| |
| |||||||
Log-Analyse und Auswertung: Bei Rechnungsaufforderung Anhang geöffnet.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.05.2015, 17:21
| #1 |
| |  Bei Rechnungsaufforderung Anhang geöffnet. Hallo, meine Frau hatte gestern leider eine unbekannte Zahlungsaufforderung für voll genommen und das angehangene ZIP-File geöffnet. Es hatte daraufhin eine Fehlermeldung gegeben, aber Sie konnte mir nicht sagen, was darin gestanden hat. System: Win 8.1 Systemschutz: Outpost Security Suite Pro 9.1 Logfile von Outpost nur als Bild. Habe die Textdatei nicht gefunden. |
|
06.05.2015, 17:57
| #2 |
| /// the machine /// TB-Ausbilder    | Bei Rechnungsaufforderung Anhang geöffnet. Hi,
__________________Logs bitte immer in codetags in den Thread posten 
__________________ |
|
06.05.2015, 18:55
| #3 |
| | Bei Rechnungsaufforderung Anhang geöffnet. Ähh, auf Deutsch heißt das ?
__________________ |
|
07.05.2015, 07:49
| #4 |
| /// the machine /// TB-Ausbilder | Bei Rechnungsaufforderung Anhang geöffnet. Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.05.2015, 13:14
| #5 |
| | Bei Rechnungsaufforderung Anhang geöffnet.Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:40 on 06/05/2015 (Meine)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Meine (administrator) on SCHATZI on 06-05-2015 17:41:48
Running from C:\Rettung
Loaded Profiles: Meine (Available profiles: Meine)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe [4732792 2014-07-20] (Agnitum Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll => c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook64.dll [1126232 2014-02-26] (Agnitum Ltd.)
AppInit_DLLs-x32: c:\progra~1\agnitum\outpos~1\wl_hook.dll => c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook.dll [837320 2014-02-26] (Agnitum Ltd.)
ShellIconOverlayIdentifiers: [Outpost] -> {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} => C:\Program Files\Agnitum\Outpost Security Suite Pro\op_shell.dll [2014-02-26] (Agnitum Ltd.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Meine\AppData\Roaming\Mozilla\Firefox\Profiles\j2hiupz2.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 acssrv; C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe [3408736 2014-07-20] (Agnitum Ltd.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 afw; C:\Windows\system32\DRIVERS\afw.sys [40544 2012-10-16] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [470224 2014-02-04] (Agnitum Ltd.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R1 SandBox; C:\WINDOWS\system32\drivers\SandBox64.sys [1324992 2013-12-20] (Agnitum Ltd.)
R3 VBEngNT; C:\WINDOWS\system32\drivers\VBEngNT.sys [318040 2012-11-20] (VirusBuster Kft.)
R3 VBFilt; C:\WINDOWS\system32\Filt\VBFilt64.dll [84872 2013-12-20] (Agnitum Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 VBCoreNT.0; \SystemRoot\System32\Filt\tmp\51peq11v.vbt [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 17:41 - 2015-05-06 17:41 - 00000000 ____D () C:\FRST
2015-05-06 17:40 - 2015-05-06 17:40 - 00000000 _____ () C:\Users\Meine\defogger_reenable
2015-05-06 17:39 - 2015-05-06 17:41 - 00000000 ____D () C:\Rettung
2015-04-22 14:31 - 2015-04-22 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 21:22 - 2015-04-15 21:22 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 20:09 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 20:09 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 20:09 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 20:09 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 20:09 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 20:09 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 20:09 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 20:09 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 20:09 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 20:09 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 20:09 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 20:09 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 20:09 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 20:09 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 20:08 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 20:08 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 20:08 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 20:08 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 20:08 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 20:08 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 20:08 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 20:08 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 20:08 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 20:08 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 20:08 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 20:08 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 20:08 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 20:08 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 20:08 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 20:08 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 20:08 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 20:08 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 20:08 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 20:08 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 20:08 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 20:08 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 20:08 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 20:08 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 20:08 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 20:08 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 20:08 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 20:08 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 20:08 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 20:08 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 20:08 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 20:08 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 20:08 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 20:08 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 20:07 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 20:07 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 20:07 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 20:07 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 20:07 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 20:07 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 20:07 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 20:07 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 20:07 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 20:07 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 20:07 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 20:07 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 20:07 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 20:07 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 20:07 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 20:07 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 20:07 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-07 20:14 - 2015-04-07 20:14 - 00284536 _____ () C:\WINDOWS\Minidump\040715-66531-01.dmp
2015-04-07 20:14 - 2015-04-07 20:14 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-06 19:24 - 2015-04-06 19:26 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-06 19:24 - 2015-04-06 19:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 17:41 - 2014-07-21 06:17 - 00109795 _____ () C:\WINDOWS\system32\config\rules.rdb
2015-05-06 17:40 - 2013-11-20 18:48 - 00000000 ____D () C:\Users\Meine
2015-05-06 17:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-06 16:35 - 2013-11-20 19:02 - 01166429 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-06 16:13 - 2013-10-31 10:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-06 10:59 - 2014-01-30 19:18 - 00000000 __RDO () C:\Users\Meine\SkyDrive
2015-05-05 21:01 - 2013-04-19 12:44 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1670282916-2329448813-2146751438-1001
2015-05-05 20:26 - 2014-01-26 11:11 - 00000000 ____D () C:\Spielideen
2015-05-05 20:19 - 2014-01-06 11:14 - 00000000 ____D () C:\Textdokumente
2015-05-05 19:57 - 2015-03-27 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-05 19:57 - 2015-03-27 16:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-05 19:44 - 2014-07-21 06:15 - 00000000 ____D () C:\WINDOWS\system32\Filt
2015-05-05 19:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-23 19:59 - 2015-04-04 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-04-23 19:59 - 2014-09-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-22 20:46 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-22 20:46 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-22 20:46 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-19 09:33 - 2013-04-19 12:37 - 00000000 ____D () C:\Users\Meine\AppData\Local\Packages
2015-04-18 13:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 20:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 08:25 - 2013-08-22 16:46 - 00291855 _____ () C:\WINDOWS\setupact.log
2015-04-16 08:25 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 21:24 - 2014-07-21 08:00 - 00265006 _____ () C:\WINDOWS\system32\config\afw_db.conf
2015-04-15 21:24 - 2014-07-21 08:00 - 00000664 _____ () C:\WINDOWS\system32\config\afw_hm.conf
2015-04-15 21:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-15 21:22 - 2015-03-14 15:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 21:19 - 2014-07-21 06:17 - 89071616 _____ () C:\WINDOWS\system32\config\sscan.xas
2015-04-15 20:28 - 2013-10-17 15:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 20:24 - 2013-04-21 10:46 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 20:24 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 20:13 - 2013-10-31 10:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-15 20:07 - 2014-11-12 09:01 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 01:24 - 2014-08-17 20:14 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-08-17 20:14 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 20:14 - 2013-08-22 16:44 - 00513528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-07 20:13 - 2013-09-29 21:04 - 00026598 _____ () C:\WINDOWS\PFRO.log
2015-04-07 20:13 - 2013-07-07 18:41 - 571211197 _____ () C:\WINDOWS\MEMORY.DMP
==================== Files in the root of some directories =======
2014-01-06 01:11 - 2014-01-06 01:11 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Meine\AppData\Local\Temp\avgnt.exe
C:\Users\Meine\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Meine\AppData\Local\Temp\OutpostSecuritySuiteProInstall64_NoBase.exe
C:\Users\Meine\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-01 11:12
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015
Ran by Meine at 2015-05-06 17:42:38
Running from C:\Rettung
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1670282916-2329448813-2146751438-500 - Administrator - Disabled)
Gast (S-1-5-21-1670282916-2329448813-2146751438-501 - Limited - Disabled)
Meine (S-1-5-21-1670282916-2329448813-2146751438-1001 - Administrator - Enabled) => C:\Users\Meine
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Outpost Security Suite Pro (Enabled - Up to date) {CA353927-A29E-272A-EC5E-4FB545C2A8D0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Outpost Security Suite Pro (Enabled - Up to date) {7154D8C3-84A4-28A4-D6EE-74C73E45E26D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Security Suite Pro (Enabled) {F20EB802-E8F1-2672-C701-E680BB11EFAB}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
O&O MediaRecovery (HKLM\...\{92F3C431-A478-428E-B320-BBCA6022B126}) (Version: 10.0.117 - O&O Software GmbH)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Outpost Security Suite Pro 9.1 (HKLM\...\Agnitum Outpost Security Suite Pro_is1) (Version: 9.1 - Agnitum, Ltd.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
15-04-2015 20:17:47 Windows Update
27-04-2015 12:49:58 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E047C66-97AF-4569-A87F-6818669EF82D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {165D6E02-8365-4D16-8704-4DE8C99620FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation)
Task: {21CD5D69-90E0-493B-B171-CDA4955704AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {7D6E7AA5-92E7-4787-B2C6-F51CF0583AD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9A801839-9FA6-4F77-A62F-DD5E83D374A3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {AE257D19-0711-4A5D-A12D-CA5DE8F6DBE3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B44BC16B-4A15-4889-B3D9-E6B84D62FC6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C4D49BDE-69FA-403E-835C-62FB6C044533} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C7ED2E12-92B2-4E49-8D63-0EBA99748391} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {D75D229F-9ED5-45EA-8D14-E54778C8A9B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {D945AEA9-0925-4C46-8A3C-EAB7E961CC9A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {E1681451-D56D-45C5-8C78-9B6757CFF8BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation)
Task: {FEFC0514-A15E-46AF-8BF8-9868A66E1ABC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) ==============
2014-07-21 06:16 - 2013-07-31 12:37 - 00183296 _____ () C:\Program Files\Agnitum\Outpost Security Suite Pro\zlib.dll
2014-07-21 06:16 - 2013-09-19 17:51 - 00351232 _____ () C:\Program Files\Agnitum\Outpost Security Suite Pro\unrar.dll
2015-03-27 16:11 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-12 16:38 - 2012-12-12 16:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-19 13:19 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Meine\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Meine\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acssrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acssrv => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{4B6871EA-7F56-4524-A6A5-0BF2E972F38C}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [TCP Query User{15A1C2D6-40B1-412A-BF99-76F051025540}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [{AF5AEE63-C2B5-4D50-9174-837F5DD59606}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{761A78B2-9AD4-423D-9963-C4040DA6FC5C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{4F44D7ED-82DC-4695-803E-400D9C225462}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{650F06F3-C6B1-4842-BDEA-82012393A613}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{C28A4DBB-496B-4A94-989D-646B0BD7900B}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CF742BA4-3A31-4CDD-AEF0-2B00A6FE8840}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1AD58298-0ED6-418E-ACD2-A2F0AD77C6CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C336454-D11C-458F-B3C1-CD9C3BA639C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19D2A823-BC32-4CB7-BAAC-065D00F3ADB2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FCCF347F-AD82-437C-B434-0E8CBD09576B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7B70A031-A042-4EBD-9344-40C58DEF002D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4A57F3F2-501D-433B-A554-943C68F6499D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{39FF1F8C-243F-4850-8720-215A44435B76}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2015 05:35:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 9a8
Startzeit: 01d08811954f8595
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 88d85828-f405-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 05:30:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 174c
Startzeit: 01d08810de95ebf7
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: d214266f-f404-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 04:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1908
Startzeit: 01d0880af20de854
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: e59505c9-f3fe-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 04:11:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a64
Startzeit: 01d08805df3ef1cc
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: d2c0a375-f3f9-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 03:48:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1240
Startzeit: 01d0880290475a44
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 83d4f26d-f3f6-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 03:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7c8
Startzeit: 01d087fe5f61cc2d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 52ffe6e0-f3f2-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 02:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1340
Startzeit: 01d087fa2e7b388d
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 221a267e-f3ee-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 02:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1e40
Startzeit: 01d087f5fda0d2c1
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: f17bd72a-f3e9-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 01:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11d4
Startzeit: 01d087f193c31c79
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 873a0ae8-f3e5-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 01:18:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c0c
Startzeit: 01d087ed9bd5dcb3
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 8f5dfc7c-f3e1-11e4-beaa-96929d121a1b
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (04/13/2015 08:29:50 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (04/07/2015 08:14:46 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0xffffd001d1b64000, 0x0000000000000002, 0x0000000000000000, 0xfffff800887a9b3a)C:\WINDOWS\MEMORY.DMP040715-66531-01
Error: (04/07/2015 08:14:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.04.2015 um 21:59:56 unerwartet heruntergefahren.
Error: (04/04/2015 08:49:27 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (04/04/2015 08:47:27 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (04/04/2015 08:45:33 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (04/02/2015 07:58:31 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (04/02/2015 07:56:31 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (04/02/2015 07:54:37 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/29/2015 09:04:45 AM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Microsoft Office Sessions:
=========================
Error: (05/06/2015 05:35:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206899a801d08811954f85954294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe88d85828-f405-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 05:30:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689174c01d08810de95ebf74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed214266f-f404-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 04:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689190801d0880af20de8544294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exee59505c9-f3fe-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 04:11:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891a6401d08805df3ef1cc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed2c0a375-f3f9-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 03:48:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689124001d0880290475a444294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe83d4f26d-f3f6-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 03:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206897c801d087fe5f61cc2d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe52ffe6e0-f3f2-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 02:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689134001d087fa2e7b388d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe221a267e-f3ee-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 02:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891e4001d087f5fda0d2c14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef17bd72a-f3e9-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 01:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068911d401d087f193c31c794294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe873a0ae8-f3e5-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/06/2015 01:18:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891c0c01d087ed9bd5dcb34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8f5dfc7c-f3e1-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 3983.28 MB
Available physical RAM: 1971.89 MB
Total Pagefile: 8079.28 MB
Available Pagefile: 6044.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.24 GB) (Free:428.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A3543C19)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-06 17:50:00
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e Hitachi_HTS545050A7E380 rev.GG2OA7A0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Meine\AppData\Local\Temp\fwldypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600017fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17 fffff9600017fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\KERNEL32.DLL!DeleteFileA + 8 00007ffb36ff47c8 14 bytes [30, 7E, 84, 31, F7, 7F, 00, ...]
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\KERNEL32.DLL!DeleteFileA + 8 00007ffb36ff47c8 14 bytes [A0, FD, 08, 1A, F6, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 216 00007ffb36b26388 14 bytes [C0, FE, 08, 1A, F6, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SetWindowsHookA + 24 00007ffb36b80f58 14 bytes [50, FE, 08, 1A, F6, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos 00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46 00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328 00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152 00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA 00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534 00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [7160:6832] fffff9600094a2d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
08.05.2015, 08:55
| #6 |
| /// the machine /// TB-Ausbilder | Bei Rechnungsaufforderung Anhang geöffnet. hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Bei Rechnungsaufforderung Anhang geöffnet. |
|
08.05.2015, 10:55
| #7 |
| | Bei Rechnungsaufforderung Anhang geöffnet.Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.08.02
rootkit: v2015.04.21.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
Meine :: SCHATZI [administrator]
08.05.2015 11:16:59
mbar-log-2015-05-08 (11-16-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 368266
Time elapsed: 27 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 11:48:05.0110 0x1eb4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:48:05.0110 0x1eb4 UEFI system
11:48:08.0562 0x1eb4 ============================================================
11:48:08.0562 0x1eb4 Current date / time: 2015/05/08 11:48:08.0562
11:48:08.0562 0x1eb4 SystemInfo:
11:48:08.0562 0x1eb4
11:48:08.0562 0x1eb4 OS Version: 6.3.9600 ServicePack: 0.0
11:48:08.0562 0x1eb4 Product type: Workstation
11:48:08.0562 0x1eb4 ComputerName: SCHATZI
11:48:08.0563 0x1eb4 UserName: Meine
11:48:08.0563 0x1eb4 Windows directory: C:\WINDOWS
11:48:08.0563 0x1eb4 System windows directory: C:\WINDOWS
11:48:08.0563 0x1eb4 Running under WOW64
11:48:08.0563 0x1eb4 Processor architecture: Intel x64
11:48:08.0563 0x1eb4 Number of processors: 4
11:48:08.0563 0x1eb4 Page size: 0x1000
11:48:08.0563 0x1eb4 Boot type: Normal boot
11:48:08.0563 0x1eb4 ============================================================
11:48:09.0515 0x1eb4 KLMD registered as C:\WINDOWS\system32\drivers\51986081.sys
11:48:10.0754 0x1eb4 System UUID: {BD6DBF0D-102C-4D83-F748-6C09EBBF114F}
11:48:11.0771 0x1eb4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:48:11.0932 0x1eb4 ============================================================
11:48:11.0932 0x1eb4 \Device\Harddisk0\DR0:
11:48:11.0933 0x1eb4 GPT partitions:
11:48:11.0933 0x1eb4 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B5AA1838-17DB-4DFB-9974-9414685CFF61}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
11:48:11.0933 0x1eb4 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FF7D21EA-ED2B-4497-B932-57164902A023}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
11:48:11.0933 0x1eb4 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {76443595-77C3-4428-9EDF-2D3F6711575B}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
11:48:11.0933 0x1eb4 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5D7F0DB4-FB42-4150-9921-DA1A7057885C}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x3A27D000
11:48:11.0933 0x1eb4 MBR partitions:
11:48:11.0933 0x1eb4 ============================================================
11:48:11.0958 0x1eb4 C: <-> \Device\Harddisk0\DR0\Partition4
11:48:11.0958 0x1eb4 ============================================================
11:48:11.0958 0x1eb4 Initialize success
11:48:11.0958 0x1eb4 ============================================================
11:48:38.0075 0x163c ============================================================
11:48:38.0075 0x163c Scan started
11:48:38.0075 0x163c Mode: Manual;
11:48:38.0075 0x163c ============================================================
11:48:38.0075 0x163c KSN ping started
11:48:40.0513 0x163c KSN ping finished: true
11:48:43.0341 0x163c ================ Scan system memory ========================
11:48:43.0341 0x163c System memory - ok
11:48:43.0341 0x163c ================ Scan services =============================
11:48:43.0670 0x163c [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
11:48:43.0670 0x163c 1394ohci - ok
11:48:43.0701 0x163c [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
11:48:43.0701 0x163c 3ware - ok
11:48:43.0779 0x163c [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
11:48:43.0795 0x163c ACPI - ok
11:48:43.0826 0x163c [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
11:48:43.0826 0x163c acpiex - ok
11:48:43.0841 0x163c [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
11:48:43.0841 0x163c acpipagr - ok
11:48:43.0873 0x163c [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
11:48:43.0873 0x163c AcpiPmi - ok
11:48:43.0888 0x163c [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
11:48:43.0888 0x163c acpitime - ok
11:48:44.0091 0x163c [ B3F9449F572D70507756189CBB18B5CE, 3B39FD9CE4FE4979CCCFF4C68FA1F99500D20CB6C097C64BA9F90D287E3D0B2D ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
11:48:44.0170 0x163c acssrv - ok
11:48:44.0263 0x163c [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:44.0263 0x163c AdobeARMservice - ok
11:48:44.0373 0x163c [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:44.0388 0x163c AdobeFlashPlayerUpdateSvc - ok
11:48:44.0451 0x163c [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
11:48:44.0482 0x163c ADP80XX - ok
11:48:44.0513 0x163c [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
11:48:44.0513 0x163c AeLookupSvc - ok
11:48:44.0576 0x163c [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys
11:48:44.0592 0x163c AFD - ok
11:48:44.0623 0x163c [ A12CC7EA6448C7BADC8677593C2AC55D, 38D12D815BDC39CCF02D905BD6EC2BF073160CC2426401ED3377AB452A23FD37 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
11:48:44.0623 0x163c afw - ok
11:48:44.0670 0x163c [ B998EC04EF865567B78D4F0E36530FFC, D5B8C2DACE0E771936B9CE9D4E7527255FC70C46FD149484087C083559537F08 ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
11:48:44.0685 0x163c afwcore - ok
11:48:44.0732 0x163c [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
11:48:44.0732 0x163c agp440 - ok
11:48:44.0763 0x163c [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
11:48:44.0763 0x163c ahcache - ok
11:48:44.0795 0x163c [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe
11:48:44.0795 0x163c ALG - ok
11:48:44.0810 0x163c [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
11:48:44.0826 0x163c AmdK8 - ok
11:48:44.0842 0x163c [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
11:48:44.0842 0x163c AmdPPM - ok
11:48:44.0873 0x163c [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
11:48:44.0873 0x163c amdsata - ok
11:48:44.0889 0x163c [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
11:48:44.0904 0x163c amdsbs - ok
11:48:44.0951 0x163c [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
11:48:44.0951 0x163c amdxata - ok
11:48:44.0967 0x163c [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys
11:48:44.0967 0x163c AppID - ok
11:48:44.0998 0x163c [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
11:48:45.0014 0x163c AppIDSvc - ok
11:48:45.0029 0x163c [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll
11:48:45.0029 0x163c Appinfo - ok
11:48:45.0107 0x163c [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
11:48:45.0139 0x163c AppReadiness - ok
11:48:45.0201 0x163c [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
11:48:45.0232 0x163c AppXSvc - ok
11:48:45.0264 0x163c [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
11:48:45.0264 0x163c arcsas - ok
11:48:45.0295 0x163c [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
11:48:45.0295 0x163c atapi - ok
11:48:45.0326 0x163c [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:48:45.0326 0x163c AudioEndpointBuilder - ok
11:48:45.0373 0x163c [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
11:48:45.0404 0x163c Audiosrv - ok
11:48:45.0420 0x163c [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
11:48:45.0420 0x163c AxInstSV - ok
11:48:45.0467 0x163c [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
11:48:45.0482 0x163c b06bdrv - ok
11:48:45.0498 0x163c [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:48:45.0498 0x163c BasicDisplay - ok
11:48:45.0529 0x163c [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
11:48:45.0529 0x163c BasicRender - ok
11:48:45.0560 0x163c [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
11:48:45.0560 0x163c bcmfn2 - ok
11:48:45.0597 0x163c [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\WINDOWS\System32\bdesvc.dll
11:48:45.0613 0x163c BDESVC - ok
11:48:45.0629 0x163c [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:48:45.0629 0x163c Beep - ok
11:48:45.0676 0x163c [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\WINDOWS\System32\bfe.dll
11:48:45.0707 0x163c BFE - ok
11:48:45.0754 0x163c [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll
11:48:45.0769 0x163c BITS - ok
11:48:45.0785 0x163c [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
11:48:45.0801 0x163c bowser - ok
11:48:45.0832 0x163c [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:48:45.0847 0x163c BrokerInfrastructure - ok
11:48:45.0894 0x163c [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll
11:48:45.0894 0x163c Browser - ok
11:48:45.0926 0x163c [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:48:45.0941 0x163c BthAvrcpTg - ok
11:48:45.0988 0x163c [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
11:48:45.0988 0x163c BthHFEnum - ok
11:48:46.0035 0x163c [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
11:48:46.0051 0x163c bthhfhid - ok
11:48:46.0082 0x163c [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
11:48:46.0097 0x163c BthHFSrv - ok
11:48:46.0144 0x163c [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
11:48:46.0144 0x163c BTHMODEM - ok
11:48:46.0176 0x163c [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll
11:48:46.0191 0x163c bthserv - ok
11:48:46.0207 0x163c [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:48:46.0207 0x163c cdfs - ok
11:48:46.0238 0x163c [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
11:48:46.0238 0x163c cdrom - ok
11:48:46.0269 0x163c [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
11:48:46.0285 0x163c CertPropSvc - ok
11:48:46.0301 0x163c [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
11:48:46.0316 0x163c circlass - ok
11:48:46.0332 0x163c [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
11:48:46.0348 0x163c CLFS - ok
11:48:46.0519 0x163c [ 1352A95AD8150440E0A5DD9745154D74, CF78A6267A246F747844FFA255783B5867B0A7232C65AF6224B25B2FBB893313 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
11:48:46.0566 0x163c ClickToRunSvc - ok
11:48:46.0598 0x163c [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
11:48:46.0598 0x163c CmBatt - ok
11:48:46.0644 0x163c [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
11:48:46.0660 0x163c CNG - ok
11:48:46.0676 0x163c [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
11:48:46.0676 0x163c CompositeBus - ok
11:48:46.0691 0x163c COMSysApp - ok
11:48:46.0707 0x163c [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
11:48:46.0707 0x163c condrv - ok
11:48:46.0754 0x163c [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
11:48:46.0769 0x163c cphs - ok
11:48:46.0801 0x163c [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
11:48:46.0801 0x163c CryptSvc - ok
11:48:46.0832 0x163c [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys
11:48:46.0832 0x163c dam - ok
11:48:46.0910 0x163c [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:48:46.0926 0x163c DcomLaunch - ok
11:48:46.0988 0x163c [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll
11:48:47.0004 0x163c defragsvc - ok
11:48:47.0035 0x163c [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:48:47.0051 0x163c DeviceAssociationService - ok
11:48:47.0082 0x163c [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
11:48:47.0082 0x163c DeviceInstall - ok
11:48:47.0113 0x163c [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
11:48:47.0113 0x163c Dfsc - ok
11:48:47.0144 0x163c [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
11:48:47.0160 0x163c Dhcp - ok
11:48:47.0191 0x163c [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys
11:48:47.0191 0x163c disk - ok
11:48:47.0207 0x163c [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
11:48:47.0207 0x163c dmvsc - ok
11:48:47.0238 0x163c [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:48:47.0254 0x163c Dnscache - ok
11:48:47.0285 0x163c [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
11:48:47.0301 0x163c dot3svc - ok
11:48:47.0332 0x163c [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll
11:48:47.0348 0x163c DPS - ok
11:48:47.0363 0x163c [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:48:47.0363 0x163c drmkaud - ok
11:48:47.0394 0x163c [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
11:48:47.0394 0x163c DsmSvc - ok
11:48:47.0504 0x163c [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:48:47.0535 0x163c DXGKrnl - ok
11:48:47.0566 0x163c [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
11:48:47.0566 0x163c Eaphost - ok
11:48:47.0754 0x163c [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
11:48:47.0894 0x163c ebdrv - ok
11:48:47.0926 0x163c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe
11:48:47.0926 0x163c EFS - ok
11:48:47.0957 0x163c [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
11:48:47.0957 0x163c EhStorClass - ok
11:48:47.0973 0x163c [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:48:47.0988 0x163c EhStorTcgDrv - ok
11:48:48.0019 0x163c [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
11:48:48.0019 0x163c ErrDev - ok
11:48:48.0051 0x163c [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll
11:48:48.0066 0x163c EventSystem - ok
11:48:48.0098 0x163c [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
11:48:48.0129 0x163c exfat - ok
11:48:48.0144 0x163c [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
11:48:48.0160 0x163c fastfat - ok
11:48:48.0207 0x163c [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe
11:48:48.0223 0x163c Fax - ok
11:48:48.0238 0x163c [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
11:48:48.0238 0x163c fdc - ok
11:48:48.0269 0x163c [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
11:48:48.0269 0x163c fdPHost - ok
11:48:48.0301 0x163c [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
11:48:48.0301 0x163c FDResPub - ok
11:48:48.0332 0x163c [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
11:48:48.0332 0x163c fhsvc - ok
11:48:48.0363 0x163c [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
11:48:48.0363 0x163c FileInfo - ok
11:48:48.0395 0x163c [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
11:48:48.0395 0x163c Filetrace - ok
11:48:48.0410 0x163c [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
11:48:48.0410 0x163c flpydisk - ok
11:48:48.0441 0x163c [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:48:48.0441 0x163c FltMgr - ok
11:48:48.0519 0x163c [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache C:\WINDOWS\system32\FntCache.dll
11:48:48.0551 0x163c FontCache - ok
11:48:48.0645 0x163c [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:48.0645 0x163c FontCache3.0.0.0 - ok
11:48:48.0676 0x163c [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
11:48:48.0691 0x163c FsDepends - ok
11:48:48.0707 0x163c [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:48:48.0707 0x163c Fs_Rec - ok
11:48:48.0769 0x163c [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:48:48.0785 0x163c fvevol - ok
11:48:48.0816 0x163c [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
11:48:48.0832 0x163c FxPPM - ok
11:48:48.0848 0x163c [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
11:48:48.0848 0x163c gagp30kx - ok
11:48:48.0879 0x163c [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
11:48:48.0879 0x163c gencounter - ok
11:48:48.0910 0x163c [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:48:48.0910 0x163c GPIOClx0101 - ok
11:48:48.0988 0x163c [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
11:48:49.0020 0x163c gpsvc - ok
11:48:49.0066 0x163c [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
11:48:49.0066 0x163c HdAudAddService - ok
11:48:49.0098 0x163c [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
11:48:49.0098 0x163c HDAudBus - ok
11:48:49.0113 0x163c [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
11:48:49.0113 0x163c HidBatt - ok
11:48:49.0145 0x163c [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
11:48:49.0145 0x163c HidBth - ok
11:48:49.0160 0x163c [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
11:48:49.0160 0x163c hidi2c - ok
11:48:49.0191 0x163c [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
11:48:49.0191 0x163c HidIr - ok
11:48:49.0207 0x163c [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll
11:48:49.0207 0x163c hidserv - ok
11:48:49.0238 0x163c [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
11:48:49.0238 0x163c HidUsb - ok
11:48:49.0270 0x163c [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
11:48:49.0285 0x163c hkmsvc - ok
11:48:49.0316 0x163c [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:48:49.0332 0x163c HomeGroupListener - ok
11:48:49.0363 0x163c [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:48:49.0379 0x163c HomeGroupProvider - ok
11:48:49.0410 0x163c [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
11:48:49.0410 0x163c HpSAMD - ok
11:48:49.0488 0x163c [ B6639BF8236BDD3427B10C581332BE71, A6A9DB37BB83C70F01E7D99CA4891FD32F93A96C84215CFCC85AF41625C1023C ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
11:48:49.0504 0x163c HPSupportSolutionsFrameworkService - ok
11:48:49.0566 0x163c [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
11:48:49.0598 0x163c HTTP - ok
11:48:49.0613 0x163c [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
11:48:49.0613 0x163c hwpolicy - ok
11:48:49.0645 0x163c [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
11:48:49.0645 0x163c hyperkbd - ok
11:48:49.0645 0x163c [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:48:49.0645 0x163c HyperVideo - ok
11:48:49.0676 0x163c [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
11:48:49.0676 0x163c i8042prt - ok
11:48:49.0676 0x163c [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
11:48:49.0676 0x163c iaLPSSi_GPIO - ok
11:48:49.0691 0x163c [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
11:48:49.0707 0x163c iaLPSSi_I2C - ok
11:48:49.0738 0x163c [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
11:48:49.0754 0x163c iaStorAV - ok
11:48:49.0816 0x163c [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
11:48:49.0816 0x163c iaStorV - ok
11:48:49.0879 0x163c [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
11:48:49.0895 0x163c ICCS - ok
11:48:50.0035 0x163c [ DEA2F976E7327716AA0038EBF550003A, 5EA4666874F1D03879EA95F28228AC9EA3D7DF0F2E199EEE9B5BC6C81CA290B3 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:48:50.0098 0x163c IconMan_R - ok
11:48:50.0098 0x163c IEEtwCollectorService - ok
11:48:50.0301 0x163c [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
11:48:50.0504 0x163c igfx - ok
11:48:50.0582 0x163c [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
11:48:50.0613 0x163c IKEEXT - ok
11:48:50.0645 0x163c [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:48:50.0645 0x163c IntcDAud - ok
11:48:50.0738 0x163c [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:48:50.0770 0x163c Intel(R) Capability Licensing Service Interface - ok
11:48:50.0785 0x163c [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
11:48:50.0785 0x163c intelide - ok
11:48:50.0801 0x163c [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
11:48:50.0801 0x163c intelpep - ok
11:48:50.0848 0x163c [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
11:48:50.0848 0x163c intelppm - ok
11:48:50.0879 0x163c [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:48:50.0910 0x163c IpFilterDriver - ok
11:48:50.0988 0x163c [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
11:48:51.0020 0x163c iphlpsvc - ok
11:48:51.0035 0x163c [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:48:51.0035 0x163c IPMIDRV - ok
11:48:51.0051 0x163c [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
11:48:51.0066 0x163c IPNAT - ok
11:48:51.0082 0x163c [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
11:48:51.0098 0x163c IRENUM - ok
11:48:51.0129 0x163c [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
11:48:51.0129 0x163c isapnp - ok
11:48:51.0160 0x163c [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
11:48:51.0176 0x163c iScsiPrt - ok
11:48:51.0238 0x163c [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:48:51.0238 0x163c jhi_service - ok
11:48:51.0270 0x163c [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
11:48:51.0270 0x163c kbdclass - ok
11:48:51.0285 0x163c [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
11:48:51.0301 0x163c kbdhid - ok
11:48:51.0332 0x163c [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
11:48:51.0332 0x163c kdnic - ok
11:48:51.0348 0x163c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe
11:48:51.0348 0x163c KeyIso - ok
11:48:51.0379 0x163c [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
11:48:51.0379 0x163c KSecDD - ok
11:48:51.0426 0x163c [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:48:51.0426 0x163c KSecPkg - ok
11:48:51.0473 0x163c [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
11:48:51.0473 0x163c ksthunk - ok
11:48:51.0504 0x163c [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
11:48:51.0504 0x163c KtmRm - ok
11:48:51.0551 0x163c [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
11:48:51.0567 0x163c LanmanServer - ok
11:48:51.0598 0x163c [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:48:51.0613 0x163c LanmanWorkstation - ok
11:48:51.0660 0x163c [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll
11:48:51.0676 0x163c lfsvc - ok
11:48:51.0692 0x163c [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
11:48:51.0707 0x163c lltdio - ok
11:48:51.0738 0x163c [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
11:48:51.0754 0x163c lltdsvc - ok
11:48:51.0801 0x163c [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
11:48:51.0801 0x163c lmhosts - ok
11:48:51.0832 0x163c [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:48:51.0832 0x163c LMS - ok
11:48:51.0879 0x163c [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
11:48:51.0895 0x163c LSI_SAS - ok
11:48:51.0910 0x163c [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
11:48:51.0910 0x163c LSI_SAS2 - ok
11:48:51.0926 0x163c [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys
11:48:51.0942 0x163c LSI_SAS3 - ok
11:48:51.0957 0x163c [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
11:48:51.0957 0x163c LSI_SSS - ok
11:48:52.0035 0x163c [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll
11:48:52.0051 0x163c LSM - ok
11:48:52.0082 0x163c [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
11:48:52.0082 0x163c luafv - ok
11:48:52.0113 0x163c [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys
11:48:52.0113 0x163c megasas - ok
11:48:52.0145 0x163c [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
11:48:52.0160 0x163c megasr - ok
11:48:52.0192 0x163c [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
11:48:52.0192 0x163c MEIx64 - ok
11:48:52.0223 0x163c [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll
11:48:52.0223 0x163c MMCSS - ok
11:48:52.0254 0x163c [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys
11:48:52.0254 0x163c Modem - ok
11:48:52.0270 0x163c [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
11:48:52.0270 0x163c monitor - ok
11:48:52.0301 0x163c [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
11:48:52.0301 0x163c mouclass - ok
11:48:52.0317 0x163c [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
11:48:52.0317 0x163c mouhid - ok
11:48:52.0348 0x163c [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
11:48:52.0348 0x163c mountmgr - ok
11:48:52.0410 0x163c [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:48:52.0426 0x163c MozillaMaintenance - ok
11:48:52.0457 0x163c [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
11:48:52.0457 0x163c mpsdrv - ok
11:48:52.0535 0x163c [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
11:48:52.0551 0x163c MpsSvc - ok
11:48:52.0598 0x163c [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
11:48:52.0598 0x163c MRxDAV - ok
11:48:52.0629 0x163c [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:48:52.0645 0x163c mrxsmb - ok
11:48:52.0692 0x163c [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:48:52.0723 0x163c mrxsmb10 - ok
11:48:52.0754 0x163c [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:48:52.0754 0x163c mrxsmb20 - ok
11:48:52.0801 0x163c [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
11:48:52.0801 0x163c MsBridge - ok
11:48:52.0832 0x163c [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe
11:48:52.0832 0x163c MSDTC - ok
11:48:52.0879 0x163c [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:48:52.0879 0x163c Msfs - ok
11:48:52.0895 0x163c [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:48:52.0895 0x163c msgpiowin32 - ok
11:48:52.0926 0x163c [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:48:52.0926 0x163c mshidkmdf - ok
11:48:52.0942 0x163c [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
11:48:52.0942 0x163c mshidumdf - ok
11:48:52.0957 0x163c [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
11:48:52.0957 0x163c msisadrv - ok
11:48:52.0989 0x163c [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
11:48:53.0004 0x163c MSiSCSI - ok
11:48:53.0004 0x163c msiserver - ok
11:48:53.0020 0x163c [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:48:53.0020 0x163c MSKSSRV - ok
11:48:53.0036 0x163c [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
11:48:53.0036 0x163c MsLldp - ok
11:48:53.0051 0x163c [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:48:53.0051 0x163c MSPCLOCK - ok
11:48:53.0067 0x163c [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:48:53.0067 0x163c MSPQM - ok
11:48:53.0098 0x163c [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
11:48:53.0114 0x163c MsRPC - ok
11:48:53.0129 0x163c [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
11:48:53.0129 0x163c mssmbios - ok
11:48:53.0145 0x163c [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:48:53.0145 0x163c MSTEE - ok
11:48:53.0161 0x163c [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
11:48:53.0161 0x163c MTConfig - ok
11:48:53.0176 0x163c [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys
11:48:53.0176 0x163c Mup - ok
11:48:53.0192 0x163c [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
11:48:53.0207 0x163c mvumis - ok
11:48:53.0239 0x163c [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll
11:48:53.0254 0x163c napagent - ok
11:48:53.0286 0x163c [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:48:53.0301 0x163c NativeWifiP - ok
11:48:53.0332 0x163c [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
11:48:53.0332 0x163c NcaSvc - ok
11:48:53.0379 0x163c [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll
11:48:53.0379 0x163c NcbService - ok
11:48:53.0411 0x163c [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
11:48:53.0411 0x163c NcdAutoSetup - ok
11:48:53.0473 0x163c [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
11:48:53.0489 0x163c NDIS - ok
11:48:53.0520 0x163c [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
11:48:53.0520 0x163c NdisCap - ok
11:48:53.0567 0x163c [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
11:48:53.0567 0x163c NdisImPlatform - ok
11:48:53.0582 0x163c [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:48:53.0582 0x163c NdisTapi - ok
11:48:53.0582 0x163c [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:48:53.0582 0x163c Ndisuio - ok
11:48:53.0614 0x163c [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
11:48:53.0614 0x163c NdisVirtualBus - ok
11:48:53.0629 0x163c [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:53.0645 0x163c NdisWan - ok
11:48:53.0645 0x163c [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:53.0661 0x163c NdisWanLegacy - ok
11:48:53.0692 0x163c [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:48:53.0692 0x163c NDProxy - ok
11:48:53.0707 0x163c [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
11:48:53.0707 0x163c Ndu - ok
11:48:53.0739 0x163c [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:48:53.0739 0x163c NetBIOS - ok
11:48:53.0770 0x163c [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:48:53.0770 0x163c NetBT - ok
11:48:53.0786 0x163c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe
11:48:53.0801 0x163c Netlogon - ok
11:48:53.0832 0x163c [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll
11:48:53.0832 0x163c Netman - ok
11:48:53.0879 0x163c [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
11:48:53.0895 0x163c netprofm - ok
11:48:54.0020 0x163c [ 76E90502D9001077DA92F81126D06C9B, 9E5B6DD3F1DAF49D303A7B3F6763A25C5F55F1E67A33AA8572204E9105B092EF ] netr28x C:\WINDOWS\system32\DRIVERS\netr28x.sys
11:48:54.0082 0x163c netr28x - ok
11:48:54.0129 0x163c [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:54.0129 0x163c NetTcpPortSharing - ok
11:48:54.0161 0x163c [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys
11:48:54.0176 0x163c netvsc - ok
11:48:54.0207 0x163c [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
11:48:54.0223 0x163c NlaSvc - ok
11:48:54.0254 0x163c [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:48:54.0254 0x163c Npfs - ok
11:48:54.0270 0x163c [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
11:48:54.0286 0x163c npsvctrig - ok
11:48:54.0301 0x163c [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll
11:48:54.0317 0x163c nsi - ok
11:48:54.0332 0x163c [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
11:48:54.0332 0x163c nsiproxy - ok
11:48:54.0426 0x163c [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:48:54.0473 0x163c Ntfs - ok
11:48:54.0504 0x163c [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys
11:48:54.0504 0x163c Null - ok
11:48:54.0520 0x163c [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
11:48:54.0520 0x163c nvraid - ok
11:48:54.0551 0x163c [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
11:48:54.0551 0x163c nvstor - ok
11:48:54.0582 0x163c [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
11:48:54.0582 0x163c nv_agp - ok
11:48:54.0645 0x163c [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:54.0661 0x163c ose - ok
11:48:54.0707 0x163c [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
11:48:54.0723 0x163c p2pimsvc - ok
11:48:54.0754 0x163c [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll
11:48:54.0770 0x163c p2psvc - ok
11:48:54.0801 0x163c [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys
11:48:54.0817 0x163c Parport - ok
11:48:54.0848 0x163c [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
11:48:54.0848 0x163c partmgr - ok
11:48:54.0895 0x163c [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
11:48:54.0911 0x163c PcaSvc - ok
11:48:54.0942 0x163c [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys
11:48:54.0942 0x163c pci - ok
11:48:54.0973 0x163c [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
11:48:54.0973 0x163c pciide - ok
11:48:54.0989 0x163c [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
11:48:54.0989 0x163c pcmcia - ok
11:48:55.0020 0x163c [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
11:48:55.0020 0x163c pcw - ok
11:48:55.0036 0x163c [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys
11:48:55.0051 0x163c pdc - ok
11:48:55.0114 0x163c [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
11:48:55.0129 0x163c PEAUTH - ok
11:48:55.0176 0x163c [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
11:48:55.0192 0x163c PerfHost - ok
11:48:55.0286 0x163c [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll
11:48:55.0332 0x163c pla - ok
11:48:55.0348 0x163c [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
11:48:55.0364 0x163c PlugPlay - ok
11:48:55.0379 0x163c [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
11:48:55.0379 0x163c PNRPAutoReg - ok
11:48:55.0411 0x163c [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
11:48:55.0426 0x163c PNRPsvc - ok
11:48:55.0473 0x163c [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
11:48:55.0473 0x163c PolicyAgent - ok
11:48:55.0504 0x163c [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll
11:48:55.0520 0x163c Power - ok
11:48:55.0692 0x163c [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
11:48:55.0770 0x163c PrintNotify - ok
11:48:55.0817 0x163c [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys
11:48:55.0817 0x163c Processor - ok
11:48:55.0879 0x163c [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
11:48:55.0879 0x163c ProfSvc - ok
11:48:55.0911 0x163c [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
11:48:55.0926 0x163c Psched - ok
11:48:55.0973 0x163c [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll
11:48:55.0989 0x163c QWAVE - ok
11:48:56.0036 0x163c [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
11:48:56.0036 0x163c QWAVEdrv - ok
11:48:56.0051 0x163c [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:48:56.0051 0x163c RasAcd - ok
11:48:56.0083 0x163c [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:48:56.0098 0x163c RasAuto - ok
11:48:56.0145 0x163c [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:48:56.0176 0x163c RasMan - ok
11:48:56.0192 0x163c [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:48:56.0208 0x163c RasPppoe - ok
11:48:56.0239 0x163c [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:48:56.0254 0x163c rdbss - ok
11:48:56.0286 0x163c [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
11:48:56.0286 0x163c rdpbus - ok
11:48:56.0301 0x163c [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
11:48:56.0317 0x163c RDPDR - ok
11:48:56.0348 0x163c [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:48:56.0348 0x163c RdpVideoMiniport - ok
11:48:56.0379 0x163c [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
11:48:56.0379 0x163c rdyboost - ok
11:48:56.0442 0x163c [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys
11:48:56.0458 0x163c ReFS - ok
11:48:56.0504 0x163c [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:48:56.0520 0x163c RemoteAccess - ok
11:48:56.0567 0x163c [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:48:56.0567 0x163c RemoteRegistry - ok
11:48:56.0598 0x163c [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
11:48:56.0614 0x163c RpcEptMapper - ok
11:48:56.0645 0x163c [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe
11:48:56.0645 0x163c RpcLocator - ok
11:48:56.0708 0x163c [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:48:56.0723 0x163c RpcSs - ok
11:48:56.0770 0x163c [ 60BCF0F09DD963D0F89F571F9D1EB8C1, 59BC9EA4D6C5B24352FC7C2DF4856398F6F734A2C52FD9A9195539593C37C8BC ] RSP2STOR C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
11:48:56.0770 0x163c RSP2STOR - ok
11:48:56.0801 0x163c [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:48:56.0817 0x163c rspndr - ok
11:48:56.0864 0x163c [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
11:48:56.0879 0x163c RTL8168 - ok
11:48:56.0895 0x163c [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
11:48:56.0895 0x163c s3cap - ok
11:48:56.0926 0x163c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe
11:48:56.0926 0x163c SamSs - ok
11:48:56.0989 0x163c [ CB08A85D0CCC29F2D84D97D3A445841A, 6093CE81003AA955080B7916B17D15D442FF47C04CB55F597F30B62710DC380D ] SandBox C:\WINDOWS\system32\drivers\SandBox64.sys
11:48:57.0020 0x163c SandBox - ok
11:48:57.0051 0x163c [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
11:48:57.0051 0x163c sbp2port - ok
11:48:57.0098 0x163c [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
11:48:57.0114 0x163c SCardSvr - ok
11:48:57.0161 0x163c [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
11:48:57.0161 0x163c ScDeviceEnum - ok
11:48:57.0192 0x163c [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:48:57.0192 0x163c scfilter - ok
11:48:57.0254 0x163c [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:48:57.0286 0x163c Schedule - ok
11:48:57.0317 0x163c [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
11:48:57.0333 0x163c SCPolicySvc - ok
11:48:57.0364 0x163c [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
11:48:57.0364 0x163c sdbus - ok
11:48:57.0395 0x163c [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
11:48:57.0395 0x163c sdstor - ok
11:48:57.0442 0x163c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
11:48:57.0442 0x163c secdrv - ok
11:48:57.0473 0x163c [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll
11:48:57.0473 0x163c seclogon - ok
11:48:57.0504 0x163c [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll
11:48:57.0504 0x163c SENS - ok
11:48:57.0536 0x163c [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
11:48:57.0551 0x163c SensrSvc - ok
11:48:57.0583 0x163c [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
11:48:57.0583 0x163c SerCx - ok
11:48:57.0614 0x163c [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
11:48:57.0629 0x163c SerCx2 - ok
11:48:57.0645 0x163c [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
11:48:57.0645 0x163c Serenum - ok
11:48:57.0661 0x163c [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys
11:48:57.0661 0x163c Serial - ok
11:48:57.0676 0x163c [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
11:48:57.0676 0x163c sermouse - ok
11:48:57.0723 0x163c [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll
11:48:57.0739 0x163c SessionEnv - ok
11:48:57.0755 0x163c [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
11:48:57.0755 0x163c sfloppy - ok
11:48:57.0801 0x163c [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:48:57.0817 0x163c SharedAccess - ok
11:48:57.0864 0x163c [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:48:57.0880 0x163c ShellHWDetection - ok
11:48:57.0895 0x163c [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:48:57.0895 0x163c SiSRaid2 - ok
11:48:57.0926 0x163c [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
11:48:57.0926 0x163c SiSRaid4 - ok
11:48:58.0020 0x163c [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:48:58.0036 0x163c SkypeUpdate - ok
11:48:58.0067 0x163c [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll
11:48:58.0067 0x163c smphost - ok
11:48:58.0098 0x163c [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
11:48:58.0098 0x163c SNMPTRAP - ok
11:48:58.0145 0x163c [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
11:48:58.0145 0x163c spaceport - ok
11:48:58.0176 0x163c [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
11:48:58.0176 0x163c SpbCx - ok
11:48:58.0223 0x163c [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\WINDOWS\System32\spoolsv.exe
11:48:58.0239 0x163c Spooler - ok
11:48:58.0505 0x163c [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe
11:48:58.0661 0x163c sppsvc - ok
11:48:58.0708 0x163c [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:48:58.0739 0x163c srv - ok
11:48:58.0786 0x163c [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
11:48:58.0801 0x163c srv2 - ok
11:48:58.0833 0x163c [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:48:58.0833 0x163c srvnet - ok
11:48:58.0880 0x163c [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:48:58.0895 0x163c SSDPSRV - ok
11:48:58.0911 0x163c [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
11:48:58.0926 0x163c SstpSvc - ok
11:48:58.0958 0x163c [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
11:48:58.0958 0x163c stexstor - ok
11:48:58.0989 0x163c [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam C:\WINDOWS\System32\drivers\serscan.sys
11:48:58.0989 0x163c StillCam - ok
11:48:59.0036 0x163c [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll
11:48:59.0067 0x163c stisvc - ok
11:48:59.0098 0x163c [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
11:48:59.0098 0x163c storahci - ok
11:48:59.0114 0x163c [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
11:48:59.0130 0x163c storflt - ok
11:48:59.0161 0x163c [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
11:48:59.0161 0x163c stornvme - ok
11:48:59.0192 0x163c [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll
11:48:59.0192 0x163c StorSvc - ok
11:48:59.0223 0x163c [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
11:48:59.0223 0x163c storvsc - ok
11:48:59.0255 0x163c [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll
11:48:59.0255 0x163c svsvc - ok
11:48:59.0270 0x163c [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys
11:48:59.0270 0x163c swenum - ok
11:48:59.0317 0x163c [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll
11:48:59.0333 0x163c swprv - ok
11:48:59.0380 0x163c [ 3F45C3FE208CA5E68832B65C597A35A6, EACE9AAFC01C2BA52F4DA129AEF7BFA3CF7F10146E4F4330CD344BFC39DC959C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:48:59.0395 0x163c SynTP - ok
11:48:59.0458 0x163c [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\WINDOWS\system32\sysmain.dll
11:48:59.0489 0x163c SysMain - ok
11:48:59.0520 0x163c [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:48:59.0520 0x163c SystemEventsBroker - ok
11:48:59.0567 0x163c [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:48:59.0567 0x163c TabletInputService - ok
11:48:59.0630 0x163c [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:48:59.0645 0x163c TapiSrv - ok
11:48:59.0770 0x163c [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
11:48:59.0833 0x163c Tcpip - ok
11:48:59.0911 0x163c [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:48:59.0958 0x163c TCPIP6 - ok
11:49:00.0005 0x163c [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
11:49:00.0005 0x163c tcpipreg - ok
11:49:00.0036 0x163c [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
11:49:00.0036 0x163c tdx - ok
11:49:00.0067 0x163c [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
11:49:00.0067 0x163c terminpt - ok
11:49:00.0145 0x163c [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll
11:49:00.0176 0x163c TermService - ok
11:49:00.0208 0x163c [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll
11:49:00.0208 0x163c Themes - ok
11:49:00.0223 0x163c [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll
11:49:00.0223 0x163c THREADORDER - ok
11:49:00.0255 0x163c [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
11:49:00.0255 0x163c TimeBroker - ok
11:49:00.0286 0x163c [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys
11:49:00.0301 0x163c TPM - ok
11:49:00.0317 0x163c [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll
11:49:00.0333 0x163c TrkWks - ok
11:49:00.0380 0x163c [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:49:00.0380 0x163c TrustedInstaller - ok
11:49:00.0395 0x163c [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
11:49:00.0395 0x163c TsUsbFlt - ok
11:49:00.0411 0x163c [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:49:00.0411 0x163c TsUsbGD - ok
11:49:00.0458 0x163c [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
11:49:00.0458 0x163c tunnel - ok
11:49:00.0473 0x163c [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
11:49:00.0473 0x163c uagp35 - ok
11:49:00.0505 0x163c [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
11:49:00.0505 0x163c UASPStor - ok
11:49:00.0536 0x163c [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
11:49:00.0536 0x163c UCX01000 - ok
11:49:00.0567 0x163c [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
11:49:00.0583 0x163c udfs - ok
11:49:00.0598 0x163c [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
11:49:00.0614 0x163c UEFI - ok
11:49:00.0645 0x163c [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
11:49:00.0645 0x163c UI0Detect - ok
11:49:00.0677 0x163c [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
11:49:00.0677 0x163c uliagpkx - ok
11:49:00.0708 0x163c [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
11:49:00.0708 0x163c umbus - ok
11:49:00.0723 0x163c [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
11:49:00.0723 0x163c UmPass - ok
11:49:00.0770 0x163c [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
11:49:00.0770 0x163c UmRdpService - ok
11:49:00.0848 0x163c [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:49:00.0880 0x163c UNS - ok
11:49:00.0927 0x163c [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:49:00.0973 0x163c upnphost - ok
11:49:01.0005 0x163c [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
11:49:01.0005 0x163c usbccgp - ok
11:49:01.0036 0x163c [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
11:49:01.0036 0x163c usbcir - ok
11:49:01.0067 0x163c [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
11:49:01.0067 0x163c usbehci - ok
11:49:01.0130 0x163c [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
11:49:01.0145 0x163c usbhub - ok
11:49:01.0177 0x163c [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
11:49:01.0177 0x163c USBHUB3 - ok
11:49:01.0239 0x163c [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
11:49:01.0239 0x163c usbohci - ok
11:49:01.0270 0x163c [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
11:49:01.0286 0x163c usbprint - ok
11:49:01.0333 0x163c [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:49:01.0333 0x163c USBSTOR - ok
11:49:01.0364 0x163c [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
11:49:01.0364 0x163c usbuhci - ok
11:49:01.0411 0x163c [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
11:49:01.0411 0x163c usbvideo - ok
11:49:01.0442 0x163c [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:49:01.0458 0x163c USBXHCI - ok
11:49:01.0473 0x163c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe
11:49:01.0489 0x163c VaultSvc - ok
11:49:01.0536 0x163c VBCoreNT.1 - ok
11:49:01.0567 0x163c [ 5C6F242988940CEB75E8CB697F416094, 8AC700B88FD7DAA61E247C1FEC4B4F2C3A402E15840D7E30F91C08DB0A3DBB41 ] VBEngNT C:\WINDOWS\system32\drivers\VBEngNT.sys
11:49:01.0583 0x163c VBEngNT - ok
11:49:01.0583 0x163c [ E3CCD7419EFC64FB57C0F650F295AFF1, E6E0F6852CD86214F9A8C61A605F025F2EB575AFBAFA0EEADA5F15E645712346 ] VBFilt C:\WINDOWS\system32\Filt\VBFilt64.dll
11:49:01.0598 0x163c VBFilt - ok
11:49:01.0614 0x163c [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
11:49:01.0614 0x163c vdrvroot - ok
11:49:01.0708 0x163c [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe
11:49:01.0739 0x163c vds - ok
11:49:01.0786 0x163c [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
11:49:01.0786 0x163c VerifierExt - ok
11:49:01.0833 0x163c [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
11:49:01.0848 0x163c vhdmp - ok
11:49:01.0864 0x163c [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
11:49:01.0864 0x163c viaide - ok
11:49:01.0880 0x163c [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
11:49:01.0895 0x163c vmbus - ok
11:49:01.0911 0x163c [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
11:49:01.0911 0x163c VMBusHID - ok
11:49:01.0942 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
11:49:01.0958 0x163c vmicguestinterface - ok
11:49:01.0989 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
11:49:01.0989 0x163c vmicheartbeat - ok
11:49:02.0020 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:49:02.0020 0x163c vmickvpexchange - ok
11:49:02.0052 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
11:49:02.0067 0x163c vmicrdv - ok
11:49:02.0083 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
11:49:02.0098 0x163c vmicshutdown - ok
11:49:02.0114 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
11:49:02.0130 0x163c vmictimesync - ok
11:49:02.0145 0x163c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
11:49:02.0161 0x163c vmicvss - ok
11:49:02.0192 0x163c [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
11:49:02.0192 0x163c volmgr - ok
11:49:02.0223 0x163c [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
11:49:02.0239 0x163c volmgrx - ok
11:49:02.0270 0x163c [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
11:49:02.0286 0x163c volsnap - ok
11:49:02.0317 0x163c [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
11:49:02.0317 0x163c vpci - ok
11:49:02.0364 0x163c [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
11:49:02.0364 0x163c vsmraid - ok
11:49:02.0442 0x163c [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\WINDOWS\system32\vssvc.exe
11:49:02.0473 0x163c VSS - ok
11:49:02.0505 0x163c [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
11:49:02.0520 0x163c VSTXRAID - ok
11:49:02.0567 0x163c [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
11:49:02.0567 0x163c vwifibus - ok
11:49:02.0614 0x163c [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
11:49:02.0614 0x163c vwififlt - ok
11:49:02.0630 0x163c [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
11:49:02.0630 0x163c vwifimp - ok
11:49:02.0677 0x163c [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll
11:49:02.0692 0x163c W32Time - ok
11:49:02.0708 0x163c [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
11:49:02.0708 0x163c WacomPen - ok
11:49:02.0786 0x163c [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe
11:49:02.0817 0x163c wbengine - ok
11:49:02.0864 0x163c [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
11:49:02.0880 0x163c WbioSrvc - ok
11:49:02.0911 0x163c [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
11:49:02.0911 0x163c Wcmsvc - ok
11:49:02.0974 0x163c [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
11:49:02.0974 0x163c wcncsvc - ok
11:49:03.0005 0x163c [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:49:03.0005 0x163c WcsPlugInService - ok
11:49:03.0036 0x163c [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
11:49:03.0036 0x163c WdBoot - ok
11:49:03.0083 0x163c [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
11:49:03.0114 0x163c Wdf01000 - ok
11:49:03.0145 0x163c [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
11:49:03.0161 0x163c WdFilter - ok
11:49:03.0192 0x163c [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
11:49:03.0192 0x163c WdiServiceHost - ok
11:49:03.0208 0x163c [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
11:49:03.0224 0x163c WdiSystemHost - ok
11:49:03.0255 0x163c [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
11:49:03.0255 0x163c WdNisDrv - ok
11:49:03.0270 0x163c WdNisSvc - ok
11:49:03.0317 0x163c [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:49:03.0317 0x163c WebClient - ok
11:49:03.0364 0x163c [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
11:49:03.0395 0x163c Wecsvc - ok
11:49:03.0427 0x163c [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
11:49:03.0442 0x163c WEPHOSTSVC - ok
11:49:03.0474 0x163c [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
11:49:03.0489 0x163c wercplsupport - ok
11:49:03.0505 0x163c [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll
11:49:03.0505 0x163c WerSvc - ok
11:49:03.0552 0x163c [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
11:49:03.0552 0x163c WFPLWFS - ok
11:49:03.0567 0x163c [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
11:49:03.0583 0x163c WiaRpc - ok
11:49:03.0599 0x163c [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
11:49:03.0599 0x163c WIMMount - ok
11:49:03.0614 0x163c WinDefend - ok
11:49:03.0661 0x163c [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:49:03.0692 0x163c WinHttpAutoProxySvc - ok
11:49:03.0739 0x163c [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:49:03.0755 0x163c Winmgmt - ok
11:49:03.0895 0x163c [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
11:49:03.0974 0x163c WinRM - ok
11:49:04.0020 0x163c [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
11:49:04.0036 0x163c WirelessButtonDriver - ok
11:49:04.0099 0x163c [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
11:49:04.0130 0x163c WlanSvc - ok
11:49:04.0208 0x163c [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
11:49:04.0255 0x163c wlidsvc - ok
11:49:04.0286 0x163c [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
11:49:04.0286 0x163c WmiAcpi - ok
11:49:04.0317 0x163c [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:49:04.0333 0x163c wmiApSrv - ok
11:49:04.0349 0x163c WMPNetworkSvc - ok
11:49:04.0380 0x163c [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys
11:49:04.0395 0x163c Wof - ok
11:49:04.0505 0x163c [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
11:49:04.0552 0x163c workfolderssvc - ok
11:49:04.0567 0x163c [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:49:04.0583 0x163c wpcfltr - ok
11:49:04.0599 0x163c [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
11:49:04.0599 0x163c WPCSvc - ok
11:49:04.0630 0x163c [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
11:49:04.0630 0x163c WPDBusEnum - ok
11:49:04.0677 0x163c [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:49:04.0677 0x163c WpdUpFltr - ok
11:49:04.0708 0x163c [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:49:04.0708 0x163c ws2ifsl - ok
11:49:04.0755 0x163c [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
11:49:04.0770 0x163c wscsvc - ok
11:49:04.0786 0x163c [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
11:49:04.0786 0x163c WSDPrintDevice - ok
11:49:04.0786 0x163c WSearch - ok
11:49:04.0927 0x163c [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll
11:49:05.0099 0x163c WSService - ok
11:49:05.0271 0x163c [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
11:49:05.0427 0x163c wuauserv - ok
11:49:05.0458 0x163c [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
11:49:05.0458 0x163c WudfPf - ok
11:49:05.0489 0x163c [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
11:49:05.0505 0x163c WUDFRd - ok
11:49:05.0536 0x163c [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
11:49:05.0536 0x163c wudfsvc - ok
11:49:05.0552 0x163c [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys
11:49:05.0552 0x163c WUDFWpdFs - ok
11:49:05.0599 0x163c [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
11:49:05.0614 0x163c WwanSvc - ok
11:49:05.0646 0x163c ================ Scan global ===============================
11:49:05.0708 0x163c [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
11:49:05.0739 0x163c [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
11:49:05.0771 0x163c [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
11:49:05.0833 0x163c [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
11:49:05.0849 0x163c [ Global ] - ok
11:49:05.0849 0x163c ================ Scan MBR ==================================
11:49:05.0864 0x163c [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:49:05.0864 0x163c \Device\Harddisk0\DR0 - ok
11:49:05.0864 0x163c ================ Scan VBR ==================================
11:49:05.0880 0x163c [ 7573D6ADFEA8D4D9096C8D09F6EA733F ] \Device\Harddisk0\DR0\Partition1
11:49:05.0880 0x163c \Device\Harddisk0\DR0\Partition1 - ok
11:49:05.0896 0x163c [ 0ED55A58558BE4CBC8791F0438C88EB7 ] \Device\Harddisk0\DR0\Partition2
11:49:05.0911 0x163c \Device\Harddisk0\DR0\Partition2 - ok
11:49:05.0927 0x163c [ 391BDA0E8531A3E7439920D3D0414463 ] \Device\Harddisk0\DR0\Partition3
11:49:05.0927 0x163c \Device\Harddisk0\DR0\Partition3 - ok
11:49:05.0942 0x163c [ C559B6AD88DFABAE85FFFE62BB3448A4 ] \Device\Harddisk0\DR0\Partition4
11:49:05.0974 0x163c \Device\Harddisk0\DR0\Partition4 - ok
11:49:05.0974 0x163c ================ Scan generic autorun ======================
11:49:06.0021 0x163c SynTPEnh - ok
11:49:06.0052 0x163c [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\WINDOWS\system32\igfxtray.exe
11:49:06.0067 0x163c IgfxTray - ok
11:49:06.0099 0x163c [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\WINDOWS\system32\hkcmd.exe
11:49:06.0114 0x163c HotKeysCmds - ok
11:49:06.0130 0x163c [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\WINDOWS\system32\igfxpers.exe
11:49:06.0146 0x163c Persistence - ok
11:49:06.0364 0x163c [ BD707ECBC6B7EFA57F270D2378A46065, 1EDE0B87798E344A8EE9AAEACFB1E94323901803C95D3E7F3396B11EB993880E ] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
11:49:06.0458 0x163c OutpostMonitor - ok
11:49:06.0536 0x163c [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
11:49:06.0552 0x163c HP Software Update - ok
11:49:06.0708 0x163c [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
11:49:06.0755 0x163c HP Officejet 6600 (NET) - ok
11:49:06.0755 0x163c Waiting for KSN requests completion. In queue: 82
11:49:07.0771 0x163c Waiting for KSN requests completion. In queue: 82
11:49:08.0786 0x163c Waiting for KSN requests completion. In queue: 82
11:49:09.0896 0x163c AV detected via SS2: Outpost Security Suite Pro, C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe ( 9.10.4643.15826 ), 0x42000 ( disabled : updated )
11:49:09.0896 0x163c AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
11:49:09.0896 0x163c FW detected via SS2: Outpost Security Suite Pro, C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe ( 9.10.4643.15826 ), 0x42010 ( disabled )
11:49:09.0943 0x163c Win FW state via NFP2: disabled
11:49:12.0333 0x163c ============================================================
11:49:12.0333 0x163c Scan finished
11:49:12.0333 0x163c ============================================================
11:49:12.0349 0x10a8 Detected object count: 0
11:49:12.0349 0x10a8 Actual detected object count: 0
11:49:20.0959 0x1650 Deinitialize success
|
|
09.05.2015, 08:10
| #8 |
| /// the machine /// TB-Ausbilder | Bei Rechnungsaufforderung Anhang geöffnet. Sieht eigentlich gut aus. Bemerkst Du irgendwelche Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.05.2015, 14:21
| #9 |
| | Bei Rechnungsaufforderung Anhang geöffnet. Äh, wir hatten den Rechner aus gelassen, um die Antwort abzuwarten. |
|
10.05.2015, 06:18
| #10 |
| /// the machine /// TB-Ausbilder | Bei Rechnungsaufforderung Anhang geöffnet. Dann mal ausgiebig testen, die Logs sind sauber
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Bei Rechnungsaufforderung Anhang geöffnet. |
| anhang, anhang geöffnet, bekannte, datei, fehlermeldung, gefunde, gestern, konnte, nicht gefunden, outpost, security, security suite, suite, textdatei, unbekannte, voll, win, zahlungsaufforderung |
Linear-Darstellung
