Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira PC-Cleaner findet TR/Crypt Zpack und TR/Kazy (https://www.trojaner-board.de/181472-avira-pc-cleaner-findet-tr-crypt-zpack-tr-kazy.html)

sumpfgeist 30.08.2016 10:31
Avira PC-Cleaner findet TR/Crypt Zpack und TR/Kazy
 
Hallo miteinander,

bei der Überprüfung mit dem PC-Cleaner von Avira (empfohlen Bundesamt für Sicherhiet und installeriert von der Seite www.sicherheitstest.bsi.de) wurden verschiedene Schadprogramme (Anzahl 40 in 6 Dateien) in Ordnern Inbox & Trash gefunden. Das Programm war allerdings nicht in der Lage diese zu löschen. Ein weiterer Trojaner TR/Kazy wurde gelöscht. Die genauen Versionsnummern weiß ich allerdings nicht mehr.

Kaspersky Security 2016 (mein aktuelles Virenprogramm, erst nach dem Vorfall installiert) fand danach nichts mehr. Zuvor wurde Comodo verwendet, welcher allerdings auch keine Ergebnisse lieferte. ADWCleaner findet auch nichts mehr, ebenso Malwarebytes. ESET-Online-Scan brachte auch keine weiteren Ergebnisse. Log-files existieren allerdings keine mehr (manuelle Löschung).

Da TR/Kazy kurz aktiv war, eine Datei wurde ausgeführt, stellt sich mir die Frage ob das System wirklich restlos sauber ist oder ob sich noch irgendwo ein Trojaner versteckt.

Kann mir jemand dabei helfen?

Vielen Dank & Viele Grüße

M-K-D-B 30.08.2016 10:45
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:


Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.

sumpfgeist 30.08.2016 11:01
FRST-Log
 
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
durchgeführt von xxx (Administrator) auf WINDOWS-0GJL1H2 (30-08-2016 11:49:18)
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx (Verfügbare Profile: xxx & Normal & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
konnte nicht auf den Prozess zugreifen -> regedit.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AO Kaspersky Lab) C:\Users\xxx\Desktop\tdsskiller.exe
(AO Kaspersky Lab) C:\Users\xxx\AppData\Local\Temp\{B84EC9E6-4DFB-4FBE-B223-48A57C161E93}\{1BD16C47-4457-4C4C-A4B4-5392A0ADC6D4}.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-10-13] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2015-01-27]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.1.lnk [2014-04-11]
ShortcutTarget: OpenOffice 4.0.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6e5e1d9f-9c0e-4e8a-8ec3-cf55425461c5}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-08-29] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-08-29] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-08-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-08-29] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\user.js [2016-08-29]
FF Extension: (DownThemAll!) - C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-14]
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-08-29]
FF Extension: (Video DownloadHelper) - C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-04]
FF Extension: (Adblock Plus) - C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-08-29] (Kaspersky Lab ZAO)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2016-04-03] (VIA Technologies, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-08-06] (Samsung Electronics Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-08-29] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-08-29] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-08-29] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-08-29] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-08-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-08-29] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-08-29] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-08-06] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-08-30] (Zemana Ltd.)
U3 idsvc; kein ImagePath
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 wpcsvc; kein ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-30 11:49 - 2016-08-30 11:49 - 00010376 _____ C:\Users\xxx\Desktop\FRST.txt
2016-08-30 11:49 - 2016-08-30 09:28 - 02397696 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2016-08-30 11:48 - 2016-08-30 11:48 - 02397696 _____ (Farbar) C:\Users\xxx\Downloads\FRST64(1).exe
2016-08-30 11:47 - 2016-08-30 11:47 - 04747704 _____ (AO Kaspersky Lab) C:\Users\xxx\Downloads\tdsskiller(1).exe
2016-08-30 11:47 - 2016-08-30 11:47 - 00250064 ____N (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\45598342.sys
2016-08-30 11:47 - 2016-08-30 11:47 - 00006002 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_11.47.51_log.txt
2016-08-30 11:47 - 2016-08-30 09:56 - 04747704 _____ (AO Kaspersky Lab) C:\Users\xxx\Desktop\tdsskiller.exe
2016-08-30 11:43 - 2016-08-30 11:43 - 00448512 _____ (OldTimer Tools) C:\Users\xxx\Downloads\TFC.exe
2016-08-30 10:28 - 2016-08-30 10:28 - 02870984 _____ (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_deu.exe
2016-08-30 10:28 - 2016-08-30 10:28 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-30 10:23 - 2016-08-30 10:24 - 00000004 ____H C:\ProgramData\cm-lock
2016-08-30 10:13 - 2016-08-30 10:13 - 01610560 _____ (Malwarebytes) C:\Users\xxx\Downloads\JRT.exe
2016-08-30 09:58 - 2016-08-30 09:58 - 03826240 _____ C:\Users\xxx\Downloads\AdwCleaner_6.010.exe
2016-08-30 09:56 - 2016-08-30 09:57 - 00254046 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_09.56.35_log.txt
2016-08-30 09:56 - 2016-08-30 09:56 - 04747704 _____ (AO Kaspersky Lab) C:\Users\xxx\Downloads\tdsskiller.exe
2016-08-30 09:37 - 2016-08-30 09:37 - 00078790 _____ C:\Users\xxx\Downloads\Addition.txt
2016-08-30 09:37 - 2016-08-30 09:37 - 00021654 _____ C:\Users\xxx\Downloads\FRST.txt
2016-08-30 09:28 - 2016-08-30 11:49 - 00000000 ____D C:\FRST
2016-08-30 09:28 - 2016-08-30 09:28 - 02397696 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2016-08-30 05:36 - 2016-08-30 11:49 - 00035853 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-08-30 05:36 - 2016-08-30 10:23 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-30 05:36 - 2016-08-30 06:08 - 00047087 _____ C:\WINDOWS\ZAM.krnl.trace
2016-08-30 05:36 - 2016-08-30 05:36 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-08-30 05:36 - 2016-08-30 05:36 - 00000000 ____D C:\Users\xxx\AppData\Local\Zemana
2016-08-30 05:21 - 2016-08-30 05:21 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-30 05:21 - 2016-08-30 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-30 05:21 - 2016-08-30 05:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-30 05:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-30 05:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-30 02:53 - 2016-08-30 02:53 - 00300331 _____ C:\Users\xxx\AppData\Local\census.cache
2016-08-30 02:52 - 2016-08-30 02:52 - 00121909 _____ C:\Users\xxx\AppData\Local\ars.cache
2016-08-29 22:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-29 22:42 - 2016-08-30 05:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-29 21:48 - 2016-08-29 21:48 - 00000000 ____D C:\Program Files\HitmanPro
2016-08-29 21:47 - 2016-08-29 21:54 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-29 21:44 - 2016-08-29 21:44 - 00000036 _____ C:\Users\xxx\AppData\Local\housecall.guid.cache
2016-08-29 18:59 - 2016-08-29 18:59 - 00002096 _____ C:\Users\xxx\Desktop\Entfernen des Avira PC Cleaners.lnk
2016-08-29 18:59 - 2016-08-29 18:59 - 00002040 _____ C:\Users\xxx\Desktop\Avira PC Cleaner.lnk
2016-08-29 17:55 - 2016-08-29 17:57 - 00253082 _____ C:\TDSSKiller.3.1.0.11_29.08.2016_17.55.40_log.txt
2016-08-29 17:38 - 2016-08-30 09:59 - 00000000 ____D C:\AdwCleaner
2016-08-29 12:47 - 2016-08-29 12:47 - 00002519 _____ C:\Users\xxx\Desktop\Sicherer Zahlungsverkehr.lnk
2016-08-29 12:42 - 2016-08-29 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-08-29 12:42 - 2016-08-29 12:41 - 00002213 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-08-29 12:41 - 2016-08-30 11:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-29 12:41 - 2016-08-29 13:03 - 00933808 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-08-29 12:41 - 2016-08-29 13:03 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-08-29 12:41 - 2016-08-29 12:52 - 00238000 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-08-29 12:41 - 2016-08-29 12:41 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-29 12:41 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-08-29 12:36 - 2016-08-29 12:36 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2016-08-28 20:30 - 2016-08-28 20:30 - 00000784 _____ C:\bdlog.txt
2016-08-28 20:28 - 2016-08-28 20:28 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2016-08-28 20:28 - 2016-08-28 20:28 - 00000385 _____ C:\Users\xxx\AppData\Roaminguser_gensett.xml
2016-08-28 20:26 - 2016-08-28 20:26 - 00000000 ____D C:\ProgramData\BDLogging
2016-08-28 20:25 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2016-08-28 20:21 - 2016-08-28 20:21 - 00000000 ____D C:\Users\xxx\AppData\Roaming\QuickScan
2016-08-28 20:10 - 2016-08-28 20:10 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-08-28 16:32 - 2016-08-28 16:38 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Audacity
2016-08-28 16:32 - 2016-08-28 16:32 - 00000000 ____D C:\Users\xxx\AppData\Local\Audacity
2016-08-28 14:57 - 2016-08-29 12:41 - 00000000 ____D C:\Users\TB
2016-08-28 14:57 - 2016-08-28 14:58 - 00000351 _____ C:\Users\TB\Desktop\ReCycle.lnk
2016-08-25 14:36 - 2016-08-28 15:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-12 14:50 - 2016-08-12 15:06 - 00024576 _____ C:\Users\xxx\Desktop\arbeitszeitEKIRtestblatt.xls
2016-08-11 11:03 - 2016-08-11 11:03 - 00001444 _____ C:\Users\xxx\AppData\Local\recently-used.xbel
2016-08-09 11:41 - 2016-08-09 11:41 - 00103936 _____ (pdfforge GbR) C:\WINDOWS\system32\pdfcmon.dll
2016-08-09 11:41 - 2016-08-09 11:41 - 00001100 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-08-09 11:41 - 2016-08-09 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-08-09 11:41 - 2016-08-09 11:41 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2016-08-06 20:06 - 2016-08-06 20:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-08-03 16:08 - 2016-08-03 16:08 - 00076048 _____ C:\Users\xxx\Desktop\Vertretungsplan.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-30 11:45 - 2014-10-18 16:32 - 00000068 __RSH C:\WINDOWS\system32\Drivers\wmilib.winsecurity
2016-08-30 11:19 - 2014-10-18 16:32 - 00000068 __RSH C:\WINDOWS\system32\Drivers\WUDFPf.winsecurity
2016-08-30 10:23 - 2016-02-13 19:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 10:22 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 10:00 - 2016-05-27 13:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 05:37 - 2016-04-03 20:41 - 00000000 ____D C:\Users\xxx
2016-08-30 05:28 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-29 15:44 - 2016-04-07 09:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-29 13:03 - 2015-06-26 23:58 - 00087984 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-08-29 13:03 - 2015-06-11 19:35 - 00049240 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-08-29 13:03 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-08-29 13:03 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2016-08-29 12:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-08-29 12:41 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-29 12:41 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-29 12:41 - 2009-07-14 05:20 - 00000000 ____D C:\Users\Default.migrated
2016-08-29 12:38 - 2014-04-09 19:53 - 00000000 ____D C:\Program Files\COMODO
2016-08-29 12:38 - 2014-04-09 19:52 - 00000000 ____D C:\ProgramData\Comodo
2016-08-29 12:37 - 2015-11-08 22:57 - 00000000 ____D C:\Program Files (x86)\Avira
2016-08-29 12:37 - 2015-04-24 18:30 - 00000000 ____D C:\Program Files\WinRAR
2016-08-29 12:36 - 2016-02-13 18:59 - 01486456 _____ C:\WINDOWS\system32\perfh007.dat
2016-08-29 12:36 - 2016-02-13 18:59 - 00398128 _____ C:\WINDOWS\system32\perfc007.dat
2016-08-29 10:06 - 2014-04-15 17:22 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Propellerhead Software
2016-08-29 09:49 - 2014-04-15 17:22 - 00000000 ____D C:\ProgramData\Propellerhead Software
2016-08-28 20:21 - 2014-06-12 11:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-28 15:51 - 2014-10-02 18:55 - 00281214 _____ C:\Users\xxx\piano96bpm.rx2
2016-08-28 15:48 - 2014-04-17 16:50 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2016-08-28 15:08 - 2014-04-09 17:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-28 14:50 - 2014-09-19 17:37 - 00000000 ____D C:\Users\xxx\dwhelper
2016-08-28 13:58 - 2014-09-10 19:11 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-28 09:31 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 21:56 - 2014-04-09 18:41 - 00000000 ____D C:\Users\xxx\Desktop\Kantorat
2016-08-26 12:23 - 2014-04-09 18:43 - 00000000 ____D C:\Users\xxx\Desktop\Noten
2016-08-23 11:07 - 2016-07-10 12:43 - 05505076 _____ C:\Users\xxx\Desktop\juli2017.reason
2016-08-11 11:11 - 2014-11-05 14:38 - 00000000 ____D C:\Users\xxx\Documents\bibel digital
2016-08-11 11:05 - 2014-06-12 13:18 - 00000000 ____D C:\Users\xxx\.gimp-2.8
2016-08-11 11:03 - 2014-06-12 13:21 - 00000000 ____D C:\Users\xxx\AppData\Local\gtk-2.0
2016-08-09 11:35 - 2016-07-30 11:50 - 00000000 ____D C:\Program Files\PDFCreator
2016-08-06 20:21 - 2016-07-22 05:51 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-08-06 20:18 - 2016-07-22 05:51 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-08-06 19:37 - 2016-04-03 20:40 - 02493594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-04 16:56 - 2016-05-23 19:53 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-03 20:06 - 2014-11-27 11:00 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-31 09:38 - 2014-08-24 13:12 - 00000000 ____D C:\Users\xxx\Desktop\Jessica

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-01-28 14:06 - 2015-01-28 14:07 - 0595180 _____ () C:\Users\xxx\AppData\Roaming\Scorch_Install.log
2016-08-30 02:52 - 2016-08-30 02:52 - 0121909 _____ () C:\Users\xxx\AppData\Local\ars.cache
2016-08-30 02:53 - 2016-08-30 02:53 - 0300331 _____ () C:\Users\xxx\AppData\Local\census.cache
2016-08-29 21:44 - 2016-08-29 21:44 - 0000036 _____ () C:\Users\xxx\AppData\Local\housecall.guid.cache
2016-08-11 11:03 - 2016-08-11 11:03 - 0001444 _____ () C:\Users\xxx\AppData\Local\recently-used.xbel
2016-08-30 10:23 - 2016-08-30 10:24 - 0000004 ____H () C:\ProgramData\cm-lock

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-05-28 12:06

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von xxx (30-08-2016 11:50:11)
Gestartet von C:\Users\xxx\Desktop
Windows 10 Pro Version 1511 (X64) (2016-04-03 19:01:31)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3893399537-980262229-2902203829-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3893399537-980262229-2902203829-503 - Limited - Disabled)
Gast (S-1-5-21-3893399537-980262229-2902203829-501 - Limited - Disabled)
Normal (S-1-5-21-3893399537-980262229-2902203829-1002 - Limited - Enabled) => C:\Users\Normal
xxx (S-1-5-21-3893399537-980262229-2902203829-1001 - Administrator - Enabled) => C:\Users\xxx

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Authorizer Ignition Key Support (Version: 1.0.8.0 - Propellerhead Software AB) Hidden
Authorizer Ignition Key Support (Version: 1.0.9.0 - Propellerhead Software AB) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.1.18829 - Landesfinanzdirektion Thüringen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM\...\Steam App 360) (Version:  - Valve)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Max Payne (HKLM-x32\...\{39930321-4C58-4B8B-BCBF-342698C9801D}) (Version:  - )
Max Payne 2 (HKLM-x32\...\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}) (Version: 1.01.102 - )
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.1 - pdfforge)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Reason 8 8.3.2d7 (HKLM\...\Reason8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3893399537-980262229-2902203829-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\xxx\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {11D28546-1DFB-4119-B55C-94D664D71570} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {122D2254-58F3-4F47-9935-E5145524519E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {17E02EE5-F021-43F5-B471-BB8CEB04D638} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1A05FC1D-82CE-4269-9D54-BC8D833203E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {203F4615-D525-4B60-ACC1-BA7B221A6E47} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {28D10E30-D6AF-4DA2-9D66-EE139F812F65} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {2E078D3C-6262-46F1-922B-3108D6500569} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2EF576EA-8C67-46ED-8C80-0BEBBCDFE2AB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {31DA4035-2585-4451-A973-EFFF695097DD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {35FCB4E5-1D8A-4EE3-8413-A3955096D61E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {399E9C32-8B9C-4B9A-AD61-820D76689A4F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {4018541B-291E-406C-A7D7-696D1572C7CF} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {49604AD2-E255-4738-8275-DF4343F61805} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {53E0946F-512B-46E5-88F3-B149BFDEFF97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-27] (Adobe Systems Incorporated)
Task: {55BC9628-F970-4961-9F05-3B0AFA8FF784} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {58DBEB80-C43B-4376-B5CB-33388D608F06} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5CCEB54B-C72C-4B28-B011-38FE4F1A763B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {6112E0BD-2AE9-4115-9B95-D74923536FF2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {67645610-97CC-4F5A-9B98-4E71074C23D6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6D5C1B79-81A3-444A-B32A-C39230FDEB01} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {761B23E0-188B-42DB-9B09-4D3DFA109E9B} - kein Dateipfad
Task: {7AC6AF46-0B2C-4972-9741-05216B47D608} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {85A0963E-9245-44E4-8380-0E3A745F5F44} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8D619F9F-2EE6-498E-B33C-2AB27E69B3AF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8FE8D7B9-685B-418B-8A5B-F370D09E6F25} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {96B1E783-61CC-41A7-AEDB-78B949DF5A50} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9A41B0BD-1611-49BF-9295-E1B297DE4736} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B56DB34B-CC19-4F2A-85DC-D54E899B4511} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C90D71E5-7E76-4B32-948E-0B6943D01E1C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {CA19F8CE-1515-4BA7-A996-27368A7070C6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {D649995F-8519-410A-8E24-8FD5B1838C4A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {D850F23F-5C0C-41AA-ADA9-38377DB748F8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E219DC0C-FFF5-47EA-A330-72B0EBEA0A27} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E8A74E56-F83B-4904-89CD-4A5A90C1C8B8} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {ED2CED6A-DF58-4EA5-BCE9-8DB4D318C8AF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {EFE7B7D3-0AF0-447A-8807-E0B5B78AE2BF} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe
Task: {F8236666-F591-4E3E-8938-556D249DC0C0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{DB039F6B-D176-4FB0-B470-5DE77ECD731A}\SupportTasks\1\Support.lnk -> hxxp://www.gtisonline.com/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{DB039F6B-D176-4FB0-B470-5DE77ECD731A}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.unreal.com/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{D2381299-6931-4F60-B30D-50191F1F8314}\SupportTasks\1\Support.lnk -> hxxp://www.activision.com/support/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{D2381299-6931-4F60-B30D-50191F1F8314}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.doom3.com/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{99DC2F68-02D3-446A-ACB3-1028A78FA8B5}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.maxpayne2.com/
Shortcut: C:\Users\xxx\AppData\Local\Microsoft\Windows\GameExplorer\{225C2AC6-2C93-4083-9A8A-E6594AAFC576}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.maxpayne.com/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:17 - 2015-10-30 09:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2011-06-22 06:48 - 2011-06-22 06:48 - 00034304 _____ () C:\WINDOWS\System32\ssp7ml6.dll
2016-04-14 11:14 - 2016-04-14 11:14 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-14 11:14 - 2016-04-14 11:14 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-13 19:02 - 2016-02-13 19:02 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-12 18:02 - 2016-05-12 18:02 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-12 18:03 - 2016-05-12 18:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-12 18:03 - 2016-05-12 18:03 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-12 18:03 - 2016-05-12 18:03 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-12 18:03 - 2016-05-12 18:03 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\MaxPayne.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows:CM_46cc1bbd84fcf30ca3ddf47ada59b0181a3a1fd62ee6d729d527a4e75f5bf4e8 [74]
AlternateDataStreams: C:\Windows:CM_e168fde74eaa4b05b04a2b16bb8663c4905ed6929da943a1e8cb2ba3c0c0be20 [74]
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenterprisediagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwminit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hmkd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmmigrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MessagingDataModel2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MTF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcpopkeysrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\omadmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdfcmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ViakaraokeSrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hmkd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MessagingDataModel2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp71.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MTF.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\filecrypt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UcmCx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ufx01000.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ufxsynopsys.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\xxx\Documents\Bild Posaunenchor.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\xxx\Documents\Text Posaunenchor.docx:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-08-28 20:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3893399537-980262229-2902203829-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "ReCycle Patch"
HKU\S-1-5-21-3893399537-980262229-2902203829-1001\...\StartupApproved\StartupFolder: => "OpenOffice 4.0.1.lnk"
HKU\S-1-5-21-3893399537-980262229-2902203829-1001\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{AF1DA3A6-4C5E-471F-8098-42D2F65C0974}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{BA9ADFE0-D4C4-4812-A119-135B9DABCC81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{756BA567-9443-474C-BB5F-A38F3EC90385}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F562BEFB-4526-44A2-8DCD-D9D9339BD404}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1F50802-7477-488A-81AE-597DC6DA22DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{D36CA7B4-0A9F-4E9A-B06C-46E2D2F6042A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA533812-5E59-428D-87D4-BE8FAE60D8BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2FD3910E-9DB4-489D-8730-95AB5A55D102}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7A82028D-1CC4-4903-89BD-BFFA8D0E9748}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{762B6D56-4399-4690-9BCD-701F3417EA8C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EBDA14FC-2C21-421D-913E-8FC37841B41A}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{2E3F4CB0-7114-4A21-8AE6-428E1E2029DD}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{591B6DDC-53D0-42ED-9C1A-45144845B6E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{FC37F95D-CBAB-42F7-8CAA-71EEB336ABE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{05B04947-FDD1-45F2-9FA9-A60E9AB2AE68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{E167D808-0D09-4D46-B367-038844F5863E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{68C1656F-BA93-4755-9E06-AEBADE366229}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{8BDEE25F-FF3E-499B-8D72-8FBE062E5712}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{AAC9085A-F14D-418B-B776-5466D1254BB3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E88975A9-C7DC-45F4-B7CE-9FB65DF3160F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17DF4F7A-DC9F-40F4-A914-4CEF691881F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08DDAAB4-B456-49FC-AB23-745CCDEEEBC9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{112B5DCA-A6A7-4172-977B-21DB93C33A21}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{50EC18EB-8F80-4473-8368-442DBFEBFFC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32C959D2-9B82-4E1D-870D-666AED63DA4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B7197842-5482-4080-9326-B0ECC79A7F77}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6DC0299-B91A-4C5A-A505-F8BE71C45094}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD6B0BA9-5C8D-4B21-A07A-FFB90E755ADE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{733A24F3-8776-4327-809D-10454D78AF46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{A6AC1027-056B-4840-A0AD-85DAEDC66AAA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{D932749D-23A6-4567-9485-1F73D5632225}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 1 Source Deathmatch\hl2.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Wiederherstellungspunkte =========================

23-05-2016 19:24:27 Removed Adobe Acrobat Reader DC - Deutsch.
18-06-2016 17:43:59 Avira PC Cleaner - 18.06.2016 17:43
22-08-2016 17:03:06 Avira PC Cleaner - 22.08.2016 17:03
28-08-2016 19:56:11 Avira PC Cleaner - 28.08.2016 19:56
29-08-2016 18:02:10 JRT Pre-Junkware Removal
30-08-2016 10:15:09 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/30/2016 11:44:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (08/30/2016 10:48:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regedit.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d798
Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.10586.0, Zeitstempel: 0x5632d2ce
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00000000000037a7
ID des fehlerhaften Prozesses: 0x1a00
Startzeit der fehlerhaften Anwendung: 0x01d20299df469d25
Pfad der fehlerhaften Anwendung: C:\Windows\regedit.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\COMCTL32.dll
Berichtskennung: fd64e4e1-0a20-4cdc-b71a-fae941143e65
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/30/2016 10:37:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (08/30/2016 10:29:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (08/30/2016 10:28:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\xxx\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (08/30/2016 10:28:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\xxx\downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (08/30/2016 10:22:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0x8ac
Startzeit der fehlerhaften Anwendung: 0x01d2026d2d4fb8c4
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\svchost.exe
Pfad des fehlerhaften Moduls: c:\windows\system32\ESENT.dll
Berichtskennung: 9ed28f1d-5150-4d1b-b6fd-3bfefe9f6ec6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/30/2016 10:22:36 AM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2220) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (08/30/2016 10:15:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (08/30/2016 09:22:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchUI.exe, Version: 10.0.10586.306, Zeitstempel: 0x571af796
Name des fehlerhaften Moduls: CortanaApi.dll, Version: 0.0.0.0, Zeitstempel: 0x571af3e4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00000000000b5c6d
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0x01d2028d01806e77
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Pfad des fehlerhaften Moduls: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
Berichtskennung: 042325d6-4645-4629-823c-328774bb99a7
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CortanaUI


Systemfehler:
=============
Error: (08/30/2016 11:44:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/30/2016 10:32:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (08/30/2016 10:32:08 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxx\AppData\Local\Temp\ehdrv.sys

Error: (08/30/2016 10:32:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (08/30/2016 10:32:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxx\AppData\Local\Temp\ehdrv.sys

Error: (08/30/2016 10:32:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (08/30/2016 10:32:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxx\AppData\Local\Temp\ehdrv.sys

Error: (08/30/2016 10:29:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (08/30/2016 10:29:50 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\xxx\AppData\Local\Temp\ehdrv.sys

Error: (08/30/2016 10:29:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.


CodeIntegrity:
===================================
  Date: 2016-08-29 12:36:41.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-29 12:35:43.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 10:26:13.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 10:14:24.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:59:48.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:41:15.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:25:24.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:19:17.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:14:53.856
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-28 23:22:40.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen ===========================

Prozessor: AMD Athlon(tm) II X2 270 Processor
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 7677.55 MB
Verfügbarer physikalischer RAM: 5605.07 MB
Summe virtueller Speicher: 8189.55 MB
Verfügbarer virtueller Speicher: 6081.55 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:360.85 GB) NTFS
Drive e: () (Fixed) (Total:0.2 GB) (Free:0.14 GB) NTFS
Drive f: (LAptopDisc2) (Fixed) (Total:29 GB) (Free:12.35 GB) NTFS
Drive g: (LAptopDisc1) (Fixed) (Total:421.81 GB) (Free:243.84 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9BE2D30B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B9B34996)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== Ende von Addition.txt ============================

sumpfgeist 30.08.2016 11:04
TDSS-Log Part1
 
Code:
11:47:51.0909 0x1820  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
11:47:54.0721 0x1820  ============================================================
11:47:54.0721 0x1820  Current date / time: 2016/08/30 11:47:54.0721
11:47:54.0721 0x1820  SystemInfo:
11:47:54.0721 0x1820 
11:47:54.0721 0x1820  OS Version: 10.0.10586 ServicePack: 0.0
11:47:54.0721 0x1820  Product type: Workstation
11:47:54.0721 0x1820  ComputerName: WINDOWS-0GJL1H2
11:47:54.0721 0x1820  UserName: xxx
11:47:54.0721 0x1820  Windows directory: C:\WINDOWS
11:47:54.0721 0x1820  System windows directory: C:\WINDOWS
11:47:54.0721 0x1820  Running under WOW64
11:47:54.0721 0x1820  Processor architecture: Intel x64
11:47:54.0721 0x1820  Number of processors: 2
11:47:54.0721 0x1820  Page size: 0x1000
11:47:54.0721 0x1820  Boot type: Normal boot
11:47:54.0721 0x1820  CodeIntegrityOptions = 0x00000001
11:47:54.0721 0x1820  ============================================================
11:47:55.0549 0x1820  KLMD registered as C:\WINDOWS\system32\drivers\45598342.sys
11:47:55.0549 0x1820  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.306, osProperties = 0x19
11:47:56.0143 0x1820  System UUID: {B41A7C91-4957-DEC1-74D4-BFE19FAB9829}
11:47:56.0971 0x1820  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:47:57.0034 0x1820  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:47:57.0065 0x1820  ============================================================
11:47:57.0065 0x1820  \Device\Harddisk0\DR0:
11:47:57.0065 0x1820  MBR partitions:
11:47:57.0065 0x1820  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:47:57.0065 0x1820  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A272000
11:47:57.0065 0x1820  \Device\Harddisk1\DR1:
11:47:57.0065 0x1820  MBR partitions:
11:47:57.0065 0x1820  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
11:47:57.0065 0x1820  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
11:47:57.0096 0x1820  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
11:47:57.0096 0x1820  ============================================================
11:47:57.0112 0x1820  C: <-> \Device\Harddisk0\DR0\Partition2
11:47:57.0159 0x1820  E: <-> \Device\Harddisk1\DR1\Partition1
11:47:57.0221 0x1820  F: <-> \Device\Harddisk1\DR1\Partition3
11:47:57.0268 0x1820  G: <-> \Device\Harddisk1\DR1\Partition2
11:47:57.0268 0x1820  ============================================================
11:47:57.0268 0x1820  Initialize success
11:47:57.0268 0x1820  ============================================================
11:54:48.0002 0x0dcc  ============================================================
11:54:48.0002 0x0dcc  Scan started
11:54:48.0002 0x0dcc  Mode: Manual;
11:54:48.0002 0x0dcc  ============================================================
11:54:48.0002 0x0dcc  KSN ping started
11:54:50.0408 0x0dcc  KSN ping finished: true
11:54:52.0971 0x0dcc  ================ Scan system memory ========================
11:54:52.0971 0x0dcc  System memory - ok
11:54:52.0971 0x0dcc  ================ Scan services =============================
11:54:53.0174 0x0dcc  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
11:54:53.0174 0x0dcc  1394ohci - ok
11:54:53.0221 0x0dcc  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware          C:\WINDOWS\system32\drivers\3ware.sys
11:54:53.0221 0x0dcc  3ware - ok
11:54:53.0267 0x0dcc  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
11:54:53.0283 0x0dcc  ACPI - ok
11:54:53.0299 0x0dcc  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
11:54:53.0299 0x0dcc  acpiex - ok
11:54:53.0314 0x0dcc  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
11:54:53.0314 0x0dcc  acpipagr - ok
11:54:53.0346 0x0dcc  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi        C:\WINDOWS\System32\drivers\acpipmi.sys
11:54:53.0346 0x0dcc  AcpiPmi - ok
11:54:53.0361 0x0dcc  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
11:54:53.0361 0x0dcc  acpitime - ok
11:54:53.0439 0x0dcc  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:54:53.0439 0x0dcc  AdobeARMservice - ok
11:54:53.0517 0x0dcc  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:54:53.0517 0x0dcc  AdobeFlashPlayerUpdateSvc - ok
11:54:53.0580 0x0dcc  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX        C:\WINDOWS\system32\drivers\ADP80XX.SYS
11:54:53.0596 0x0dcc  ADP80XX - ok
11:54:53.0642 0x0dcc  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD            C:\WINDOWS\system32\drivers\afd.sys
11:54:53.0642 0x0dcc  AFD - ok
11:54:53.0658 0x0dcc  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
11:54:53.0658 0x0dcc  agp440 - ok
11:54:53.0705 0x0dcc  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache        C:\WINDOWS\system32\DRIVERS\ahcache.sys
11:54:53.0736 0x0dcc  ahcache - ok
11:54:53.0767 0x0dcc  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
11:54:53.0767 0x0dcc  AJRouter - ok
11:54:53.0799 0x0dcc  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG            C:\WINDOWS\System32\alg.exe
11:54:53.0814 0x0dcc  ALG - ok
11:54:53.0924 0x0dcc  [ 7FE59496114A48A64E98E3218664A3E6, 1C11EE3686CB7F57783A5A5F56CCED71F61A46B26B0F4C4D04B1B37E8AC5A7D1 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
11:54:53.0939 0x0dcc  AMD External Events Utility - ok
11:54:53.0955 0x0dcc  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8          C:\WINDOWS\System32\drivers\amdk8.sys
11:54:53.0955 0x0dcc  AmdK8 - ok
11:54:54.0236 0x0dcc  [ E66C25946B3D9268D8E10D3769CF4719, C273A59D3A29549E3C8BBF896015CA0E5D64A4ECCD6C2FF360927773DA736022 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
11:54:54.0408 0x0dcc  amdkmdag - ok
11:54:54.0455 0x0dcc  [ D1D66D1D42E53B53AFC7598058E71796, 12A1C8D895891F89745493091174D3FF5A9953F21427E7E1BE1120DA762E0CBD ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
11:54:54.0455 0x0dcc  amdkmdap - ok
11:54:54.0471 0x0dcc  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
11:54:54.0471 0x0dcc  AmdPPM - ok
11:54:54.0517 0x0dcc  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata        C:\WINDOWS\system32\drivers\amdsata.sys
11:54:54.0517 0x0dcc  amdsata - ok
11:54:54.0517 0x0dcc  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
11:54:54.0533 0x0dcc  amdsbs - ok
11:54:54.0549 0x0dcc  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata        C:\WINDOWS\system32\drivers\amdxata.sys
11:54:54.0549 0x0dcc  amdxata - ok
11:54:54.0611 0x0dcc  [ ADFFD587A8CBDCEB0566521ACEF707DB, 17CF539B17FAAF4CC4306B6D2BBD36D80C93FB49A614293D7351A92445C6C1D0 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
11:54:54.0627 0x0dcc  AppHostSvc - ok
11:54:54.0674 0x0dcc  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID          C:\WINDOWS\system32\drivers\appid.sys
11:54:54.0674 0x0dcc  AppID - ok
11:54:54.0705 0x0dcc  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
11:54:54.0705 0x0dcc  AppIDSvc - ok
11:54:54.0736 0x0dcc  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo        C:\WINDOWS\System32\appinfo.dll
11:54:54.0736 0x0dcc  Appinfo - ok
11:54:54.0767 0x0dcc  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:54:54.0767 0x0dcc  Apple Mobile Device - ok
11:54:54.0799 0x0dcc  [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
11:54:54.0799 0x0dcc  AppMgmt - ok
11:54:54.0861 0x0dcc  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
11:54:54.0892 0x0dcc  AppReadiness - ok
11:54:54.0986 0x0dcc  [ 087FBBC026DCC0F693E91079B9901B7E, 544DEC1255923DBDC8351B6CE2220FBC9929F2FFE52C91062C23DE7734DA7A2F ] AppXSvc        C:\WINDOWS\system32\appxdeploymentserver.dll
11:54:55.0017 0x0dcc  AppXSvc - ok
11:54:55.0049 0x0dcc  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
11:54:55.0049 0x0dcc  arcsas - ok
11:54:55.0174 0x0dcc  [ 00B0FDD484914F388B5441285FDE24CB, 90AA8A12BB235BFC3A924F0E23BCEE8742817E3BC5A85E49D8AF8B52E8158ECB ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:54:55.0174 0x0dcc  aspnet_state - ok
11:54:55.0221 0x0dcc  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
11:54:55.0221 0x0dcc  AsyncMac - ok
11:54:55.0252 0x0dcc  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi          C:\WINDOWS\system32\drivers\atapi.sys
11:54:55.0252 0x0dcc  atapi - ok
11:54:55.0314 0x0dcc  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:54:55.0346 0x0dcc  AudioEndpointBuilder - ok
11:54:55.0424 0x0dcc  [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
11:54:55.0439 0x0dcc  Audiosrv - ok
11:54:55.0627 0x0dcc  [ 50C3C62FFE6337E6E4F2F01CB07DF63C, CC9C7D2827E872F22A2A79D42195530F61DF6EA6A1C8F520E25DB35537574FAB ] AVP16.0.0      C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
11:54:55.0627 0x0dcc  AVP16.0.0 - ok
11:54:55.0658 0x0dcc  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
11:54:55.0674 0x0dcc  AxInstSV - ok
11:54:55.0705 0x0dcc  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv        C:\WINDOWS\system32\drivers\bxvbda.sys
11:54:55.0721 0x0dcc  b06bdrv - ok
11:54:55.0736 0x0dcc  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:54:55.0736 0x0dcc  BasicDisplay - ok
11:54:55.0752 0x0dcc  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender    C:\WINDOWS\System32\drivers\BasicRender.sys
11:54:55.0752 0x0dcc  BasicRender - ok
11:54:55.0767 0x0dcc  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn          C:\WINDOWS\System32\drivers\bcmfn.sys
11:54:55.0767 0x0dcc  bcmfn - ok
11:54:55.0783 0x0dcc  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
11:54:55.0783 0x0dcc  bcmfn2 - ok
11:54:55.0846 0x0dcc  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
11:54:55.0861 0x0dcc  BDESVC - ok
11:54:55.0908 0x0dcc  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:54:55.0908 0x0dcc  Beep - ok
11:54:55.0971 0x0dcc  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE            C:\WINDOWS\System32\bfe.dll
11:54:56.0002 0x0dcc  BFE - ok
11:54:56.0064 0x0dcc  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
11:54:56.0080 0x0dcc  BITS - ok
11:54:56.0158 0x0dcc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:54:56.0158 0x0dcc  Bonjour Service - ok
11:54:56.0189 0x0dcc  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
11:54:56.0189 0x0dcc  bowser - ok
11:54:56.0267 0x0dcc  [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:54:56.0283 0x0dcc  BrokerInfrastructure - ok
11:54:56.0330 0x0dcc  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser        C:\WINDOWS\System32\browser.dll
11:54:56.0330 0x0dcc  Browser - ok
11:54:56.0361 0x0dcc  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:54:56.0377 0x0dcc  BthAvrcpTg - ok
11:54:56.0392 0x0dcc  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum      C:\WINDOWS\System32\drivers\bthhfenum.sys
11:54:56.0392 0x0dcc  BthHFEnum - ok
11:54:56.0408 0x0dcc  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
11:54:56.0408 0x0dcc  bthhfhid - ok
11:54:56.0455 0x0dcc  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
11:54:56.0455 0x0dcc  BthHFSrv - ok
11:54:56.0471 0x0dcc  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
11:54:56.0471 0x0dcc  BTHMODEM - ok
11:54:56.0486 0x0dcc  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv        C:\WINDOWS\system32\bthserv.dll
11:54:56.0486 0x0dcc  bthserv - ok
11:54:56.0502 0x0dcc  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
11:54:56.0502 0x0dcc  buttonconverter - ok
11:54:56.0533 0x0dcc  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
11:54:56.0533 0x0dcc  CapImg - ok
11:54:56.0580 0x0dcc  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:54:56.0580 0x0dcc  cdfs - ok
11:54:56.0627 0x0dcc  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
11:54:56.0642 0x0dcc  CDPSvc - ok
11:54:56.0674 0x0dcc  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom          C:\WINDOWS\System32\drivers\cdrom.sys
11:54:56.0674 0x0dcc  cdrom - ok
11:54:56.0705 0x0dcc  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc    C:\WINDOWS\System32\certprop.dll
11:54:56.0705 0x0dcc  CertPropSvc - ok
11:54:56.0721 0x0dcc  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
11:54:56.0736 0x0dcc  circlass - ok
11:54:56.0752 0x0dcc  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
11:54:56.0767 0x0dcc  CLFS - ok
11:54:56.0846 0x0dcc  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC        C:\WINDOWS\System32\ClipSVC.dll
11:54:56.0861 0x0dcc  ClipSVC - ok
11:54:56.0892 0x0dcc  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
11:54:56.0892 0x0dcc  CmBatt - ok
11:54:56.0939 0x0dcc  [ B2A6D2A30E93B6F215F74AC7E1733C9C, 960299F7BF2501B46296EDEA050BF30313C17A9B785574B56B79C070BD1B6E1A ] cm_km          C:\WINDOWS\system32\DRIVERS\cm_km.sys
11:54:56.0939 0x0dcc  cm_km - ok
11:54:57.0002 0x0dcc  [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG            C:\WINDOWS\system32\Drivers\cng.sys
11:54:57.0002 0x0dcc  CNG - ok
11:54:57.0033 0x0dcc  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist    C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
11:54:57.0033 0x0dcc  cnghwassist - ok
11:54:57.0142 0x0dcc  [ 344D99D4E270CDC638231D2B25A977EB, 8F4EEDA12A2FD71F4F10AFC0615AB9C4A3B03D156F831738D253852B9D6800B7 ] CodeMeter.exe  C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
11:54:57.0205 0x0dcc  CodeMeter.exe - ok
11:54:57.0314 0x0dcc  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
11:54:57.0314 0x0dcc  CompositeBus - ok
11:54:57.0346 0x0dcc  COMSysApp - ok
11:54:57.0392 0x0dcc  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
11:54:57.0392 0x0dcc  condrv - ok
11:54:57.0424 0x0dcc  [ 86BE19C6A177AEB93302EA5C4FBE2D11, 5404AB84D270549B1A46574EBDC857525F71B117BE3BA0098FA0A696E56D5C39 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
11:54:57.0439 0x0dcc  CoreMessagingRegistrar - ok
11:54:57.0486 0x0dcc  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
11:54:57.0486 0x0dcc  CryptSvc - ok
11:54:57.0502 0x0dcc  [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC            C:\WINDOWS\system32\drivers\csc.sys
11:54:57.0517 0x0dcc  CSC - ok
11:54:57.0596 0x0dcc  [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService      C:\WINDOWS\System32\cscsvc.dll
11:54:57.0611 0x0dcc  CscService - ok
11:54:57.0627 0x0dcc  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam            C:\WINDOWS\system32\drivers\dam.sys
11:54:57.0627 0x0dcc  dam - ok
11:54:57.0689 0x0dcc  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:54:57.0705 0x0dcc  DcomLaunch - ok
11:54:57.0736 0x0dcc  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
11:54:57.0736 0x0dcc  DcpSvc - ok
11:54:57.0767 0x0dcc  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc      C:\WINDOWS\System32\defragsvc.dll
11:54:57.0783 0x0dcc  defragsvc - ok
11:54:57.0861 0x0dcc  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:54:57.0861 0x0dcc  DeviceAssociationService - ok
11:54:57.0892 0x0dcc  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall  C:\WINDOWS\system32\umpnpmgr.dll
11:54:57.0892 0x0dcc  DeviceInstall - ok
11:54:57.0908 0x0dcc  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
11:54:57.0908 0x0dcc  DevQueryBroker - ok
11:54:57.0955 0x0dcc  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
11:54:57.0971 0x0dcc  Dfsc - ok
11:54:58.0002 0x0dcc  [ 0F4A5D01156B948B54550375498B08A2, 1CAE3D744429A06E9C9EC46AC6B216AB68154EF8FACDD0721C47902B83820F56 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
11:54:58.0002 0x0dcc  dg_ssudbus - ok
11:54:58.0080 0x0dcc  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
11:54:58.0096 0x0dcc  Dhcp - ok
11:54:58.0174 0x0dcc  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
11:54:58.0174 0x0dcc  diagnosticshub.standardcollector.service - ok
11:54:58.0267 0x0dcc  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack      C:\WINDOWS\system32\diagtrack.dll
11:54:58.0299 0x0dcc  DiagTrack - ok
11:54:58.0346 0x0dcc  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
11:54:58.0346 0x0dcc  disk - ok
11:54:58.0392 0x0dcc  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
11:54:58.0392 0x0dcc  DmEnrollmentSvc - ok
11:54:58.0408 0x0dcc  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc          C:\WINDOWS\System32\drivers\dmvsc.sys
11:54:58.0408 0x0dcc  dmvsc - ok
11:54:58.0439 0x0dcc  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
11:54:58.0439 0x0dcc  dmwappushservice - ok
11:54:58.0502 0x0dcc  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:54:58.0517 0x0dcc  Dnscache - ok
11:54:58.0549 0x0dcc  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc        C:\WINDOWS\System32\dot3svc.dll
11:54:58.0549 0x0dcc  dot3svc - ok
11:54:58.0580 0x0dcc  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS            C:\WINDOWS\system32\dps.dll
11:54:58.0580 0x0dcc  DPS - ok
11:54:58.0611 0x0dcc  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud        C:\WINDOWS\System32\drivers\drmkaud.sys
11:54:58.0611 0x0dcc  drmkaud - ok
11:54:58.0674 0x0dcc  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
11:54:58.0689 0x0dcc  DsmSvc - ok
11:54:58.0721 0x0dcc  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc          C:\WINDOWS\System32\DsSvc.dll
11:54:58.0736 0x0dcc  DsSvc - ok
11:54:58.0814 0x0dcc  [ 48D8729FACC784900B831212AE56F824, 6AAE1E78B84D0C12B99BE050B787AA167E6BA0B5AA621BEE0DB5312A4771DA63 ] DXGKrnl        C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:54:58.0846 0x0dcc  DXGKrnl - ok
11:54:58.0892 0x0dcc  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost        C:\WINDOWS\System32\eapsvc.dll
11:54:58.0892 0x0dcc  Eaphost - ok
11:54:59.0002 0x0dcc  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv          C:\WINDOWS\system32\drivers\evbda.sys
11:54:59.0049 0x0dcc  ebdrv - ok
11:54:59.0096 0x0dcc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS            C:\WINDOWS\System32\lsass.exe
11:54:59.0096 0x0dcc  EFS - ok
11:54:59.0127 0x0dcc  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass    C:\WINDOWS\system32\drivers\EhStorClass.sys
11:54:59.0127 0x0dcc  EhStorClass - ok
11:54:59.0158 0x0dcc  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:54:59.0158 0x0dcc  EhStorTcgDrv - ok
11:54:59.0174 0x0dcc  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
11:54:59.0174 0x0dcc  embeddedmode - ok
11:54:59.0205 0x0dcc  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc      C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
11:54:59.0205 0x0dcc  EntAppSvc - ok
11:54:59.0236 0x0dcc  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
11:54:59.0236 0x0dcc  ErrDev - ok
11:54:59.0267 0x0dcc  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem    C:\WINDOWS\system32\es.dll
11:54:59.0283 0x0dcc  EventSystem - ok
11:54:59.0299 0x0dcc  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat          C:\WINDOWS\system32\drivers\exfat.sys
11:54:59.0314 0x0dcc  exfat - ok
11:54:59.0346 0x0dcc  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat        C:\WINDOWS\system32\drivers\fastfat.sys
11:54:59.0346 0x0dcc  fastfat - ok
11:54:59.0392 0x0dcc  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax            C:\WINDOWS\system32\fxssvc.exe
11:54:59.0408 0x0dcc  Fax - ok
11:54:59.0424 0x0dcc  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc            C:\WINDOWS\System32\drivers\fdc.sys
11:54:59.0424 0x0dcc  fdc - ok
11:54:59.0471 0x0dcc  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost        C:\WINDOWS\system32\fdPHost.dll
11:54:59.0471 0x0dcc  fdPHost - ok
11:54:59.0486 0x0dcc  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
11:54:59.0486 0x0dcc  FDResPub - ok
11:54:59.0517 0x0dcc  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc          C:\WINDOWS\system32\fhsvc.dll
11:54:59.0517 0x0dcc  fhsvc - ok
11:54:59.0549 0x0dcc  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt      C:\WINDOWS\system32\drivers\filecrypt.sys
11:54:59.0549 0x0dcc  FileCrypt - ok
11:54:59.0596 0x0dcc  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
11:54:59.0596 0x0dcc  FileInfo - ok
11:54:59.0611 0x0dcc  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace      C:\WINDOWS\system32\drivers\filetrace.sys
11:54:59.0611 0x0dcc  Filetrace - ok
11:54:59.0627 0x0dcc  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
11:54:59.0627 0x0dcc  flpydisk - ok
11:54:59.0658 0x0dcc  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:54:59.0674 0x0dcc  FltMgr - ok
11:54:59.0783 0x0dcc  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache      C:\WINDOWS\system32\FntCache.dll
11:54:59.0799 0x0dcc  FontCache - ok
11:54:59.0892 0x0dcc  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:54:59.0892 0x0dcc  FontCache3.0.0.0 - ok
11:54:59.0924 0x0dcc  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends      C:\WINDOWS\system32\drivers\FsDepends.sys
11:54:59.0939 0x0dcc  FsDepends - ok
11:54:59.0955 0x0dcc  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:54:59.0971 0x0dcc  Fs_Rec - ok
11:55:00.0002 0x0dcc  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:55:00.0033 0x0dcc  fvevol - ok
11:55:00.0049 0x0dcc  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
11:55:00.0049 0x0dcc  gagp30kx - ok
11:55:00.0080 0x0dcc  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM    C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:55:00.0080 0x0dcc  GEARAspiWDM - ok
11:55:00.0111 0x0dcc  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
11:55:00.0111 0x0dcc  gencounter - ok
11:55:00.0127 0x0dcc  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
11:55:00.0127 0x0dcc  genericusbfn - ok
11:55:00.0174 0x0dcc  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101    C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:55:00.0174 0x0dcc  GPIOClx0101 - ok
11:55:00.0283 0x0dcc  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc          C:\WINDOWS\System32\gpsvc.dll
11:55:00.0299 0x0dcc  gpsvc - ok
11:55:00.0314 0x0dcc  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
11:55:00.0314 0x0dcc  GpuEnergyDrv - ok
11:55:00.0330 0x0dcc  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\WINDOWS\System32\drivers\HdAudio.sys
11:55:00.0330 0x0dcc  HdAudAddService - ok
11:55:00.0346 0x0dcc  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
11:55:00.0361 0x0dcc  HDAudBus - ok
11:55:00.0377 0x0dcc  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt        C:\WINDOWS\System32\drivers\HidBatt.sys
11:55:00.0377 0x0dcc  HidBatt - ok
11:55:00.0392 0x0dcc  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
11:55:00.0392 0x0dcc  HidBth - ok
11:55:00.0408 0x0dcc  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
11:55:00.0408 0x0dcc  hidi2c - ok
11:55:00.0424 0x0dcc  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
11:55:00.0424 0x0dcc  hidinterrupt - ok
11:55:00.0455 0x0dcc  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr          C:\WINDOWS\System32\drivers\hidir.sys
11:55:00.0455 0x0dcc  HidIr - ok
11:55:00.0471 0x0dcc  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv        C:\WINDOWS\system32\hidserv.dll
11:55:00.0486 0x0dcc  hidserv - ok
11:55:00.0517 0x0dcc  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
11:55:00.0517 0x0dcc  HidUsb - ok
11:55:00.0564 0x0dcc  [ 7CEC266216126BC9A0E1072E1A7E5702, 6B2C0768C8F2590E65B9520D266C07D1A9D89B9E185CC359B0453F399836759F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:55:00.0564 0x0dcc  HomeGroupListener - ok
11:55:00.0611 0x0dcc  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:55:00.0627 0x0dcc  HomeGroupProvider - ok
11:55:00.0642 0x0dcc  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
11:55:00.0642 0x0dcc  HpSAMD - ok
11:55:00.0736 0x0dcc  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
11:55:00.0767 0x0dcc  HTTP - ok
11:55:00.0783 0x0dcc  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
11:55:00.0783 0x0dcc  hwpolicy - ok
11:55:00.0799 0x0dcc  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
11:55:00.0799 0x0dcc  hyperkbd - ok
11:55:00.0814 0x0dcc  [ 40115A0F8E7FF9E786EBBD1D33D39AD7, 5190D3970950251CD0946521C428BF26BF7D68C2984B990B8EFDD406EC9CDFE1 ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:55:00.0814 0x0dcc  HyperVideo - ok
11:55:00.0830 0x0dcc  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
11:55:00.0830 0x0dcc  i8042prt - ok
11:55:00.0877 0x0dcc  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c          C:\WINDOWS\System32\drivers\iai2c.sys
11:55:00.0877 0x0dcc  iai2c - ok
11:55:00.0877 0x0dcc  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
11:55:00.0877 0x0dcc  iaLPSS2i_I2C - ok
11:55:00.0908 0x0dcc  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
11:55:00.0908 0x0dcc  iaLPSSi_GPIO - ok
11:55:00.0908 0x0dcc  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C    C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
11:55:00.0908 0x0dcc  iaLPSSi_I2C - ok
11:55:00.0955 0x0dcc  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
11:55:00.0955 0x0dcc  iaStorAV - ok
11:55:00.0971 0x0dcc  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV        C:\WINDOWS\system32\drivers\iaStorV.sys
11:55:00.0986 0x0dcc  iaStorV - ok
11:55:01.0002 0x0dcc  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus          C:\WINDOWS\System32\drivers\ibbus.sys
11:55:01.0002 0x0dcc  ibbus - ok
11:55:01.0033 0x0dcc  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
11:55:01.0033 0x0dcc  icssvc - ok
11:55:01.0033 0x0dcc  IEEtwCollectorService - ok
11:55:01.0080 0x0dcc  [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
11:55:01.0096 0x0dcc  IKEEXT - ok
11:55:01.0111 0x0dcc  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
11:55:01.0111 0x0dcc  intelide - ok
11:55:01.0127 0x0dcc  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
11:55:01.0127 0x0dcc  intelpep - ok
11:55:01.0158 0x0dcc  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
11:55:01.0158 0x0dcc  intelppm - ok
11:55:01.0174 0x0dcc  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos          C:\WINDOWS\system32\drivers\ioqos.sys
11:55:01.0174 0x0dcc  IoQos - ok
11:55:01.0205 0x0dcc  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:55:01.0205 0x0dcc  IpFilterDriver - ok
11:55:01.0252 0x0dcc  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
11:55:01.0267 0x0dcc  iphlpsvc - ok
11:55:01.0267 0x0dcc  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV        C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:55:01.0283 0x0dcc  IPMIDRV - ok
11:55:01.0283 0x0dcc  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT          C:\WINDOWS\system32\drivers\ipnat.sys
11:55:01.0283 0x0dcc  IPNAT - ok
11:55:01.0314 0x0dcc  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:55:01.0330 0x0dcc  iPod Service - ok
11:55:01.0361 0x0dcc  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
11:55:01.0361 0x0dcc  IRENUM - ok
11:55:01.0392 0x0dcc  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
11:55:01.0392 0x0dcc  isapnp - ok
11:55:01.0408 0x0dcc  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
11:55:01.0424 0x0dcc  iScsiPrt - ok
11:55:01.0439 0x0dcc  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
11:55:01.0439 0x0dcc  kbdclass - ok
11:55:01.0471 0x0dcc  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
11:55:01.0471 0x0dcc  kbdhid - ok
11:55:01.0502 0x0dcc  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic          C:\WINDOWS\System32\drivers\kdnic.sys
11:55:01.0502 0x0dcc  kdnic - ok
11:55:01.0517 0x0dcc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
11:55:01.0517 0x0dcc  KeyIso - ok
11:55:01.0580 0x0dcc  [ BEE1682DA217A4AD46C36896769AA580, 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC ] kl1            C:\WINDOWS\system32\DRIVERS\kl1.sys
11:55:01.0580 0x0dcc  kl1 - ok
11:55:01.0611 0x0dcc  [ 86F40D79CE80ACBE6BEBAC8CE89D75A0, 8B800425160D1AF3C32EF7B5CA794658EE09CD3EE782473D8D38E1C7706076B3 ] klbackupdisk    C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
11:55:01.0611 0x0dcc  klbackupdisk - ok
11:55:01.0642 0x0dcc  [ 2B4BC41223326FF440E2DB32B9239138, E95D5BB3388D6B219A4C175D5DA77CEB620A27A13F5AA4E7E2C05694B6E26947 ] klbackupflt    C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
11:55:01.0642 0x0dcc  klbackupflt - ok
11:55:01.0674 0x0dcc  [ 80D7529E1CF09261FADF55E69EFDA90B, 2FE5EC38866E12D78AE3F4AD8CF647BDED616E8A36D9D737F9B6564DDA4685E7 ] kldisk          C:\WINDOWS\system32\DRIVERS\kldisk.sys
11:55:01.0674 0x0dcc  kldisk - ok
11:55:01.0705 0x0dcc  [ E2097C8F18F1E8E3B7D09F12B51843A3, 0506A99BD0962AAE64692BD7F080DB080F8B678DC59685CF22830A47B486430C ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
11:55:01.0705 0x0dcc  klelam - ok
11:55:01.0736 0x0dcc  [ BACE50477C184A3AA0755702C23B8B27, 5708A1B7C22702AD2E5DD4491A911A51D2FB768E46857639C0C5D8736E487D0F ] klflt          C:\WINDOWS\system32\DRIVERS\klflt.sys
11:55:01.0736 0x0dcc  klflt - ok
11:55:01.0767 0x0dcc  [ BE1DF4E950FF00A19BB72FA29CAEE32E, 24D8111B8782B4FB8612AB9DCE6A3A5EA63CE4B75DC717D0ECC5C6BCBCCF01AA ] klhk            C:\WINDOWS\system32\DRIVERS\klhk.sys
11:55:01.0783 0x0dcc  klhk - ok
11:55:01.0814 0x0dcc  [ B72D1864B3EC6E429DB127A642CFB8BB, 43954F7E04158D79D44D0D6866838043A2B49B49EBF15A57DB120DB7AC3C19CE ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
11:55:01.0830 0x0dcc  KLIF - ok
11:55:01.0846 0x0dcc  [ 161573B8BE82D24ED8B5B8EBA01245EA, 3CC124C717C2484A4DE0D415A2564D62D1A4B6E9DED65136B094304FCDE74CE0 ] KLIM6          C:\WINDOWS\system32\DRIVERS\klim6.sys
11:55:01.0861 0x0dcc  KLIM6 - ok
11:55:01.0877 0x0dcc  [ DAE5768E6FD34A36E3B9D1AF1FCA682B, 24DA0B71E3B4AC0FABEE0BF687DF8D35283DBF808CA3AB6F86E72B37471F6B33 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
11:55:01.0892 0x0dcc  klkbdflt - ok
11:55:01.0892 0x0dcc  klkbdflt2 - ok
11:55:01.0924 0x0dcc  [ FD47C92A63B6EADEA830BFA96C06EAEE, C15C39B6FA53CBD01A2F95243845C4B706B4229F8FFB75C7128819B9CEE5B2CB ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
11:55:01.0924 0x0dcc  klmouflt - ok
11:55:01.0955 0x0dcc  [ F610F5F17BC87D61EF8954CCD793BAE4, A77FE26B4A474FE799C3D569BDD7858319C57FC14C1BB43ECFAB1FDB19AF5DC6 ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
11:55:01.0955 0x0dcc  klpd - ok
11:55:01.0986 0x0dcc  [ 8334692AFEB3289984B40898B6B30C06, 6A337CC33B0EFC3B61BFCABFDFE305BE1D334620FB4D87DDEDBC8214966D6DDE ] klwfp          C:\WINDOWS\system32\DRIVERS\klwfp.sys
11:55:01.0986 0x0dcc  klwfp - ok
11:55:02.0017 0x0dcc  [ 91234D71CEED29F2DBA16942CABDCA4F, 5D71BAC86C33BC77EEBF1ECB8F372DFE631991E4C5F36EAF0C8C957150BD6D52 ] Klwtp          C:\WINDOWS\system32\DRIVERS\klwtp.sys
11:55:02.0017 0x0dcc  Klwtp - ok
11:55:02.0049 0x0dcc  [ 1686DE8288052316EFDD49EEA8929065, AD43D6ACCD8693BD76F218E1A4EE088BA061C1309A3E7DAA7EC94D875985D895 ] kneps          C:\WINDOWS\system32\DRIVERS\kneps.sys
11:55:02.0064 0x0dcc  kneps - ok
11:55:02.0080 0x0dcc  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
11:55:02.0080 0x0dcc  KSecDD - ok
11:55:02.0096 0x0dcc  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg        C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:55:02.0096 0x0dcc  KSecPkg - ok
11:55:02.0127 0x0dcc  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk        C:\WINDOWS\system32\drivers\ksthunk.sys
11:55:02.0127 0x0dcc  ksthunk - ok
11:55:02.0158 0x0dcc  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm          C:\WINDOWS\system32\msdtckrm.dll
11:55:02.0174 0x0dcc  KtmRm - ok
11:55:02.0221 0x0dcc  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
11:55:02.0236 0x0dcc  LanmanServer - ok
11:55:02.0252 0x0dcc  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:55:02.0267 0x0dcc  LanmanWorkstation - ok
11:55:02.0314 0x0dcc  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc          C:\WINDOWS\System32\lfsvc.dll
11:55:02.0314 0x0dcc  lfsvc - ok
11:55:02.0330 0x0dcc  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
11:55:02.0330 0x0dcc  LicenseManager - ok
11:55:02.0377 0x0dcc  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
11:55:02.0377 0x0dcc  lltdio - ok
11:55:02.0408 0x0dcc  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc        C:\WINDOWS\System32\lltdsvc.dll
11:55:02.0408 0x0dcc  lltdsvc - ok
11:55:02.0424 0x0dcc  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts        C:\WINDOWS\System32\lmhsvc.dll
11:55:02.0424 0x0dcc  lmhosts - ok
11:55:02.0439 0x0dcc  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS        C:\WINDOWS\system32\drivers\lsi_sas.sys
11:55:02.0439 0x0dcc  LSI_SAS - ok
11:55:02.0455 0x0dcc  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i      C:\WINDOWS\system32\drivers\lsi_sas2i.sys
11:55:02.0455 0x0dcc  LSI_SAS2i - ok
11:55:02.0455 0x0dcc  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i      C:\WINDOWS\system32\drivers\lsi_sas3i.sys
11:55:02.0455 0x0dcc  LSI_SAS3i - ok
11:55:02.0471 0x0dcc  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS        C:\WINDOWS\system32\drivers\lsi_sss.sys
11:55:02.0471 0x0dcc  LSI_SSS - ok
11:55:02.0502 0x0dcc  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM            C:\WINDOWS\System32\lsm.dll
11:55:02.0517 0x0dcc  LSM - ok
11:55:02.0533 0x0dcc  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv          C:\WINDOWS\system32\drivers\luafv.sys
11:55:02.0533 0x0dcc  luafv - ok
11:55:02.0564 0x0dcc  [ 56B24B359838BE86B013C2CFD38BDFC4, 38EA2D320F0CD80E3654AA1A5CA1CCAB1CA5519A562EEE41DC2E5EDF47CEF3F4 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
11:55:02.0564 0x0dcc  MapsBroker - ok
11:55:02.0596 0x0dcc  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas        C:\WINDOWS\system32\drivers\megasas.sys
11:55:02.0596 0x0dcc  megasas - ok
11:55:02.0627 0x0dcc  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
11:55:02.0627 0x0dcc  megasr - ok
11:55:02.0674 0x0dcc  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
11:55:02.0674 0x0dcc  MessagingService - ok
11:55:02.0705 0x0dcc  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
11:55:02.0721 0x0dcc  mlx4_bus - ok
11:55:02.0736 0x0dcc  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS          C:\WINDOWS\system32\drivers\mmcss.sys
11:55:02.0736 0x0dcc  MMCSS - ok
11:55:02.0752 0x0dcc  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem          C:\WINDOWS\system32\drivers\modem.sys
11:55:02.0752 0x0dcc  Modem - ok
11:55:02.0767 0x0dcc  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor        C:\WINDOWS\System32\drivers\monitor.sys
11:55:02.0767 0x0dcc  monitor - ok
11:55:02.0783 0x0dcc  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
11:55:02.0783 0x0dcc  mouclass - ok
11:55:02.0783 0x0dcc  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
11:55:02.0783 0x0dcc  mouhid - ok
11:55:02.0799 0x0dcc  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
11:55:02.0799 0x0dcc  mountmgr - ok
11:55:02.0846 0x0dcc  [ A82AA5481A845F4AC0E5EE83904FBFED, 2E1640BCA51B1957815465E4DEE895FCD87C93EA80DDD3A80B5647B23D16FB67 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:55:02.0846 0x0dcc  MozillaMaintenance - ok
11:55:02.0861 0x0dcc  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
11:55:02.0861 0x0dcc  mpsdrv - ok
11:55:02.0908 0x0dcc  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
11:55:02.0924 0x0dcc  MpsSvc - ok
11:55:02.0971 0x0dcc  [ 2B9A1FF2450BAF7A795941BE471F16EF, DD213BACDAE4E3C4F89BFE54BCE77B2F66D12AA85949147AE8A31049876CAA3E ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
11:55:02.0986 0x0dcc  MQAC - ok
11:55:03.0017 0x0dcc  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
11:55:03.0033 0x0dcc  MRxDAV - ok
11:55:03.0064 0x0dcc  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:55:03.0080 0x0dcc  mrxsmb - ok
11:55:03.0096 0x0dcc  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:55:03.0096 0x0dcc  mrxsmb10 - ok
11:55:03.0158 0x0dcc  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:55:03.0174 0x0dcc  mrxsmb20 - ok
11:55:03.0189 0x0dcc  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
11:55:03.0189 0x0dcc  MsBridge - ok
11:55:03.0221 0x0dcc  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC          C:\WINDOWS\System32\msdtc.exe
11:55:03.0236 0x0dcc  MSDTC - ok
11:55:03.0252 0x0dcc  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:55:03.0252 0x0dcc  Msfs - ok
11:55:03.0252 0x0dcc  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32    C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:55:03.0252 0x0dcc  msgpiowin32 - ok
11:55:03.0267 0x0dcc  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf      C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:55:03.0267 0x0dcc  mshidkmdf - ok
11:55:03.0283 0x0dcc  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf      C:\WINDOWS\System32\drivers\mshidumdf.sys
11:55:03.0283 0x0dcc  mshidumdf - ok
11:55:03.0299 0x0dcc  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
11:55:03.0299 0x0dcc  msisadrv - ok
11:55:03.0346 0x0dcc  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI        C:\WINDOWS\system32\iscsiexe.dll
11:55:03.0361 0x0dcc  MSiSCSI - ok
11:55:03.0377 0x0dcc  msiserver - ok
11:55:03.0392 0x0dcc  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV        C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
11:55:03.0408 0x0dcc  MSKSSRV - ok
11:55:03.0424 0x0dcc  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
11:55:03.0424 0x0dcc  MsLldp - ok
11:55:03.0455 0x0dcc  [ 30130E99810283026C5FA2F57A4BB488, 3CF97CC2F63A7CDEA19C8B2DD73EED161309A7C334FF80567C18423F2DA34249 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
11:55:03.0471 0x0dcc  MSMQ - ok
11:55:03.0486 0x0dcc  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
11:55:03.0486 0x0dcc  MSPCLOCK - ok
11:55:03.0486 0x0dcc  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM          C:\WINDOWS\system32\DRIVERS\MSPQM.sys
11:55:03.0486 0x0dcc  MSPQM - ok
11:55:03.0517 0x0dcc  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC          C:\WINDOWS\system32\drivers\MsRPC.sys
11:55:03.0517 0x0dcc  MsRPC - ok
11:55:03.0533 0x0dcc  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
11:55:03.0549 0x0dcc  mssmbios - ok
11:55:03.0564 0x0dcc  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE          C:\WINDOWS\system32\DRIVERS\MSTEE.sys
11:55:03.0564 0x0dcc  MSTEE - ok
11:55:03.0596 0x0dcc  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
11:55:03.0596 0x0dcc  MTConfig - ok
11:55:03.0627 0x0dcc  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup            C:\WINDOWS\system32\Drivers\mup.sys
11:55:03.0627 0x0dcc  Mup - ok
11:55:03.0658 0x0dcc  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
11:55:03.0658 0x0dcc  mvumis - ok
11:55:03.0721 0x0dcc  [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP    C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:55:03.0736 0x0dcc  NativeWifiP - ok
11:55:03.0799 0x0dcc  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
11:55:03.0814 0x0dcc  NcaSvc - ok
11:55:03.0846 0x0dcc  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\WINDOWS\System32\ncbservice.dll
11:55:03.0846 0x0dcc  NcbService - ok
11:55:03.0861 0x0dcc  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
11:55:03.0877 0x0dcc  NcdAutoSetup - ok
11:55:03.0892 0x0dcc  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
11:55:03.0892 0x0dcc  ndfltr - ok
11:55:03.0955 0x0dcc  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
11:55:03.0971 0x0dcc  NDIS - ok
11:55:04.0002 0x0dcc  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap        C:\WINDOWS\system32\drivers\ndiscap.sys
11:55:04.0002 0x0dcc  NdisCap - ok
11:55:04.0002 0x0dcc  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
11:55:04.0002 0x0dcc  NdisImPlatform - ok
11:55:04.0033 0x0dcc  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:55:04.0033 0x0dcc  NdisTapi - ok
11:55:04.0049 0x0dcc  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio        C:\WINDOWS\system32\drivers\ndisuio.sys
11:55:04.0064 0x0dcc  Ndisuio - ok
11:55:04.0080 0x0dcc  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
11:55:04.0080 0x0dcc  NdisVirtualBus - ok
11:55:04.0096 0x0dcc  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan        C:\WINDOWS\System32\drivers\ndiswan.sys
11:55:04.0096 0x0dcc  NdisWan - ok
11:55:04.0111 0x0dcc  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy  C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:55:04.0111 0x0dcc  ndiswanlegacy - ok
11:55:04.0142 0x0dcc  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy        C:\WINDOWS\system32\DRIVERS\NDProxy.sys
11:55:04.0142 0x0dcc  ndproxy - ok
11:55:04.0158 0x0dcc  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu            C:\WINDOWS\system32\drivers\Ndu.sys
11:55:04.0158 0x0dcc  Ndu - ok
11:55:04.0174 0x0dcc  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS        C:\WINDOWS\system32\drivers\netbios.sys
11:55:04.0174 0x0dcc  NetBIOS - ok
11:55:04.0189 0x0dcc  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
11:55:04.0205 0x0dcc  NetBT - ok
11:55:04.0205 0x0dcc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:55:04.0205 0x0dcc  Netlogon - ok
11:55:04.0267 0x0dcc  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
11:55:04.0267 0x0dcc  Netman - ok
11:55:04.0314 0x0dcc  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:04.0330 0x0dcc  NetMsmqActivator - ok
11:55:04.0346 0x0dcc  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:04.0346 0x0dcc  NetPipeActivator - ok
11:55:04.0439 0x0dcc  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
11:55:04.0455 0x0dcc  netprofm - ok
11:55:04.0471 0x0dcc  [ 9C6EE1DE9CF7B77FF550A737816EB6DB, 586D561E1A318778668D148B8367D1F7452E770D1743ED5F8EE6EAB03DB31916 ] NetSetupSvc    C:\WINDOWS\System32\NetSetupSvc.dll
11:55:04.0486 0x0dcc  NetSetupSvc - ok
11:55:04.0486 0x0dcc  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:04.0486 0x0dcc  NetTcpActivator - ok
11:55:04.0486 0x0dcc  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:55:04.0502 0x0dcc  NetTcpPortSharing - ok
11:55:04.0533 0x0dcc  [ 2BB62723C835F75F0C7C9E6A736881FB, CBA690F5205BE8AE1E8ED8A47BC1594E05391DAC30AAEE0A055366F24602346C ] netvsc          C:\WINDOWS\System32\drivers\netvsc.sys
11:55:04.0533 0x0dcc  netvsc - ok
11:55:04.0549 0x0dcc  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
11:55:04.0564 0x0dcc  NgcCtnrSvc - ok
11:55:04.0596 0x0dcc  [ 7AAA9916AA10F4B0E9743798A5BA6549, 2E38EEF3F487A7DD0B719A048FFA0EB36B2487A1068BB322553E9DD2FCE46711 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
11:55:04.0596 0x0dcc  NgcSvc - ok
11:55:04.0658 0x0dcc  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
11:55:04.0658 0x0dcc  NlaSvc - ok
11:55:04.0689 0x0dcc  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:55:04.0689 0x0dcc  Npfs - ok
11:55:04.0736 0x0dcc  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig      C:\WINDOWS\System32\drivers\npsvctrig.sys
11:55:04.0736 0x0dcc  npsvctrig - ok
11:55:04.0767 0x0dcc  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi            C:\WINDOWS\system32\nsisvc.dll
11:55:04.0767 0x0dcc  nsi - ok
11:55:04.0767 0x0dcc  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
11:55:04.0767 0x0dcc  nsiproxy - ok
11:55:04.0908 0x0dcc  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
11:55:04.0955 0x0dcc  NTFS - ok
11:55:04.0986 0x0dcc  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:55:04.0986 0x0dcc  Null - ok
11:55:05.0017 0x0dcc  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
11:55:05.0017 0x0dcc  nvraid - ok
11:55:05.0033 0x0dcc  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
11:55:05.0033 0x0dcc  nvstor - ok
11:55:05.0064 0x0dcc  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
11:55:05.0064 0x0dcc  nv_agp - ok
11:55:05.0096 0x0dcc  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
11:55:05.0111 0x0dcc  OneSyncSvc - ok
11:55:05.0158 0x0dcc  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:55:05.0174 0x0dcc  ose - ok
11:55:05.0221 0x0dcc  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:55:05.0236 0x0dcc  p2pimsvc - ok
11:55:05.0252 0x0dcc  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
11:55:05.0267 0x0dcc  p2psvc - ok
11:55:05.0299 0x0dcc  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport        C:\WINDOWS\System32\drivers\parport.sys
11:55:05.0299 0x0dcc  Parport - ok
11:55:05.0314 0x0dcc  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr        C:\WINDOWS\system32\drivers\partmgr.sys
11:55:05.0314 0x0dcc  partmgr - ok
11:55:05.0346 0x0dcc  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
11:55:05.0346 0x0dcc  PcaSvc - ok
11:55:05.0377 0x0dcc  [ CFFE69B6C276A3418687109EA8AC9E7D, A516B2F4BFB0CD8B38219E3BF783C0BD99CD9EA1BACBE2284987F6DC0976BD36 ] pci            C:\WINDOWS\system32\drivers\pci.sys
11:55:05.0392 0x0dcc  pci - ok
11:55:05.0392 0x0dcc  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
11:55:05.0392 0x0dcc  pciide - ok
11:55:05.0424 0x0dcc  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
11:55:05.0424 0x0dcc  pcmcia - ok
11:55:05.0439 0x0dcc  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw            C:\WINDOWS\system32\drivers\pcw.sys
11:55:05.0439 0x0dcc  pcw - ok
11:55:05.0455 0x0dcc  [ 67B9684B8272D5EBD1CCBB1DBD425EC8, 09BE2A2EB3A71E594D08B8D817820965DEEAD283029EBB0B74CCC658A2706233 ] pdc            C:\WINDOWS\system32\drivers\pdc.sys
11:55:05.0455 0x0dcc  pdc - ok
11:55:05.0517 0x0dcc  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
11:55:05.0517 0x0dcc  PEAUTH - ok
11:55:05.0596 0x0dcc  [ C7D210982B6C8454E52191D0DCF6DC52, D53D575CD9A0AB7EA94E7D1B9730ABE0A582CA3460AEAC4680D01034D69D3949 ] PeerDistSvc    C:\WINDOWS\system32\peerdistsvc.dll
11:55:05.0627 0x0dcc  PeerDistSvc - ok
11:55:05.0658 0x0dcc  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i      C:\WINDOWS\system32\drivers\percsas2i.sys
11:55:05.0658 0x0dcc  percsas2i - ok
11:55:05.0674 0x0dcc  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i      C:\WINDOWS\system32\drivers\percsas3i.sys
11:55:05.0674 0x0dcc  percsas3i - ok
11:55:05.0752 0x0dcc  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
11:55:05.0752 0x0dcc  PerfHost - ok
11:55:05.0799 0x0dcc  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
11:55:05.0814 0x0dcc  PhoneSvc - ok
11:55:05.0861 0x0dcc  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
11:55:05.0861 0x0dcc  PimIndexMaintenanceSvc - ok
11:55:05.0924 0x0dcc  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla            C:\WINDOWS\system32\pla.dll
11:55:05.0939 0x0dcc  pla - ok
11:55:05.0986 0x0dcc  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
11:55:06.0002 0x0dcc  PlugPlay - ok
11:55:06.0049 0x0dcc  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg    C:\WINDOWS\system32\pnrpauto.dll
11:55:06.0064 0x0dcc  PNRPAutoReg - ok
11:55:06.0127 0x0dcc  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:55:06.0142 0x0dcc  PNRPsvc - ok
11:55:06.0189 0x0dcc  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent    C:\WINDOWS\System32\ipsecsvc.dll
11:55:06.0205 0x0dcc  PolicyAgent - ok
11:55:06.0221 0x0dcc  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power          C:\WINDOWS\system32\umpo.dll
11:55:06.0221 0x0dcc  Power - ok
11:55:06.0252 0x0dcc  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
11:55:06.0267 0x0dcc  PptpMiniport - ok
11:55:06.0455 0x0dcc  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
11:55:06.0502 0x0dcc  PrintNotify - ok
11:55:06.0533 0x0dcc  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor      C:\WINDOWS\System32\drivers\processr.sys
11:55:06.0533 0x0dcc  Processor - ok
11:55:06.0611 0x0dcc  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc        C:\WINDOWS\system32\profsvc.dll
11:55:06.0627 0x0dcc  ProfSvc - ok
11:55:06.0642 0x0dcc  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
11:55:06.0658 0x0dcc  Psched - ok
11:55:06.0689 0x0dcc  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE          C:\WINDOWS\system32\qwave.dll
11:55:06.0689 0x0dcc  QWAVE - ok
11:55:06.0721 0x0dcc  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
11:55:06.0721 0x0dcc  QWAVEdrv - ok
11:55:06.0736 0x0dcc  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:55:06.0736 0x0dcc  RasAcd - ok
11:55:06.0767 0x0dcc  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn    C:\WINDOWS\System32\drivers\AgileVpn.sys
11:55:06.0783 0x0dcc  RasAgileVpn - ok
11:55:06.0799 0x0dcc  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
11:55:06.0814 0x0dcc  RasAuto - ok
11:55:06.0830 0x0dcc  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp        C:\WINDOWS\System32\drivers\rasl2tp.sys
11:55:06.0846 0x0dcc  Rasl2tp - ok
11:55:06.0877 0x0dcc  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:55:06.0877 0x0dcc  RasMan - ok
11:55:06.0892 0x0dcc  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\System32\drivers\raspppoe.sys
11:55:06.0908 0x0dcc  RasPppoe - ok
11:55:06.0908 0x0dcc  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp        C:\WINDOWS\System32\drivers\rassstp.sys
11:55:06.0908 0x0dcc  RasSstp - ok
11:55:06.0939 0x0dcc  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:55:06.0939 0x0dcc  rdbss - ok
11:55:06.0986 0x0dcc  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
11:55:06.0986 0x0dcc  rdpbus - ok
11:55:07.0017 0x0dcc  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR          C:\WINDOWS\system32\drivers\rdpdr.sys
11:55:07.0033 0x0dcc  RDPDR - ok
11:55:07.0049 0x0dcc  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:55:07.0049 0x0dcc  RdpVideoMiniport - ok
11:55:07.0080 0x0dcc  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
11:55:07.0080 0x0dcc  rdyboost - ok
11:55:07.0111 0x0dcc  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
11:55:07.0127 0x0dcc  ReFSv1 - ok
11:55:07.0174 0x0dcc  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:55:07.0189 0x0dcc  RemoteAccess - ok
11:55:07.0221 0x0dcc  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:55:07.0221 0x0dcc  RemoteRegistry - ok
11:55:07.0283 0x0dcc  [ CFF943806EBAD5CFAC26FD3DF304E79F, 4992AFB7CE3E2117A11B97FD92ED2EC02183D461F89179B6EA42C8F5AC973374 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
11:55:07.0299 0x0dcc  RetailDemo - ok
11:55:07.0346 0x0dcc  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
11:55:07.0346 0x0dcc  RpcEptMapper - ok
11:55:07.0392 0x0dcc  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:55:07.0392 0x0dcc  RpcLocator - ok
11:55:07.0439 0x0dcc  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
11:55:07.0455 0x0dcc  RpcSs - ok
11:55:07.0502 0x0dcc  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
11:55:07.0502 0x0dcc  rspndr - ok
11:55:07.0517 0x0dcc  [ FBEFF38DE03450E03E6CD9E8E37A8C74, C1C0876785DB4366D67792A3AFA219FC933FC1894AF93D07B0016BBCC81A5886 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
11:55:07.0533 0x0dcc  rt640x64 - ok
11:55:07.0549 0x0dcc  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap          C:\WINDOWS\System32\drivers\vms3cap.sys
11:55:07.0549 0x0dcc  s3cap - ok
11:55:07.0580 0x0dcc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs          C:\WINDOWS\system32\lsass.exe
11:55:07.0580 0x0dcc  SamSs - ok
11:55:07.0611 0x0dcc  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
11:55:07.0611 0x0dcc  sbp2port - ok
11:55:07.0642 0x0dcc  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
11:55:07.0658 0x0dcc  SCardSvr - ok
11:55:07.0674 0x0dcc  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
11:55:07.0674 0x0dcc  ScDeviceEnum - ok
11:55:07.0689 0x0dcc  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:55:07.0689 0x0dcc  scfilter - ok
11:55:07.0767 0x0dcc  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:55:07.0799 0x0dcc  Schedule - ok
11:55:07.0830 0x0dcc  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc    C:\WINDOWS\System32\certprop.dll
11:55:07.0846 0x0dcc  SCPolicySvc - ok
11:55:07.0877 0x0dcc  [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus          C:\WINDOWS\System32\drivers\sdbus.sys
11:55:07.0877 0x0dcc  sdbus - ok
11:55:07.0924 0x0dcc  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
11:55:07.0924 0x0dcc  SDRSVC - ok
11:55:07.0955 0x0dcc  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
11:55:07.0971 0x0dcc  sdstor - ok
11:55:08.0017 0x0dcc  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
11:55:08.0017 0x0dcc  seclogon - ok
11:55:08.0049 0x0dcc  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
11:55:08.0049 0x0dcc  SENS - ok
11:55:08.0142 0x0dcc  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
11:55:08.0158 0x0dcc  SensorDataService - ok
11:55:08.0205 0x0dcc  [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService  C:\WINDOWS\system32\SensorService.dll
11:55:08.0205 0x0dcc  SensorService - ok
11:55:08.0236 0x0dcc  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
11:55:08.0236 0x0dcc  SensrSvc - ok
11:55:08.0267 0x0dcc  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx          C:\WINDOWS\system32\drivers\SerCx.sys
11:55:08.0267 0x0dcc  SerCx - ok
11:55:08.0299 0x0dcc  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
11:55:08.0299 0x0dcc  SerCx2 - ok
11:55:08.0314 0x0dcc  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum        C:\WINDOWS\System32\drivers\serenum.sys
11:55:08.0330 0x0dcc  Serenum - ok
11:55:08.0377 0x0dcc  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\WINDOWS\System32\drivers\serial.sys
11:55:08.0377 0x0dcc  Serial - ok
11:55:08.0408 0x0dcc  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
11:55:08.0408 0x0dcc  sermouse - ok
11:55:08.0455 0x0dcc  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
11:55:08.0455 0x0dcc  SessionEnv - ok
11:55:08.0486 0x0dcc  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy        C:\WINDOWS\System32\drivers\sfloppy.sys
11:55:08.0486 0x0dcc  sfloppy - ok
11:55:08.0517 0x0dcc  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:55:08.0533 0x0dcc  SharedAccess - ok
11:55:08.0611 0x0dcc  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:55:08.0627 0x0dcc  ShellHWDetection - ok
11:55:08.0658 0x0dcc  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:55:08.0658 0x0dcc  SiSRaid2 - ok
11:55:08.0674 0x0dcc  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
11:55:08.0674 0x0dcc  SiSRaid4 - ok
11:55:08.0736 0x0dcc  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost        C:\WINDOWS\System32\smphost.dll
11:55:08.0736 0x0dcc  smphost - ok
11:55:08.0783 0x0dcc  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter      C:\WINDOWS\system32\SmsRouterSvc.dll
11:55:08.0799 0x0dcc  SmsRouter - ok
11:55:08.0830 0x0dcc  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
11:55:08.0830 0x0dcc  SNMPTRAP - ok
11:55:08.0846 0x0dcc  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport      C:\WINDOWS\system32\drivers\spaceport.sys
11:55:08.0861 0x0dcc  spaceport - ok
11:55:08.0861 0x0dcc  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx          C:\WINDOWS\system32\drivers\SpbCx.sys
11:55:08.0861 0x0dcc  SpbCx - ok
11:55:08.0908 0x0dcc  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler        C:\WINDOWS\System32\spoolsv.exe
11:55:08.0924 0x0dcc  Spooler - ok
11:55:09.0111 0x0dcc  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
11:55:09.0205 0x0dcc  sppsvc - ok
11:55:09.0236 0x0dcc  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv            C:\WINDOWS\system32\DRIVERS\srv.sys
11:55:09.0252 0x0dcc  srv - ok
11:55:09.0267 0x0dcc  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
11:55:09.0283 0x0dcc  srv2 - ok
11:55:09.0314 0x0dcc  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:55:09.0330 0x0dcc  srvnet - ok
11:55:09.0408 0x0dcc  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
11:55:09.0439 0x0dcc  SSDPSRV - ok

sumpfgeist 30.08.2016 12:27
TDSS-Log Part2
 
Code:
11:55:09.0486 0x0dcc  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc        C:\WINDOWS\system32\sstpsvc.dll
11:55:09.0502 0x0dcc  SstpSvc - ok
11:55:09.0517 0x0dcc  [ D08FFE34AF5B7AC5F69EEA1E0E8C6ECE, CC43752CE5C879E24229C84443DBEE667CE629ECF992AD0D42F0F77FE04F6751 ] ssudmdm        C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
11:55:09.0533 0x0dcc  ssudmdm - ok
11:55:09.0642 0x0dcc  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
11:55:09.0689 0x0dcc  StateRepository - ok
11:55:09.0783 0x0dcc  [ 345C39599C3D4940D12F5F9F42A79229, B5D6C716D374E453940C2A23772B9E063CBCB06DA74574F0F19F813AE65F4A78 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
11:55:09.0814 0x0dcc  Steam Client Service - ok
11:55:09.0830 0x0dcc  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
11:55:09.0830 0x0dcc  stexstor - ok
11:55:09.0924 0x0dcc  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
11:55:09.0939 0x0dcc  stisvc - ok
11:55:09.0955 0x0dcc  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
11:55:09.0971 0x0dcc  storahci - ok
11:55:10.0002 0x0dcc  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt        C:\WINDOWS\system32\drivers\vmstorfl.sys
11:55:10.0002 0x0dcc  storflt - ok
11:55:10.0002 0x0dcc  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
11:55:10.0002 0x0dcc  stornvme - ok
11:55:10.0033 0x0dcc  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
11:55:10.0033 0x0dcc  storqosflt - ok
11:55:10.0096 0x0dcc  [ FE42F8A07885E518ED1E846C93E4B78C, 264B21A5E07654F159A3E324F3B38A8C11AF619F61B5779A46367DD99EBD00A6 ] StorSvc        C:\WINDOWS\system32\storsvc.dll
11:55:10.0111 0x0dcc  StorSvc - ok
11:55:10.0127 0x0dcc  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs        C:\WINDOWS\system32\drivers\storufs.sys
11:55:10.0127 0x0dcc  storufs - ok
11:55:10.0142 0x0dcc  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc        C:\WINDOWS\system32\drivers\storvsc.sys
11:55:10.0142 0x0dcc  storvsc - ok
11:55:10.0174 0x0dcc  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc          C:\WINDOWS\system32\svsvc.dll
11:55:10.0174 0x0dcc  svsvc - ok
11:55:10.0205 0x0dcc  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
11:55:10.0205 0x0dcc  swenum - ok
11:55:10.0252 0x0dcc  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv          C:\WINDOWS\System32\swprv.dll
11:55:10.0267 0x0dcc  swprv - ok
11:55:10.0299 0x0dcc  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
11:55:10.0299 0x0dcc  Synth3dVsc - ok
11:55:10.0392 0x0dcc  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain        C:\WINDOWS\system32\sysmain.dll
11:55:10.0408 0x0dcc  SysMain - ok
11:55:10.0439 0x0dcc  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:55:10.0439 0x0dcc  SystemEventsBroker - ok
11:55:10.0471 0x0dcc  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:55:10.0486 0x0dcc  TabletInputService - ok
11:55:10.0502 0x0dcc  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
11:55:10.0502 0x0dcc  TapiSrv - ok
11:55:10.0611 0x0dcc  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip          C:\WINDOWS\system32\drivers\tcpip.sys
11:55:10.0658 0x0dcc  Tcpip - ok
11:55:10.0705 0x0dcc  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
11:55:10.0752 0x0dcc  Tcpip6 - ok
11:55:10.0799 0x0dcc  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
11:55:10.0799 0x0dcc  tcpipreg - ok
11:55:10.0846 0x0dcc  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx            C:\WINDOWS\system32\DRIVERS\tdx.sys
11:55:10.0861 0x0dcc  tdx - ok
11:55:10.0877 0x0dcc  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
11:55:10.0877 0x0dcc  terminpt - ok
11:55:10.0939 0x0dcc  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService    C:\WINDOWS\System32\termsrv.dll
11:55:10.0955 0x0dcc  TermService - ok
11:55:10.0971 0x0dcc  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
11:55:10.0986 0x0dcc  Themes - ok
11:55:11.0017 0x0dcc  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
11:55:11.0017 0x0dcc  TieringEngineService - ok
11:55:11.0064 0x0dcc  [ 82BC3D304654F8EBEFABDDC2AD70AFE3, 466334A46F6579E7C3F619B15243B270AACE9D04FE06E5228B4759FD619BDDD9 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
11:55:11.0064 0x0dcc  tiledatamodelsvc - ok
11:55:11.0111 0x0dcc  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
11:55:11.0111 0x0dcc  TimeBroker - ok
11:55:11.0158 0x0dcc  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM            C:\WINDOWS\System32\drivers\tpm.sys
11:55:11.0158 0x0dcc  TPM - ok
11:55:11.0189 0x0dcc  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
11:55:11.0205 0x0dcc  TrkWks - ok
11:55:11.0330 0x0dcc  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:55:11.0330 0x0dcc  TrustedInstaller - ok
11:55:11.0361 0x0dcc  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
11:55:11.0377 0x0dcc  tsusbflt - ok
11:55:11.0377 0x0dcc  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD        C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:55:11.0377 0x0dcc  TsUsbGD - ok
11:55:11.0408 0x0dcc  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
11:55:11.0408 0x0dcc  tunnel - ok
11:55:11.0439 0x0dcc  [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
11:55:11.0455 0x0dcc  tzautoupdate - ok
11:55:11.0471 0x0dcc  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
11:55:11.0471 0x0dcc  uagp35 - ok
11:55:11.0502 0x0dcc  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
11:55:11.0502 0x0dcc  UASPStor - ok
11:55:11.0533 0x0dcc  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101      C:\WINDOWS\system32\Drivers\UcmCx.sys
11:55:11.0533 0x0dcc  UcmCx0101 - ok
11:55:11.0549 0x0dcc  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi        C:\WINDOWS\System32\drivers\UcmUcsi.sys
11:55:11.0549 0x0dcc  UcmUcsi - ok
11:55:11.0580 0x0dcc  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
11:55:11.0580 0x0dcc  Ucx01000 - ok
11:55:11.0596 0x0dcc  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx          C:\WINDOWS\system32\drivers\udecx.sys
11:55:11.0596 0x0dcc  UdeCx - ok
11:55:11.0611 0x0dcc  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
11:55:11.0611 0x0dcc  udfs - ok
11:55:11.0627 0x0dcc  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
11:55:11.0627 0x0dcc  UEFI - ok
11:55:11.0674 0x0dcc  [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
11:55:11.0689 0x0dcc  Ufx01000 - ok
11:55:11.0689 0x0dcc  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea    C:\WINDOWS\System32\drivers\UfxChipidea.sys
11:55:11.0689 0x0dcc  UfxChipidea - ok
11:55:11.0721 0x0dcc  [ 2A87EA182EA333D79AA0B03833EA67F2, 227792A8B4E63CF60A3DEECF829448C8FD59A40DEF3F42414E432820F8D34F64 ] ufxsynopsys    C:\WINDOWS\System32\drivers\ufxsynopsys.sys
11:55:11.0721 0x0dcc  ufxsynopsys - ok
11:55:11.0752 0x0dcc  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect      C:\WINDOWS\system32\UI0Detect.exe
11:55:11.0752 0x0dcc  UI0Detect - ok
11:55:11.0767 0x0dcc  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
11:55:11.0767 0x0dcc  uliagpkx - ok
11:55:11.0783 0x0dcc  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus          C:\WINDOWS\System32\drivers\umbus.sys
11:55:11.0783 0x0dcc  umbus - ok
11:55:11.0799 0x0dcc  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
11:55:11.0799 0x0dcc  UmPass - ok
11:55:11.0846 0x0dcc  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
11:55:11.0846 0x0dcc  UmRdpService - ok
11:55:11.0908 0x0dcc  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc    C:\WINDOWS\System32\unistore.dll
11:55:11.0924 0x0dcc  UnistoreSvc - ok
11:55:11.0955 0x0dcc  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:55:11.0955 0x0dcc  upnphost - ok
11:55:11.0986 0x0dcc  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea    C:\WINDOWS\System32\drivers\urschipidea.sys
11:55:11.0986 0x0dcc  UrsChipidea - ok
11:55:11.0986 0x0dcc  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
11:55:11.0986 0x0dcc  UrsCx01000 - ok
11:55:12.0002 0x0dcc  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys    C:\WINDOWS\System32\drivers\urssynopsys.sys
11:55:12.0002 0x0dcc  UrsSynopsys - ok
11:55:12.0033 0x0dcc  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64      C:\WINDOWS\System32\Drivers\usbaapl64.sys
11:55:12.0033 0x0dcc  USBAAPL64 - ok
11:55:12.0049 0x0dcc  [ 9F9D5E2086BB9AEEA96E9BF73B7B2D32, AFA84CE1E96C07EBFB7A05D0181C876E027B848AF6C6DB932765912B814CAF56 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:55:12.0049 0x0dcc  usbaudio - ok
11:55:12.0064 0x0dcc  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp        C:\WINDOWS\System32\drivers\usbccgp.sys
11:55:12.0064 0x0dcc  usbccgp - ok
11:55:12.0080 0x0dcc  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
11:55:12.0080 0x0dcc  usbcir - ok
11:55:12.0111 0x0dcc  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci        C:\WINDOWS\System32\drivers\usbehci.sys
11:55:12.0111 0x0dcc  usbehci - ok
11:55:12.0142 0x0dcc  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
11:55:12.0142 0x0dcc  usbhub - ok
11:55:12.0174 0x0dcc  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3        C:\WINDOWS\System32\drivers\UsbHub3.sys
11:55:12.0174 0x0dcc  USBHUB3 - ok
11:55:12.0189 0x0dcc  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci        C:\WINDOWS\System32\drivers\usbohci.sys
11:55:12.0189 0x0dcc  usbohci - ok
11:55:12.0221 0x0dcc  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
11:55:12.0221 0x0dcc  usbprint - ok
11:55:12.0252 0x0dcc  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
11:55:12.0252 0x0dcc  usbser - ok
11:55:12.0283 0x0dcc  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR        C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:55:12.0299 0x0dcc  USBSTOR - ok
11:55:12.0330 0x0dcc  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci        C:\WINDOWS\System32\drivers\usbuhci.sys
11:55:12.0330 0x0dcc  usbuhci - ok
11:55:12.0392 0x0dcc  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI        C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:55:12.0408 0x0dcc  USBXHCI - ok
11:55:12.0471 0x0dcc  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc    C:\WINDOWS\System32\userdataservice.dll
11:55:12.0486 0x0dcc  UserDataSvc - ok
11:55:12.0549 0x0dcc  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager    C:\WINDOWS\System32\usermgr.dll
11:55:12.0564 0x0dcc  UserManager - ok
11:55:12.0611 0x0dcc  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\WINDOWS\system32\usocore.dll
11:55:12.0611 0x0dcc  UsoSvc - ok
11:55:12.0642 0x0dcc  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
11:55:12.0642 0x0dcc  VaultSvc - ok
11:55:12.0674 0x0dcc  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
11:55:12.0674 0x0dcc  vdrvroot - ok
11:55:12.0736 0x0dcc  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds            C:\WINDOWS\System32\vds.exe
11:55:12.0767 0x0dcc  vds - ok
11:55:12.0783 0x0dcc  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt    C:\WINDOWS\system32\drivers\VerifierExt.sys
11:55:12.0783 0x0dcc  VerifierExt - ok
11:55:12.0814 0x0dcc  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp          C:\WINDOWS\System32\drivers\vhdmp.sys
11:55:12.0814 0x0dcc  vhdmp - ok
11:55:12.0846 0x0dcc  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf            C:\WINDOWS\System32\drivers\vhf.sys
11:55:12.0846 0x0dcc  vhf - ok
11:55:12.0924 0x0dcc  [ EF2270C2DF2B61FF1B8C422DC443CEFE, 30C74108BC0DE5884D64C7611CE8282CE556D9B42D7BE1FE569DE2067FBB4D5A ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
11:55:12.0939 0x0dcc  VIAHdAudAddService - ok
11:55:12.0955 0x0dcc  [ 004175DA13E0372DA58F523104921631, 413A4C8169EDFDBAA58DA5FEDCBF1D0525F64A7AD34BAF17E29BCD14C1C189A7 ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
11:55:12.0955 0x0dcc  VIAKaraokeService - ok
11:55:12.0955 0x0dcc  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus          C:\WINDOWS\system32\drivers\vmbus.sys
11:55:12.0955 0x0dcc  vmbus - ok
11:55:12.0986 0x0dcc  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
11:55:12.0986 0x0dcc  VMBusHID - ok
11:55:13.0033 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
11:55:13.0033 0x0dcc  vmicguestinterface - ok
11:55:13.0049 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat  C:\WINDOWS\System32\ICSvc.dll
11:55:13.0064 0x0dcc  vmicheartbeat - ok
11:55:13.0080 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:55:13.0080 0x0dcc  vmickvpexchange - ok
11:55:13.0096 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv        C:\WINDOWS\System32\ICSvc.dll
11:55:13.0111 0x0dcc  vmicrdv - ok
11:55:13.0127 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
11:55:13.0127 0x0dcc  vmicshutdown - ok
11:55:13.0142 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
11:55:13.0158 0x0dcc  vmictimesync - ok
11:55:13.0174 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession  C:\WINDOWS\System32\ICSvc.dll
11:55:13.0174 0x0dcc  vmicvmsession - ok
11:55:13.0189 0x0dcc  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss        C:\WINDOWS\System32\ICSvc.dll
11:55:13.0205 0x0dcc  vmicvss - ok
11:55:13.0236 0x0dcc  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
11:55:13.0236 0x0dcc  volmgr - ok
11:55:13.0267 0x0dcc  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx        C:\WINDOWS\system32\drivers\volmgrx.sys
11:55:13.0267 0x0dcc  volmgrx - ok
11:55:13.0283 0x0dcc  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap        C:\WINDOWS\system32\drivers\volsnap.sys
11:55:13.0299 0x0dcc  volsnap - ok
11:55:13.0314 0x0dcc  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
11:55:13.0314 0x0dcc  vpci - ok
11:55:13.0346 0x0dcc  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid        C:\WINDOWS\system32\drivers\vsmraid.sys
11:55:13.0346 0x0dcc  vsmraid - ok
11:55:13.0408 0x0dcc  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS            C:\WINDOWS\system32\vssvc.exe
11:55:13.0424 0x0dcc  VSS - ok
11:55:13.0627 0x0dcc  [ 79F4D90FAA0ACC1866F2F3E03E39CA89, EE08BCBF29A7E4AFFF520B8DF067281425F433EC275F8C86CE8F20F000E92E3D ] vssbrigde64    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
11:55:13.0642 0x0dcc  vssbrigde64 - ok
11:55:13.0705 0x0dcc  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
11:55:13.0705 0x0dcc  VSTXRAID - ok
11:55:13.0736 0x0dcc  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
11:55:13.0736 0x0dcc  vwifibus - ok
11:55:13.0767 0x0dcc  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
11:55:13.0767 0x0dcc  vwififlt - ok
11:55:13.0846 0x0dcc  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time        C:\WINDOWS\system32\w32time.dll
11:55:13.0861 0x0dcc  W32Time - ok
11:55:13.0924 0x0dcc  [ CDA9A00B16808D7A5BBB66287B89EE21, B25F98F26B0153E5DD5C744539CB6ACAFAA13E0F7B5D140C1844158B79BC9006 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
11:55:13.0924 0x0dcc  w3logsvc - ok
11:55:14.0002 0x0dcc  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] W3SVC          C:\WINDOWS\system32\inetsrv\iisw3adm.dll
11:55:14.0017 0x0dcc  W3SVC - ok
11:55:14.0033 0x0dcc  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
11:55:14.0033 0x0dcc  WacomPen - ok
11:55:14.0080 0x0dcc  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService  C:\WINDOWS\system32\WalletService.dll
11:55:14.0096 0x0dcc  WalletService - ok
11:55:14.0111 0x0dcc  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:55:14.0111 0x0dcc  wanarp - ok
11:55:14.0127 0x0dcc  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:55:14.0127 0x0dcc  wanarpv6 - ok
11:55:14.0142 0x0dcc  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] WAS            C:\WINDOWS\system32\inetsrv\iisw3adm.dll
11:55:14.0142 0x0dcc  WAS - ok
11:55:14.0221 0x0dcc  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
11:55:14.0252 0x0dcc  wbengine - ok
11:55:14.0283 0x0dcc  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
11:55:14.0283 0x0dcc  WbioSrvc - ok
11:55:14.0330 0x0dcc  [ 0BF8D8C7EC9FB15D6480A12101E88B71, E7BC6A4E53D8C9D73BF83097DFE43ED8038B7BED0AE56E5AF7983F74562F15A3 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
11:55:14.0330 0x0dcc  Wcmsvc - ok
11:55:14.0377 0x0dcc  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc        C:\WINDOWS\System32\wcncsvc.dll
11:55:14.0392 0x0dcc  wcncsvc - ok
11:55:14.0408 0x0dcc  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:55:14.0408 0x0dcc  WcsPlugInService - ok
11:55:14.0439 0x0dcc  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
11:55:14.0439 0x0dcc  WdBoot - ok
11:55:14.0502 0x0dcc  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
11:55:14.0517 0x0dcc  Wdf01000 - ok
11:55:14.0533 0x0dcc  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
11:55:14.0549 0x0dcc  WdFilter - ok
11:55:14.0564 0x0dcc  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
11:55:14.0564 0x0dcc  WdiServiceHost - ok
11:55:14.0580 0x0dcc  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost  C:\WINDOWS\system32\wdi.dll
11:55:14.0580 0x0dcc  WdiSystemHost - ok
11:55:14.0627 0x0dcc  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi        C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
11:55:14.0642 0x0dcc  wdiwifi - ok
11:55:14.0689 0x0dcc  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
11:55:14.0705 0x0dcc  WdNisDrv - ok
11:55:14.0736 0x0dcc  WdNisSvc - ok
11:55:14.0783 0x0dcc  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient      C:\WINDOWS\System32\webclnt.dll
11:55:14.0783 0x0dcc  WebClient - ok
11:55:14.0799 0x0dcc  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
11:55:14.0799 0x0dcc  Wecsvc - ok
11:55:14.0799 0x0dcc  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
11:55:14.0799 0x0dcc  WEPHOSTSVC - ok
11:55:14.0814 0x0dcc  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport  C:\WINDOWS\System32\wercplsupport.dll
11:55:14.0814 0x0dcc  wercplsupport - ok
11:55:14.0846 0x0dcc  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
11:55:14.0846 0x0dcc  WerSvc - ok
11:55:14.0861 0x0dcc  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS        C:\WINDOWS\system32\drivers\wfplwfs.sys
11:55:14.0861 0x0dcc  WFPLWFS - ok
11:55:14.0877 0x0dcc  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
11:55:14.0892 0x0dcc  WiaRpc - ok
11:55:14.0908 0x0dcc  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
11:55:14.0908 0x0dcc  WIMMount - ok
11:55:14.0908 0x0dcc  WinDefend - ok
11:55:14.0971 0x0dcc  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
11:55:14.0971 0x0dcc  WindowsTrustedRT - ok
11:55:15.0002 0x0dcc  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
11:55:15.0002 0x0dcc  WindowsTrustedRTProxy - ok
11:55:15.0111 0x0dcc  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:55:15.0127 0x0dcc  WinHttpAutoProxySvc - ok
11:55:15.0174 0x0dcc  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
11:55:15.0174 0x0dcc  WinMad - ok
11:55:15.0236 0x0dcc  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
11:55:15.0236 0x0dcc  Winmgmt - ok
11:55:15.0314 0x0dcc  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM          C:\WINDOWS\system32\WsmSvc.dll
11:55:15.0361 0x0dcc  WinRM - ok
11:55:15.0408 0x0dcc  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
11:55:15.0408 0x0dcc  WINUSB - ok
11:55:15.0408 0x0dcc  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
11:55:15.0424 0x0dcc  WinVerbs - ok
11:55:15.0533 0x0dcc  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc        C:\WINDOWS\System32\wlansvc.dll
11:55:15.0564 0x0dcc  WlanSvc - ok
11:55:15.0689 0x0dcc  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc        C:\WINDOWS\system32\wlidsvc.dll
11:55:15.0721 0x0dcc  wlidsvc - ok
11:55:15.0736 0x0dcc  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi        C:\WINDOWS\System32\drivers\wmiacpi.sys
11:55:15.0736 0x0dcc  WmiAcpi - ok
11:55:15.0783 0x0dcc  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:55:15.0783 0x0dcc  wmiApSrv - ok
11:55:15.0814 0x0dcc  WMPNetworkSvc - ok
11:55:15.0861 0x0dcc  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof            C:\WINDOWS\system32\drivers\Wof.sys
11:55:15.0877 0x0dcc  Wof - ok
11:55:15.0955 0x0dcc  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
11:55:15.0986 0x0dcc  workfolderssvc - ok
11:55:16.0017 0x0dcc  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr        C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:55:16.0017 0x0dcc  wpcfltr - ok
11:55:16.0049 0x0dcc  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
11:55:16.0064 0x0dcc  WPDBusEnum - ok
11:55:16.0064 0x0dcc  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr      C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:55:16.0064 0x0dcc  WpdUpFltr - ok
11:55:16.0096 0x0dcc  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
11:55:16.0096 0x0dcc  WpnService - ok
11:55:16.0111 0x0dcc  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl        C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:55:16.0127 0x0dcc  ws2ifsl - ok
11:55:16.0174 0x0dcc  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:55:16.0189 0x0dcc  wscsvc - ok
11:55:16.0189 0x0dcc  WSearch - ok
11:55:16.0314 0x0dcc  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService      C:\WINDOWS\System32\WSService.dll
11:55:16.0361 0x0dcc  WSService - ok
11:55:16.0455 0x0dcc  [ 8A88DBA247BFF23BD284C2189F41FDA5, 86A617CB7C7473306DA2889AA30B488ABB9B824F7DCA31AA675DA6EB3974887C ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
11:55:16.0486 0x0dcc  wuauserv - ok
11:55:16.0533 0x0dcc  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
11:55:16.0533 0x0dcc  WudfPf - ok
11:55:16.0549 0x0dcc  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
11:55:16.0549 0x0dcc  WUDFRd - ok
11:55:16.0596 0x0dcc  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc        C:\WINDOWS\System32\WUDFSvc.dll
11:55:16.0596 0x0dcc  wudfsvc - ok
11:55:16.0611 0x0dcc  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:55:16.0611 0x0dcc  WUDFWpdFs - ok
11:55:16.0611 0x0dcc  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:55:16.0611 0x0dcc  WUDFWpdMtp - ok
11:55:16.0658 0x0dcc  [ 5DA95027DF2317174E8C39B4A8D1FCD8, 99B356411CB08B8BCCF2348DBF1FD5D4F417EA509D9C7CE23E5877C333F4D304 ] WwanSvc        C:\WINDOWS\System32\wwansvc.dll
11:55:16.0689 0x0dcc  WwanSvc - ok
11:55:16.0736 0x0dcc  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
11:55:16.0752 0x0dcc  XblAuthManager - ok
11:55:16.0814 0x0dcc  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave    C:\WINDOWS\System32\XblGameSave.dll
11:55:16.0846 0x0dcc  XblGameSave - ok
11:55:16.0861 0x0dcc  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip        C:\WINDOWS\System32\drivers\xboxgip.sys
11:55:16.0861 0x0dcc  xboxgip - ok
11:55:16.0908 0x0dcc  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc  C:\WINDOWS\system32\XboxNetApiSvc.dll
11:55:16.0924 0x0dcc  XboxNetApiSvc - ok
11:55:16.0955 0x0dcc  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid      C:\WINDOWS\System32\drivers\xinputhid.sys
11:55:16.0955 0x0dcc  xinputhid - ok
11:55:16.0986 0x0dcc  ZAM - ok
11:55:17.0361 0x0dcc  [ 83584144FDA53E1E6AB82FB45DE92734, 2257E40FCB545EFA7192C8E245DA188BC5CE6454104E84524C65E4AA7939AFD6 ] ZAMSvc          C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
11:55:17.0564 0x0dcc  ZAMSvc - ok
11:55:17.0627 0x0dcc  [ 99C131567C10C25589E741E69A8F8AA3, 45F42C5D874369D6BE270EA27A5511EFCCA512AEAC7977F83A51B7C4DEE6B5EF ] ZAM_Guard      C:\WINDOWS\System32\drivers\zamguard64.sys
11:55:17.0627 0x0dcc  ZAM_Guard - ok
11:55:17.0627 0x0dcc  ================ Scan global ===============================
11:55:17.0674 0x0dcc  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
11:55:17.0705 0x0dcc  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
11:55:17.0752 0x0dcc  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
11:55:17.0767 0x0dcc  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
11:55:17.0783 0x0dcc  [ Global ] - ok
11:55:17.0783 0x0dcc  ================ Scan MBR ==================================
11:55:17.0799 0x0dcc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:55:18.0096 0x0dcc  \Device\Harddisk0\DR0 - ok
11:55:18.0158 0x0dcc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
11:55:18.0299 0x0dcc  \Device\Harddisk1\DR1 - ok
11:55:18.0299 0x0dcc  ================ Scan VBR ==================================
11:55:18.0314 0x0dcc  [ 88CC63F3428BC84D310CA85C7892FC80 ] \Device\Harddisk0\DR0\Partition1
11:55:18.0314 0x0dcc  \Device\Harddisk0\DR0\Partition1 - ok
11:55:18.0314 0x0dcc  [ BF40913F338A3416491ADD862AEF2C82 ] \Device\Harddisk0\DR0\Partition2
11:55:18.0330 0x0dcc  \Device\Harddisk0\DR0\Partition2 - ok
11:55:18.0346 0x0dcc  [ 3524ED0B64E994815453770100BD4285 ] \Device\Harddisk1\DR1\Partition1
11:55:18.0346 0x0dcc  \Device\Harddisk1\DR1\Partition1 - ok
11:55:18.0361 0x0dcc  [ E70AF4BF8F86768B73AACE28C07293B4 ] \Device\Harddisk1\DR1\Partition2
11:55:18.0361 0x0dcc  \Device\Harddisk1\DR1\Partition2 - ok
11:55:18.0392 0x0dcc  [ 50F72B46B4A1E426173241E8223D18E4 ] \Device\Harddisk1\DR1\Partition3
11:55:18.0392 0x0dcc  \Device\Harddisk1\DR1\Partition3 - ok
11:55:18.0392 0x0dcc  ================ Scan generic autorun ======================
11:55:18.0580 0x0dcc  [ EB02DAC756DEF2FADB8B63933473006C, 2590C6E5AE69FA29A91347C2D41FD940B984A8A2B8AD4F1B90FF4F107E7DDA7C ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
11:55:18.0674 0x0dcc  HDAudDeck - ok
11:55:18.0721 0x0dcc  [ B899B4608BB72DB2FCC11D350A36D2C6, 7804CA2F8C72936B47D2490A5D36DA45C706ABD2FF247ED7ABC6544EE1BDF09D ] C:\Program Files (x86)\PDF24\pdf24.exe
11:55:18.0736 0x0dcc  PDFPrint - ok
11:55:18.0767 0x0dcc  [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
11:55:18.0767 0x0dcc  iTunesHelper - ok
11:55:19.0033 0x0dcc  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
11:55:19.0174 0x0dcc  OneDriveSetup - ok
11:55:19.0346 0x0dcc  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
11:55:19.0471 0x0dcc  OneDriveSetup - ok
11:55:19.0689 0x0dcc  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe
11:55:19.0705 0x0dcc  OneDrive - ok
11:55:19.0892 0x0dcc  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
11:55:20.0002 0x0dcc  OneDriveSetup - ok
11:55:20.0142 0x0dcc  [ CB396B37F21C205F00ACE39CF999295A, FD8CB2426D4B9F13480DD823F0479E75316F6486262E88E420398A2C7AB91F57 ] C:\Program Files (x86)\Windows Mail\wab.exe
11:55:20.0158 0x0dcc  WAB Migrate - ok
11:55:20.0346 0x0dcc  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
11:55:20.0471 0x0dcc  OneDriveSetup - ok
11:55:20.0471 0x0dcc  Waiting for KSN requests completion. In queue: 186
11:55:21.0486 0x0dcc  Waiting for KSN requests completion. In queue: 186
11:55:22.0502 0x0dcc  Waiting for KSN requests completion. In queue: 186
11:55:23.0564 0x0dcc  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41000 ( enabled : updated )
11:55:23.0564 0x0dcc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
11:55:23.0564 0x0dcc  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41010 ( enabled )
11:55:26.0017 0x0dcc  ============================================================
11:55:26.0017 0x0dcc  Scan finished
11:55:26.0017 0x0dcc  ============================================================
11:55:26.0049 0x1a88  Detected object count: 0
11:55:26.0049 0x1a88  Actual detected object count: 0
11:57:17.0353 0x0fa8  Deinitialize success
Hallo, sorry ich hab die erweiterten Einstellungen übersehen, deshalb kommt hier noch einmal das Log. Ich hoffe das passt jetzt so...
Code:
13:20:51.0893 0x1424  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
13:21:01.0534 0x1424  ============================================================
13:21:01.0534 0x1424  Current date / time: 2016/08/30 13:21:01.0534
13:21:01.0534 0x1424  SystemInfo:
13:21:01.0565 0x1424 
13:21:01.0565 0x1424  OS Version: 10.0.10586 ServicePack: 0.0
13:21:01.0565 0x1424  Product type: Workstation
13:21:01.0565 0x1424  ComputerName: WINDOWS-0GJL1H2
13:21:01.0565 0x1424  UserName: xxx
13:21:01.0565 0x1424  Windows directory: C:\WINDOWS
13:21:01.0565 0x1424  System windows directory: C:\WINDOWS
13:21:01.0565 0x1424  Running under WOW64
13:21:01.0565 0x1424  Processor architecture: Intel x64
13:21:01.0565 0x1424  Number of processors: 2
13:21:01.0565 0x1424  Page size: 0x1000
13:21:01.0565 0x1424  Boot type: Normal boot
13:21:01.0565 0x1424  CodeIntegrityOptions = 0x00000001
13:21:01.0565 0x1424  ============================================================
13:21:01.0925 0x1424  KLMD registered as C:\WINDOWS\system32\drivers\18783141.sys
13:21:01.0925 0x1424  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.306, osProperties = 0x19
13:21:02.0331 0x1424  System UUID: {B41A7C91-4957-DEC1-74D4-BFE19FAB9829}
13:21:02.0878 0x1424  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:21:02.0878 0x1424  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:21:02.0893 0x1424  ============================================================
13:21:02.0893 0x1424  \Device\Harddisk0\DR0:
13:21:02.0893 0x1424  MBR partitions:
13:21:02.0893 0x1424  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:21:02.0893 0x1424  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A272000
13:21:02.0893 0x1424  \Device\Harddisk1\DR1:
13:21:02.0893 0x1424  MBR partitions:
13:21:02.0893 0x1424  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
13:21:02.0893 0x1424  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
13:21:02.0893 0x1424  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
13:21:02.0893 0x1424  ============================================================
13:21:02.0925 0x1424  C: <-> \Device\Harddisk0\DR0\Partition2
13:21:03.0284 0x1424  E: <-> \Device\Harddisk1\DR1\Partition1
13:21:03.0331 0x1424  F: <-> \Device\Harddisk1\DR1\Partition3
13:21:03.0362 0x1424  G: <-> \Device\Harddisk1\DR1\Partition2
13:21:03.0362 0x1424  ============================================================
13:21:03.0362 0x1424  Initialize success
13:21:03.0362 0x1424  ============================================================
13:21:38.0621 0x13c0  ============================================================
13:21:38.0621 0x13c0  Scan started
13:21:38.0621 0x13c0  Mode: Manual; SigCheck; TDLFS;
13:21:38.0621 0x13c0  ============================================================
13:21:38.0621 0x13c0  KSN ping started
13:21:41.0033 0x13c0  KSN ping finished: true
13:21:43.0247 0x13c0  ================ Scan system memory ========================
13:21:43.0247 0x13c0  System memory - ok
13:21:43.0247 0x13c0  ================ Scan services =============================
13:21:43.0425 0x13c0  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
13:21:43.0480 0x13c0  1394ohci - ok
13:21:43.0507 0x13c0  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware          C:\WINDOWS\system32\drivers\3ware.sys
13:21:43.0519 0x13c0  3ware - ok
13:21:43.0568 0x13c0  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
13:21:43.0591 0x13c0  ACPI - ok
13:21:43.0609 0x13c0  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
13:21:43.0622 0x13c0  acpiex - ok
13:21:43.0638 0x13c0  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
13:21:43.0651 0x13c0  acpipagr - ok
13:21:43.0679 0x13c0  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi        C:\WINDOWS\System32\drivers\acpipmi.sys
13:21:43.0691 0x13c0  AcpiPmi - ok
13:21:43.0712 0x13c0  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
13:21:43.0724 0x13c0  acpitime - ok
13:21:43.0832 0x13c0  [ 68E7DEA59FDEF410BAF29FDB5B7A6EEF, B808FCF0C30B465A1330E47947B84FC722A3B4C46260E261C54B1EED725A288F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:21:43.0856 0x13c0  AdobeARMservice - ok
13:21:43.0955 0x13c0  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:43.0971 0x13c0  AdobeFlashPlayerUpdateSvc - ok
13:21:44.0026 0x13c0  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX        C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:21:44.0063 0x13c0  ADP80XX - ok
13:21:44.0099 0x13c0  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD            C:\WINDOWS\system32\drivers\afd.sys
13:21:44.0123 0x13c0  AFD - ok
13:21:44.0130 0x13c0  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
13:21:44.0141 0x13c0  agp440 - ok
13:21:44.0183 0x13c0  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache        C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:21:44.0202 0x13c0  ahcache - ok
13:21:44.0230 0x13c0  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
13:21:44.0242 0x13c0  AJRouter - ok
13:21:44.0265 0x13c0  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG            C:\WINDOWS\System32\alg.exe
13:21:44.0280 0x13c0  ALG - ok
13:21:44.0317 0x13c0  [ 7FE59496114A48A64E98E3218664A3E6, 1C11EE3686CB7F57783A5A5F56CCED71F61A46B26B0F4C4D04B1B37E8AC5A7D1 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
13:21:44.0344 0x13c0  AMD External Events Utility - ok
13:21:44.0366 0x13c0  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8          C:\WINDOWS\System32\drivers\amdk8.sys
13:21:44.0381 0x13c0  AmdK8 - ok
13:21:44.0683 0x13c0  [ E66C25946B3D9268D8E10D3769CF4719, C273A59D3A29549E3C8BBF896015CA0E5D64A4ECCD6C2FF360927773DA736022 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
13:21:45.0060 0x13c0  amdkmdag - ok
13:21:45.0203 0x13c0  [ D1D66D1D42E53B53AFC7598058E71796, 12A1C8D895891F89745493091174D3FF5A9953F21427E7E1BE1120DA762E0CBD ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
13:21:45.0246 0x13c0  amdkmdap - ok
13:21:45.0269 0x13c0  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
13:21:45.0284 0x13c0  AmdPPM - ok
13:21:45.0325 0x13c0  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata        C:\WINDOWS\system32\drivers\amdsata.sys
13:21:45.0337 0x13c0  amdsata - ok
13:21:45.0348 0x13c0  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
13:21:45.0364 0x13c0  amdsbs - ok
13:21:45.0375 0x13c0  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata        C:\WINDOWS\system32\drivers\amdxata.sys
13:21:45.0385 0x13c0  amdxata - ok
13:21:45.0451 0x13c0  [ ADFFD587A8CBDCEB0566521ACEF707DB, 17CF539B17FAAF4CC4306B6D2BBD36D80C93FB49A614293D7351A92445C6C1D0 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
13:21:45.0465 0x13c0  AppHostSvc - ok
13:21:45.0496 0x13c0  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID          C:\WINDOWS\system32\drivers\appid.sys
13:21:45.0509 0x13c0  AppID - ok
13:21:45.0531 0x13c0  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
13:21:45.0548 0x13c0  AppIDSvc - ok
13:21:45.0574 0x13c0  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo        C:\WINDOWS\System32\appinfo.dll
13:21:45.0592 0x13c0  Appinfo - ok
13:21:45.0627 0x13c0  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:21:45.0634 0x13c0  Apple Mobile Device - ok
13:21:45.0648 0x13c0  [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
13:21:45.0666 0x13c0  AppMgmt - ok
13:21:45.0700 0x13c0  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
13:21:45.0729 0x13c0  AppReadiness - ok
13:21:45.0812 0x13c0  [ 087FBBC026DCC0F693E91079B9901B7E, 544DEC1255923DBDC8351B6CE2220FBC9929F2FFE52C91062C23DE7734DA7A2F ] AppXSvc        C:\WINDOWS\system32\appxdeploymentserver.dll
13:21:45.0886 0x13c0  AppXSvc - ok
13:21:45.0911 0x13c0  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
13:21:45.0923 0x13c0  arcsas - ok
13:21:46.0049 0x13c0  [ 00B0FDD484914F388B5441285FDE24CB, 90AA8A12BB235BFC3A924F0E23BCEE8742817E3BC5A85E49D8AF8B52E8158ECB ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:21:46.0069 0x13c0  aspnet_state - ok
13:21:46.0096 0x13c0  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
13:21:46.0110 0x13c0  AsyncMac - ok
13:21:46.0127 0x13c0  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi          C:\WINDOWS\system32\drivers\atapi.sys
13:21:46.0137 0x13c0  atapi - ok
13:21:46.0206 0x13c0  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:21:46.0247 0x13c0  AudioEndpointBuilder - ok
13:21:46.0303 0x13c0  [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
13:21:46.0352 0x13c0  Audiosrv - ok
13:21:46.0541 0x13c0  [ 50C3C62FFE6337E6E4F2F01CB07DF63C, CC9C7D2827E872F22A2A79D42195530F61DF6EA6A1C8F520E25DB35537574FAB ] AVP16.0.0      C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
13:21:46.0569 0x13c0  AVP16.0.0 - ok
13:21:46.0601 0x13c0  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
13:21:46.0619 0x13c0  AxInstSV - ok
13:21:46.0656 0x13c0  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv        C:\WINDOWS\system32\drivers\bxvbda.sys
13:21:46.0678 0x13c0  b06bdrv - ok
13:21:46.0695 0x13c0  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:21:46.0707 0x13c0  BasicDisplay - ok
13:21:46.0718 0x13c0  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender    C:\WINDOWS\System32\drivers\BasicRender.sys
13:21:46.0730 0x13c0  BasicRender - ok
13:21:46.0753 0x13c0  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn          C:\WINDOWS\System32\drivers\bcmfn.sys
13:21:46.0764 0x13c0  bcmfn - ok
13:21:46.0769 0x13c0  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
13:21:46.0781 0x13c0  bcmfn2 - ok
13:21:46.0821 0x13c0  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
13:21:46.0843 0x13c0  BDESVC - ok
13:21:46.0881 0x13c0  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:21:46.0917 0x13c0  Beep - ok
13:21:46.0980 0x13c0  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE            C:\WINDOWS\System32\bfe.dll
13:21:47.0022 0x13c0  BFE - ok
13:21:47.0087 0x13c0  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
13:21:47.0134 0x13c0  BITS - ok
13:21:47.0218 0x13c0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:21:47.0244 0x13c0  Bonjour Service - ok
13:21:47.0264 0x13c0  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
13:21:47.0278 0x13c0  bowser - ok
13:21:47.0333 0x13c0  [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:21:47.0363 0x13c0  BrokerInfrastructure - ok
13:21:47.0409 0x13c0  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser        C:\WINDOWS\System32\browser.dll
13:21:47.0425 0x13c0  Browser - ok
13:21:47.0451 0x13c0  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:21:47.0463 0x13c0  BthAvrcpTg - ok
13:21:47.0469 0x13c0  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum      C:\WINDOWS\System32\drivers\bthhfenum.sys
13:21:47.0483 0x13c0  BthHFEnum - ok
13:21:47.0488 0x13c0  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
13:21:47.0501 0x13c0  bthhfhid - ok
13:21:47.0536 0x13c0  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
13:21:47.0558 0x13c0  BthHFSrv - ok
13:21:47.0564 0x13c0  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
13:21:47.0578 0x13c0  BTHMODEM - ok
13:21:47.0586 0x13c0  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv        C:\WINDOWS\system32\bthserv.dll
13:21:47.0600 0x13c0  bthserv - ok
13:21:47.0617 0x13c0  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
13:21:47.0630 0x13c0  buttonconverter - ok
13:21:47.0650 0x13c0  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
13:21:47.0665 0x13c0  CapImg - ok
13:21:47.0701 0x13c0  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:21:47.0715 0x13c0  cdfs - ok
13:21:47.0740 0x13c0  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
13:21:47.0762 0x13c0  CDPSvc - ok
13:21:47.0786 0x13c0  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom          C:\WINDOWS\System32\drivers\cdrom.sys
13:21:47.0802 0x13c0  cdrom - ok
13:21:47.0839 0x13c0  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc    C:\WINDOWS\System32\certprop.dll
13:21:47.0860 0x13c0  CertPropSvc - ok
13:21:47.0881 0x13c0  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
13:21:47.0893 0x13c0  circlass - ok
13:21:47.0919 0x13c0  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
13:21:47.0937 0x13c0  CLFS - ok
13:21:47.0986 0x13c0  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC        C:\WINDOWS\System32\ClipSVC.dll
13:21:48.0012 0x13c0  ClipSVC - ok
13:21:48.0040 0x13c0  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
13:21:48.0052 0x13c0  CmBatt - ok
13:21:48.0106 0x13c0  [ B2A6D2A30E93B6F215F74AC7E1733C9C, 960299F7BF2501B46296EDEA050BF30313C17A9B785574B56B79C070BD1B6E1A ] cm_km          C:\WINDOWS\system32\DRIVERS\cm_km.sys
13:21:48.0130 0x13c0  cm_km - ok
13:21:48.0194 0x13c0  [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG            C:\WINDOWS\system32\Drivers\cng.sys
13:21:48.0219 0x13c0  CNG - ok
13:21:48.0239 0x13c0  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist    C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
13:21:48.0250 0x13c0  cnghwassist - ok
13:21:48.0369 0x13c0  [ 344D99D4E270CDC638231D2B25A977EB, 8F4EEDA12A2FD71F4F10AFC0615AB9C4A3B03D156F831738D253852B9D6800B7 ] CodeMeter.exe  C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
13:21:48.0445 0x13c0  CodeMeter.exe - ok
13:21:48.0548 0x13c0  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
13:21:48.0564 0x13c0  CompositeBus - ok
13:21:48.0568 0x13c0  COMSysApp - ok
13:21:48.0605 0x13c0  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
13:21:48.0616 0x13c0  condrv - ok
13:21:48.0652 0x13c0  [ 86BE19C6A177AEB93302EA5C4FBE2D11, 5404AB84D270549B1A46574EBDC857525F71B117BE3BA0098FA0A696E56D5C39 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
13:21:48.0681 0x13c0  CoreMessagingRegistrar - ok
13:21:48.0723 0x13c0  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
13:21:48.0738 0x13c0  CryptSvc - ok
13:21:48.0761 0x13c0  [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC            C:\WINDOWS\system32\drivers\csc.sys
13:21:48.0802 0x13c0  CSC - ok
13:21:48.0858 0x13c0  [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService      C:\WINDOWS\System32\cscsvc.dll
13:21:48.0891 0x13c0  CscService - ok
13:21:48.0904 0x13c0  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam            C:\WINDOWS\system32\drivers\dam.sys
13:21:48.0914 0x13c0  dam - ok
13:21:49.0044 0x13c0  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:21:49.0098 0x13c0  DcomLaunch - ok
13:21:49.0132 0x13c0  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
13:21:49.0154 0x13c0  DcpSvc - ok
13:21:49.0218 0x13c0  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc      C:\WINDOWS\System32\defragsvc.dll
13:21:49.0259 0x13c0  defragsvc - ok
13:21:49.0339 0x13c0  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:21:49.0370 0x13c0  DeviceAssociationService - ok
13:21:49.0417 0x13c0  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall  C:\WINDOWS\system32\umpnpmgr.dll
13:21:49.0433 0x13c0  DeviceInstall - ok
13:21:49.0448 0x13c0  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
13:21:49.0464 0x13c0  DevQueryBroker - ok
13:21:49.0511 0x13c0  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
13:21:49.0526 0x13c0  Dfsc - ok
13:21:49.0542 0x13c0  [ 0F4A5D01156B948B54550375498B08A2, 1CAE3D744429A06E9C9EC46AC6B216AB68154EF8FACDD0721C47902B83820F56 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
13:21:49.0558 0x13c0  dg_ssudbus - ok
13:21:49.0605 0x13c0  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
13:21:49.0620 0x13c0  Dhcp - ok
13:21:49.0698 0x13c0  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:21:49.0730 0x13c0  diagnosticshub.standardcollector.service - ok
13:21:49.0839 0x13c0  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack      C:\WINDOWS\system32\diagtrack.dll
13:21:49.0886 0x13c0  DiagTrack - ok
13:21:49.0933 0x13c0  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
13:21:49.0948 0x13c0  disk - ok
13:21:49.0995 0x13c0  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
13:21:50.0027 0x13c0  DmEnrollmentSvc - ok
13:21:50.0042 0x13c0  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc          C:\WINDOWS\System32\drivers\dmvsc.sys
13:21:50.0058 0x13c0  dmvsc - ok
13:21:50.0089 0x13c0  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
13:21:50.0105 0x13c0  dmwappushservice - ok
13:21:50.0136 0x13c0  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:21:50.0167 0x13c0  Dnscache - ok
13:21:50.0183 0x13c0  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc        C:\WINDOWS\System32\dot3svc.dll
13:21:50.0214 0x13c0  dot3svc - ok
13:21:50.0230 0x13c0  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS            C:\WINDOWS\system32\dps.dll
13:21:50.0245 0x13c0  DPS - ok
13:21:50.0277 0x13c0  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud        C:\WINDOWS\System32\drivers\drmkaud.sys
13:21:50.0292 0x13c0  drmkaud - ok
13:21:50.0323 0x13c0  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
13:21:50.0339 0x13c0  DsmSvc - ok
13:21:50.0386 0x13c0  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc          C:\WINDOWS\System32\DsSvc.dll
13:21:50.0402 0x13c0  DsSvc - ok
13:21:50.0511 0x13c0  [ 48D8729FACC784900B831212AE56F824, 6AAE1E78B84D0C12B99BE050B787AA167E6BA0B5AA621BEE0DB5312A4771DA63 ] DXGKrnl        C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:21:50.0558 0x13c0  DXGKrnl - ok
13:21:50.0605 0x13c0  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost        C:\WINDOWS\System32\eapsvc.dll
13:21:50.0620 0x13c0  Eaphost - ok
13:21:50.0730 0x13c0  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv          C:\WINDOWS\system32\drivers\evbda.sys
13:21:50.0808 0x13c0  ebdrv - ok
13:21:50.0855 0x13c0  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS            C:\WINDOWS\System32\lsass.exe
13:21:50.0870 0x13c0  EFS - ok
13:21:50.0886 0x13c0  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass    C:\WINDOWS\system32\drivers\EhStorClass.sys
13:21:50.0886 0x13c0  EhStorClass - ok
13:21:50.0917 0x13c0  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:21:50.0917 0x13c0  EhStorTcgDrv - ok
13:21:50.0933 0x13c0  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
13:21:50.0948 0x13c0  embeddedmode - ok
13:21:50.0980 0x13c0  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc      C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
13:21:50.0995 0x13c0  EntAppSvc - ok
13:21:51.0011 0x13c0  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
13:21:51.0027 0x13c0  ErrDev - ok
13:21:51.0058 0x13c0  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem    C:\WINDOWS\system32\es.dll
13:21:51.0089 0x13c0  EventSystem - ok
13:21:51.0136 0x13c0  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat          C:\WINDOWS\system32\drivers\exfat.sys
13:21:51.0152 0x13c0  exfat - ok
13:21:51.0183 0x13c0  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat        C:\WINDOWS\system32\drivers\fastfat.sys
13:21:51.0214 0x13c0  fastfat - ok
13:21:51.0261 0x13c0  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax            C:\WINDOWS\system32\fxssvc.exe
13:21:51.0292 0x13c0  Fax - ok
13:21:51.0308 0x13c0  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc            C:\WINDOWS\System32\drivers\fdc.sys
13:21:51.0323 0x13c0  fdc - ok
13:21:51.0370 0x13c0  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost        C:\WINDOWS\system32\fdPHost.dll
13:21:51.0386 0x13c0  fdPHost - ok
13:21:51.0386 0x13c0  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
13:21:51.0402 0x13c0  FDResPub - ok
13:21:51.0417 0x13c0  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc          C:\WINDOWS\system32\fhsvc.dll
13:21:51.0433 0x13c0  fhsvc - ok
13:21:51.0448 0x13c0  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt      C:\WINDOWS\system32\drivers\filecrypt.sys
13:21:51.0464 0x13c0  FileCrypt - ok
13:21:51.0511 0x13c0  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
13:21:51.0527 0x13c0  FileInfo - ok
13:21:51.0542 0x13c0  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace      C:\WINDOWS\system32\drivers\filetrace.sys
13:21:51.0558 0x13c0  Filetrace - ok
13:21:51.0573 0x13c0  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
13:21:51.0573 0x13c0  flpydisk - ok
13:21:51.0605 0x13c0  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:21:51.0620 0x13c0  FltMgr - ok
13:21:51.0730 0x13c0  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache      C:\WINDOWS\system32\FntCache.dll
13:21:51.0792 0x13c0  FontCache - ok
13:21:51.0870 0x13c0  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:51.0902 0x13c0  FontCache3.0.0.0 - ok
13:21:51.0933 0x13c0  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends      C:\WINDOWS\system32\drivers\FsDepends.sys
13:21:51.0933 0x13c0  FsDepends - ok
13:21:51.0964 0x13c0  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:21:51.0980 0x13c0  Fs_Rec - ok
13:21:52.0011 0x13c0  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:21:52.0042 0x13c0  fvevol - ok
13:21:52.0058 0x13c0  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
13:21:52.0073 0x13c0  gagp30kx - ok
13:21:52.0105 0x13c0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM    C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:21:52.0105 0x13c0  GEARAspiWDM - ok
13:21:52.0136 0x13c0  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
13:21:52.0152 0x13c0  gencounter - ok
13:21:52.0167 0x13c0  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
13:21:52.0167 0x13c0  genericusbfn - ok
13:21:52.0214 0x13c0  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101    C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:21:52.0214 0x13c0  GPIOClx0101 - ok
13:21:52.0277 0x13c0  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc          C:\WINDOWS\System32\gpsvc.dll
13:21:52.0323 0x13c0  gpsvc - ok
13:21:52.0339 0x13c0  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
13:21:52.0355 0x13c0  GpuEnergyDrv - ok
13:21:52.0370 0x13c0  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\WINDOWS\System32\drivers\HdAudio.sys
13:21:52.0402 0x13c0  HdAudAddService - ok
13:21:52.0417 0x13c0  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
13:21:52.0433 0x13c0  HDAudBus - ok
13:21:52.0448 0x13c0  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt        C:\WINDOWS\System32\drivers\HidBatt.sys
13:21:52.0464 0x13c0  HidBatt - ok
13:21:52.0480 0x13c0  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
13:21:52.0495 0x13c0  HidBth - ok
13:21:52.0511 0x13c0  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
13:21:52.0527 0x13c0  hidi2c - ok
13:21:52.0542 0x13c0  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
13:21:52.0542 0x13c0  hidinterrupt - ok
13:21:52.0573 0x13c0  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr          C:\WINDOWS\System32\drivers\hidir.sys
13:21:52.0589 0x13c0  HidIr - ok
13:21:52.0605 0x13c0  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv        C:\WINDOWS\system32\hidserv.dll
13:21:52.0620 0x13c0  hidserv - ok
13:21:52.0636 0x13c0  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
13:21:52.0652 0x13c0  HidUsb - ok
13:21:52.0714 0x13c0  [ 7CEC266216126BC9A0E1072E1A7E5702, 6B2C0768C8F2590E65B9520D266C07D1A9D89B9E185CC359B0453F399836759F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:21:52.0761 0x13c0  HomeGroupListener - ok
13:21:52.0855 0x13c0  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:21:52.0886 0x13c0  HomeGroupProvider - ok
13:21:52.0933 0x13c0  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
13:21:52.0933 0x13c0  HpSAMD - ok
13:21:52.0995 0x13c0  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
13:21:53.0042 0x13c0  HTTP - ok
13:21:53.0058 0x13c0  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
13:21:53.0058 0x13c0  hwpolicy - ok
13:21:53.0089 0x13c0  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
13:21:53.0105 0x13c0  hyperkbd - ok
13:21:53.0120 0x13c0  [ 40115A0F8E7FF9E786EBBD1D33D39AD7, 5190D3970950251CD0946521C428BF26BF7D68C2984B990B8EFDD406EC9CDFE1 ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
13:21:53.0136 0x13c0  HyperVideo - ok
13:21:53.0152 0x13c0  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
13:21:53.0167 0x13c0  i8042prt - ok
13:21:53.0183 0x13c0  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c          C:\WINDOWS\System32\drivers\iai2c.sys
13:21:53.0198 0x13c0  iai2c - ok
13:21:53.0214 0x13c0  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
13:21:53.0230 0x13c0  iaLPSS2i_I2C - ok
13:21:53.0245 0x13c0  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:21:53.0261 0x13c0  iaLPSSi_GPIO - ok
13:21:53.0261 0x13c0  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C    C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:21:53.0277 0x13c0  iaLPSSi_I2C - ok
13:21:53.0308 0x13c0  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
13:21:53.0339 0x13c0  iaStorAV - ok
13:21:53.0355 0x13c0  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV        C:\WINDOWS\system32\drivers\iaStorV.sys
13:21:53.0370 0x13c0  iaStorV - ok
13:21:53.0386 0x13c0  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus          C:\WINDOWS\System32\drivers\ibbus.sys
13:21:53.0402 0x13c0  ibbus - ok
13:21:53.0433 0x13c0  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
13:21:53.0448 0x13c0  icssvc - ok
13:21:53.0464 0x13c0  IEEtwCollectorService - ok
13:21:53.0495 0x13c0  [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
13:21:53.0542 0x13c0  IKEEXT - ok
13:21:53.0558 0x13c0  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
13:21:53.0573 0x13c0  intelide - ok
13:21:53.0589 0x13c0  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
13:21:53.0589 0x13c0  intelpep - ok
13:21:53.0620 0x13c0  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
13:21:53.0636 0x13c0  intelppm - ok
13:21:53.0652 0x13c0  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos          C:\WINDOWS\system32\drivers\ioqos.sys
13:21:53.0667 0x13c0  IoQos - ok
13:21:53.0683 0x13c0  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:21:53.0698 0x13c0  IpFilterDriver - ok
13:21:53.0745 0x13c0  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
13:21:53.0792 0x13c0  iphlpsvc - ok
13:21:53.0792 0x13c0  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV        C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:21:53.0808 0x13c0  IPMIDRV - ok
13:21:53.0839 0x13c0  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT          C:\WINDOWS\system32\drivers\ipnat.sys
13:21:53.0855 0x13c0  IPNAT - ok
13:21:53.0902 0x13c0  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:21:53.0917 0x13c0  iPod Service - ok
13:21:53.0917 0x13c0  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
13:21:53.0933 0x13c0  IRENUM - ok
13:21:53.0964 0x13c0  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
13:21:53.0980 0x13c0  isapnp - ok
13:21:53.0995 0x13c0  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
13:21:54.0011 0x13c0  iScsiPrt - ok
13:21:54.0042 0x13c0  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
13:21:54.0058 0x13c0  kbdclass - ok
13:21:54.0073 0x13c0  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
13:21:54.0089 0x13c0  kbdhid - ok
13:21:54.0105 0x13c0  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic          C:\WINDOWS\System32\drivers\kdnic.sys
13:21:54.0105 0x13c0  kdnic - ok
13:21:54.0120 0x13c0  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
13:21:54.0136 0x13c0  KeyIso - ok
13:21:54.0183 0x13c0  [ BEE1682DA217A4AD46C36896769AA580, 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC ] kl1            C:\WINDOWS\system32\DRIVERS\kl1.sys
13:21:54.0198 0x13c0  kl1 - ok
13:21:54.0230 0x13c0  [ 86F40D79CE80ACBE6BEBAC8CE89D75A0, 8B800425160D1AF3C32EF7B5CA794658EE09CD3EE782473D8D38E1C7706076B3 ] klbackupdisk    C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
13:21:54.0245 0x13c0  klbackupdisk - ok
13:21:54.0261 0x13c0  [ 2B4BC41223326FF440E2DB32B9239138, E95D5BB3388D6B219A4C175D5DA77CEB620A27A13F5AA4E7E2C05694B6E26947 ] klbackupflt    C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
13:21:54.0277 0x13c0  klbackupflt - ok
13:21:54.0308 0x13c0  [ 80D7529E1CF09261FADF55E69EFDA90B, 2FE5EC38866E12D78AE3F4AD8CF647BDED616E8A36D9D737F9B6564DDA4685E7 ] kldisk          C:\WINDOWS\system32\DRIVERS\kldisk.sys
13:21:54.0308 0x13c0  kldisk - ok
13:21:54.0355 0x13c0  [ E2097C8F18F1E8E3B7D09F12B51843A3, 0506A99BD0962AAE64692BD7F080DB080F8B678DC59685CF22830A47B486430C ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
13:21:54.0355 0x13c0  klelam - ok
13:21:54.0433 0x13c0  [ BACE50477C184A3AA0755702C23B8B27, 5708A1B7C22702AD2E5DD4491A911A51D2FB768E46857639C0C5D8736E487D0F ] klflt          C:\WINDOWS\system32\DRIVERS\klflt.sys
13:21:54.0448 0x13c0  klflt - ok
13:21:54.0464 0x13c0  [ BE1DF4E950FF00A19BB72FA29CAEE32E, 24D8111B8782B4FB8612AB9DCE6A3A5EA63CE4B75DC717D0ECC5C6BCBCCF01AA ] klhk            C:\WINDOWS\system32\DRIVERS\klhk.sys
13:21:54.0480 0x13c0  klhk - ok
13:21:54.0527 0x13c0  [ B72D1864B3EC6E429DB127A642CFB8BB, 43954F7E04158D79D44D0D6866838043A2B49B49EBF15A57DB120DB7AC3C19CE ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
13:21:54.0542 0x13c0  KLIF - ok
13:21:54.0558 0x13c0  [ 161573B8BE82D24ED8B5B8EBA01245EA, 3CC124C717C2484A4DE0D415A2564D62D1A4B6E9DED65136B094304FCDE74CE0 ] KLIM6          C:\WINDOWS\system32\DRIVERS\klim6.sys
13:21:54.0573 0x13c0  KLIM6 - ok
13:21:54.0605 0x13c0  [ DAE5768E6FD34A36E3B9D1AF1FCA682B, 24DA0B71E3B4AC0FABEE0BF687DF8D35283DBF808CA3AB6F86E72B37471F6B33 ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
13:21:54.0605 0x13c0  klkbdflt - ok
13:21:54.0620 0x13c0  klkbdflt2 - ok
13:21:54.0667 0x13c0  [ FD47C92A63B6EADEA830BFA96C06EAEE, C15C39B6FA53CBD01A2F95243845C4B706B4229F8FFB75C7128819B9CEE5B2CB ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
13:21:54.0667 0x13c0  klmouflt - ok
13:21:54.0683 0x13c0  [ F610F5F17BC87D61EF8954CCD793BAE4, A77FE26B4A474FE799C3D569BDD7858319C57FC14C1BB43ECFAB1FDB19AF5DC6 ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
13:21:54.0698 0x13c0  klpd - ok
13:21:54.0730 0x13c0  [ 8334692AFEB3289984B40898B6B30C06, 6A337CC33B0EFC3B61BFCABFDFE305BE1D334620FB4D87DDEDBC8214966D6DDE ] klwfp          C:\WINDOWS\system32\DRIVERS\klwfp.sys
13:21:54.0745 0x13c0  klwfp - ok
13:21:54.0761 0x13c0  [ 91234D71CEED29F2DBA16942CABDCA4F, 5D71BAC86C33BC77EEBF1ECB8F372DFE631991E4C5F36EAF0C8C957150BD6D52 ] Klwtp          C:\WINDOWS\system32\DRIVERS\klwtp.sys
13:21:54.0777 0x13c0  Klwtp - ok
13:21:54.0792 0x13c0  [ 1686DE8288052316EFDD49EEA8929065, AD43D6ACCD8693BD76F218E1A4EE088BA061C1309A3E7DAA7EC94D875985D895 ] kneps          C:\WINDOWS\system32\DRIVERS\kneps.sys
13:21:54.0808 0x13c0  kneps - ok
13:21:54.0823 0x13c0  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
13:21:54.0839 0x13c0  KSecDD - ok
13:21:54.0855 0x13c0  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg        C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:21:54.0870 0x13c0  KSecPkg - ok
13:21:54.0902 0x13c0  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk        C:\WINDOWS\system32\drivers\ksthunk.sys
13:21:54.0917 0x13c0  ksthunk - ok
13:21:54.0948 0x13c0  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm          C:\WINDOWS\system32\msdtckrm.dll
13:21:54.0980 0x13c0  KtmRm - ok
13:21:55.0011 0x13c0  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
13:21:55.0027 0x13c0  LanmanServer - ok
13:21:55.0042 0x13c0  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:21:55.0058 0x13c0  LanmanWorkstation - ok
13:21:55.0105 0x13c0  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc          C:\WINDOWS\System32\lfsvc.dll
13:21:55.0120 0x13c0  lfsvc - ok
13:21:55.0136 0x13c0  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
13:21:55.0136 0x13c0  LicenseManager - ok
13:21:55.0183 0x13c0  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
13:21:55.0198 0x13c0  lltdio - ok
13:21:55.0230 0x13c0  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc        C:\WINDOWS\System32\lltdsvc.dll
13:21:55.0245 0x13c0  lltdsvc - ok
13:21:55.0261 0x13c0  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts        C:\WINDOWS\System32\lmhsvc.dll
13:21:55.0277 0x13c0  lmhosts - ok
13:21:55.0292 0x13c0  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS        C:\WINDOWS\system32\drivers\lsi_sas.sys
13:21:55.0308 0x13c0  LSI_SAS - ok
13:21:55.0308 0x13c0  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i      C:\WINDOWS\system32\drivers\lsi_sas2i.sys
13:21:55.0323 0x13c0  LSI_SAS2i - ok
13:21:55.0323 0x13c0  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i      C:\WINDOWS\system32\drivers\lsi_sas3i.sys
13:21:55.0339 0x13c0  LSI_SAS3i - ok
13:21:55.0355 0x13c0  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS        C:\WINDOWS\system32\drivers\lsi_sss.sys
13:21:55.0355 0x13c0  LSI_SSS - ok
13:21:55.0402 0x13c0  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM            C:\WINDOWS\System32\lsm.dll
13:21:55.0433 0x13c0  LSM - ok
13:21:55.0448 0x13c0  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv          C:\WINDOWS\system32\drivers\luafv.sys
13:21:55.0464 0x13c0  luafv - ok
13:21:55.0495 0x13c0  [ 56B24B359838BE86B013C2CFD38BDFC4, 38EA2D320F0CD80E3654AA1A5CA1CCAB1CA5519A562EEE41DC2E5EDF47CEF3F4 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
13:21:55.0511 0x13c0  MapsBroker - ok
13:21:55.0542 0x13c0  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas        C:\WINDOWS\system32\drivers\megasas.sys
13:21:55.0542 0x13c0  megasas - ok
13:21:55.0573 0x13c0  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
13:21:55.0605 0x13c0  megasr - ok
13:21:55.0636 0x13c0  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
13:21:55.0652 0x13c0  MessagingService - ok
13:21:55.0683 0x13c0  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
13:21:55.0698 0x13c0  mlx4_bus - ok
13:21:55.0714 0x13c0  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS          C:\WINDOWS\system32\drivers\mmcss.sys
13:21:55.0730 0x13c0  MMCSS - ok
13:21:55.0745 0x13c0  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem          C:\WINDOWS\system32\drivers\modem.sys
13:21:55.0761 0x13c0  Modem - ok
13:21:55.0777 0x13c0  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor        C:\WINDOWS\System32\drivers\monitor.sys
13:21:55.0777 0x13c0  monitor - ok
13:21:55.0792 0x13c0  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
13:21:55.0808 0x13c0  mouclass - ok
13:21:55.0823 0x13c0  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
13:21:55.0823 0x13c0  mouhid - ok
13:21:55.0839 0x13c0  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
13:21:55.0855 0x13c0  mountmgr - ok
13:21:55.0886 0x13c0  [ A82AA5481A845F4AC0E5EE83904FBFED, 2E1640BCA51B1957815465E4DEE895FCD87C93EA80DDD3A80B5647B23D16FB67 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:55.0902 0x13c0  MozillaMaintenance - ok
13:21:55.0917 0x13c0  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
13:21:55.0933 0x13c0  mpsdrv - ok
13:21:55.0964 0x13c0  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
13:21:56.0011 0x13c0  MpsSvc - ok
13:21:56.0042 0x13c0  [ 2B9A1FF2450BAF7A795941BE471F16EF, DD213BACDAE4E3C4F89BFE54BCE77B2F66D12AA85949147AE8A31049876CAA3E ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
13:21:56.0058 0x13c0  MQAC - ok
13:21:56.0089 0x13c0  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
13:21:56.0105 0x13c0  MRxDAV - ok
13:21:56.0136 0x13c0  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:56.0167 0x13c0  mrxsmb - ok
13:21:56.0183 0x13c0  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:21:56.0198 0x13c0  mrxsmb10 - ok
13:21:56.0230 0x13c0  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:21:56.0245 0x13c0  mrxsmb20 - ok
13:21:56.0277 0x13c0  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
13:21:56.0292 0x13c0  MsBridge - ok
13:21:56.0323 0x13c0  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC          C:\WINDOWS\System32\msdtc.exe
13:21:56.0339 0x13c0  MSDTC - ok
13:21:56.0355 0x13c0  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:21:56.0370 0x13c0  Msfs - ok
13:21:56.0370 0x13c0  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32    C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:21:56.0386 0x13c0  msgpiowin32 - ok
13:21:56.0402 0x13c0  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf      C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:21:56.0417 0x13c0  mshidkmdf - ok
13:21:56.0417 0x13c0  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf      C:\WINDOWS\System32\drivers\mshidumdf.sys
13:21:56.0433 0x13c0  mshidumdf - ok
13:21:56.0448 0x13c0  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
13:21:56.0464 0x13c0  msisadrv - ok
13:21:56.0511 0x13c0  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI        C:\WINDOWS\system32\iscsiexe.dll
13:21:56.0527 0x13c0  MSiSCSI - ok
13:21:56.0527 0x13c0  msiserver - ok
13:21:56.0542 0x13c0  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV        C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
13:21:56.0542 0x13c0  MSKSSRV - ok
13:21:56.0573 0x13c0  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
13:21:56.0589 0x13c0  MsLldp - ok
13:21:56.0636 0x13c0  [ 30130E99810283026C5FA2F57A4BB488, 3CF97CC2F63A7CDEA19C8B2DD73EED161309A7C334FF80567C18423F2DA34249 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
13:21:56.0652 0x13c0  MSMQ - ok
13:21:56.0698 0x13c0  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
13:21:56.0698 0x13c0  MSPCLOCK - ok
13:21:56.0730 0x13c0  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM          C:\WINDOWS\system32\DRIVERS\MSPQM.sys
13:21:56.0745 0x13c0  MSPQM - ok
13:21:56.0777 0x13c0  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC          C:\WINDOWS\system32\drivers\MsRPC.sys
13:21:56.0792 0x13c0  MsRPC - ok
13:21:56.0808 0x13c0  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
13:21:56.0808 0x13c0  mssmbios - ok
13:21:56.0823 0x13c0  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE          C:\WINDOWS\system32\DRIVERS\MSTEE.sys
13:21:56.0839 0x13c0  MSTEE - ok
13:21:56.0870 0x13c0  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
13:21:56.0886 0x13c0  MTConfig - ok
13:21:56.0902 0x13c0  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup            C:\WINDOWS\system32\Drivers\mup.sys
13:21:56.0917 0x13c0  Mup - ok
13:21:56.0948 0x13c0  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
13:21:56.0948 0x13c0  mvumis - ok
13:21:57.0011 0x13c0  [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP    C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:21:57.0027 0x13c0  NativeWifiP - ok
13:21:57.0073 0x13c0  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
13:21:57.0089 0x13c0  NcaSvc - ok
13:21:57.0120 0x13c0  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\WINDOWS\System32\ncbservice.dll
13:21:57.0152 0x13c0  NcbService - ok
13:21:57.0167 0x13c0  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
13:21:57.0183 0x13c0  NcdAutoSetup - ok
13:21:57.0198 0x13c0  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
13:21:57.0214 0x13c0  ndfltr - ok
13:21:57.0261 0x13c0  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
13:21:57.0292 0x13c0  NDIS - ok
13:21:57.0323 0x13c0  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap        C:\WINDOWS\system32\drivers\ndiscap.sys
13:21:57.0339 0x13c0  NdisCap - ok
13:21:57.0355 0x13c0  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
13:21:57.0370 0x13c0  NdisImPlatform - ok
13:21:57.0386 0x13c0  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:57.0402 0x13c0  NdisTapi - ok
13:21:57.0433 0x13c0  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio        C:\WINDOWS\system32\drivers\ndisuio.sys
13:21:57.0448 0x13c0  Ndisuio - ok
13:21:57.0464 0x13c0  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:21:57.0480 0x13c0  NdisVirtualBus - ok
13:21:57.0495 0x13c0  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan        C:\WINDOWS\System32\drivers\ndiswan.sys
13:21:57.0511 0x13c0  NdisWan - ok
13:21:57.0511 0x13c0  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy  C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:57.0542 0x13c0  ndiswanlegacy - ok
13:21:57.0558 0x13c0  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy        C:\WINDOWS\system32\DRIVERS\NDProxy.sys
13:21:57.0573 0x13c0  ndproxy - ok
13:21:57.0589 0x13c0  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu            C:\WINDOWS\system32\drivers\Ndu.sys
13:21:57.0605 0x13c0  Ndu - ok
13:21:57.0620 0x13c0  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS        C:\WINDOWS\system32\drivers\netbios.sys
13:21:57.0636 0x13c0  NetBIOS - ok
13:21:57.0652 0x13c0  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:57.0683 0x13c0  NetBT - ok
13:21:57.0683 0x13c0  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:21:57.0698 0x13c0  Netlogon - ok
13:21:57.0745 0x13c0  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
13:21:57.0761 0x13c0  Netman - ok
13:21:57.0808 0x13c0  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:57.0823 0x13c0  NetMsmqActivator - ok
13:21:57.0839 0x13c0  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:57.0839 0x13c0  NetPipeActivator - ok
13:21:57.0886 0x13c0  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
13:21:57.0917 0x13c0  netprofm - ok
13:21:57.0948 0x13c0  [ 9C6EE1DE9CF7B77FF550A737816EB6DB, 586D561E1A318778668D148B8367D1F7452E770D1743ED5F8EE6EAB03DB31916 ] NetSetupSvc    C:\WINDOWS\System32\NetSetupSvc.dll
13:21:57.0964 0x13c0  NetSetupSvc - ok
13:21:57.0964 0x13c0  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:57.0980 0x13c0  NetTcpActivator - ok
13:21:57.0980 0x13c0  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:21:57.0995 0x13c0  NetTcpPortSharing - ok
13:21:58.0027 0x13c0  [ 2BB62723C835F75F0C7C9E6A736881FB, CBA690F5205BE8AE1E8ED8A47BC1594E05391DAC30AAEE0A055366F24602346C ] netvsc          C:\WINDOWS\System32\drivers\netvsc.sys
13:21:58.0042 0x13c0  netvsc - ok
13:21:58.0073 0x13c0  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
13:21:58.0105 0x13c0  NgcCtnrSvc - ok
13:21:58.0120 0x13c0  [ 7AAA9916AA10F4B0E9743798A5BA6549, 2E38EEF3F487A7DD0B719A048FFA0EB36B2487A1068BB322553E9DD2FCE46711 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
13:21:58.0152 0x13c0  NgcSvc - ok
13:21:58.0198 0x13c0  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
13:21:58.0230 0x13c0  NlaSvc - ok
13:21:58.0230 0x13c0  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:21:58.0245 0x13c0  Npfs - ok
13:21:58.0292 0x13c0  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig      C:\WINDOWS\System32\drivers\npsvctrig.sys
13:21:58.0308 0x13c0  npsvctrig - ok
13:21:58.0308 0x13c0  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi            C:\WINDOWS\system32\nsisvc.dll
13:21:58.0323 0x13c0  nsi - ok
13:21:58.0339 0x13c0  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
13:21:58.0355 0x13c0  nsiproxy - ok
13:21:58.0464 0x13c0  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
13:21:58.0527 0x13c0  NTFS - ok
13:21:58.0573 0x13c0  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:21:58.0573 0x13c0  Null - ok
13:21:58.0605 0x13c0  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
13:21:58.0605 0x13c0  nvraid - ok
13:21:58.0636 0x13c0  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
13:21:58.0636 0x13c0  nvstor - ok

sumpfgeist 30.08.2016 12:29
TDSS-Killer-LOG Part2 - mit erweiterten Einstellungen
 
Code:
13:21:58.0667 0x13c0  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
13:21:58.0667 0x13c0  nv_agp - ok
13:21:58.0714 0x13c0  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
13:21:58.0730 0x13c0  OneSyncSvc - ok
13:21:58.0792 0x13c0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:58.0823 0x13c0  ose - ok
13:21:58.0870 0x13c0  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
13:21:58.0886 0x13c0  p2pimsvc - ok
13:21:58.0902 0x13c0  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
13:21:58.0933 0x13c0  p2psvc - ok
13:21:58.0964 0x13c0  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport        C:\WINDOWS\System32\drivers\parport.sys
13:21:58.0980 0x13c0  Parport - ok
13:21:58.0980 0x13c0  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr        C:\WINDOWS\system32\drivers\partmgr.sys
13:21:58.0995 0x13c0  partmgr - ok
13:21:59.0011 0x13c0  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
13:21:59.0042 0x13c0  PcaSvc - ok
13:21:59.0073 0x13c0  [ CFFE69B6C276A3418687109EA8AC9E7D, A516B2F4BFB0CD8B38219E3BF783C0BD99CD9EA1BACBE2284987F6DC0976BD36 ] pci            C:\WINDOWS\system32\drivers\pci.sys
13:21:59.0089 0x13c0  pci - ok
13:21:59.0105 0x13c0  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
13:21:59.0120 0x13c0  pciide - ok
13:21:59.0136 0x13c0  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
13:21:59.0152 0x13c0  pcmcia - ok
13:21:59.0167 0x13c0  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw            C:\WINDOWS\system32\drivers\pcw.sys
13:21:59.0183 0x13c0  pcw - ok
13:21:59.0183 0x13c0  [ 67B9684B8272D5EBD1CCBB1DBD425EC8, 09BE2A2EB3A71E594D08B8D817820965DEEAD283029EBB0B74CCC658A2706233 ] pdc            C:\WINDOWS\system32\drivers\pdc.sys
13:21:59.0198 0x13c0  pdc - ok
13:21:59.0245 0x13c0  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
13:21:59.0292 0x13c0  PEAUTH - ok
13:21:59.0370 0x13c0  [ C7D210982B6C8454E52191D0DCF6DC52, D53D575CD9A0AB7EA94E7D1B9730ABE0A582CA3460AEAC4680D01034D69D3949 ] PeerDistSvc    C:\WINDOWS\system32\peerdistsvc.dll
13:21:59.0448 0x13c0  PeerDistSvc - ok
13:21:59.0480 0x13c0  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i      C:\WINDOWS\system32\drivers\percsas2i.sys
13:21:59.0495 0x13c0  percsas2i - ok
13:21:59.0527 0x13c0  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i      C:\WINDOWS\system32\drivers\percsas3i.sys
13:21:59.0527 0x13c0  percsas3i - ok
13:21:59.0636 0x13c0  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
13:21:59.0667 0x13c0  PerfHost - ok
13:21:59.0730 0x13c0  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
13:21:59.0761 0x13c0  PhoneSvc - ok
13:21:59.0792 0x13c0  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
13:21:59.0823 0x13c0  PimIndexMaintenanceSvc - ok
13:21:59.0886 0x13c0  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla            C:\WINDOWS\system32\pla.dll
13:21:59.0933 0x13c0  pla - ok
13:21:59.0980 0x13c0  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
13:21:59.0995 0x13c0  PlugPlay - ok
13:22:00.0027 0x13c0  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg    C:\WINDOWS\system32\pnrpauto.dll
13:22:00.0042 0x13c0  PNRPAutoReg - ok
13:22:00.0073 0x13c0  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc        C:\WINDOWS\system32\pnrpsvc.dll
13:22:00.0089 0x13c0  PNRPsvc - ok
13:22:00.0136 0x13c0  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent    C:\WINDOWS\System32\ipsecsvc.dll
13:22:00.0152 0x13c0  PolicyAgent - ok
13:22:00.0183 0x13c0  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power          C:\WINDOWS\system32\umpo.dll
13:22:00.0198 0x13c0  Power - ok
13:22:00.0230 0x13c0  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
13:22:00.0245 0x13c0  PptpMiniport - ok
13:22:00.0433 0x13c0  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
13:22:00.0542 0x13c0  PrintNotify - ok
13:22:00.0573 0x13c0  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor      C:\WINDOWS\System32\drivers\processr.sys
13:22:00.0589 0x13c0  Processor - ok
13:22:00.0636 0x13c0  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc        C:\WINDOWS\system32\profsvc.dll
13:22:00.0667 0x13c0  ProfSvc - ok
13:22:00.0667 0x13c0  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
13:22:00.0683 0x13c0  Psched - ok
13:22:00.0730 0x13c0  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE          C:\WINDOWS\system32\qwave.dll
13:22:00.0745 0x13c0  QWAVE - ok
13:22:00.0777 0x13c0  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
13:22:00.0792 0x13c0  QWAVEdrv - ok
13:22:00.0808 0x13c0  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:22:00.0808 0x13c0  RasAcd - ok
13:22:00.0839 0x13c0  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn    C:\WINDOWS\System32\drivers\AgileVpn.sys
13:22:00.0855 0x13c0  RasAgileVpn - ok
13:22:00.0886 0x13c0  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
13:22:00.0902 0x13c0  RasAuto - ok
13:22:00.0933 0x13c0  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp        C:\WINDOWS\System32\drivers\rasl2tp.sys
13:22:00.0948 0x13c0  Rasl2tp - ok
13:22:00.0980 0x13c0  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:22:01.0011 0x13c0  RasMan - ok
13:22:01.0027 0x13c0  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\System32\drivers\raspppoe.sys
13:22:01.0042 0x13c0  RasPppoe - ok
13:22:01.0058 0x13c0  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp        C:\WINDOWS\System32\drivers\rassstp.sys
13:22:01.0073 0x13c0  RasSstp - ok
13:22:01.0105 0x13c0  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:22:01.0120 0x13c0  rdbss - ok
13:22:01.0152 0x13c0  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
13:22:01.0167 0x13c0  rdpbus - ok
13:22:01.0183 0x13c0  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR          C:\WINDOWS\system32\drivers\rdpdr.sys
13:22:01.0198 0x13c0  RDPDR - ok
13:22:01.0214 0x13c0  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:22:01.0230 0x13c0  RdpVideoMiniport - ok
13:22:01.0245 0x13c0  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
13:22:01.0261 0x13c0  rdyboost - ok
13:22:01.0292 0x13c0  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
13:22:01.0323 0x13c0  ReFSv1 - ok
13:22:01.0370 0x13c0  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:22:01.0402 0x13c0  RemoteAccess - ok
13:22:01.0417 0x13c0  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:22:01.0448 0x13c0  RemoteRegistry - ok
13:22:01.0495 0x13c0  [ CFF943806EBAD5CFAC26FD3DF304E79F, 4992AFB7CE3E2117A11B97FD92ED2EC02183D461F89179B6EA42C8F5AC973374 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
13:22:01.0542 0x13c0  RetailDemo - ok
13:22:01.0589 0x13c0  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
13:22:01.0605 0x13c0  RpcEptMapper - ok
13:22:01.0636 0x13c0  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:22:01.0636 0x13c0  RpcLocator - ok
13:22:01.0683 0x13c0  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
13:22:01.0714 0x13c0  RpcSs - ok
13:22:01.0745 0x13c0  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
13:22:01.0761 0x13c0  rspndr - ok
13:22:01.0792 0x13c0  [ FBEFF38DE03450E03E6CD9E8E37A8C74, C1C0876785DB4366D67792A3AFA219FC933FC1894AF93D07B0016BBCC81A5886 ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
13:22:01.0808 0x13c0  rt640x64 - ok
13:22:01.0839 0x13c0  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap          C:\WINDOWS\System32\drivers\vms3cap.sys
13:22:01.0839 0x13c0  s3cap - ok
13:22:01.0870 0x13c0  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs          C:\WINDOWS\system32\lsass.exe
13:22:01.0870 0x13c0  SamSs - ok
13:22:01.0917 0x13c0  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
13:22:01.0917 0x13c0  sbp2port - ok
13:22:01.0948 0x13c0  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
13:22:01.0980 0x13c0  SCardSvr - ok
13:22:01.0995 0x13c0  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
13:22:02.0011 0x13c0  ScDeviceEnum - ok
13:22:02.0027 0x13c0  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:22:02.0042 0x13c0  scfilter - ok
13:22:02.0089 0x13c0  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:22:02.0136 0x13c0  Schedule - ok
13:22:02.0167 0x13c0  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc    C:\WINDOWS\System32\certprop.dll
13:22:02.0198 0x13c0  SCPolicySvc - ok
13:22:02.0277 0x13c0  [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus          C:\WINDOWS\System32\drivers\sdbus.sys
13:22:02.0323 0x13c0  sdbus - ok
13:22:02.0370 0x13c0  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
13:22:02.0417 0x13c0  SDRSVC - ok
13:22:02.0448 0x13c0  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
13:22:02.0464 0x13c0  sdstor - ok
13:22:02.0480 0x13c0  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
13:22:02.0495 0x13c0  seclogon - ok
13:22:02.0511 0x13c0  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
13:22:02.0527 0x13c0  SENS - ok
13:22:02.0589 0x13c0  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
13:22:02.0652 0x13c0  SensorDataService - ok
13:22:02.0683 0x13c0  [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService  C:\WINDOWS\system32\SensorService.dll
13:22:02.0714 0x13c0  SensorService - ok
13:22:02.0730 0x13c0  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
13:22:02.0745 0x13c0  SensrSvc - ok
13:22:02.0777 0x13c0  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx          C:\WINDOWS\system32\drivers\SerCx.sys
13:22:02.0792 0x13c0  SerCx - ok
13:22:02.0823 0x13c0  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
13:22:02.0839 0x13c0  SerCx2 - ok
13:22:02.0855 0x13c0  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum        C:\WINDOWS\System32\drivers\serenum.sys
13:22:02.0870 0x13c0  Serenum - ok
13:22:02.0902 0x13c0  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\WINDOWS\System32\drivers\serial.sys
13:22:02.0917 0x13c0  Serial - ok
13:22:02.0933 0x13c0  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
13:22:02.0948 0x13c0  sermouse - ok
13:22:02.0995 0x13c0  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
13:22:03.0027 0x13c0  SessionEnv - ok
13:22:03.0042 0x13c0  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy        C:\WINDOWS\System32\drivers\sfloppy.sys
13:22:03.0058 0x13c0  sfloppy - ok
13:22:03.0089 0x13c0  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:22:03.0120 0x13c0  SharedAccess - ok
13:22:03.0167 0x13c0  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:22:03.0198 0x13c0  ShellHWDetection - ok
13:22:03.0245 0x13c0  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:22:03.0245 0x13c0  SiSRaid2 - ok
13:22:03.0261 0x13c0  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
13:22:03.0277 0x13c0  SiSRaid4 - ok
13:22:03.0339 0x13c0  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost        C:\WINDOWS\System32\smphost.dll
13:22:03.0402 0x13c0  smphost - ok
13:22:03.0448 0x13c0  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter      C:\WINDOWS\system32\SmsRouterSvc.dll
13:22:03.0480 0x13c0  SmsRouter - ok
13:22:03.0527 0x13c0  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
13:22:03.0542 0x13c0  SNMPTRAP - ok
13:22:03.0558 0x13c0  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport      C:\WINDOWS\system32\drivers\spaceport.sys
13:22:03.0589 0x13c0  spaceport - ok
13:22:03.0589 0x13c0  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx          C:\WINDOWS\system32\drivers\SpbCx.sys
13:22:03.0605 0x13c0  SpbCx - ok
13:22:03.0652 0x13c0  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler        C:\WINDOWS\System32\spoolsv.exe
13:22:03.0683 0x13c0  Spooler - ok
13:22:03.0839 0x13c0  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
13:22:03.0995 0x13c0  sppsvc - ok
13:22:04.0027 0x13c0  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv            C:\WINDOWS\system32\DRIVERS\srv.sys
13:22:04.0058 0x13c0  srv - ok
13:22:04.0073 0x13c0  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
13:22:04.0105 0x13c0  srv2 - ok
13:22:04.0136 0x13c0  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:22:04.0152 0x13c0  srvnet - ok
13:22:04.0198 0x13c0  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
13:22:04.0230 0x13c0  SSDPSRV - ok
13:22:04.0261 0x13c0  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc        C:\WINDOWS\system32\sstpsvc.dll
13:22:04.0292 0x13c0  SstpSvc - ok
13:22:04.0308 0x13c0  [ D08FFE34AF5B7AC5F69EEA1E0E8C6ECE, CC43752CE5C879E24229C84443DBEE667CE629ECF992AD0D42F0F77FE04F6751 ] ssudmdm        C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
13:22:04.0323 0x13c0  ssudmdm - ok
13:22:04.0417 0x13c0  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
13:22:04.0511 0x13c0  StateRepository - ok
13:22:04.0605 0x13c0  [ 345C39599C3D4940D12F5F9F42A79229, B5D6C716D374E453940C2A23772B9E063CBCB06DA74574F0F19F813AE65F4A78 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:22:04.0652 0x13c0  Steam Client Service - ok
13:22:04.0667 0x13c0  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
13:22:04.0667 0x13c0  stexstor - ok
13:22:04.0761 0x13c0  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
13:22:04.0808 0x13c0  stisvc - ok
13:22:04.0823 0x13c0  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
13:22:04.0839 0x13c0  storahci - ok
13:22:04.0870 0x13c0  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt        C:\WINDOWS\system32\drivers\vmstorfl.sys
13:22:04.0886 0x13c0  storflt - ok
13:22:04.0886 0x13c0  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
13:22:04.0902 0x13c0  stornvme - ok
13:22:04.0917 0x13c0  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
13:22:04.0933 0x13c0  storqosflt - ok
13:22:04.0964 0x13c0  [ FE42F8A07885E518ED1E846C93E4B78C, 264B21A5E07654F159A3E324F3B38A8C11AF619F61B5779A46367DD99EBD00A6 ] StorSvc        C:\WINDOWS\system32\storsvc.dll
13:22:04.0995 0x13c0  StorSvc - ok
13:22:05.0011 0x13c0  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs        C:\WINDOWS\system32\drivers\storufs.sys
13:22:05.0027 0x13c0  storufs - ok
13:22:05.0042 0x13c0  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc        C:\WINDOWS\system32\drivers\storvsc.sys
13:22:05.0042 0x13c0  storvsc - ok
13:22:05.0105 0x13c0  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc          C:\WINDOWS\system32\svsvc.dll
13:22:05.0120 0x13c0  svsvc - ok
13:22:05.0167 0x13c0  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
13:22:05.0167 0x13c0  swenum - ok
13:22:05.0198 0x13c0  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv          C:\WINDOWS\System32\swprv.dll
13:22:05.0230 0x13c0  swprv - ok
13:22:05.0261 0x13c0  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
13:22:05.0277 0x13c0  Synth3dVsc - ok
13:22:05.0339 0x13c0  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain        C:\WINDOWS\system32\sysmain.dll
13:22:05.0386 0x13c0  SysMain - ok
13:22:05.0433 0x13c0  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:22:05.0448 0x13c0  SystemEventsBroker - ok
13:22:05.0495 0x13c0  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:22:05.0511 0x13c0  TabletInputService - ok
13:22:05.0527 0x13c0  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
13:22:05.0558 0x13c0  TapiSrv - ok
13:22:05.0636 0x13c0  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip          C:\WINDOWS\system32\drivers\tcpip.sys
13:22:05.0698 0x13c0  Tcpip - ok
13:22:05.0761 0x13c0  [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
13:22:05.0823 0x13c0  Tcpip6 - ok
13:22:05.0870 0x13c0  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
13:22:05.0886 0x13c0  tcpipreg - ok
13:22:05.0933 0x13c0  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx            C:\WINDOWS\system32\DRIVERS\tdx.sys
13:22:05.0933 0x13c0  tdx - ok
13:22:05.0964 0x13c0  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
13:22:05.0980 0x13c0  terminpt - ok
13:22:06.0027 0x13c0  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService    C:\WINDOWS\System32\termsrv.dll
13:22:06.0073 0x13c0  TermService - ok
13:22:06.0089 0x13c0  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
13:22:06.0105 0x13c0  Themes - ok
13:22:06.0152 0x13c0  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
13:22:06.0167 0x13c0  TieringEngineService - ok
13:22:06.0198 0x13c0  [ 82BC3D304654F8EBEFABDDC2AD70AFE3, 466334A46F6579E7C3F619B15243B270AACE9D04FE06E5228B4759FD619BDDD9 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
13:22:06.0230 0x13c0  tiledatamodelsvc - ok
13:22:06.0277 0x13c0  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
13:22:06.0292 0x13c0  TimeBroker - ok
13:22:06.0323 0x13c0  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM            C:\WINDOWS\System32\drivers\tpm.sys
13:22:06.0339 0x13c0  TPM - ok
13:22:06.0370 0x13c0  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
13:22:06.0386 0x13c0  TrkWks - ok
13:22:06.0480 0x13c0  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:22:06.0511 0x13c0  TrustedInstaller - ok
13:22:06.0558 0x13c0  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
13:22:06.0573 0x13c0  tsusbflt - ok
13:22:06.0573 0x13c0  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD        C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:22:06.0589 0x13c0  TsUsbGD - ok
13:22:06.0605 0x13c0  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
13:22:06.0636 0x13c0  tunnel - ok
13:22:06.0652 0x13c0  [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
13:22:06.0667 0x13c0  tzautoupdate - ok
13:22:06.0698 0x13c0  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
13:22:06.0698 0x13c0  uagp35 - ok
13:22:06.0730 0x13c0  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
13:22:06.0745 0x13c0  UASPStor - ok
13:22:06.0777 0x13c0  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101      C:\WINDOWS\system32\Drivers\UcmCx.sys
13:22:06.0792 0x13c0  UcmCx0101 - ok
13:22:06.0808 0x13c0  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi        C:\WINDOWS\System32\drivers\UcmUcsi.sys
13:22:06.0823 0x13c0  UcmUcsi - ok
13:22:06.0839 0x13c0  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
13:22:06.0855 0x13c0  Ucx01000 - ok
13:22:06.0870 0x13c0  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx          C:\WINDOWS\system32\drivers\udecx.sys
13:22:06.0886 0x13c0  UdeCx - ok
13:22:06.0902 0x13c0  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
13:22:06.0917 0x13c0  udfs - ok
13:22:06.0948 0x13c0  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
13:22:06.0948 0x13c0  UEFI - ok
13:22:06.0995 0x13c0  [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
13:22:07.0011 0x13c0  Ufx01000 - ok
13:22:07.0027 0x13c0  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea    C:\WINDOWS\System32\drivers\UfxChipidea.sys
13:22:07.0027 0x13c0  UfxChipidea - ok
13:22:07.0058 0x13c0  [ 2A87EA182EA333D79AA0B03833EA67F2, 227792A8B4E63CF60A3DEECF829448C8FD59A40DEF3F42414E432820F8D34F64 ] ufxsynopsys    C:\WINDOWS\System32\drivers\ufxsynopsys.sys
13:22:07.0073 0x13c0  ufxsynopsys - ok
13:22:07.0105 0x13c0  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect      C:\WINDOWS\system32\UI0Detect.exe
13:22:07.0120 0x13c0  UI0Detect - ok
13:22:07.0136 0x13c0  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
13:22:07.0136 0x13c0  uliagpkx - ok
13:22:07.0152 0x13c0  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus          C:\WINDOWS\System32\drivers\umbus.sys
13:22:07.0167 0x13c0  umbus - ok
13:22:07.0198 0x13c0  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
13:22:07.0198 0x13c0  UmPass - ok
13:22:07.0230 0x13c0  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
13:22:07.0261 0x13c0  UmRdpService - ok
13:22:07.0308 0x13c0  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc    C:\WINDOWS\System32\unistore.dll
13:22:07.0355 0x13c0  UnistoreSvc - ok
13:22:07.0386 0x13c0  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:22:07.0417 0x13c0  upnphost - ok
13:22:07.0433 0x13c0  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea    C:\WINDOWS\System32\drivers\urschipidea.sys
13:22:07.0448 0x13c0  UrsChipidea - ok
13:22:07.0448 0x13c0  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
13:22:07.0464 0x13c0  UrsCx01000 - ok
13:22:07.0464 0x13c0  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys    C:\WINDOWS\System32\drivers\urssynopsys.sys
13:22:07.0480 0x13c0  UrsSynopsys - ok
13:22:07.0527 0x13c0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64      C:\WINDOWS\System32\Drivers\usbaapl64.sys
13:22:07.0527 0x13c0  USBAAPL64 - ok
13:22:07.0542 0x13c0  [ 9F9D5E2086BB9AEEA96E9BF73B7B2D32, AFA84CE1E96C07EBFB7A05D0181C876E027B848AF6C6DB932765912B814CAF56 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
13:22:07.0558 0x13c0  usbaudio - ok
13:22:07.0573 0x13c0  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp        C:\WINDOWS\System32\drivers\usbccgp.sys
13:22:07.0589 0x13c0  usbccgp - ok
13:22:07.0605 0x13c0  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
13:22:07.0605 0x13c0  usbcir - ok
13:22:07.0652 0x13c0  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci        C:\WINDOWS\System32\drivers\usbehci.sys
13:22:07.0652 0x13c0  usbehci - ok
13:22:07.0683 0x13c0  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
13:22:07.0698 0x13c0  usbhub - ok
13:22:07.0730 0x13c0  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3        C:\WINDOWS\System32\drivers\UsbHub3.sys
13:22:07.0745 0x13c0  USBHUB3 - ok
13:22:07.0761 0x13c0  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci        C:\WINDOWS\System32\drivers\usbohci.sys
13:22:07.0761 0x13c0  usbohci - ok
13:22:07.0792 0x13c0  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
13:22:07.0792 0x13c0  usbprint - ok
13:22:07.0823 0x13c0  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
13:22:07.0839 0x13c0  usbser - ok
13:22:07.0870 0x13c0  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR        C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:22:07.0886 0x13c0  USBSTOR - ok
13:22:07.0902 0x13c0  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci        C:\WINDOWS\System32\drivers\usbuhci.sys
13:22:07.0917 0x13c0  usbuhci - ok
13:22:07.0964 0x13c0  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI        C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:22:07.0980 0x13c0  USBXHCI - ok
13:22:08.0011 0x13c0  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc    C:\WINDOWS\System32\userdataservice.dll
13:22:08.0073 0x13c0  UserDataSvc - ok
13:22:08.0136 0x13c0  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager    C:\WINDOWS\System32\usermgr.dll
13:22:08.0183 0x13c0  UserManager - ok
13:22:08.0230 0x13c0  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\WINDOWS\system32\usocore.dll
13:22:08.0245 0x13c0  UsoSvc - ok
13:22:08.0261 0x13c0  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
13:22:08.0277 0x13c0  VaultSvc - ok
13:22:08.0308 0x13c0  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
13:22:08.0323 0x13c0  vdrvroot - ok
13:22:08.0355 0x13c0  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds            C:\WINDOWS\System32\vds.exe
13:22:08.0386 0x13c0  vds - ok
13:22:08.0417 0x13c0  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt    C:\WINDOWS\system32\drivers\VerifierExt.sys
13:22:08.0433 0x13c0  VerifierExt - ok
13:22:08.0448 0x13c0  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp          C:\WINDOWS\System32\drivers\vhdmp.sys
13:22:08.0480 0x13c0  vhdmp - ok
13:22:08.0495 0x13c0  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf            C:\WINDOWS\System32\drivers\vhf.sys
13:22:08.0511 0x13c0  vhf - ok
13:22:08.0558 0x13c0  [ EF2270C2DF2B61FF1B8C422DC443CEFE, 30C74108BC0DE5884D64C7611CE8282CE556D9B42D7BE1FE569DE2067FBB4D5A ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
13:22:08.0573 0x13c0  VIAHdAudAddService - ok
13:22:08.0589 0x13c0  [ 004175DA13E0372DA58F523104921631, 413A4C8169EDFDBAA58DA5FEDCBF1D0525F64A7AD34BAF17E29BCD14C1C189A7 ] VIAKaraokeService C:\WINDOWS\system32\viakaraokesrv.exe
13:22:08.0589 0x13c0  VIAKaraokeService - ok
13:22:08.0605 0x13c0  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus          C:\WINDOWS\system32\drivers\vmbus.sys
13:22:08.0620 0x13c0  vmbus - ok
13:22:08.0636 0x13c0  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
13:22:08.0636 0x13c0  VMBusHID - ok
13:22:08.0683 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
13:22:08.0714 0x13c0  vmicguestinterface - ok
13:22:08.0730 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat  C:\WINDOWS\System32\ICSvc.dll
13:22:08.0745 0x13c0  vmicheartbeat - ok
13:22:08.0761 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:22:08.0792 0x13c0  vmickvpexchange - ok
13:22:08.0808 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv        C:\WINDOWS\System32\ICSvc.dll
13:22:08.0823 0x13c0  vmicrdv - ok
13:22:08.0839 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
13:22:08.0870 0x13c0  vmicshutdown - ok
13:22:08.0886 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
13:22:08.0917 0x13c0  vmictimesync - ok
13:22:08.0933 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession  C:\WINDOWS\System32\ICSvc.dll
13:22:08.0948 0x13c0  vmicvmsession - ok
13:22:08.0964 0x13c0  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss        C:\WINDOWS\System32\ICSvc.dll
13:22:08.0995 0x13c0  vmicvss - ok
13:22:09.0042 0x13c0  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
13:22:09.0042 0x13c0  volmgr - ok
13:22:09.0073 0x13c0  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx        C:\WINDOWS\system32\drivers\volmgrx.sys
13:22:09.0089 0x13c0  volmgrx - ok
13:22:09.0105 0x13c0  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap        C:\WINDOWS\system32\drivers\volsnap.sys
13:22:09.0120 0x13c0  volsnap - ok
13:22:09.0152 0x13c0  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
13:22:09.0152 0x13c0  vpci - ok
13:22:09.0183 0x13c0  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid        C:\WINDOWS\system32\drivers\vsmraid.sys
13:22:09.0183 0x13c0  vsmraid - ok
13:22:09.0261 0x13c0  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS            C:\WINDOWS\system32\vssvc.exe
13:22:09.0308 0x13c0  VSS - ok
13:22:09.0527 0x13c0  [ 79F4D90FAA0ACC1866F2F3E03E39CA89, EE08BCBF29A7E4AFFF520B8DF067281425F433EC275F8C86CE8F20F000E92E3D ] vssbrigde64    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
13:22:09.0558 0x13c0  vssbrigde64 - ok
13:22:09.0589 0x13c0  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
13:22:09.0605 0x13c0  VSTXRAID - ok
13:22:09.0652 0x13c0  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
13:22:09.0667 0x13c0  vwifibus - ok
13:22:09.0683 0x13c0  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
13:22:09.0698 0x13c0  vwififlt - ok
13:22:09.0745 0x13c0  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time        C:\WINDOWS\system32\w32time.dll
13:22:09.0777 0x13c0  W32Time - ok
13:22:09.0839 0x13c0  [ CDA9A00B16808D7A5BBB66287B89EE21, B25F98F26B0153E5DD5C744539CB6ACAFAA13E0F7B5D140C1844158B79BC9006 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
13:22:09.0886 0x13c0  w3logsvc - ok
13:22:09.0948 0x13c0  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] W3SVC          C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:22:09.0964 0x13c0  W3SVC - ok
13:22:09.0995 0x13c0  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
13:22:09.0995 0x13c0  WacomPen - ok
13:22:10.0042 0x13c0  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService  C:\WINDOWS\system32\WalletService.dll
13:22:10.0058 0x13c0  WalletService - ok
13:22:10.0089 0x13c0  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:22:10.0105 0x13c0  wanarp - ok
13:22:10.0105 0x13c0  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:22:10.0120 0x13c0  wanarpv6 - ok
13:22:10.0136 0x13c0  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] WAS            C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:22:10.0167 0x13c0  WAS - ok
13:22:10.0230 0x13c0  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
13:22:10.0292 0x13c0  wbengine - ok
13:22:10.0308 0x13c0  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
13:22:10.0339 0x13c0  WbioSrvc - ok
13:22:10.0370 0x13c0  [ 0BF8D8C7EC9FB15D6480A12101E88B71, E7BC6A4E53D8C9D73BF83097DFE43ED8038B7BED0AE56E5AF7983F74562F15A3 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
13:22:10.0402 0x13c0  Wcmsvc - ok
13:22:10.0448 0x13c0  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc        C:\WINDOWS\System32\wcncsvc.dll
13:22:10.0480 0x13c0  wcncsvc - ok
13:22:10.0495 0x13c0  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:22:10.0511 0x13c0  WcsPlugInService - ok
13:22:10.0542 0x13c0  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
13:22:10.0558 0x13c0  WdBoot - ok
13:22:10.0605 0x13c0  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
13:22:10.0636 0x13c0  Wdf01000 - ok
13:22:10.0667 0x13c0  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
13:22:10.0714 0x13c0  WdFilter - ok
13:22:10.0761 0x13c0  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
13:22:10.0777 0x13c0  WdiServiceHost - ok
13:22:10.0792 0x13c0  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost  C:\WINDOWS\system32\wdi.dll
13:22:10.0808 0x13c0  WdiSystemHost - ok
13:22:10.0855 0x13c0  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi        C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
13:22:10.0886 0x13c0  wdiwifi - ok
13:22:10.0933 0x13c0  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:22:10.0948 0x13c0  WdNisDrv - ok
13:22:10.0980 0x13c0  WdNisSvc - ok
13:22:10.0995 0x13c0  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient      C:\WINDOWS\System32\webclnt.dll
13:22:11.0011 0x13c0  WebClient - ok
13:22:11.0042 0x13c0  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
13:22:11.0073 0x13c0  Wecsvc - ok
13:22:11.0073 0x13c0  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
13:22:11.0089 0x13c0  WEPHOSTSVC - ok
13:22:11.0089 0x13c0  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport  C:\WINDOWS\System32\wercplsupport.dll
13:22:11.0120 0x13c0  wercplsupport - ok
13:22:11.0136 0x13c0  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
13:22:11.0152 0x13c0  WerSvc - ok
13:22:11.0167 0x13c0  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS        C:\WINDOWS\system32\drivers\wfplwfs.sys
13:22:11.0183 0x13c0  WFPLWFS - ok
13:22:11.0214 0x13c0  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
13:22:11.0230 0x13c0  WiaRpc - ok
13:22:11.0245 0x13c0  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
13:22:11.0245 0x13c0  WIMMount - ok
13:22:11.0261 0x13c0  WinDefend - ok
13:22:11.0292 0x13c0  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
13:22:11.0308 0x13c0  WindowsTrustedRT - ok
13:22:11.0323 0x13c0  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
13:22:11.0339 0x13c0  WindowsTrustedRTProxy - ok
13:22:11.0386 0x13c0  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:22:11.0433 0x13c0  WinHttpAutoProxySvc - ok
13:22:11.0464 0x13c0  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
13:22:11.0480 0x13c0  WinMad - ok
13:22:11.0527 0x13c0  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
13:22:11.0542 0x13c0  Winmgmt - ok
13:22:11.0620 0x13c0  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM          C:\WINDOWS\system32\WsmSvc.dll
13:22:11.0714 0x13c0  WinRM - ok
13:22:11.0823 0x13c0  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
13:22:11.0855 0x13c0  WINUSB - ok
13:22:11.0870 0x13c0  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
13:22:11.0886 0x13c0  WinVerbs - ok
13:22:11.0995 0x13c0  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc        C:\WINDOWS\System32\wlansvc.dll
13:22:12.0073 0x13c0  WlanSvc - ok
13:22:12.0167 0x13c0  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc        C:\WINDOWS\system32\wlidsvc.dll
13:22:12.0230 0x13c0  wlidsvc - ok
13:22:12.0245 0x13c0  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi        C:\WINDOWS\System32\drivers\wmiacpi.sys
13:22:12.0261 0x13c0  WmiAcpi - ok
13:22:12.0308 0x13c0  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:22:12.0323 0x13c0  wmiApSrv - ok
13:22:12.0355 0x13c0  WMPNetworkSvc - ok
13:22:12.0402 0x13c0  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof            C:\WINDOWS\system32\drivers\Wof.sys
13:22:12.0402 0x13c0  Wof - ok
13:22:12.0480 0x13c0  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
13:22:12.0558 0x13c0  workfolderssvc - ok
13:22:12.0589 0x13c0  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr        C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:22:12.0589 0x13c0  wpcfltr - ok
13:22:12.0620 0x13c0  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
13:22:12.0636 0x13c0  WPDBusEnum - ok
13:22:12.0652 0x13c0  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr      C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:22:12.0652 0x13c0  WpdUpFltr - ok
13:22:12.0683 0x13c0  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
13:22:12.0698 0x13c0  WpnService - ok
13:22:12.0714 0x13c0  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl        C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:22:12.0730 0x13c0  ws2ifsl - ok
13:22:12.0745 0x13c0  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
13:22:12.0761 0x13c0  wscsvc - ok
13:22:12.0761 0x13c0  WSearch - ok
13:22:12.0886 0x13c0  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService      C:\WINDOWS\System32\WSService.dll
13:22:12.0980 0x13c0  WSService - ok
13:22:13.0058 0x13c0  [ 8A88DBA247BFF23BD284C2189F41FDA5, 86A617CB7C7473306DA2889AA30B488ABB9B824F7DCA31AA675DA6EB3974887C ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
13:22:13.0136 0x13c0  wuauserv - ok
13:22:13.0183 0x13c0  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
13:22:13.0198 0x13c0  WudfPf - ok
13:22:13.0214 0x13c0  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
13:22:13.0230 0x13c0  WUDFRd - ok
13:22:13.0277 0x13c0  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc        C:\WINDOWS\System32\WUDFSvc.dll
13:22:13.0292 0x13c0  wudfsvc - ok
13:22:13.0292 0x13c0  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:22:13.0308 0x13c0  WUDFWpdFs - ok
13:22:13.0323 0x13c0  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:22:13.0339 0x13c0  WUDFWpdMtp - ok
13:22:13.0386 0x13c0  [ 5DA95027DF2317174E8C39B4A8D1FCD8, 99B356411CB08B8BCCF2348DBF1FD5D4F417EA509D9C7CE23E5877C333F4D304 ] WwanSvc        C:\WINDOWS\System32\wwansvc.dll
13:22:13.0433 0x13c0  WwanSvc - ok
13:22:13.0480 0x13c0  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
13:22:13.0527 0x13c0  XblAuthManager - ok
13:22:13.0589 0x13c0  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave    C:\WINDOWS\System32\XblGameSave.dll
13:22:13.0620 0x13c0  XblGameSave - ok
13:22:13.0652 0x13c0  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip        C:\WINDOWS\System32\drivers\xboxgip.sys
13:22:13.0667 0x13c0  xboxgip - ok
13:22:13.0714 0x13c0  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc  C:\WINDOWS\system32\XboxNetApiSvc.dll
13:22:13.0745 0x13c0  XboxNetApiSvc - ok
13:22:13.0777 0x13c0  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid      C:\WINDOWS\System32\drivers\xinputhid.sys
13:22:13.0792 0x13c0  xinputhid - ok
13:22:13.0808 0x13c0  ZAM - ok
13:22:14.0167 0x13c0  [ 83584144FDA53E1E6AB82FB45DE92734, 2257E40FCB545EFA7192C8E245DA188BC5CE6454104E84524C65E4AA7939AFD6 ] ZAMSvc          C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
13:22:14.0448 0x13c0  ZAMSvc - ok
13:22:14.0527 0x13c0  [ 99C131567C10C25589E741E69A8F8AA3, 45F42C5D874369D6BE270EA27A5511EFCCA512AEAC7977F83A51B7C4DEE6B5EF ] ZAM_Guard      C:\WINDOWS\System32\drivers\zamguard64.sys
13:22:14.0542 0x13c0  ZAM_Guard - ok
13:22:14.0542 0x13c0  ================ Scan global ===============================
13:22:14.0573 0x13c0  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
13:22:14.0620 0x13c0  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
13:22:14.0636 0x13c0  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
13:22:14.0652 0x13c0  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
13:22:14.0667 0x13c0  [ Global ] - ok
13:22:14.0667 0x13c0  ================ Scan MBR ==================================
13:22:14.0667 0x13c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:22:14.0995 0x13c0  \Device\Harddisk0\DR0 - ok
13:22:15.0292 0x13c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:22:15.0620 0x13c0  \Device\Harddisk1\DR1 - ok
13:22:15.0620 0x13c0  ================ Scan VBR ==================================
13:22:15.0620 0x13c0  [ 88CC63F3428BC84D310CA85C7892FC80 ] \Device\Harddisk0\DR0\Partition1
13:22:15.0620 0x13c0  \Device\Harddisk0\DR0\Partition1 - ok
13:22:15.0636 0x13c0  [ BF40913F338A3416491ADD862AEF2C82 ] \Device\Harddisk0\DR0\Partition2
13:22:15.0636 0x13c0  \Device\Harddisk0\DR0\Partition2 - ok
13:22:15.0683 0x13c0  [ 3524ED0B64E994815453770100BD4285 ] \Device\Harddisk1\DR1\Partition1
13:22:15.0683 0x13c0  \Device\Harddisk1\DR1\Partition1 - ok
13:22:15.0683 0x13c0  [ E70AF4BF8F86768B73AACE28C07293B4 ] \Device\Harddisk1\DR1\Partition2
13:22:15.0698 0x13c0  \Device\Harddisk1\DR1\Partition2 - ok
13:22:15.0714 0x13c0  [ 50F72B46B4A1E426173241E8223D18E4 ] \Device\Harddisk1\DR1\Partition3
13:22:15.0730 0x13c0  \Device\Harddisk1\DR1\Partition3 - ok
13:22:15.0730 0x13c0  ================ Scan generic autorun ======================
13:22:15.0917 0x13c0  [ EB02DAC756DEF2FADB8B63933473006C, 2590C6E5AE69FA29A91347C2D41FD940B984A8A2B8AD4F1B90FF4F107E7DDA7C ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
13:22:16.0011 0x13c0  HDAudDeck - ok
13:22:16.0058 0x13c0  [ B899B4608BB72DB2FCC11D350A36D2C6, 7804CA2F8C72936B47D2490A5D36DA45C706ABD2FF247ED7ABC6544EE1BDF09D ] C:\Program Files (x86)\PDF24\pdf24.exe
13:22:16.0073 0x13c0  PDFPrint - ok
13:22:16.0120 0x13c0  [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:22:16.0120 0x13c0  iTunesHelper - ok
13:22:16.0386 0x13c0  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:22:16.0542 0x13c0  OneDriveSetup - ok
13:22:16.0714 0x13c0  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:22:16.0870 0x13c0  OneDriveSetup - ok
13:22:17.0073 0x13c0  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\xxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe
13:22:17.0105 0x13c0  OneDrive - ok
13:22:17.0292 0x13c0  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:22:17.0464 0x13c0  OneDriveSetup - ok
13:22:17.0573 0x13c0  [ CB396B37F21C205F00ACE39CF999295A, FD8CB2426D4B9F13480DD823F0479E75316F6486262E88E420398A2C7AB91F57 ] C:\Program Files (x86)\Windows Mail\wab.exe
13:22:17.0605 0x13c0  WAB Migrate - ok
13:22:17.0792 0x13c0  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:22:17.0933 0x13c0  OneDriveSetup - ok
13:22:17.0948 0x13c0  Waiting for KSN requests completion. In queue: 186
13:22:18.0964 0x13c0  Waiting for KSN requests completion. In queue: 186
13:22:19.0980 0x13c0  Waiting for KSN requests completion. In queue: 186
13:22:21.0027 0x13c0  AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41000 ( enabled : updated )
13:22:21.0027 0x13c0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x62100 ( disabled : updated )
13:22:21.0027 0x13c0  FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\wmiav.exe ( 16.0.0.614 ), 0x41010 ( enabled )
13:22:23.0480 0x13c0  ============================================================
13:22:23.0480 0x13c0  Scan finished
13:22:23.0480 0x13c0  ============================================================
13:22:23.0511 0x03d8  Detected object count: 0
13:22:23.0511 0x03d8  Actual detected object count: 0
13:24:02.0855 0x0694  Deinitialize success

M-K-D-B 30.08.2016 12:59
Servus,



1. Was kannst du mir zu dieser Datei sagen?
Zitat:
C:\ProgramData\cm-lock






2. FRST-Fix bitte ausführen:

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
FF user.js: detected! => C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\user.js [2016-08-29]
Task: {761B23E0-188B-42DB-9B09-4D3DFA109E9B} - kein Dateipfad
File: C:\ProgramData\cm-lock
CMD: type "C:\ProgramData\cm-lock"
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


sumpfgeist 30.08.2016 13:58
Hallo,

1. cm-lock
Dateiattibute versteckt. Ist in Codemeter Runtime Server geöffnet.
Codemeter wird dazu verwendet das Programm Reason (Musiksoftware) auch offline betreiben zu können. (Installing the Codemeter driver lets you authorize your computer (or an optional Ignition Key or Balance audio interface), so that Reason can run authorized without internet access. -https://www.propellerheads.se/download-codemeter). Je nach Start des Musikprogramms ändert sich auch die Größe. Erstellungsdatum: 30.8.2016 - 14:47

2.
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-08-2016
durchgeführt von xxx (30-08-2016 14:45:10) Run:2
Gestartet von C:\Users\xxx\Desktop
Geladene Profile: xxx & Normal & DefaultAppPool (Verfügbare Profile: xxx & Normal & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
FF user.js: detected! => C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\user.js [2016-08-29]
Task: {761B23E0-188B-42DB-9B09-4D3DFA109E9B} - kein Dateipfad
File: C:\ProgramData\cm-lock
CMD: type "C:\ProgramData\cm-lock"
EmptyTemp:
end
       
*****************

Prozess erfolgreich geschlossen.
C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\user.js => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{761B23E0-188B-42DB-9B09-4D3DFA109E9B} => Schlüssel nicht gefunden.

========================= File: C:\ProgramData\cm-lock ========================

"C:\ProgramData\cm-lock" => nicht gefunden.
====== Ende von File: ======


========= type "C:\ProgramData\cm-lock" =========

Das System kann die angegebene Datei nicht finden.

========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2269436 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1901 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 1638 B
NetworkService => 0 B
xxx => 168898 B
Normal => 0 B
DefaultAppPool => 0 B

RecycleBin => 2284 B
EmptyTemp: => 2.3 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 14:45:14 ====

M-K-D-B 30.08.2016 19:47
Sieht gut aus. :)






Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
http://filepony.de/icon/adblock_firefox.pngAdblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
http://filepony.de/icon/noscript.png NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

sumpfgeist 31.08.2016 10:54
Hi, vielen Dank erstmal! :dankeschoen:

Ich hätte noch 2 Fragen, wenn es Dir deine Zeit erlaubt würde ich mich freuen wenn Du sie beanworten würdest.

1. Was hat es mit der user.js auf sich die in der Fixlist stand?
Zitat:
FF user.js: detected! => C:\Users\xxx\Desktop\Kantorat\Thunderbird Profile\Firefox\Profiles\o4k6nlrw.default\user.js [2016-08-29]
2. Ich habe jetzt schon öfters gelesen dass hier auf dem Trojaner-Board der Antivirus von Avira nicht mehr empfohlen wird (häufige Fehlmeldungen, verschiedene andere Dinge). Habt ihr Erfahrungen mit dem Pc-Cleaner von Avira? Verwenden lieber ja/nein?

Viele Grüße

M-K-D-B 31.08.2016 13:10
Zitat:
Zitat von sumpfgeist (Beitrag 1607691)
Ich hätte noch 2 Fragen, wenn es Dir deine Zeit erlaubt würde ich mich freuen wenn Du sie beanworten würdest.
Klar. :)


Zitat:
Zitat von sumpfgeist (Beitrag 1607691)
1. Was hat es mit der user.js auf sich die in der Fixlist stand?
solche user.js sind oft infiziert, darum lass ich sie löschen.



Zitat:
Zitat von sumpfgeist (Beitrag 1607691)
2. Ich habe jetzt schon öfters gelesen dass hier auf dem Trojaner-Board der Antivirus von Avira nicht mehr empfohlen wird (häufige Fehlmeldungen, verschiedene andere Dinge). Habt ihr Erfahrungen mit dem Pc-Cleaner von Avira? Verwenden lieber ja/nein?
Haben wir eher nicht. Aber der PC-Cleaner ist eher als Zweitmeinung interessiert, so jetzt wie bei dir.






Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131