:11.0580 0x07d4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS          C:\Windows\system32\mmcss.dll
20:17:11.0644 0x07d4  MMCSS - ok
20:17:11.0662 0x07d4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\Windows\system32\drivers\modem.sys
20:17:11.0672 0x07d4  Modem - ok
20:17:11.0693 0x07d4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\Windows\System32\drivers\monitor.sys
20:17:11.0700 0x07d4  monitor - ok
20:17:11.0728 0x07d4  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
20:17:11.0736 0x07d4  mouclass - ok
20:17:11.0739 0x07d4  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
20:17:11.0756 0x07d4  mouhid - ok
20:17:11.0760 0x07d4  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:17:11.0769 0x07d4  mountmgr - ok
20:17:11.0773 0x07d4  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:17:11.0782 0x07d4  mpsdrv - ok
20:17:11.0817 0x07d4  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:17:11.0843 0x07d4  MpsSvc - ok
20:17:11.0854 0x07d4  [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:17:11.0887 0x07d4  MRxDAV - ok
20:17:11.0918 0x07d4  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:11.0957 0x07d4  mrxsmb - ok
20:17:11.0964 0x07d4  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:11.0984 0x07d4  mrxsmb10 - ok
20:17:11.0997 0x07d4  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:12.0009 0x07d4  mrxsmb20 - ok
20:17:12.0019 0x07d4  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
20:17:12.0044 0x07d4  MsBridge - ok
20:17:12.0071 0x07d4  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC          C:\Windows\System32\msdtc.exe
20:17:12.0083 0x07d4  MSDTC - ok
20:17:12.0095 0x07d4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:17:12.0104 0x07d4  Msfs - ok
20:17:12.0120 0x07d4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
20:17:12.0128 0x07d4  msgpiowin32 - ok
20:17:12.0142 0x07d4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
20:17:12.0150 0x07d4  mshidkmdf - ok
20:17:12.0168 0x07d4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
20:17:12.0176 0x07d4  mshidumdf - ok
20:17:12.0185 0x07d4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:17:12.0192 0x07d4  msisadrv - ok
20:17:12.0218 0x07d4  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:17:12.0239 0x07d4  MSiSCSI - ok
20:17:12.0242 0x07d4  msiserver - ok
20:17:12.0262 0x07d4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:17:12.0286 0x07d4  MSKSSRV - ok
20:17:12.0317 0x07d4  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
20:17:12.0343 0x07d4  MsLldp - ok
20:17:12.0346 0x07d4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:12.0354 0x07d4  MSPCLOCK - ok
20:17:12.0358 0x07d4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:17:12.0373 0x07d4  MSPQM - ok
20:17:12.0387 0x07d4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:17:12.0403 0x07d4  MsRPC - ok
20:17:12.0418 0x07d4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
20:17:12.0426 0x07d4  mssmbios - ok
20:17:12.0452 0x07d4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:17:12.0470 0x07d4  MSTEE - ok
20:17:12.0472 0x07d4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
20:17:12.0480 0x07d4  MTConfig - ok
20:17:12.0497 0x07d4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\Windows\system32\Drivers\mup.sys
20:17:12.0505 0x07d4  Mup - ok
20:17:12.0532 0x07d4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
20:17:12.0540 0x07d4  mvumis - ok
20:17:12.0575 0x07d4  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
20:17:12.0592 0x07d4  napagent - ok
20:17:12.0619 0x07d4  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:17:12.0655 0x07d4  NativeWifiP - ok
20:17:12.0686 0x07d4  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
20:17:12.0707 0x07d4  NcaSvc - ok
20:17:12.0718 0x07d4  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
20:17:12.0745 0x07d4  NcbService - ok
20:17:12.0762 0x07d4  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
20:17:12.0781 0x07d4  NcdAutoSetup - ok
20:17:12.0815 0x07d4  [ 21FE65E2E67C4E31EE95CBD1F91C4B24, 6558F2BC10E6B09F7EE5264722FCF572B861EDB60A1433B58A4F4625EC0ABF63 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:17:12.0848 0x07d4  NDIS - ok
20:17:12.0858 0x07d4  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:12.0880 0x07d4  NdisCap - ok
20:17:12.0898 0x07d4  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
20:17:12.0924 0x07d4  NdisImPlatform - ok
20:17:12.0952 0x07d4  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:12.0967 0x07d4  NdisTapi - ok
20:17:12.0979 0x07d4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:12.0988 0x07d4  Ndisuio - ok
20:17:12.0991 0x07d4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
20:17:13.0006 0x07d4  NdisVirtualBus - ok
20:17:13.0019 0x07d4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:13.0044 0x07d4  NdisWan - ok
20:17:13.0050 0x07d4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:13.0063 0x07d4  NdisWanLegacy - ok
20:17:13.0084 0x07d4  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:17:13.0093 0x07d4  NDProxy - ok
20:17:13.0110 0x07d4  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
20:17:13.0120 0x07d4  Ndu - ok
20:17:13.0127 0x07d4  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:17:13.0136 0x07d4  NetBIOS - ok
20:17:13.0143 0x07d4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
20:17:13.0161 0x07d4  NetBT - ok
20:17:13.0179 0x07d4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
20:17:13.0187 0x07d4  Netlogon - ok
20:17:13.0217 0x07d4  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
20:17:13.0230 0x07d4  Netman - ok
20:17:13.0270 0x07d4  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
20:17:13.0289 0x07d4  netprofm - ok
20:17:13.0362 0x07d4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:13.0389 0x07d4  NetTcpPortSharing - ok
20:17:13.0410 0x07d4  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
20:17:13.0425 0x07d4  netvsc - ok
20:17:13.0447 0x07d4  [ 3A4DD90CD5BCB607007BFFE8B9A2C761, 529353DB418B8C5B352A8530C465D5DA196B3DF16F22DA36874990BF11B24C9C ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:17:13.0468 0x07d4  NlaSvc - ok
20:17:13.0484 0x07d4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:17:13.0498 0x07d4  Npfs - ok
20:17:13.0509 0x07d4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
20:17:13.0529 0x07d4  npsvctrig - ok
20:17:13.0553 0x07d4  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi            C:\Windows\system32\nsisvc.dll
20:17:13.0573 0x07d4  nsi - ok
20:17:13.0585 0x07d4  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:17:13.0594 0x07d4  nsiproxy - ok
20:17:13.0654 0x07d4  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:17:13.0707 0x07d4  Ntfs - ok
20:17:13.0719 0x07d4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
20:17:13.0744 0x07d4  Null - ok
20:17:13.0771 0x07d4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:17:13.0781 0x07d4  nvraid - ok
20:17:13.0787 0x07d4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:17:13.0798 0x07d4  nvstor - ok
20:17:13.0813 0x07d4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:17:13.0822 0x07d4  nv_agp - ok
20:17:13.0867 0x07d4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:17:13.0893 0x07d4  p2pimsvc - ok
20:17:13.0922 0x07d4  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
20:17:13.0948 0x07d4  p2psvc - ok
20:17:13.0968 0x07d4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\Windows\System32\drivers\parport.sys
20:17:13.0978 0x07d4  Parport - ok
20:17:14.0010 0x07d4  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:17:14.0019 0x07d4  partmgr - ok
20:17:14.0054 0x07d4  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:17:14.0072 0x07d4  PcaSvc - ok
20:17:14.0079 0x07d4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\Windows\system32\drivers\pci.sys
20:17:14.0092 0x07d4  pci - ok
20:17:14.0100 0x07d4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:17:14.0107 0x07d4  pciide - ok
20:17:14.0125 0x07d4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:17:14.0134 0x07d4  pcmcia - ok
20:17:14.0149 0x07d4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\Windows\system32\drivers\pcw.sys
20:17:14.0157 0x07d4  pcw - ok
20:17:14.0161 0x07d4  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc            C:\Windows\system32\drivers\pdc.sys
20:17:14.0169 0x07d4  pdc - ok
20:17:14.0209 0x07d4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:17:14.0229 0x07d4  PEAUTH - ok
20:17:14.0288 0x07d4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:17:14.0338 0x07d4  PerfHost - ok
20:17:14.0396 0x07d4  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla            C:\Windows\system32\pla.dll
20:17:14.0435 0x07d4  pla - ok
20:17:14.0454 0x07d4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:17:14.0465 0x07d4  PlugPlay - ok
20:17:14.0485 0x07d4  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
20:17:14.0494 0x07d4  PNRPAutoReg - ok
20:17:14.0511 0x07d4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
20:17:14.0525 0x07d4  PNRPsvc - ok
20:17:14.0563 0x07d4  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:17:14.0580 0x07d4  PolicyAgent - ok
20:17:14.0599 0x07d4  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power          C:\Windows\system32\umpo.dll
20:17:14.0609 0x07d4  Power - ok
20:17:14.0724 0x07d4  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
20:17:14.0833 0x07d4  PrintNotify - ok
20:17:14.0858 0x07d4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\Windows\System32\drivers\processr.sys
20:17:14.0867 0x07d4  Processor - ok
20:17:14.0888 0x07d4  [ DEE538B5AF5D1F67C4F9415DE37A8EE2, A3173FD1D0E6D9AADF8269EF275C34F2A2A20A78C337ED8CC2DDC243356C65BD ] ProfSvc        C:\Windows\system32\profsvc.dll
20:17:14.0902 0x07d4  ProfSvc - ok
20:17:14.0916 0x07d4  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:17:14.0932 0x07d4  Psched - ok
20:17:14.0961 0x07d4  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE          C:\Windows\system32\qwave.dll
20:17:14.0999 0x07d4  QWAVE - ok
20:17:15.0025 0x07d4  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:17:15.0033 0x07d4  QWAVEdrv - ok
20:17:15.0058 0x07d4  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:17:15.0076 0x07d4  RasAcd - ok
20:17:15.0094 0x07d4  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto        C:\Windows\System32\rasauto.dll
20:17:15.0105 0x07d4  RasAuto - ok
20:17:15.0124 0x07d4  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
20:17:15.0143 0x07d4  RasMan - ok
20:17:15.0160 0x07d4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:15.0171 0x07d4  RasPppoe - ok
20:17:15.0196 0x07d4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:17:15.0218 0x07d4  rdbss - ok
20:17:15.0228 0x07d4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
20:17:15.0236 0x07d4  rdpbus - ok
20:17:15.0262 0x07d4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
20:17:15.0292 0x07d4  RDPDR - ok
20:17:15.0314 0x07d4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:17:15.0322 0x07d4  RdpVideoMiniport - ok
20:17:15.0343 0x07d4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:17:15.0356 0x07d4  rdyboost - ok
20:17:15.0394 0x07d4  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
20:17:15.0423 0x07d4  ReFS - ok
20:17:15.0456 0x07d4  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:17:15.0468 0x07d4  RemoteAccess - ok
20:17:15.0486 0x07d4  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:17:15.0503 0x07d4  RemoteRegistry - ok
20:17:15.0522 0x07d4  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:17:15.0546 0x07d4  RFCOMM - ok
20:17:15.0569 0x07d4  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:17:15.0593 0x07d4  RpcEptMapper - ok
20:17:15.0623 0x07d4  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
20:17:15.0640 0x07d4  RpcLocator - ok
20:17:15.0668 0x07d4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs          C:\Windows\system32\rpcss.dll
20:17:15.0691 0x07d4  RpcSs - ok
20:17:15.0712 0x07d4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:17:15.0729 0x07d4  rspndr - ok
20:17:15.0784 0x07d4  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168        C:\Windows\system32\DRIVERS\Rt630x64.sys
20:17:15.0818 0x07d4  RTL8168 - ok
20:17:15.0830 0x07d4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
20:17:15.0837 0x07d4  s3cap - ok
20:17:15.0857 0x07d4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs          C:\Windows\system32\lsass.exe
20:17:15.0865 0x07d4  SamSs - ok
20:17:15.0881 0x07d4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:17:15.0891 0x07d4  sbp2port - ok
20:17:15.0915 0x07d4  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:17:15.0932 0x07d4  SCardSvr - ok
20:17:15.0948 0x07d4  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
20:17:15.0968 0x07d4  ScDeviceEnum - ok
20:17:15.0991 0x07d4  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:17:16.0005 0x07d4  scfilter - ok
20:17:16.0048 0x07d4  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\Windows\system32\schedsvc.dll
20:17:16.0088 0x07d4  Schedule - ok
20:17:16.0115 0x07d4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:17:16.0126 0x07d4  SCPolicySvc - ok
20:17:16.0153 0x07d4  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus          C:\Windows\System32\drivers\sdbus.sys
20:17:16.0166 0x07d4  sdbus - ok
20:17:16.0169 0x07d4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
20:17:16.0178 0x07d4  sdstor - ok
20:17:16.0206 0x07d4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:17:16.0215 0x07d4  secdrv - ok
20:17:16.0237 0x07d4  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
20:17:16.0255 0x07d4  seclogon - ok
20:17:16.0262 0x07d4  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
20:17:16.0284 0x07d4  SENS - ok
20:17:16.0318 0x07d4  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:17:16.0341 0x07d4  SensrSvc - ok
20:17:16.0352 0x07d4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
20:17:16.0361 0x07d4  SerCx - ok
20:17:16.0370 0x07d4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
20:17:16.0380 0x07d4  SerCx2 - ok
20:17:16.0403 0x07d4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\Windows\System32\drivers\serenum.sys
20:17:16.0412 0x07d4  Serenum - ok
20:17:16.0416 0x07d4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
20:17:16.0425 0x07d4  Serial - ok
20:17:16.0428 0x07d4  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
20:17:16.0435 0x07d4  sermouse - ok
20:17:16.0458 0x07d4  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
20:17:16.0473 0x07d4  SessionEnv - ok
20:17:16.0492 0x07d4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
20:17:16.0501 0x07d4  sfloppy - ok
20:17:16.0547 0x07d4  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:17:16.0564 0x07d4  SharedAccess - ok
20:17:16.0599 0x07d4  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:16.0664 0x07d4  ShellHWDetection - ok
20:17:16.0684 0x07d4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:17:16.0692 0x07d4  SiSRaid2 - ok
20:17:16.0701 0x07d4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:17:16.0710 0x07d4  SiSRaid4 - ok
20:17:16.0728 0x07d4  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost        C:\Windows\System32\smphost.dll
20:17:16.0750 0x07d4  smphost - ok
20:17:16.0775 0x07d4  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:17:16.0784 0x07d4  SNMPTRAP - ok
20:17:16.0831 0x07d4  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport      C:\Windows\system32\drivers\spaceport.sys
20:17:16.0849 0x07d4  spaceport - ok
20:17:16.0858 0x07d4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
20:17:16.0866 0x07d4  SpbCx - ok
20:17:16.0905 0x07d4  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler        C:\Windows\System32\spoolsv.exe
20:17:16.0936 0x07d4  Spooler - ok
20:17:17.0101 0x07d4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
20:17:17.0313 0x07d4  sppsvc - ok
20:17:17.0360 0x07d4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\Windows\system32\DRIVERS\srv.sys
20:17:17.0396 0x07d4  srv - ok
20:17:17.0410 0x07d4  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:17:17.0431 0x07d4  srv2 - ok
20:17:17.0438 0x07d4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:17:17.0450 0x07d4  srvnet - ok
20:17:17.0480 0x07d4  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
20:17:17.0520 0x07d4  SSDPSRV - ok
20:17:17.0543 0x07d4  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
20:17:17.0570 0x07d4  SstpSvc - ok
20:17:17.0597 0x07d4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:17:17.0605 0x07d4  stexstor - ok
20:17:17.0638 0x07d4  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
20:17:17.0678 0x07d4  stisvc - ok
20:17:17.0691 0x07d4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
20:17:17.0699 0x07d4  storahci - ok
20:17:17.0731 0x07d4  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
20:17:17.0740 0x07d4  storflt - ok
20:17:17.0748 0x07d4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
20:17:17.0756 0x07d4  stornvme - ok
20:17:17.0783 0x07d4  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc        C:\Windows\system32\storsvc.dll
20:17:17.0799 0x07d4  StorSvc - ok
20:17:17.0816 0x07d4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\Windows\system32\drivers\storvsc.sys
20:17:17.0824 0x07d4  storvsc - ok
20:17:17.0843 0x07d4  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc          C:\Windows\system32\svsvc.dll
20:17:17.0860 0x07d4  svsvc - ok
20:17:17.0884 0x07d4  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
20:17:17.0891 0x07d4  swenum - ok
20:17:17.0905 0x07d4  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv          C:\Windows\System32\swprv.dll
20:17:17.0929 0x07d4  swprv - ok
20:17:17.0972 0x07d4  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain        C:\Windows\system32\sysmain.dll
20:17:18.0011 0x07d4  SysMain - ok
20:17:18.0037 0x07d4  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
20:17:18.0069 0x07d4  SystemEventsBroker - ok
20:17:18.0105 0x07d4  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:18.0117 0x07d4  TabletInputService - ok
20:17:18.0133 0x07d4  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv        C:\Windows\System32\tapisrv.dll
20:17:18.0170 0x07d4  TapiSrv - ok
20:17:18.0254 0x07d4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
20:17:18.0318 0x07d4  Tcpip - ok
20:17:18.0365 0x07d4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:17:18.0423 0x07d4  TCPIP6 - ok
20:17:18.0445 0x07d4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:17:18.0458 0x07d4  tcpipreg - ok
20:17:18.0468 0x07d4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
20:17:18.0478 0x07d4  tdx - ok
20:17:18.0495 0x07d4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
20:17:18.0511 0x07d4  terminpt - ok
20:17:18.0557 0x07d4  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService    C:\Windows\System32\termsrv.dll
20:17:18.0587 0x07d4  TermService - ok
20:17:18.0605 0x07d4  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
20:17:18.0615 0x07d4  Themes - ok
20:17:18.0647 0x07d4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER    C:\Windows\system32\mmcss.dll
20:17:18.0656 0x07d4  THREADORDER - ok
20:17:18.0683 0x07d4  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
20:17:18.0713 0x07d4  TimeBroker - ok
20:17:18.0740 0x07d4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\Windows\system32\drivers\tpm.sys
20:17:18.0751 0x07d4  TPM - ok
20:17:18.0776 0x07d4  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
20:17:18.0786 0x07d4  TrkWks - ok
20:17:18.0833 0x07d4  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:18.0842 0x07d4  TrustedInstaller - ok
20:17:18.0862 0x07d4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:17:18.0880 0x07d4  TsUsbFlt - ok
20:17:18.0883 0x07d4  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
20:17:18.0906 0x07d4  TsUsbGD - ok
20:17:18.0926 0x07d4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:17:18.0938 0x07d4  tunnel - ok
20:17:18.0951 0x07d4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:17:18.0959 0x07d4  uagp35 - ok
20:17:18.0963 0x07d4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
20:17:18.0971 0x07d4  UASPStor - ok
20:17:18.0999 0x07d4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
20:17:19.0010 0x07d4  UCX01000 - ok
20:17:19.0018 0x07d4  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:17:19.0036 0x07d4  udfs - ok
20:17:19.0051 0x07d4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
20:17:19.0058 0x07d4  UEFI - ok
20:17:19.0075 0x07d4  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
20:17:19.0084 0x07d4  UI0Detect - ok
20:17:19.0108 0x07d4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:17:19.0117 0x07d4  uliagpkx - ok
20:17:19.0135 0x07d4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\Windows\System32\drivers\umbus.sys
20:17:19.0158 0x07d4  umbus - ok
20:17:19.0175 0x07d4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
20:17:19.0183 0x07d4  UmPass - ok
20:17:19.0209 0x07d4  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:17:19.0234 0x07d4  UmRdpService - ok
20:17:19.0280 0x07d4  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
20:17:19.0298 0x07d4  upnphost - ok
20:17:19.0309 0x07d4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
20:17:19.0319 0x07d4  usbccgp - ok
20:17:19.0344 0x07d4  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
20:17:19.0354 0x07d4  usbcir - ok
20:17:19.0371 0x07d4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
20:17:19.0380 0x07d4  usbehci - ok
20:17:19.0390 0x07d4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
20:17:19.0406 0x07d4  usbhub - ok
20:17:19.0417 0x07d4  [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
20:17:19.0434 0x07d4  USBHUB3 - ok
20:17:19.0451 0x07d4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
20:17:19.0479 0x07d4  usbohci - ok
20:17:19.0488 0x07d4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
20:17:19.0503 0x07d4  usbprint - ok
20:17:19.0522 0x07d4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
20:17:19.0532 0x07d4  USBSTOR - ok
20:17:19.0541 0x07d4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
20:17:19.0563 0x07d4  usbuhci - ok
20:17:19.0584 0x07d4  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:17:19.0595 0x07d4  usbvideo - ok
20:17:19.0627 0x07d4  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
20:17:19.0642 0x07d4  USBXHCI - ok
20:17:19.0656 0x07d4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
20:17:19.0664 0x07d4  VaultSvc - ok
20:17:19.0668 0x07d4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:17:19.0675 0x07d4  vdrvroot - ok
20:17:19.0728 0x07d4  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds            C:\Windows\System32\vds.exe
20:17:19.0763 0x07d4  vds - ok
20:17:19.0783 0x07d4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
20:17:19.0793 0x07d4  VerifierExt - ok
20:17:19.0822 0x07d4  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
20:17:19.0842 0x07d4  vhdmp - ok
20:17:19.0863 0x07d4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:17:19.0870 0x07d4  viaide - ok
20:17:19.0874 0x07d4  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
20:17:19.0883 0x07d4  vmbus - ok
20:17:19.0886 0x07d4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
20:17:19.0894 0x07d4  VMBusHID - ok
20:17:19.0921 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
20:17:19.0940 0x07d4  vmicguestinterface - ok
20:17:19.0951 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat  C:\Windows\System32\ICSvc.dll
20:17:19.0968 0x07d4  vmicheartbeat - ok
20:17:19.0979 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
20:17:19.0995 0x07d4  vmickvpexchange - ok
20:17:20.0007 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv        C:\Windows\System32\ICSvc.dll
20:17:20.0023 0x07d4  vmicrdv - ok
20:17:20.0034 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
20:17:20.0051 0x07d4  vmicshutdown - ok
20:17:20.0062 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
20:17:20.0078 0x07d4  vmictimesync - ok
20:17:20.0089 0x07d4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss        C:\Windows\System32\ICSvc.dll
20:17:20.0105 0x07d4  vmicvss - ok
20:17:20.0128 0x07d4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:17:20.0137 0x07d4  volmgr - ok
20:17:20.0146 0x07d4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
20:17:20.0161 0x07d4  volmgrx - ok
20:17:20.0169 0x07d4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
20:17:20.0183 0x07d4  volsnap - ok
20:17:20.0202 0x07d4  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
20:17:20.0211 0x07d4  vpci - ok
20:17:20.0236 0x07d4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
20:17:20.0247 0x07d4  vsmraid - ok
20:17:20.0300 0x07d4  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS            C:\Windows\system32\vssvc.exe
20:17:20.0338 0x07d4  VSS - ok
20:17:20.0356 0x07d4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
20:17:20.0370 0x07d4  VSTXRAID - ok
20:17:20.0394 0x07d4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:17:20.0415 0x07d4  vwifibus - ok
20:17:20.0427 0x07d4  [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:17:20.0448 0x07d4  vwififlt - ok
20:17:20.0461 0x07d4  [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
20:17:20.0471 0x07d4  vwifimp - ok
20:17:20.0501 0x07d4  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time        C:\Windows\system32\w32time.dll
20:17:20.0538 0x07d4  W32Time - ok
20:17:20.0555 0x07d4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
20:17:20.0563 0x07d4  WacomPen - ok
20:17:20.0620 0x07d4  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
20:17:20.0674 0x07d4  wbengine - ok
20:17:20.0707 0x07d4  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:17:20.0734 0x07d4  WbioSrvc - ok
20:17:20.0771 0x07d4  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
20:17:20.0786 0x07d4  Wcmsvc - ok
20:17:20.0806 0x07d4  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
20:17:20.0822 0x07d4  wcncsvc - ok
20:17:20.0853 0x07d4  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:20.0862 0x07d4  WcsPlugInService - ok
20:17:20.0882 0x07d4  [ F5D4FA3E1F4879C361FFF3855259D2C2, 48C60FE4AAB011E2250157506FF0624031BFA346F8F2F8C6DFDF6F3CAA4F3F42 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
20:17:20.0890 0x07d4  WdBoot - ok
20:17:20.0943 0x07d4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:17:20.0966 0x07d4  Wdf01000 - ok
20:17:20.0973 0x07d4  [ 019CC610AD95FF47EAD7C08B7A683B96, BB9D42F8ED90ECA2E7B8C906E06A1EA859FAD9BD1B3492BB1E28C0D00004812A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
20:17:20.0986 0x07d4  WdFilter - ok
20:17:20.0999 0x07d4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:17:21.0018 0x07d4  WdiServiceHost - ok
20:17:21.0022 0x07d4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost  C:\Windows\system32\wdi.dll
20:17:21.0032 0x07d4  WdiSystemHost - ok
20:17:21.0042 0x07d4  [ 6CC1BB8F6851A262E2E824F0E92D5EEF, 45A88A984179BBA38C1F4434C4D6C2823C1FE6AFBE8CB0F656DAE0092D1D5611 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
20:17:21.0052 0x07d4  WdNisDrv - ok
20:17:21.0082 0x07d4  WdNisSvc - ok
20:17:21.0118 0x07d4  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient      C:\Windows\System32\webclnt.dll
20:17:21.0151 0x07d4  WebClient - ok
20:17:21.0182 0x07d4  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:17:21.0202 0x07d4  Wecsvc - ok
20:17:21.0221 0x07d4  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
20:17:21.0230 0x07d4  WEPHOSTSVC - ok
20:17:21.0240 0x07d4  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
20:17:21.0266 0x07d4  wercplsupport - ok
20:17:21.0293 0x07d4  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
20:17:21.0312 0x07d4  WerSvc - ok
20:17:21.0321 0x07d4  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS        C:\Windows\system32\DRIVERS\wfplwfs.sys
20:17:21.0331 0x07d4  WFPLWFS - ok
20:17:21.0337 0x07d4  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
20:17:21.0347 0x07d4  WiaRpc - ok
20:17:21.0378 0x07d4  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:17:21.0385 0x07d4  WIMMount - ok
20:17:21.0387 0x07d4  WinDefend - ok
20:17:21.0434 0x07d4  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
20:17:21.0456 0x07d4  WinHttpAutoProxySvc - ok
20:17:21.0499 0x07d4  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
20:17:21.0515 0x07d4  Winmgmt - ok
20:17:21.0602 0x07d4  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM          C:\Windows\system32\WsmSvc.dll
20:17:21.0664 0x07d4  WinRM - ok
20:17:21.0736 0x07d4  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc        C:\Windows\System32\wlansvc.dll
20:17:21.0788 0x07d4  WlanSvc - ok
20:17:21.0843 0x07d4  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
20:17:21.0895 0x07d4  wlidsvc - ok
20:17:21.0922 0x07d4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
20:17:21.0929 0x07d4  WmiAcpi - ok
20:17:21.0963 0x07d4  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:17:21.0981 0x07d4  wmiApSrv - ok
20:17:21.0993 0x07d4  WMPNetworkSvc - ok
20:17:22.0003 0x07d4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\Windows\system32\drivers\Wof.sys
20:17:22.0014 0x07d4  Wof - ok
20:17:22.0077 0x07d4  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
20:17:22.0130 0x07d4  workfolderssvc - ok
20:17:22.0151 0x07d4  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr        C:\Windows\system32\DRIVERS\wpcfltr.sys
20:17:22.0159 0x07d4  wpcfltr - ok
20:17:22.0187 0x07d4  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:17:22.0195 0x07d4  WPCSvc - ok
20:17:22.0209 0x07d4  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:17:22.0267 0x07d4  WPDBusEnum - ok
20:17:22.0276 0x07d4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
20:17:22.0284 0x07d4  WpdUpFltr - ok
20:17:22.0302 0x07d4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
20:17:22.0319 0x07d4  ws2ifsl - ok
20:17:22.0347 0x07d4  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:17:22.0361 0x07d4  wscsvc - ok
20:17:22.0363 0x07d4  WSearch - ok
20:17:22.0463 0x07d4  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService      C:\Windows\System32\WSService.dll
20:17:22.0591 0x07d4  WSService - ok
20:17:22.0690 0x07d4  [ 1B24547C96E1C656ED9A8E6B6F6FA03B, A15D1180D8A9011F0D5A2C8D801D34974D5AEA367FFFB96BD335448B17A2C142 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:17:22.0814 0x07d4  wuauserv - ok
20:17:22.0833 0x07d4  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:17:22.0857 0x07d4  WudfPf - ok
20:17:22.0879 0x07d4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
20:17:22.0902 0x07d4  WUDFRd - ok
20:17:22.0922 0x07d4  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
20:17:22.0941 0x07d4  wudfsvc - ok
20:17:22.0985 0x07d4  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc        C:\Windows\System32\wwansvc.dll
20:17:23.0004 0x07d4  WwanSvc - ok
20:17:23.0037 0x07d4  ================ Scan global ===============================
20:17:23.0055 0x07d4  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
20:17:23.0084 0x07d4  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
20:17:23.0106 0x07d4  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
20:17:23.0129 0x07d4  [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\Windows\system32\services.exe
20:17:23.0137 0x07d4  [ Global ] - ok
20:17:23.0138 0x07d4  ================ Scan MBR ==================================
20:17:23.0152 0x07d4  [ 613F125BB47C0130919AC0A4300388D9 ] \Device\Harddisk0\DR0
20:17:23.0209 0x07d4  \Device\Harddisk0\DR0 - ok
20:17:23.0210 0x07d4  ================ Scan VBR ==================================
20:17:23.0238 0x07d4  [ A33D8AEB179FC942058FF9AD23F62E09 ] \Device\Harddisk0\DR0\Partition1
20:17:23.0239 0x07d4  \Device\Harddisk0\DR0\Partition1 - ok
20:17:23.0253 0x07d4  [ 89BA9DA2355E2E5AC2028CF587E66C4B ] \Device\Harddisk0\DR0\Partition2
20:17:23.0253 0x07d4  \Device\Harddisk0\DR0\Partition2 - ok
20:17:23.0268 0x07d4  [ 7F0BBD93AFF0BB0499048D0A926D25DA ] \Device\Harddisk0\DR0\Partition3
20:17:23.0269 0x07d4  \Device\Harddisk0\DR0\Partition3 - ok
20:17:23.0276 0x07d4  [ E5C14BF4FEB4D1690A6DFE9D45D35F03 ] \Device\Harddisk0\DR0\Partition4
20:17:23.0277 0x07d4  \Device\Harddisk0\DR0\Partition4 - ok
20:17:23.0295 0x07d4  [ 4CE329F2ED6F7F4DE2DCEAD0629656F3 ] \Device\Harddisk0\DR0\Partition5
20:17:23.0296 0x07d4  \Device\Harddisk0\DR0\Partition5 - ok
20:17:23.0316 0x07d4  [ 145AC4F591C3C7A984CC567D94B12F86 ] \Device\Harddisk0\DR0\Partition6
20:17:23.0317 0x07d4  \Device\Harddisk0\DR0\Partition6 - ok
20:17:23.0317 0x07d4  ================ Scan generic autorun ======================
20:17:23.0381 0x07d4  [ 5677C8C60F4659E8626AC9036EEF38DF, 1C7D3EC3BCB3E34900DD9556A3EBAF449C68585DC8E07682E680790497105B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
20:17:23.0389 0x07d4  Classic Start Menu - ok
20:17:23.0449 0x07d4  [ CB454FBAB5376D13813C9235E87F1EAD, AFF6F58EDC228F4217A528D951FA5DA317A00D44D1B57841E855D728725F2852 ] C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
20:17:23.0469 0x07d4  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
20:17:26.0008 0x07d4  AVMWlanClient ( UnsignedFile.Multi.Generic ) - warning
20:17:28.0814 0x07d4  [ D5DDC3EC0BF960389E9A964D7CC8CC30, 02C06CF596B33B1883C371EA9B61B1EC41319EFF853A54864329129699534769 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:17:28.0832 0x07d4  StartCCC - ok
20:17:28.0907 0x07d4  [ 01361B8B05CEB9DA8BCEF07C110E5A6D, 00C352FA442302BE7195CBDA046A0A0362C482FD1B92FD6F294471C62073DC6B ] C:\ProgramData\Package Cache\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}\VC_redist.x86.exe
20:17:28.0928 0x07d4  {462f63a8-6347-4894-a1b3-dbfe3a4c981d} - ok
20:17:28.0929 0x07d4  Waiting for KSN requests completion. In queue: 62
20:17:29.0930 0x07d4  Waiting for KSN requests completion. In queue: 2
20:17:30.0931 0x07d4  Waiting for KSN requests completion. In queue: 2
20:17:31.0994 0x07d4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x61100 ( enabled : updated )
20:17:32.0022 0x07d4  Win FW state via NFP2: enabled ( trusted )
20:17:34.0367 0x07d4  ============================================================
20:17:34.0367 0x07d4  Scan finished
20:17:34.0367 0x07d4  ============================================================
20:17:34.0372 0x0754  Detected object count: 1
20:17:34.0372 0x0754  Actual detected object count: 1
20:17:55.0900 0x0754  AVMWlanClient ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:55.0900 0x0754  AVMWlanClient ( UnsignedFile.Multi.Generic ) - User select action: Skip

Tician 07.12.2016 10:32
Zitat:
Drive c: () (Fixed) (Total:204.06 GB) (Free:95.05 GB) NTFS
Drive d: () (Fixed) (Total:401 GB) (Free:3.82 GB) NTFS
Drive e: () (Fixed) (Total:325.45 GB) (Free:4.58 GB) NTFS
Im FRST wurden die Partitionen noch angezeigt, Anzeichen auf einen tief eingreifenden Schädling zeigen die Logs nicht.


Schritt 1:

Schau mal bitte ob die Festplatte in Ordnung ist indem du den Anweisungen hier folgst: Zustand der Festplatte herausfinden - so gehts - Anleitungen

Vigilante 07.12.2016 16:32
Oh je,

ich glaube du bist da etwas auf der Spur...


Code:
----------------------------------------------------------------------------
CrystalDiskInfo 7.0.4 (C) 2008-2016 hiyohiyo
                                Crystal Dew World : hxxp://crystalmark.info/
----------------------------------------------------------------------------

    OS : Windows 8.1  [6.3 Build 9600] (x64)
  Date : 2016/12/07 16:30:30

-- Controller Map ----------------------------------------------------------
 + Standardmäßiger SATA AHCI- Controller [ATA]
  - HGST HTS541010A9E680
  - MATSHITA BD-MLT UJ260
 - Microsoft-Controller für Speicherplätze [SCSI]

-- Disk List ---------------------------------------------------------------
 (1) HGST HTS541010A9E680 : 1000,2 GB [0/0/0, pd1]

----------------------------------------------------------------------------
 (1) HGST HTS541010A9E680
----------------------------------------------------------------------------
          Model : HGST HTS541010A9E680
        Firmware : JA0OA560
  Serial Number : JA1009C01EYYZP
      Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
    Buffer Size : 8192 KB
    Queue Depth : 32
    # of Sectors : 1953525168
  Rotation Rate : 5400 RPM
      Interface : Serial ATA
  Major Version : ATA8-ACS
  Minor Version : ATA8-ACS version 6
  Transfer Mode : SATA/600 | SATA/600
  Power On Hours : 10523 Std.
  Power On Count : 514 mal
    Temperature : 29 C (84 F)
  Health Status : Vorsicht
        Features : S.M.A.R.T., APM, 48bit LBA, NCQ
      APM Level : 4080h [ON]
      AAM Level : ----
    Drive Letter : C: D: E:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _77 _77 _62 0000011803D5 Lesefehlerrate
02 100 100 _40 000000000000 Datendurchsatz-Leistung
03 166 166 _33 001200000001 Mittlere Anlaufzeit
04 100 100 __0 00000000045C Start/Stopp-Zyklen der Spindel
05 _95 _95 __5 000000000000 Wiederzugewiesene Sektoren
07 100 100 _67 000000000000 Suchfehler
08 100 100 _40 000000000000 Güte der Suchoperationen
09 _76 _76 __0 00000000291B Betriebsstunden
0A 100 100 _60 000000000000 Misslungene Spindelanläufe
0C 100 100 __0 000000000202 Geräte-Einschaltvorgänge
BF 100 100 __0 000000000000 Beschleunigungssensor-Fehlerrate
C0 100 100 __0 00000000003A Ausschaltungsabbrüche
C1 _61 _61 __0 00000005FA1B Laden/Entladen-Zyklen
C2 206 206 __0 002F000B001D Temperatur
C4 _83 _83 __0 000000000258 Wiederzuweisungsereignisse
C5 100 100 __0 0000000000C8 Aktuell ausstehende Sektoren
C6 100 100 __0 000000000000 Nicht korrigierbare Sektoren
C7 200 200 __0 000000000000 UltraDMA-CRC-Fehler
DF 100 100 __0 000000000000 Laden/Entladen-Wiederholungen

-- IDENTIFY_DEVICE ---------------------------------------------------------
        0    1    2    3    4    5    6    7    8    9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 4A41 3130 3039 4330 3145 5959 5A50
020: 0003 4000 0004 4A41 304F 4135 3630 4847 5354 2048
030: 5453 3534 3130 3130 4139 4536 3830 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0407 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 170E 0006 005E 0040
080: 01FC 0028 746B 7D69 6163 7469 BC49 6163 007F 0075
090: 0076 4080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 826C 5000 CCA7
110: 92D4 70D2 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 000B
130: 12C0 0000 2182 1CF1 FA00 0000 4000 2000 0009 0000
140: 0000 0405 0802 0406 0503 0000 0000 0000 0000 0000
150: 0000 0003 304F 4235 0000 2804 0000 5DBD 2388 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0021 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 03E0 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 53A5

-- SMART_READ_DATA ---------------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 4D 4D D5 03 18 01 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 07 00 A6 A6 01
020: 00 00 00 12 00 00 04 12 00 64 64 5C 04 00 00 00
030: 00 00 05 33 00 5F 5F 00 00 00 00 00 00 00 07 0B
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 12 00 4C 4C 1B 29 00 00 00
060: 00 00 0A 13 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 02 02 00 00 00 00 00 BF 0A 00 64 64 00
080: 00 00 00 00 00 00 C0 32 00 64 64 3A 00 00 00 00
090: 00 00 C1 12 00 3D 3D 1B FA 05 00 00 00 00 C2 02
0A0: 00 CE CE 1D 00 0B 00 2F 00 00 C4 32 00 53 53 58
0B0: 02 00 00 00 00 00 C5 22 00 64 64 C8 00 00 00 00
0C0: 00 00 C6 08 00 64 64 00 00 00 00 00 00 00 C7 0A
0D0: 00 C8 C8 00 00 00 00 00 00 00 DF 0A 00 64 64 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 2D 00 01 5B
170: 03 00 01 00 02 EC 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25

-- SMART_READ_THRESHOLD ----------------------------------------------------
    +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 3E 00 00 00 00 00 00 00 00 00 00 02 28
010: 00 00 00 00 00 00 00 00 00 00 03 21 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 05 00 00 00 00 00 00 00 00 00 00 07 43
040: 00 00 00 00 00 00 00 00 00 00 08 28 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 3C 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
080: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
090: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 DF 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89

Tician 07.12.2016 18:33
Jupp, da liegt das Problem.
Da du den PC sowieso neu installiert hast bleibt eigentlich nur der Festplattentausch, bei dem kann ich dir aus der Ferne leider wenig helfen. Festplatte raus, neue Festplatte rein, Windows nochmal installieren.

Ich kann dir nur den Tipp hinterlassen das du dir 3 Platten anschaffen solltest.
- Eine 'kleine' (~120 GB) für Windows selbst
- Eine 'große' für sämtliche Daten und Spiele (500GB-1TB)
- Eine mittelgroße um die Daten zu sichern (~500GB)

Dadurch ist sichergestellt das bei einem Festplattenfehler nicht sämtliche Daten verloren gehen und du ohne Datenverlust Platten austauschen kannst


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131