Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos

ElPirato · 19.01.2016, 09:51

Hallo zusammen,
ich kann meinen Rechner/Netzwerk nicht mehr selbst kontrollieren. Meine Rechner starten Dienste, die sie blockieren und rebooten bzw. gehen aus. Das Internet ist sehr langsam und Seiten werden nicht mehr gefunden. Die Proxy Einstellungen gehen immer wieder auf localhost und 127.0.0.1. Die Tastatur welchselt die Spracheinstellung, die Netzwerkadapter kommen und gehen. Ich habe schon mehrere Neuinstallationen gestartet, aber das Verhalten wird nicht besser. Den von Euch empfohlenen FRST kann ich nicht downloaden. Ich habe den Hijacked Report und den des Farbar Minitools in den Anhang gesetzt.
Wie gesagt, ich weiss nicht was ich machen soll und hoffe, auf Eure Unterstützung.
Vielen Dank und Grüsse
ElPirato

cosinus · 19.01.2016, 11:00

Hi

Das W10 Installationsmedium hast du woher? Direkt von Microsoft bezogen, wenn nicht woher genau?

Und die Logs bitte NICHT als Anhang.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

ElPirato · 19.01.2016, 12:38

Hallo Cosinus, dies ist mein dritter Versuch, daher erst einmal vielen Dank für die schnelle Rückmeldung:-)

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:19:52, on 19.01.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)

FIREFOX: 43.0.4 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\notepad.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Lokaler Dienst')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Netzwerkdienst')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7992 bytes

Code:

ATTFilter

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Administrator (administrator) on 19-01-2016 at 09:18:58
Running from "D:\"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 

"network.proxy.no_proxies_on", ""
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel(R) 82579V Gigabit Network Connection = Ethernet (Connected)
Intel(R) Centrino(R) Advanced-N 6230 Driver = WLAN (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth-Netzwerkverbindung (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="WLAN" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-Netzwerkverbindung" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : Home
   Prim�res DNS-Suffix . . . . . . . : 
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein

Drahtlos-LAN-Adapter WLAN:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6230
   Physische Adresse . . . . . . . . : 88-53-2E-8B-D8-A0
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Ethernet:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Intel(R) 82579V Gigabit Network Connection
   Physische Adresse . . . . . . . . : E8-E0-B7-D5-B0-52
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv4-Adresse  . . . . . . . . . . : 192.168.103.234(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Dienstag, 19. Januar 2016 09:17:01
   Lease l�uft ab. . . . . . . . . . : Mittwoch, 20. Januar 2016 09:17:00
   Standardgateway . . . . . . . . . : 192.168.103.1
   DHCP-Server . . . . . . . . . . . : 192.168.103.1
   DNS-Server  . . . . . . . . . . . : 192.168.103.1
   NetBIOS �ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physische Adresse . . . . . . . . : 88-53-2E-8B-D8-A4
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{18C2D077-5D3C-4642-B201-2DC1856C05E2}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft ISATAP Adapter
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 3:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:90d7:869:210e:ad77:ba40(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::869:210e:ad77:ba40%7(Bevorzugt) 
   Standardgateway . . . . . . . . . : ::
   DHCPv6-IAID . . . . . . . . . . . : 234881024
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1E-2E-AE-B9-E8-E0-B7-D5-B0-52
   NetBIOS �ber TCP/IP . . . . . . . : Deaktiviert
Server:  router.asus.com
Address:  192.168.103.1

Name:    google.com
Addresses:  2a00:1450:400a:806::1004
	  173.194.116.34
	  173.194.116.46
	  173.194.116.37
	  173.194.116.39
	  173.194.116.35
	  173.194.116.40
	  173.194.116.33
	  173.194.116.38
	  173.194.116.32
	  173.194.116.36
	  173.194.116.41


Ping wird ausgef�hrt f�r google.com [173.194.116.41] mit 32 Bytes Daten:
Antwort von 173.194.116.41: Bytes=32 Zeit=10ms TTL=57
Antwort von 173.194.116.41: Bytes=32 Zeit=12ms TTL=57

Ping-Statistik f�r 173.194.116.41:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 10ms, Maximum = 12ms, Mittelwert = 11ms
Server:  router.asus.com
Address:  192.168.103.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
	  2001:4998:58:c02::a9
	  2001:4998:c:a06::2:4008
	  206.190.36.45
	  98.138.253.109
	  98.139.183.24


Ping wird ausgef�hrt f�r yahoo.com [98.139.183.24] mit 32 Bytes Daten:
Antwort von 98.139.183.24: Bytes=32 Zeit=153ms TTL=47
Antwort von 98.139.183.24: Bytes=32 Zeit=151ms TTL=47

Ping-Statistik f�r 98.139.183.24:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 151ms, Maximum = 153ms, Mittelwert = 152ms

Ping wird ausgef�hrt f�r 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik f�r 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
  8...88 53 2e 8b d8 a0 ......Intel(R) Centrino(R) Advanced-N 6230
  2...e8 e0 b7 d5 b0 52 ......Intel(R) 82579V Gigabit Network Connection
  4...88 53 2e 8b d8 a4 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0    192.168.103.1  192.168.103.234     20
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
    192.168.103.0    255.255.255.0   Auf Verbindung   192.168.103.234    276
  192.168.103.234  255.255.255.255   Auf Verbindung   192.168.103.234    276
  192.168.103.255  255.255.255.255   Auf Verbindung   192.168.103.234    276
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung   192.168.103.234    276
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung   192.168.103.234    276
===========================================================================
St�ndige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  7    306 ::/0                     Auf Verbindung
  1    306 ::1/128                  Auf Verbindung
  7    306 2001::/32                Auf Verbindung
  7    306 2001:0:9d38:90d7:869:210e:ad77:ba40/128
                                    Auf Verbindung
  7    306 fe80::/64                Auf Verbindung
  7    306 fe80::869:210e:ad77:ba40/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
  7    306 ff00::/8                 Auf Verbindung
===========================================================================
St�ndige Routen:
  Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/19/2016 08:41:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/19/2016 08:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 07:33:55 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/18/2016 07:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 07:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 07:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 04:59:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 04:45:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 04:21:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 04:21:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: )
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (01/19/2016 08:37:12 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/18/2016 09:16:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Synchronisierungshost_42da4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/18/2016 09:16:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/18/2016 08:45:01 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4

Error: (01/18/2016 08:44:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/18/2016 08:12:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Synchronisierungshost_b4ba4" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/18/2016 08:12:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Synchronisierungshost_db5335" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/18/2016 08:12:31 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/18/2016 07:31:32 PM) (Source: DCOM) (User: )
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Nicht verfügbarNicht verfügbarS-1-5-21-2097929271-88320824-1925333067-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/18/2016 07:21:36 PM) (Source: DCOM) (User: )
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Nicht verfügbarNicht verfügbarS-1-5-21-2097929271-88320824-1925333067-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (01/19/2016 08:41:12 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOME)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2144927149

Error: (01/19/2016 08:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HOME)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2144927149

Error: (01/18/2016 07:33:55 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/18/2016 07:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2147023564

Error: (01/18/2016 07:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023564

Error: (01/18/2016 07:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2147023564

Error: (01/18/2016 04:59:51 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App-2147023564

Error: (01/18/2016 04:45:08 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2147023564

Error: (01/18/2016 04:21:09 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147023564

Error: (01/18/2016 04:21:09 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: )
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2147023564


CodeIntegrity Errors:
===================================
  Date: 2016-01-18 21:15:37.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 21:06:03.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 20:14:50.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 19:34:50.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 15:29:34.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 15:26:20.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Access MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: Hauptplatine
Description: Hauptplatine
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Hauptplatinenressourcen
Description: Hauptplatinenressourcen
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Hauptplatinenressourcen
Description: Hauptplatinenressourcen
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Hauptplatinenressourcen
Description: Hauptplatinenressourcen
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Systemzeitgeber
Description: Systemzeitgeber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Bluetooth ACPI
Description: Bluetooth ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Toshiba
Service: tosrfec

Name: Microsoft ACPI-Kontrollmethodenkompatibler Akku
Description: Microsoft ACPI-Kontrollmethodenkompatibler Akku
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: PCI-zu-PCI-Brücke
Description: PCI-zu-PCI-Brücke
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: pci

Name: TOSHIBA THNSNB128GMCJ
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk

Name: Ricoh PCIe SD/MMC Host Controller
Description: Ricoh PCIe SD/MMC Host Controller
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: Ricoh Company
Service: risdxc

Name: Stammdruckwarteschlange
Description: Lokale Druckwarteschlange
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt

Name: Fax
Description: Lokale Druckwarteschlange
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 

Name: Volume-Manager
Description: Volume-Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr

Name: PCI-zu-PCI-Brücke
Description: PCI-zu-PCI-Brücke
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: pci

Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB

Name: USB-Root-Hub
Description: USB-Root-Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: usbhub

Name: Renesas USB 3.0 eXtensible-Hostcontroller – 0.96 (Microsoft)
Description: USB-xHCI-kompatibler Hostcontroller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generischer USB-xHCI-Hostcontroller
Service: USBXHCI

Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: BasicDisplay

Name: Bluetooth
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 

Name: Microsoft-Übergangsadapterbus von IPv4 nach IPv6
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 

Name: Lautsprecher (High Definition Audio-Gerät)
Description: Audioendpunkt
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Hochpräzisionsereigniszeitgeber
Description: Hochpräzisionsereigniszeitgeber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: ACPI-Thermozone
Description: ACPI-Thermozone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: USB-Verbundgerät
Description: USB-Verbundgerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: usbccgp

Name: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel(R) HD Graphics 3000
Description: Intel(R) HD Graphics 3000
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx

Name: Intel(R) Centrino(R) Advanced-N 6230
Description: Intel(R) Centrino(R) Advanced-N 6230
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64

Name: Busenumerator für Verbundgeräte
Description: Busenumerator für Verbundgeräte
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: Microsoft virtueller Datenträgerenumerator
Description: Microsoft virtueller Datenträgerenumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot

Name: Microsoft ISATAP Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Microsoft-Netzteil
Description: Microsoft-Netzteil
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Microsoft-Controller für Speicherplätze
Description: Microsoft-Controller für Speicherplätze
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport

Name: Numerischer Coprozessor
Description: Numerischer Coprozessor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Toshiba Hotkey Driver
Description: Toshiba Hotkey Driver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Toshiba
Service: Thotkey

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kerneldebugger-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic

Name: H5321gw
Description: H5321gw
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: WLAN
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 

Name: LPC-Controller
Description: LPC-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: HID-konformes Benutzersteuergerät
Description: HID-konformes Benutzersteuergerät
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 

Name: PnP-Monitor (Standard)
Description: PnP-Monitor (Standard)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardmonitortypen)
Service: monitor

Name: ACPI-Deckel
Description: ACPI-Deckel
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Standardvolume
Description: Standardvolume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Description: TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: TOSHIBA
Service: TVALZ

Name: UMBus-Stamm-Busenumerator
Description: UMBus-Stamm-Busenumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Description: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB-Root-Hub
Description: USB-Root-Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: usbhub

Name: Microsoft Radio Device Enumeration Bus
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 

Name: DMA-Controller
Description: DMA-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: ACPI x64-basierter PC
Description: ACPI x64-basierter PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardcomputer)
Service: \Driver\ACPI_HAL

Name: Stammkomplex für PCI-Express
Description: Stammkomplex für PCI-Express
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: pci

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: TOSHIBA Web Camera - HD
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo

Name: Standardvolume
Description: Standardvolume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Microsoft Print to PDF
Description: Lokale Druckwarteschlange
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 

Name: Speichercontroller
Description: Speichercontroller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 

Name: ACPI-Einschaltknopf
Description: ACPI-Einschaltknopf
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Microsoft ACPI-konformes System
Description: Microsoft ACPI-konformes System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender

Name: Anwendungsschnellstarttaste
Description: Anwendungsschnellstarttaste
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Anwendungsschnellstarttaste
Description: Anwendungsschnellstarttaste
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Anwendungsschnellstarttaste
Description: Anwendungsschnellstarttaste
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: PCI-zu-PCI-Brücke
Description: PCI-zu-PCI-Brücke
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: pci

Name: Programmierbarer Interruptcontroller
Description: Programmierbarer Interruptcontroller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: USB-Root-Hub (xHCI)
Description: USB-Root-Hub (xHCI)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standardmäßige USB-HUBs)
Service: USBHUB3

Name: CBM Flash Disk USB Device
Description: Laufwerk
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardlaufwerke)
Service: disk

Name: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Description: Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: System CMOS/Echtzeituhr
Description: System CMOS/Echtzeituhr
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: ACPI-Schalter
Description: ACPI-Schalter
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: HID-kompatible Drahtlos-Empfängersteuerelemente
Description: HID-kompatible Drahtlos-Empfängersteuerelemente
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Microsoft XPS Document Writer
Description: Lokale Druckwarteschlange
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 

Name: Microsoft Bluetooth-Auflistung
Description: Microsoft Bluetooth-Auflistung
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum

Name: Microsoft GS Wavetable Synthesizer
Description: Generisches Softwaregerät
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 

Name: Mikrofon (High Definition Audio-Gerät)
Description: Audioendpunkt
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan

Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR

Name: Enumerator für virtuelle NDIS-Netzwerkadapter
Description: Enumerator für virtuelle NDIS-Netzwerkadapter
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: High Definition Audio-Gerät
Description: High Definition Audio-Gerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: Microsoft-Systemverwaltungs-BIOS-Treiber
Description: Microsoft-Systemverwaltungs-BIOS-Treiber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: mssmbios

Name: Hauptplatinenressourcen
Description: Hauptplatinenressourcen
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 

Name: Standardmäßiger SATA AHCI- Controller
Description: Standardmäßiger SATA AHCI- Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standardmäßiger SATA AHCI- Controller
Service: storahci

Name: Standardvolume
Description: Standardvolume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: BMW
Description: Flash Disk      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: CBM     
Service: WUDFWpdFs

Name: Intel(R) 82579V Gigabit Network Connection
Description: Intel(R) 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: e1iexpress

Name: PnP-Softwaregeräte-Enumerator
Description: PnP-Softwaregeräte-Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: swenum

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus

Name: HID-konformes Benutzersteuergerät
Description: HID-konformes Benutzersteuergerät
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 

Name: Intel(R) Management Engine Interface 
Description: Intel(R) Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64

Name: An OneNote 2013 senden
Description: Lokale Druckwarteschlange
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3996.54 MB
Available physical RAM: 2585.27 MB
Total Pagefile: 5404.54 MB
Available Pagefile: 4021.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.26 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:118.75 GB) (Free:99.46 GB) NTFS
2 Drive d: (BMW) (Removable) (Total:7.88 GB) (Free:0.76 GB) FAT32

========================= Users: ========================================

Benutzerkonten fr \\HOME

Administrator            DefaultAccount           FuckYou                  
Gast                     
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****

cosinus · 19.01.2016, 12:40

Bitte meine Frage nach der Quelle beantworten.

ElPirato · 19.01.2016, 12:40

Sorry Cosinus, die Seite ist ständig weg:-(
MS 10 KEy habe ich aus der 8er Version und aus dem Testprogramm von MS. Hier sollte alles korrekt sein!

cosinus · 19.01.2016, 12:41

Probier mal FSS:

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

ElPirato · 19.01.2016, 13:07

Ich habe den Eindruck, dass eine Installationsroutine meine Rechner zersägt.

Ich bekomme eine Fehlermeldung von meinem Router:

Warning! The website contains malware. Visiting this site may harm your computer

RT-AC56U

Detailed informations:

•Description:
Sites used by malicious programs, including sites used to host upgrades or store stolen information.

•Host: BsRO (00:1D:BA:AE:03:1B)

•URL: download.bleepingcomputer.com

Wir empfehlen

If you are a manager and want to disable this protection, please go to Home Protection for configuration

For your client side advanced internet security protection. Trend Micro offer you more advanced home security solution. Please visit the site for free trial or online scan service.

LOS

Gerade Horrorerlebnis gehabt!
Beim 2. Downloadversuch war mein Bildschirm plötzlich schwarz!!
Die Tastatur ist nun auch verstellt:-(
Kannst Du mir das Programm anders zugänglich machen?

Hi Cosinus, ich habe nun über eine andere Seite geschafft:-)

Code:

ATTFilter

Farbar Service Scanner Version: 03-01-2016
Ran by Administrator (administrator) on 19-01-2016 at 13:04:24
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Grüsse ElPirato

cosinus · 19.01.2016, 13:27

Wir brauchen unbedingt FRST. Notfalls musst du es von einem anderen Rechner runterladen und auf den Problemrechner per Stick übertragen.

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ElPirato · 19.01.2016, 13:39

Der zweite Rechner :-)

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
durchgeführt von Administrator (Administrator) auf HOME (19-01-2016 13:17:10)
Gestartet von C:\Users\Administrator\Downloads
Geladene Profile: Administrator (Verfügbare Profile: Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Administrator\Downloads\FSS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.103.1
Tcpip\..\Interfaces\{18c2d077-5d3c-4642-b201-2dc1856c05e2}: [DhcpNameServer] 192.168.103.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gpoajor0.default
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-10-30] () [Datei ist nicht signiert]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [235520 2015-10-30] () [Datei ist nicht signiert]
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [563544 2015-10-30] () [Datei ist nicht signiert]
S3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [12288 2015-10-30] () [Datei ist nicht signiert]
S3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [14336 2015-10-30] () [Datei ist nicht signiert]
S3 acpitime; C:\Windows\System32\drivers\acpitime.sys [12800 2015-10-30] () [Datei ist nicht signiert]
S0 agp440; C:\Windows\System32\drivers\agp440.sys [63328 2015-10-30] () [Datei ist nicht signiert]
S3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [121856 2015-10-30] () [Datei ist nicht signiert]
S3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [119296 2015-10-30] () [Datei ist nicht signiert]
S0 atapi; C:\Windows\System32\drivers\atapi.sys [28512 2015-10-30] () [Datei ist nicht signiert]
R1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [55808 2015-10-30] () [Datei ist nicht signiert]
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [41472 2015-10-30] () [Datei ist nicht signiert]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [36704 2015-10-30] () [Datei ist nicht signiert]
S3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [43008 2015-10-30] () [Datei ist nicht signiert]
R3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [112640 2015-10-30] () [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [65536 2015-10-30] () [Datei ist nicht signiert]
S3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2015-10-30] () [Datei ist nicht signiert]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [65536 2015-10-30] () [Datei ist nicht signiert]
R3 BthPan; C:\Windows\System32\drivers\bthpan.sys [128512 2015-10-30] () [Datei ist nicht signiert]
S3 BTHPORT; C:\Windows\System32\drivers\BTHport.sys [953856 2016-01-05] () [Datei ist nicht signiert]
R3 BTHUSB; C:\Windows\System32\drivers\BTHUSB.sys [84992 2015-10-30] () [Datei ist nicht signiert]
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [37376 2015-10-30] () [Datei ist nicht signiert]
S1 cdrom; C:\Windows\System32\drivers\cdrom.sys [173568 2015-10-30] () [Datei ist nicht signiert]
S3 circlass; C:\Windows\System32\drivers\circlass.sys [48640 2015-10-30] () [Datei ist nicht signiert]
R3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [29696 2015-10-30] () [Datei ist nicht signiert]
R0 disk; C:\Windows\System32\drivers\disk.sys [103264 2015-10-30] () [Datei ist nicht signiert]
S3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [33792 2015-10-30] () [Datei ist nicht signiert]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [16168 2015-10-30] () [Datei ist nicht signiert]
S0 EhStorTcgDrv; C:\Windows\System32\drivers\EhStorTcgDrv.sys [117088 2015-10-30] () [Datei ist nicht signiert]
S3 ErrDev; C:\Windows\System32\drivers\errdev.sys [12288 2015-10-30] () [Datei ist nicht signiert]
S3 fdc; C:\Windows\System32\drivers\fdc.sys [32256 2015-10-30] () [Datei ist nicht signiert]
S3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [26112 2015-10-30] () [Datei ist nicht signiert]
S0 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [66912 2015-10-30] () [Datei ist nicht signiert]
S3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [13312 2015-10-30] () [Datei ist nicht signiert]
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-10-30] () [Datei ist nicht signiert]
R3 HdAudAddService; C:\Windows\system32\DRIVERS\HdAudio.sys [404480 2015-10-30] () [Datei ist nicht signiert]
R3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [79872 2015-10-30] () [Datei ist nicht signiert]
S3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [28160 2015-10-30] () [Datei ist nicht signiert]
S3 HidBth; C:\Windows\System32\drivers\hidbth.sys [107520 2015-10-30] () [Datei ist nicht signiert]
S3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [51200 2015-10-30] () [Datei ist nicht signiert]
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [50016 2015-10-30] () [Datei ist nicht signiert]
S3 HidIr; C:\Windows\System32\drivers\hidir.sys [46592 2015-10-30] () [Datei ist nicht signiert]
S3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [38400 2015-10-30] () [Datei ist nicht signiert]
S3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [16896 2015-10-30] () [Datei ist nicht signiert]
R3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [114688 2015-10-30] () [Datei ist nicht signiert]
S0 intelide; C:\Windows\System32\drivers\intelide.sys [19808 2015-10-30] () [Datei ist nicht signiert]
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [46432 2015-10-30] () [Datei ist nicht signiert]
R3 intelppm; C:\Windows\System32\drivers\intelppm.sys [133632 2015-10-30] () [Datei ist nicht signiert]
S3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [81408 2015-10-30] () [Datei ist nicht signiert]
S0 isapnp; C:\Windows\System32\drivers\isapnp.sys [22880 2015-10-30] () [Datei ist nicht signiert]
S3 iScsiPrt; C:\Windows\System32\drivers\msiscsi.sys [277344 2015-10-30] () [Datei ist nicht signiert]
R3 kbdclass; C:\Windows\System32\drivers\kbdclass.sys [62304 2015-10-30] () [Datei ist nicht signiert]
S3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [36864 2015-10-30] () [Datei ist nicht signiert]
R3 kdnic; C:\Windows\System32\drivers\kdnic.sys [23040 2015-10-30] () [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-09-04] (Intel Corporation)
R3 monitor; C:\Windows\System32\drivers\monitor.sys [38400 2015-10-30] () [Datei ist nicht signiert]
R3 mouclass; C:\Windows\System32\drivers\mouclass.sys [59232 2015-10-30] () [Datei ist nicht signiert]
S3 mouhid; C:\Windows\System32\drivers\mouhid.sys [32256 2015-10-30] () [Datei ist nicht signiert]
S3 msgpiowin32; C:\Windows\System32\drivers\msgpiowin32.sys [46944 2015-10-30] () [Datei ist nicht signiert]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [18784 2015-10-30] () [Datei ist nicht signiert]
R1 mssmbios; C:\Windows\System32\drivers\mssmbios.sys [43872 2015-10-30] () [Datei ist nicht signiert]
S3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [15872 2015-10-30] () [Datei ist nicht signiert]
R1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [26624 2015-10-30] () [Datei ist nicht signiert]
S0 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [126304 2015-10-30] () [Datei ist nicht signiert]
S3 Parport; C:\Windows\System32\drivers\parport.sys [96768 2015-10-30] () [Datei ist nicht signiert]
R0 pci; C:\Windows\System32\drivers\pci.sys [330080 2015-10-30] () [Datei ist nicht signiert]
S0 pciide; C:\Windows\System32\drivers\pciide.sys [16224 2015-10-30] () [Datei ist nicht signiert]
S0 pcmcia; C:\Windows\System32\drivers\pcmcia.sys [118112 2015-10-30] () [Datei ist nicht signiert]
S3 Processor; C:\Windows\System32\drivers\processr.sys [118272 2015-10-30] () [Datei ist nicht signiert]
R3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [26112 2015-10-30] () [Datei ist nicht signiert]
R3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [175104 2015-10-30] () [Datei ist nicht signiert]
S3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [8704 2015-10-30] () [Datei ist nicht signiert]
S0 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [110432 2015-10-30] () [Datei ist nicht signiert]
S3 sdbus; C:\Windows\System32\drivers\sdbus.sys [277856 2015-10-30] () [Datei ist nicht signiert]
S3 sdstor; C:\Windows\System32\drivers\sdstor.sys [95072 2015-11-22] () [Datei ist nicht signiert]
S3 Serenum; C:\Windows\System32\drivers\serenum.sys [25088 2015-10-30] () [Datei ist nicht signiert]
S3 Serial; C:\Windows\System32\drivers\serial.sys [83968 2015-10-30] () [Datei ist nicht signiert]
S3 sermouse; C:\Windows\System32\drivers\sermouse.sys [27648 2015-10-30] () [Datei ist nicht signiert]
S3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [18432 2015-10-30] () [Datei ist nicht signiert]
R0 spaceport; C:\Windows\System32\drivers\spaceport.sys [532832 2015-10-30] () [Datei ist nicht signiert]
R0 storahci; C:\Windows\System32\drivers\storahci.sys [133984 2015-10-30] () [Datei ist nicht signiert]
S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46944 2015-10-30] () [Datei ist nicht signiert]
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [79200 2015-10-30] () [Datei ist nicht signiert]
S0 storufs; C:\Windows\System32\drivers\storufs.sys [34144 2015-10-30] () [Datei ist nicht signiert]
S0 storvsc; C:\Windows\System32\drivers\storvsc.sys [36192 2015-10-30] () [Datei ist nicht signiert]
R3 swenum; C:\Windows\System32\drivers\swenum.sys [17760 2015-10-30] () [Datei ist nicht signiert]
S3 terminpt; C:\Windows\System32\drivers\terminpt.sys [38752 2015-10-30] () [Datei ist nicht signiert]
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
S3 TPM; C:\Windows\System32\drivers\tpm.sys [209760 2015-10-30] () [Datei ist nicht signiert]
S3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [33280 2015-10-30] () [Datei ist nicht signiert]
S0 uagp35; C:\Windows\System32\drivers\uagp35.sys [66400 2015-10-30] () [Datei ist nicht signiert]
S3 UASPStor; C:\Windows\System32\drivers\uaspstor.sys [77664 2015-10-30] () [Datei ist nicht signiert]
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46592 2015-10-30] () [Datei ist nicht signiert]
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [28512 2015-10-30] () [Datei ist nicht signiert]
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [94048 2015-10-30] () [Datei ist nicht signiert]
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [131424 2015-10-30] () [Datei ist nicht signiert]
S0 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [66912 2015-10-30] () [Datei ist nicht signiert]
R3 umbus; C:\Windows\System32\drivers\umbus.sys [56832 2015-10-30] () [Datei ist nicht signiert]
S3 UmPass; C:\Windows\System32\drivers\umpass.sys [13824 2015-10-30] () [Datei ist nicht signiert]
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [28512 2015-10-30] () [Datei ist nicht signiert]
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [27488 2015-10-30] () [Datei ist nicht signiert]
R3 usbccgp; C:\Windows\System32\drivers\usbccgp.sys [159072 2015-10-30] () [Datei ist nicht signiert]
S3 usbcir; C:\Windows\System32\drivers\usbcir.sys [102400 2015-10-30] () [Datei ist nicht signiert]
R3 usbehci; C:\Windows\System32\drivers\usbehci.sys [95584 2015-10-30] () [Datei ist nicht signiert]
R3 usbhub; C:\Windows\System32\drivers\usbhub.sys [500064 2015-10-30] () [Datei ist nicht signiert]
R3 USBHUB3; C:\Windows\System32\drivers\UsbHub3.sys [534368 2015-10-30] () [Datei ist nicht signiert]
S3 usbohci; C:\Windows\System32\drivers\usbohci.sys [29696 2015-10-30] () [Datei ist nicht signiert]
S3 usbprint; C:\Windows\System32\drivers\usbprint.sys [27648 2015-10-30] () [Datei ist nicht signiert]
S3 usbser; C:\Windows\System32\drivers\usbser.sys [67072 2015-10-30] () [Datei ist nicht signiert]
S3 USBSTOR; C:\Windows\System32\drivers\USBSTOR.SYS [127840 2015-10-30] () [Datei ist nicht signiert]
S3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [35328 2015-10-30] () [Datei ist nicht signiert]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [221184 2015-10-30] () [Datei ist nicht signiert]
R3 USBXHCI; C:\Windows\System32\drivers\USBXHCI.SYS [378208 2015-10-30] () [Datei ist nicht signiert]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [52576 2015-10-30] () [Datei ist nicht signiert]
S3 vhdmp; C:\Windows\System32\drivers\vhdmp.sys [707424 2015-10-30] () [Datei ist nicht signiert]
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [99672 2015-10-30] () [Datei ist nicht signiert]
S3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [25088 2015-10-30] () [Datei ist nicht signiert]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [81248 2015-10-30] () [Datei ist nicht signiert]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [414560 2015-10-30] () [Datei ist nicht signiert]
S3 vpci; C:\Windows\System32\drivers\vpci.sys [74080 2015-10-30] () [Datei ist nicht signiert]
S3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [30208 2015-10-30] () [Datei ist nicht signiert]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [89088 2015-10-30] () [Datei ist nicht signiert]
S3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [18432 2015-10-30] () [Datei ist nicht signiert]
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [238592 2015-10-30] () [Datei ist nicht signiert]
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [26112 2015-10-30] () [Datei ist nicht signiert]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-19 13:17 - 2016-01-19 13:17 - 00019003 _____ C:\Users\Administrator\Downloads\FRST.txt
2016-01-19 13:16 - 2016-01-19 13:17 - 00000000 ____D C:\FRST
2016-01-19 13:15 - 2016-01-19 13:16 - 02370560 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2016-01-19 13:04 - 2016-01-19 13:04 - 00002328 _____ C:\Users\Administrator\Downloads\FSS.txt
2016-01-19 13:03 - 2016-01-19 13:03 - 00899584 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2016-01-19 11:49 - 2016-01-19 11:49 - 01738754 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-19 11:44 - 2016-01-19 11:44 - 00000000 ____D C:\Users\Administrator\Downloads\CV Deutsch
2016-01-19 11:44 - 2016-01-19 11:44 - 00000000 ____D C:\Users\Administrator\Downloads\Ablage
2016-01-19 11:44 - 2015-11-29 21:08 - 00009913 _____ C:\Users\Administrator\Downloads\Mappe1.xlsx
2016-01-19 11:44 - 2015-11-29 16:51 - 00932103 _____ C:\Users\Administrator\Downloads\CV_Andreas Schalm.pdf
2016-01-19 11:44 - 2015-11-29 12:06 - 00932103 _____ C:\Users\Administrator\Downloads\CV Andreas Schalm.pdf
2016-01-19 11:44 - 2015-11-21 18:45 - 00066748 _____ C:\Users\Administrator\Downloads\We are looking for a Senior Manager (w_m) IT Advisory _ EMEIA Financial Services in Zurich in Zürich _ XING Jobs.pdf
2016-01-19 11:44 - 2015-11-20 17:53 - 00506625 _____ C:\Users\Administrator\Downloads\SBB.pdf
2016-01-19 11:44 - 2015-11-19 16:17 - 00321771 _____ C:\Users\Administrator\Downloads\Bereichsleiter_in Eingliederungsmanagement (80-100%) — IV-Stelle Kanton Bern.pdf
2016-01-19 11:44 - 2015-11-09 08:01 - 00175402 _____ C:\Users\Administrator\Downloads\Lauftraining 10km.pdf
2016-01-19 11:44 - 2015-11-06 18:12 - 00107811 _____ C:\Users\Administrator\Downloads\Studienleiter.pdf
2016-01-19 11:44 - 2015-10-27 08:38 - 02213718 _____ C:\Users\Administrator\Downloads\Lohnvergleich_2015_opt_def.pdf
2016-01-19 11:44 - 2015-10-08 16:41 - 00099543 _____ C:\Users\Administrator\Downloads\adesso bern.pdf
2016-01-19 11:44 - 2015-09-25 12:10 - 00110676 _____ C:\Users\Administrator\Downloads\Real Returns Switzerland – Restart Your Career at Credit Suisse as a former Director _ Managing Director (70% - 100%), Zürich, CREDIT SUISSE AG_ Private Banking - adhosting.pdf
2016-01-19 10:29 - 2016-01-19 11:37 - 00216000 _____ C:\Windows\ntbtlog.txt
2016-01-19 09:19 - 2016-01-19 09:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2016-01-18 21:05 - 2016-01-18 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-18 21:04 - 2016-01-18 21:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-01-18 21:04 - 2016-01-18 21:04 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-18 21:02 - 2016-01-18 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-18 21:02 - 2016-01-18 21:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-01-18 21:02 - 2016-01-18 21:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-18 21:02 - 2016-01-18 21:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-01-18 21:00 - 2016-01-18 21:00 - 00000000 __RHD C:\MSOCache
2016-01-18 19:32 - 2016-01-18 19:34 - 00000000 ____D C:\Windows\system32\MRT
2016-01-18 19:32 - 2016-01-18 19:32 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-18 19:31 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-01-18 19:31 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-01-18 19:31 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-18 19:31 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-18 19:31 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-01-18 19:31 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-01-18 19:31 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-01-18 19:31 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-01-18 19:31 - 2015-11-24 08:23 - 13381120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-18 19:31 - 2015-11-24 08:08 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-18 19:31 - 2015-11-22 10:54 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\ETWCoreUIComponentsResources.dll
2016-01-18 19:31 - 2015-11-22 10:42 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll
2016-01-18 19:31 - 2015-11-22 10:34 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2016-01-18 19:31 - 2015-11-22 10:27 - 03993600 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-01-18 19:31 - 2015-11-13 07:41 - 22572632 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-01-18 19:31 - 2015-11-13 07:18 - 21125408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-01-18 19:31 - 2015-11-13 06:58 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-01-18 19:31 - 2015-11-13 06:39 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-01-18 19:31 - 2015-11-13 06:29 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-01-18 19:30 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-18 19:30 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-18 19:30 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-18 19:30 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-18 19:30 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-18 19:30 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-18 19:30 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-01-18 19:30 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-18 19:30 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2016-01-18 19:30 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-01-18 19:30 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-18 19:30 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-18 19:30 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-18 19:30 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-18 19:30 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-18 19:30 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2016-01-18 19:30 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-01-18 19:30 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-18 19:30 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-18 19:30 - 2016-01-05 03:23 - 01804664 _____ C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-18 19:30 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-18 19:30 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-18 19:30 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-18 19:30 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-18 19:30 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-18 19:30 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-01-18 19:30 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2016-01-18 19:30 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-01-18 19:30 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-01-18 19:30 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-01-18 19:30 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-18 19:30 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2016-01-18 19:30 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-18 19:30 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-01-18 19:30 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-18 19:30 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2016-01-18 19:30 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-01-18 19:30 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-18 19:30 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-01-18 19:30 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-18 19:30 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-18 19:30 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-01-18 19:30 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-01-18 19:30 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-18 19:30 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-18 19:30 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-18 19:30 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-01-18 19:30 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-18 19:30 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-18 19:30 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-01-18 19:30 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-18 19:30 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-18 19:30 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-01-18 19:30 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-01-18 19:30 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-01-18 19:30 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-01-18 19:30 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-18 19:30 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-01-18 19:30 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-18 19:30 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-18 19:30 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-01-18 19:30 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\XboxNetApiSvc.dll
2016-01-18 19:30 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2016-01-18 19:30 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-01-18 19:30 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2016-01-18 19:30 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-01-18 19:30 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-01-18 19:30 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-01-18 19:30 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-01-18 19:30 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-01-18 19:30 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-01-18 19:30 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-01-18 19:30 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-01-18 19:30 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-01-18 19:30 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-01-18 19:30 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-01-18 19:30 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-01-18 19:30 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-01-18 19:30 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-01-18 19:30 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-01-18 19:30 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-01-18 19:30 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-01-18 19:30 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-01-18 19:30 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-01-18 19:30 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-18 19:30 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-01-18 19:30 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-01-18 19:30 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-01-18 19:30 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-01-18 19:30 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2016-01-18 19:30 - 2015-12-01 08:12 - 02152800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-01-18 19:30 - 2015-11-24 13:07 - 01817160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-18 19:30 - 2015-11-24 12:06 - 01540768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-18 19:30 - 2015-11-24 11:26 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-18 19:30 - 2015-11-24 10:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-18 19:30 - 2015-11-24 10:26 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-01-18 19:30 - 2015-11-24 10:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-18 19:30 - 2015-11-24 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-01-18 19:30 - 2015-11-24 09:52 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-01-18 19:30 - 2015-11-24 09:49 - 01648640 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-18 19:30 - 2015-11-24 08:59 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-01-18 19:30 - 2015-11-24 08:57 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-01-18 19:30 - 2015-11-24 08:29 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-01-18 19:30 - 2015-11-24 08:04 - 02155008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-01-18 19:30 - 2015-11-22 11:47 - 02653816 _____ C:\Windows\system32\CoreUIComponents.dll
2016-01-18 19:30 - 2015-11-22 11:41 - 01859448 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-01-18 19:30 - 2015-11-22 11:33 - 00095072 _____ C:\Windows\system32\Drivers\sdstor.sys
2016-01-18 19:30 - 2015-11-22 11:24 - 02772584 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-01-18 19:30 - 2015-11-22 11:19 - 00440160 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-01-18 19:30 - 2015-11-22 11:14 - 02185840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-01-18 19:30 - 2015-11-22 10:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManagerProxy.dll
2016-01-18 19:30 - 2015-11-22 10:45 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-18 19:30 - 2015-11-22 10:43 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-01-18 19:30 - 2015-11-22 10:42 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2016-01-18 19:30 - 2015-11-22 10:41 - 00948224 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-01-18 19:30 - 2015-11-22 10:39 - 02126848 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-18 19:30 - 2015-11-22 10:39 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-01-18 19:30 - 2015-11-22 10:39 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-01-18 19:30 - 2015-11-22 10:39 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-18 19:30 - 2015-11-22 10:38 - 01223168 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-01-18 19:30 - 2015-11-22 10:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-01-18 19:30 - 2015-11-22 10:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-01-18 19:30 - 2015-11-22 10:37 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-01-18 19:30 - 2015-11-22 10:37 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-01-18 19:30 - 2015-11-22 10:37 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-01-18 19:30 - 2015-11-22 10:36 - 01042432 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2016-01-18 19:30 - 2015-11-22 10:34 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-01-18 19:30 - 2015-11-22 10:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-01-18 19:30 - 2015-11-22 10:32 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-18 19:30 - 2015-11-22 10:31 - 00470528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2016-01-18 19:30 - 2015-11-22 10:31 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-01-18 19:30 - 2015-11-22 10:28 - 01734656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-18 19:30 - 2015-11-22 10:28 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-18 19:30 - 2015-11-22 10:28 - 00948224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-01-18 19:30 - 2015-11-22 10:28 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-01-18 19:30 - 2015-11-22 10:28 - 00686592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-18 19:30 - 2015-11-22 10:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-18 19:30 - 2015-11-22 10:27 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-01-18 19:30 - 2015-11-22 10:27 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-01-18 19:30 - 2015-11-22 10:26 - 03355136 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-01-18 19:30 - 2015-11-22 10:26 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-01-18 19:30 - 2015-11-22 10:26 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2016-01-18 19:30 - 2015-11-22 10:26 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-01-18 19:30 - 2015-11-22 10:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-18 19:30 - 2015-11-22 10:24 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-01-18 19:30 - 2015-11-22 10:20 - 01860096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2016-01-18 19:30 - 2015-11-22 10:18 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-18 19:30 - 2015-11-22 10:18 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-01-18 19:30 - 2015-11-22 10:18 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-01-18 19:30 - 2015-11-22 10:17 - 02680320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2016-01-18 19:30 - 2015-11-22 10:17 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-18 19:30 - 2015-11-22 10:11 - 00517632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2016-01-18 19:30 - 2015-11-21 06:29 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-01-18 19:30 - 2015-11-21 06:07 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-01-18 19:30 - 2015-11-13 07:51 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-01-18 19:30 - 2015-11-13 07:43 - 00586208 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-18 19:30 - 2015-11-13 07:42 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-01-18 19:30 - 2015-11-13 07:33 - 00911648 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2016-01-18 19:30 - 2015-11-13 07:33 - 00586080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2016-01-18 19:30 - 2015-11-13 07:32 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-01-18 19:30 - 2015-11-13 07:21 - 00511320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-18 19:30 - 2015-11-13 07:21 - 00454056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-01-18 19:30 - 2015-11-13 07:09 - 00675064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2016-01-18 19:30 - 2015-11-13 06:58 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-01-18 19:30 - 2015-11-13 06:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-01-18 19:30 - 2015-11-13 06:55 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-01-18 19:30 - 2015-11-13 06:53 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-01-18 19:30 - 2015-11-13 06:50 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-01-18 19:30 - 2015-11-13 06:49 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-01-18 19:30 - 2015-11-13 06:27 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-01-18 19:30 - 2015-11-13 06:19 - 02001408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-01-18 19:30 - 2015-11-05 13:05 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-01-18 19:30 - 2015-11-05 11:40 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-01-18 19:30 - 2015-11-05 11:25 - 00578912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-01-18 19:30 - 2015-11-05 10:41 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-01-18 19:30 - 2015-11-05 10:13 - 00969728 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-18 19:30 - 2015-11-05 10:10 - 00803840 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-18 19:30 - 2015-11-05 09:18 - 00791552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-18 19:30 - 2015-11-05 09:15 - 00647168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-18 19:29 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-01-18 19:29 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-01-18 19:29 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-18 19:29 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-18 19:29 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\RMSRoamingSecurity.dll
2016-01-18 19:29 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\usermgrcli.dll
2016-01-18 19:29 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-01-18 19:29 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-01-18 19:29 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-18 19:29 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2016-01-18 19:29 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-01-18 19:29 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-01-18 19:29 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-01-18 19:29 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ProximityCommon.dll
2016-01-18 19:29 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-18 19:29 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usermgrcli.dll
2016-01-18 19:29 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-18 19:29 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-18 19:29 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2016-01-18 19:29 - 2016-01-05 02:43 - 00953856 _____ C:\Windows\system32\Drivers\bthport.sys
2016-01-18 19:29 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-01-18 19:29 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-18 19:29 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2016-01-18 19:29 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ProximityCommon.dll
2016-01-18 19:29 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-18 19:29 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-18 19:29 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-18 19:29 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-01-18 19:29 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-01-18 19:29 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-01-18 19:29 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2016-01-18 19:29 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-01-18 19:29 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2016-01-18 19:29 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2016-01-18 19:29 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-01-18 19:29 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\BackgroundTransferHost.exe
2016-01-18 19:29 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-01-18 19:29 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2016-01-18 19:29 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-01-18 19:29 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BackgroundTransferHost.exe
2016-01-18 19:29 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-01-18 19:29 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-01-18 19:29 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2016-01-18 19:29 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-01-18 19:29 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-01-18 19:29 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-01-18 19:29 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-01-18 19:29 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-01-18 19:29 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-18 19:29 - 2015-11-24 11:01 - 02756096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-18 19:29 - 2015-11-24 10:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\readingviewresources.dll
2016-01-18 19:29 - 2015-11-24 10:53 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-18 19:29 - 2015-11-24 10:45 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-01-18 19:29 - 2015-11-24 10:19 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2016-01-18 19:29 - 2015-11-24 09:54 - 02756096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-18 19:29 - 2015-11-24 09:14 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-01-18 19:29 - 2015-11-22 11:41 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-18 19:29 - 2015-11-22 11:35 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-01-18 19:29 - 2015-11-22 11:34 - 00080600 _____ (Microsoft Corporation) C:\Windows\system32\wwapi.dll
2016-01-18 19:29 - 2015-11-22 11:33 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-01-18 19:29 - 2015-11-22 11:33 - 00051680 _____ (Microsoft Corporation) C:\Windows\system32\SensorsUtilsV2.dll
2016-01-18 19:29 - 2015-11-22 11:30 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-18 19:29 - 2015-11-22 11:30 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-18 19:29 - 2015-11-22 11:26 - 00431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-01-18 19:29 - 2015-11-22 11:25 - 00063528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
2016-01-18 19:29 - 2015-11-22 11:00 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-01-18 19:29 - 2015-11-22 11:00 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\MosResource.dll
2016-01-18 19:29 - 2015-11-22 10:57 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MapControls.dll
2016-01-18 19:29 - 2015-11-22 10:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCoreRes.dll
2016-01-18 19:29 - 2015-11-22 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosTrace.dll
2016-01-18 19:29 - 2015-11-22 10:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosHost.dll
2016-01-18 19:29 - 2015-11-22 10:56 - 01268736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2016-01-18 19:29 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-01-18 19:29 - 2015-11-22 10:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\ihvrilproxy.dll
2016-01-18 19:29 - 2015-11-22 10:56 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rilproxy.dll
2016-01-18 19:29 - 2015-11-22 10:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvcProxy.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\capimg.sys
2016-01-18 19:29 - 2015-11-22 10:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wsplib.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\nativemap.dll
2016-01-18 19:29 - 2015-11-22 10:54 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\MapControlStringsRes.dll
2016-01-18 19:29 - 2015-11-22 10:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-01-18 19:29 - 2015-11-22 10:52 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2016-01-18 19:29 - 2015-11-22 10:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-18 19:29 - 2015-11-22 10:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-01-18 19:29 - 2015-11-22 10:51 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-01-18 19:29 - 2015-11-22 10:51 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-01-18 19:29 - 2015-11-22 10:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-01-18 19:29 - 2015-11-22 10:51 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\mapstoasttask.dll
2016-01-18 19:29 - 2015-11-22 10:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-18 19:29 - 2015-11-22 10:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2016-01-18 19:29 - 2015-11-22 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-18 19:29 - 2015-11-22 10:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Wwanpref.dll
2016-01-18 19:29 - 2015-11-22 10:48 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosResource.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 00264192 _____ (Nokia) C:\Windows\system32\NmaDirect.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCoreRes.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-01-18 19:29 - 2015-11-22 10:45 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll
2016-01-18 19:29 - 2015-11-22 10:44 - 01268736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-01-18 19:29 - 2015-11-22 10:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-01-18 19:29 - 2015-11-22 10:43 - 00704000 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2016-01-18 19:29 - 2015-11-22 10:43 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-18 19:29 - 2015-11-22 10:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll
2016-01-18 19:29 - 2015-11-22 10:42 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-01-18 19:29 - 2015-11-22 10:42 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2016-01-18 19:29 - 2015-11-22 10:42 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlStringsRes.dll
2016-01-18 19:29 - 2015-11-22 10:41 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-01-18 19:29 - 2015-11-22 10:40 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-01-18 19:29 - 2015-11-22 10:40 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-01-18 19:29 - 2015-11-22 10:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-01-18 19:29 - 2015-11-22 10:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-01-18 19:29 - 2015-11-22 10:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-18 19:29 - 2015-11-22 10:38 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2016-01-18 19:29 - 2015-11-22 10:34 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-01-18 19:29 - 2015-11-22 10:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-01-18 19:29 - 2015-11-22 10:34 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2016-01-18 19:29 - 2015-11-22 10:33 - 00205824 _____ (Nokia) C:\Windows\SysWOW64\NmaDirect.dll
2016-01-18 19:29 - 2015-11-22 10:31 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-01-18 19:29 - 2015-11-22 10:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-01-18 19:29 - 2015-11-22 10:28 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-01-18 19:29 - 2015-11-22 10:28 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-01-18 19:29 - 2015-11-22 10:28 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-01-18 19:29 - 2015-11-22 10:28 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2016-01-18 19:29 - 2015-11-22 10:27 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-01-18 19:29 - 2015-11-22 10:27 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-01-18 19:29 - 2015-11-22 10:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-18 19:29 - 2015-11-22 10:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-01-18 19:29 - 2015-11-22 10:24 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2016-01-18 19:29 - 2015-11-22 10:23 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-01-18 19:29 - 2015-11-21 06:44 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-01-18 19:29 - 2015-11-13 07:55 - 00035680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys
2016-01-18 19:29 - 2015-11-13 07:51 - 00698208 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2016-01-18 19:29 - 2015-11-13 07:51 - 00523616 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2016-01-18 19:29 - 2015-11-13 07:43 - 00536768 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-01-18 19:29 - 2015-11-13 07:43 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-01-18 19:29 - 2015-11-13 07:43 - 00110032 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-01-18 19:29 - 2015-11-13 07:43 - 00035656 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-18 19:29 - 2015-11-13 07:42 - 00408128 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-01-18 19:29 - 2015-11-13 07:42 - 00088392 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2016-01-18 19:29 - 2015-11-13 07:33 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-18 19:29 - 2015-11-13 07:21 - 00405048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-01-18 19:29 - 2015-11-13 07:21 - 00366224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-01-18 19:29 - 2015-11-13 07:21 - 00073360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2016-01-18 19:29 - 2015-11-13 07:21 - 00032040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-18 19:29 - 2015-11-13 07:07 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-01-18 19:29 - 2015-11-13 07:06 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\RemovableMediaProvisioningPlugin.dll
2016-01-18 19:29 - 2015-11-13 07:05 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2016-01-18 19:29 - 2015-11-13 07:05 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\BarcodeProvisioningPlugin.dll
2016-01-18 19:29 - 2015-11-13 07:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.proxy.dll
2016-01-18 19:29 - 2015-11-13 07:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\tetheringconfigsp.dll
2016-01-18 19:29 - 2015-11-13 07:04 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-01-18 19:29 - 2015-11-13 07:04 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-01-18 19:29 - 2015-11-13 07:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\IcsEntitlementHost.exe
2016-01-18 19:29 - 2015-11-13 07:03 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2016-01-18 19:29 - 2015-11-13 07:00 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-01-18 19:29 - 2015-11-13 06:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-01-18 19:29 - 2015-11-13 06:56 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2016-01-18 19:29 - 2015-11-13 06:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-01-18 19:29 - 2015-11-13 06:40 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-01-18 19:29 - 2015-11-13 06:40 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.proxy.dll
2016-01-18 19:29 - 2015-11-13 06:34 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppCapture.dll
2016-01-18 19:29 - 2015-11-13 06:33 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-01-18 19:29 - 2015-11-13 06:30 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-01-18 19:29 - 2015-11-13 06:30 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-01-18 19:29 - 2015-11-13 06:23 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-01-18 19:29 - 2015-11-05 11:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-01-18 19:29 - 2015-11-05 11:08 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-01-18 19:29 - 2015-11-05 11:04 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-01-18 19:29 - 2015-11-05 11:00 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-01-18 19:29 - 2015-11-05 10:44 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-01-18 19:29 - 2015-11-05 10:03 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-01-18 19:29 - 2015-11-05 10:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-01-18 19:29 - 2015-11-05 09:59 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-01-18 19:29 - 2015-11-05 09:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-01-18 19:29 - 2015-11-05 09:42 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-01-18 19:18 - 2015-12-09 04:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-01-18 19:16 - 2016-01-18 19:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-01-18 19:16 - 2016-01-18 19:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-01-18 19:16 - 2016-01-18 19:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
2016-01-18 19:15 - 2016-01-18 19:16 - 00002403 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-18 19:15 - 2016-01-18 19:16 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-01-18 19:14 - 2016-01-18 19:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-01-18 19:14 - 2016-01-18 19:15 - 00000000 ____D C:\Users\Administrator
2016-01-18 19:14 - 2016-01-18 19:14 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Videos
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-01-18 16:58 - 2016-01-18 16:58 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-01-18 16:58 - 2016-01-18 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-01-18 16:58 - 2016-01-18 16:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-01-18 16:58 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-18 16:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-18 16:57 - 2016-01-18 16:58 - 22908888 _____ (Malwarebytes ) C:\Users\Andreas\Downloads\mbam-setup-org-2.2.0.1024(1).exe
2016-01-18 16:34 - 2016-01-18 16:35 - 22908888 _____ (Malwarebytes ) C:\Users\Andreas\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-01-18 16:27 - 2016-01-18 16:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-18 16:26 - 2016-01-19 12:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-18 16:26 - 2016-01-18 16:56 - 00000000 ____D C:\Users\Andreas\Desktop\mbar
2016-01-18 16:26 - 2016-01-18 16:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-18 16:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-18 16:25 - 2016-01-18 16:26 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Andreas\Downloads\mbar-1.09.3.1001.exe
2016-01-18 16:22 - 2016-01-18 21:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-18 16:22 - 2016-01-18 16:28 - 00000000 ____D C:\Users\Andreas\AppData\Local\Mozilla
2016-01-18 16:22 - 2016-01-18 16:22 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-18 16:22 - 2016-01-18 16:22 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-18 16:22 - 2016-01-18 16:22 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Mozilla
2016-01-18 16:22 - 2016-01-18 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-18 16:05 - 2016-01-18 16:15 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-18 15:59 - 2016-01-18 15:59 - 00000000 ____D C:\Users\Andreas\AppData\Local\PeerDistRepub
2016-01-18 15:55 - 2016-01-18 16:15 - 00001908 _____ C:\Windows\diagwrn.xml
2016-01-18 15:55 - 2016-01-18 16:15 - 00001908 _____ C:\Windows\diagerr.xml
2016-01-18 15:55 - 2016-01-18 15:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-18 15:40 - 2016-01-18 15:40 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2016-01-18 15:40 - 2016-01-18 15:40 - 00000000 ____D C:\iBTWU
2016-01-18 15:38 - 2016-01-18 15:38 - 00000000 ____D C:\Users\Andreas\AppData\Local\MicrosoftEdge
2016-01-18 15:37 - 2016-01-19 13:05 - 01717198 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-18 15:36 - 2016-01-18 15:36 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-18 15:36 - 2016-01-18 15:36 - 00000000 ____D C:\Intel
2016-01-18 15:35 - 2016-01-18 15:36 - 00002389 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-18 15:35 - 2016-01-18 15:36 - 00000000 ___RD C:\Users\Andreas\OneDrive
2016-01-18 15:34 - 2016-01-18 15:34 - 00000000 ____D C:\Users\Andreas\AppData\Local\ActiveSync
2016-01-18 15:34 - 2016-01-18 15:34 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-18 15:33 - 2016-01-18 15:33 - 00000000 ____D C:\Users\Andreas\AppData\Local\Publishers
2016-01-18 15:32 - 2016-01-18 20:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-18 15:32 - 2016-01-18 15:35 - 00000000 ____D C:\Users\Andreas
2016-01-18 15:32 - 2016-01-18 15:33 - 00000000 ____D C:\Users\Andreas\AppData\Local\Packages
2016-01-18 15:32 - 2016-01-18 15:32 - 00000020 ___SH C:\Users\Andreas\ntuser.ini
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Vorlagen
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Startmenü
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Netzwerkumgebung
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Lokale Einstellungen
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Eigene Dateien
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Druckumgebung
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Documents\Eigene Videos
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Documents\Eigene Musik
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Documents\Eigene Bilder
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\AppData\Local\Verlauf
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\AppData\Local\Anwendungsdaten
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 _SHDL C:\Users\Andreas\Anwendungsdaten
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ActiveSync
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Adobe
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 ____D C:\Users\Andreas\AppData\Local\VirtualStore
2016-01-18 15:32 - 2016-01-18 15:32 - 00000000 ____D C:\Users\Andreas\AppData\Local\TileDataLayer
2016-01-18 15:30 - 2016-01-18 15:30 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2016-01-18 15:30 - 2016-01-18 15:30 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2016-01-18 15:30 - 2016-01-18 15:30 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2016-01-18 15:29 - 2016-01-18 15:29 - 00000000 ____D C:\ProgramData\USOShared
2016-01-18 15:28 - 2016-01-18 15:28 - 00000000 ____D C:\Windows\CSC
2016-01-18 15:28 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-01-18 15:27 - 2016-01-19 11:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 15:27 - 2016-01-18 15:27 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Vorlagen
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Startmenü
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Netzwerkumgebung
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Lokale Einstellungen
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Eigene Dateien
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Druckumgebung
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Eigene Videos
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Eigene Musik
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Documents\Eigene Bilder
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Verlauf
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Anwendungsdaten
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\defaultuser0\Anwendungsdaten
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Programme
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\ProgramData\Vorlagen
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\ProgramData\Startmenü
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\ProgramData\Dokumente
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 _SHDL C:\Dokumente und Einstellungen
2016-01-18 15:27 - 2016-01-18 15:27 - 00000000 ____D C:\Users\defaultuser0
2016-01-18 15:25 - 2016-01-19 08:37 - 00340296 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-18 15:22 - 2016-01-18 16:15 - 00000000 ____D C:\Windows\Panther

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-01-19 13:17 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-19 13:05 - 2015-10-30 19:35 - 00742752 _____ C:\Windows\system32\perfh007.dat
2016-01-19 13:05 - 2015-10-30 19:35 - 00148846 _____ C:\Windows\system32\perfc007.dat
2016-01-19 13:05 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-01-19 11:39 - 2015-10-30 07:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-18 21:05 - 2015-10-30 19:47 - 00000000 ____D C:\Windows\ShellNew
2016-01-18 21:05 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-18 21:03 - 2015-10-30 08:24 - 00000167 _____ C:\Windows\win.ini
2016-01-18 21:02 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-18 20:16 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\oobe
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\Provisioning
2016-01-18 20:13 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\bcastdvr
2016-01-18 20:13 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-01-18 20:13 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Dism
2016-01-18 20:10 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-18 19:34 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-01-18 15:49 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-01-18 15:33 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PrintDialog
2016-01-18 15:33 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\MiracastView
2016-01-18 15:32 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-01-18 15:29 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache
2016-01-18 15:28 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-18 15:28 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-01-18 15:27 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows NT
2016-01-18 15:26 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-01-18 15:25 - 2015-10-30 19:58 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-18 15:22 - 2015-10-30 08:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys
[2015-10-30 08:17] - [2015-10-30 08:17] - 0414560 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => kein Firmenname <===== ACHTUNG



LastRegBack: 2016-01-18 15:25

==================== Ende von FRST.txt ============================

--- --- ---
[CODE]

Und nun die addition:

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-01-2016
durchgeführt von Administrator (2016-01-19 13:17:56)
Gestartet von C:\Users\Administrator\Downloads
Windows 10 Pro (X64) (2016-01-18 14:30:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2097929271-88320824-1925333067-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2097929271-88320824-1925333067-503 - Limited - Enabled)
FuckYou (S-1-5-21-2097929271-88320824-1925333067-1002 - Limited - Enabled)
Gast (S-1-5-21-2097929271-88320824-1925333067-501 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2097929271-88320824-1925333067-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {35E5A7EC-1EAF-405A-9A3C-56F48A3E84ED} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-18] (Microsoft Corporation)
Task: {7D8E6F30-7E82-465D-ABBD-D3283EF5BDE2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {ED63C54D-1CC5-4AF8-91FE-FA1E5B576628} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FD2A904F-47AF-4C19-8FB9-9BE9907529CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-01-18 19:30 - 2015-11-22 11:47 - 02653816 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-01-18 19:30 - 2015-11-22 11:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-18 19:29 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-18 19:29 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-18 19:31 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-18 19:30 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-18 19:30 - 2016-01-05 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-18 19:31 - 2016-01-05 02:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-01 20:32 - 2012-10-01 20:32 - 01014400 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2097929271-88320824-1925333067-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.103.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{163ED6FF-EFC1-4369-898A-7A634BEE6E92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26A7D841-7198-4F8D-8C05-7E9A27C963BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CBE3F8D2-5F72-4212-B2F2-E221EAB56BA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E897ECAE-1F63-45F8-8009-8A533D781C00}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{C01BC8B2-FA5C-4985-ADDF-B16981AA35A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BA6C1BB7-10EF-4182-A178-54BD2B8A23E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: H5321gw
Description: H5321gw
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (01/19/2016 12:11:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/19/2016 11:57:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/19/2016 10:29:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.Getstarted_2.3.7.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/19/2016 08:41:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/19/2016 08:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 07:33:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (01/18/2016 07:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 07:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 07:14:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (01/18/2016 04:59:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: )
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147023564. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (01/19/2016 11:39:17 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1084dpsNicht verfügbar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (01/19/2016 11:39:17 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1084dpsNicht verfügbar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (01/19/2016 11:39:16 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (01/19/2016 11:38:44 AM) (Source: DCOM) (EventID: 10005) (User: HOME)
Description: 1068netmanNicht verfügbar{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/19/2016 11:38:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/19/2016 11:38:02 AM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: 1084dpsNicht verfügbar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (01/19/2016 11:37:53 AM) (Source: DCOM) (EventID: 10005) (User: HOME)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/19/2016 11:37:53 AM) (Source: DCOM) (EventID: 10005) (User: HOME)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/19/2016 11:37:53 AM) (Source: DCOM) (EventID: 10005) (User: HOME)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/19/2016 11:37:53 AM) (Source: DCOM) (EventID: 10005) (User: HOME)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2016-01-18 21:15:37.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 21:06:03.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 20:14:50.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 19:34:50.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 15:29:34.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-18 15:26:20.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2467M CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 47%
Installierter physikalischer RAM: 3996.54 MB
Verfügbarer physikalischer RAM: 2117.36 MB
Summe virtueller Speicher: 5404.54 MB
Verfügbarer virtueller Speicher: 3598.43 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:118.75 GB) (Free:99.13 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F24A5148)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

cosinus · 19.01.2016, 13:47

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Und bitte auch TDSS von Kaspersky:

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

ElPirato · 19.01.2016, 14:46

Ich werde wahnsinnig! Der REchner pfeift aus allen Löchern und nichts gefunden

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.01.19.03
  rootkit: v2016.01.09.01

Windows 10 x64 NTFS
Internet Explorer 11.63.10586.0
Administrator :: HOME [administrator]

19.01.2016 14:08:57
mbar-log-2016-01-19 (14-08-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 410794
Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 19.01.2016, 14:58

Vllt verträgt dein Rechner einfach kein W10

Installier mal testweise auf diesem Rechner ein Ubuntu MATE siehe https://wiki.ubuntuusers.de/Einsteiger/

ElPirato · 19.01.2016, 15:16

Was ist denn das? Dies hat der andere Rechner erzeugt*

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10586.0
Tester :: BÜRO [administrator]

19.01.2016 14:24:48
mbar-log-2016-01-19 (14-24-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 428798
Time elapsed: 29 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [e459231af3890e2805c8ce26a85be51b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [3508310c0f6dbe7838ae11e3857e5da3]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [3706122b1a6289ad09fd53a4857e08f8]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [d568d76692ea64d285486e8645beb947]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [e15cfd40d8a4a78f62843cb84fb4e61a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [7dc07ebf79037eb8bf47f9fe28db8a76]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Kann es sein, das der Online Zugang das Problem ist?
Der Toshiba ist 2 Jahre alt und ist für Win 10 ausgelegt!
Der Sony ist 6Jahre alt und konnte dies auch ;-)
An Ubunto hatte ich auch schon gedacht, aber die Erstellung des Installationsmediums ist gescheitert:-(

14:48:07.0618 0x0b98 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
14:48:11.0728 0x0b98 ============================================================
14:48:11.0728 0x0b98 Current date / time: 2016/01/19 14:48:11.0728
14:48:11.0728 0x0b98 SystemInfo:
14:48:11.0728 0x0b98
14:48:11.0728 0x0b98 OS Version: 10.0.10586 ServicePack: 0.0
14:48:11.0728 0x0b98 Product type: Workstation
14:48:11.0728 0x0b98 ComputerName: HOME
14:48:11.0728 0x0b98 UserName: Administrator
14:48:11.0728 0x0b98 Windows directory: C:\Windows
14:48:11.0728 0x0b98 System windows directory: C:\Windows
14:48:11.0728 0x0b98 Running under WOW64
14:48:11.0728 0x0b98 Processor architecture: Intel x64
14:48:11.0728 0x0b98 Number of processors: 4
14:48:11.0728 0x0b98 Page size: 0x1000
14:48:11.0728 0x0b98 Boot type: Normal boot
14:48:11.0728 0x0b98 ============================================================
14:48:11.0728 0x0b98 BG loaded
14:48:12.0681 0x0b98 System UUID: {E55538C0-AAB9-E319-B753-149B97C229FC}
14:48:13.0572 0x0b98 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x000000A0
14:48:14.0181 0x0b98 ============================================================
14:48:14.0181 0x0b98 \Device\Harddisk0\DR0:
14:48:14.0197 0x0b98 MBR partitions:
14:48:14.0197 0x0b98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
14:48:14.0197 0x0b98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0xED81000
14:48:14.0197 0x0b98 ============================================================
14:48:14.0197 0x0b98 C: <-> \Device\Harddisk0\DR0\Partition2
14:48:14.0197 0x0b98 ============================================================
14:48:14.0197 0x0b98 Initialize success
14:48:14.0197 0x0b98 ============================================================
14:48:25.0574 0x0d7c ============================================================
14:48:25.0574 0x0d7c Scan started
14:48:25.0574 0x0d7c Mode: Manual; SigCheck; TDLFS;
14:48:25.0574 0x0d7c ============================================================
14:48:25.0574 0x0d7c KSN ping started
14:48:25.0699 0x0d7c KSN ping finished: true
14:48:26.0262 0x0d7c ================ Scan system memory ========================
14:48:26.0262 0x0d7c System memory - ok
14:48:26.0262 0x0d7c ================ Scan services =============================
14:48:26.0356 0x0d7c [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
14:48:26.0356 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\1394ohci.sys. md5: DF1C3D7E6C7929AD83BE22852B5B08CB, sha256: 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F
14:48:26.0356 0x0d7c 1394ohci - detected LockedFile.Multi.Generic ( 1 )
14:48:28.0731 0x0d7c Detect skipped due to KSN trusted
14:48:28.0731 0x0d7c 1394ohci - ok
14:48:28.0746 0x0d7c [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware C:\Windows\system32\drivers\3ware.sys
14:48:28.0840 0x0d7c 3ware - ok
14:48:28.0856 0x0d7c [ 6B6C39AB2CD7BEB6CFF624522E5449DE, 740D99D2C525FB4F81FB2754281CECEA5FF13DD2120081306728FE33859F28F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:48:28.0856 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ACPI.sys. md5: 6B6C39AB2CD7BEB6CFF624522E5449DE, sha256: 740D99D2C525FB4F81FB2754281CECEA5FF13DD2120081306728FE33859F28F2
14:48:28.0856 0x0d7c ACPI - detected LockedFile.Multi.Generic ( 1 )
14:48:28.0965 0x0d7c Detect skipped due to KSN trusted
14:48:28.0965 0x0d7c ACPI - ok
14:48:28.0981 0x0d7c [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
14:48:29.0012 0x0d7c acpiex - ok
14:48:29.0028 0x0d7c [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
14:48:29.0028 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\acpipagr.sys. md5: C498887123327CDFD73A05E7A2780920, sha256: B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA
14:48:29.0028 0x0d7c acpipagr - detected LockedFile.Multi.Generic ( 1 )
14:48:29.0137 0x0d7c Detect skipped due to KSN trusted
14:48:29.0137 0x0d7c acpipagr - ok
14:48:29.0137 0x0d7c [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
14:48:29.0137 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\acpipmi.sys. md5: C8DBE6EFFCF014CAA010B9BDDAC833EC, sha256: 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298
14:48:29.0137 0x0d7c AcpiPmi - detected LockedFile.Multi.Generic ( 1 )
14:48:29.0262 0x0d7c Detect skipped due to KSN trusted
14:48:29.0262 0x0d7c AcpiPmi - ok
14:48:29.0278 0x0d7c [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime C:\Windows\System32\drivers\acpitime.sys
14:48:29.0278 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\acpitime.sys. md5: 17039DBEB3B7B9ADCDB4B4533AA9771F, sha256: A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B
14:48:29.0278 0x0d7c acpitime - detected LockedFile.Multi.Generic ( 1 )
14:48:30.0028 0x0d7c Detect skipped due to KSN trusted
14:48:30.0028 0x0d7c acpitime - ok
14:48:30.0090 0x0d7c [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
14:48:30.0137 0x0d7c ADP80XX - ok
14:48:30.0168 0x0d7c [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD C:\Windows\system32\drivers\afd.sys
14:48:30.0200 0x0d7c AFD - ok
14:48:30.0200 0x0d7c [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:48:30.0200 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\agp440.sys. md5: 870F1A2C936F92B5D053DF7EC75B352F, sha256: D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71
14:48:30.0200 0x0d7c agp440 - detected LockedFile.Multi.Generic ( 1 )
14:48:30.0309 0x0d7c Detect skipped due to KSN trusted
14:48:30.0309 0x0d7c agp440 - ok
14:48:30.0325 0x0d7c [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
14:48:30.0387 0x0d7c ahcache - ok
14:48:30.0403 0x0d7c [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter C:\Windows\System32\AJRouter.dll
14:48:30.0434 0x0d7c AJRouter - ok
14:48:30.0434 0x0d7c [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG C:\Windows\System32\alg.exe
14:48:30.0481 0x0d7c ALG - ok
14:48:30.0481 0x0d7c [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
14:48:30.0481 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\amdk8.sys. md5: B70F0F2F54B4A4DB6E9C830454752F5A, sha256: C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572
14:48:30.0481 0x0d7c AmdK8 - detected LockedFile.Multi.Generic ( 1 )
14:48:30.0575 0x0d7c Detect skipped due to KSN trusted
14:48:30.0575 0x0d7c AmdK8 - ok
14:48:30.0590 0x0d7c [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
14:48:30.0590 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\amdppm.sys. md5: 35E890482C9728DD5C552B85DA8A5AB2, sha256: 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191
14:48:30.0590 0x0d7c AmdPPM - detected LockedFile.Multi.Generic ( 1 )
14:48:30.0700 0x0d7c Detect skipped due to KSN trusted
14:48:30.0700 0x0d7c AmdPPM - ok
14:48:30.0715 0x0d7c [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:48:30.0715 0x0d7c amdsata - ok
14:48:30.0731 0x0d7c [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:48:30.0762 0x0d7c amdsbs - ok
14:48:30.0762 0x0d7c [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:48:30.0778 0x0d7c amdxata - ok
14:48:30.0778 0x0d7c [ 2BBD3A492B93C7E669D01EE88977D7DE, 311EA890E555E144F4B0DDC3112B2EB5CB848DEA4F33A300942494D8989473E0 ] AppID C:\Windows\system32\drivers\appid.sys
14:48:30.0793 0x0d7c AppID - ok
14:48:30.0809 0x0d7c [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:48:30.0840 0x0d7c AppIDSvc - ok
14:48:30.0840 0x0d7c [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo C:\Windows\System32\appinfo.dll
14:48:30.0887 0x0d7c Appinfo - ok
14:48:30.0903 0x0d7c [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt C:\Windows\System32\appmgmts.dll
14:48:30.0934 0x0d7c AppMgmt - ok
14:48:30.0965 0x0d7c [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness C:\Windows\system32\AppReadiness.dll
14:48:31.0012 0x0d7c AppReadiness - ok
14:48:31.0075 0x0d7c [ BF58041024FEF96B48F7D691003B4BCB, FAD25702256AA8E668F082E16C2C05FD7FA907DCA88787BF36121D1B073350C9 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
14:48:31.0184 0x0d7c AppXSvc - ok
14:48:31.0200 0x0d7c [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:48:31.0215 0x0d7c arcsas - ok
14:48:31.0215 0x0d7c [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac C:\Windows\System32\drivers\asyncmac.sys
14:48:31.0247 0x0d7c AsyncMac - ok
14:48:31.0262 0x0d7c [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi C:\Windows\system32\drivers\atapi.sys
14:48:31.0262 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, sha256: A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324
14:48:31.0262 0x0d7c atapi - detected LockedFile.Multi.Generic ( 1 )
14:48:31.0372 0x0d7c Detect skipped due to KSN trusted
14:48:31.0372 0x0d7c atapi - ok
14:48:31.0403 0x0d7c [ 890BF20BDF500E4E84720EA84448EDDF, EF5EECA20FFB6B78277CE551877479DB79E91DB23B46530C1D0E746F0F51FBBF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:48:31.0434 0x0d7c AudioEndpointBuilder - ok
14:48:31.0465 0x0d7c [ FAC1E762CB49992381691B00D2069B3E, 9973814BB259A370E6A17EDFB785CED9C634721E6D6FE069667B669AE60EB5F6 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:48:31.0528 0x0d7c Audiosrv - ok
14:48:31.0543 0x0d7c [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:48:31.0575 0x0d7c AxInstSV - ok
14:48:31.0606 0x0d7c [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:48:31.0622 0x0d7c b06bdrv - ok
14:48:31.0637 0x0d7c [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
14:48:31.0637 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BasicDisplay.sys. md5: B4AC08B1D04D0CE085435E5CD0E663C5, sha256: 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC
14:48:31.0637 0x0d7c BasicDisplay - detected LockedFile.Multi.Generic ( 1 )
14:48:31.0747 0x0d7c Detect skipped due to KSN trusted
14:48:31.0747 0x0d7c BasicDisplay - ok
14:48:31.0762 0x0d7c [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
14:48:31.0762 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BasicRender.sys. md5: 25B5BB369DEE2BAE4BF459C978FF9035, sha256: DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA
14:48:31.0762 0x0d7c BasicRender - detected LockedFile.Multi.Generic ( 1 )
14:48:31.0887 0x0d7c Detect skipped due to KSN trusted
14:48:31.0887 0x0d7c BasicRender - ok
14:48:31.0887 0x0d7c [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\Windows\System32\drivers\bcmfn.sys
14:48:31.0934 0x0d7c bcmfn - ok
14:48:31.0950 0x0d7c [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
14:48:31.0965 0x0d7c bcmfn2 - ok
14:48:31.0981 0x0d7c [ F8F398A4AF7E0917320BC2B2CD812888, 02B9A6EA0AA750CA9B62AB09E99956C35E252A12B22C2CBFDC4E941ED5870591 ] BDESVC C:\Windows\System32\bdesvc.dll
14:48:32.0028 0x0d7c BDESVC - ok
14:48:32.0043 0x0d7c [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep C:\Windows\system32\drivers\Beep.sys
14:48:32.0059 0x0d7c Beep - ok
14:48:32.0090 0x0d7c [ 8EA08141590CB9331FA773FB430E91E4, 0507499EF423CC9EE9AC18C2B5CBF9965E69481C69DC96E361C2184C53C3F404 ] BFE C:\Windows\System32\bfe.dll
14:48:32.0153 0x0d7c BFE - ok
14:48:32.0200 0x0d7c [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS C:\Windows\System32\qmgr.dll
14:48:32.0278 0x0d7c BITS - ok
14:48:32.0293 0x0d7c [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:48:32.0325 0x0d7c bowser - ok
14:48:32.0340 0x0d7c [ 62C0D7CD771F26198F76F56B81D8A5B5, 3505DA8B68486D393BF7DCE5F463EA7F88387E6F06BC8175F3514BD6AFE25C37 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:48:32.0403 0x0d7c BrokerInfrastructure - ok
14:48:32.0403 0x0d7c [ DA4C9335434E71D6CC86A3CA567769CC, 9FE5EE3CC91CADBF952446E0A9A79A8834B03C8D4C47D6E9257AF64B2C17F518 ] Browser C:\Windows\System32\browser.dll
14:48:32.0450 0x0d7c Browser - ok
14:48:32.0450 0x0d7c [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
14:48:32.0450 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BthAvrcpTg.sys. md5: CAEC7BC11AF69A181AF7932E636E09E4, sha256: 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709
14:48:32.0450 0x0d7c BthAvrcpTg - detected LockedFile.Multi.Generic ( 1 )
14:48:32.0606 0x0d7c Detect skipped due to KSN trusted
14:48:32.0606 0x0d7c BthAvrcpTg - ok
14:48:32.0622 0x0d7c [ 7F2165B51C19A5F59BCA94E0A1B1E0D3, 09F0A23554761C5559BED50941BCC40519F88003B6D655527F514D5F9D4CB469 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
14:48:32.0622 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BthEnum.sys. md5: 7F2165B51C19A5F59BCA94E0A1B1E0D3, sha256: 09F0A23554761C5559BED50941BCC40519F88003B6D655527F514D5F9D4CB469
14:48:32.0622 0x0d7c BthEnum - detected LockedFile.Multi.Generic ( 1 )
14:48:32.0747 0x0d7c Detect skipped due to KSN trusted
14:48:32.0747 0x0d7c BthEnum - ok
14:48:32.0762 0x0d7c [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
14:48:32.0762 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\bthhfenum.sys. md5: 5F2B4B32E986C058525D3BA2A475A16C, sha256: CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088
14:48:32.0762 0x0d7c BthHFEnum - detected LockedFile.Multi.Generic ( 1 )
14:48:32.0856 0x0d7c Detect skipped due to KSN trusted
14:48:32.0856 0x0d7c BthHFEnum - ok
14:48:32.0872 0x0d7c [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
14:48:32.0872 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BthHFHid.sys. md5: 5406289E8AE2CB52FC408154E0A64BA7, sha256: 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5
14:48:32.0872 0x0d7c bthhfhid - detected LockedFile.Multi.Generic ( 1 )
14:48:32.0997 0x0d7c Detect skipped due to KSN trusted
14:48:32.0997 0x0d7c bthhfhid - ok
14:48:33.0028 0x0d7c [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
14:48:33.0028 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\BthHFSrv.dll. md5: BAB101E7826BE287F79C4BA721621989, sha256: E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060
14:48:33.0028 0x0d7c BthHFSrv - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0153 0x0d7c Detect skipped due to KSN trusted
14:48:33.0153 0x0d7c BthHFSrv - ok
14:48:33.0168 0x0d7c [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
14:48:33.0168 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\bthmodem.sys. md5: A76F20CCCA31895A1DA78A875E50F946, sha256: ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C
14:48:33.0168 0x0d7c BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0278 0x0d7c Detect skipped due to KSN trusted
14:48:33.0278 0x0d7c BTHMODEM - ok
14:48:33.0293 0x0d7c [ 09C3DB1B137B269A822F941D867A6BB6, CC99FBD76DA19D951864D4967EA9F3C048811E9BB7BBB67B724FC82A50B14516 ] BthPan C:\Windows\System32\drivers\bthpan.sys
14:48:33.0293 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\bthpan.sys. md5: 09C3DB1B137B269A822F941D867A6BB6, sha256: CC99FBD76DA19D951864D4967EA9F3C048811E9BB7BBB67B724FC82A50B14516
14:48:33.0293 0x0d7c BthPan - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0419 0x0d7c Detect skipped due to KSN trusted
14:48:33.0419 0x0d7c BthPan - ok
14:48:33.0512 0x0d7c [ 40811857B266F02D75DE654AE92D98C9, 964A50FA4A6B0D62B9D8135B2FB9D7222216F99230849CD5478278B06ACD9A5B ] BTHPORT C:\Windows\System32\drivers\BTHport.sys
14:48:33.0512 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BTHport.sys. md5: 40811857B266F02D75DE654AE92D98C9, sha256: 964A50FA4A6B0D62B9D8135B2FB9D7222216F99230849CD5478278B06ACD9A5B
14:48:33.0528 0x0d7c BTHPORT - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0637 0x0d7c Detect skipped due to KSN trusted
14:48:33.0637 0x0d7c BTHPORT - ok
14:48:33.0653 0x0d7c [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv C:\Windows\system32\bthserv.dll
14:48:33.0715 0x0d7c bthserv - ok
14:48:33.0715 0x0d7c [ F001B81D47CEBF96E60CE971FFCC45C4, EE419B557C52B0F1704B5D58E7FA9A996B33E78CC02EA4CA1D28CAB8CFD77D95 ] BTHUSB C:\Windows\System32\drivers\BTHUSB.sys
14:48:33.0715 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\BTHUSB.sys. md5: F001B81D47CEBF96E60CE971FFCC45C4, sha256: EE419B557C52B0F1704B5D58E7FA9A996B33E78CC02EA4CA1D28CAB8CFD77D95
14:48:33.0715 0x0d7c BTHUSB - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0825 0x0d7c Detect skipped due to KSN trusted
14:48:33.0825 0x0d7c BTHUSB - ok
14:48:33.0903 0x0d7c [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
14:48:33.0965 0x0d7c btmhsf - ok
14:48:33.0965 0x0d7c [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
14:48:33.0965 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\buttonconverter.sys. md5: BF89BDBA5D3A0B4256D3F6FC8D31880D, sha256: 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1
14:48:33.0965 0x0d7c buttonconverter - detected LockedFile.Multi.Generic ( 1 )
14:48:34.0075 0x0d7c Detect skipped due to KSN trusted
14:48:34.0075 0x0d7c buttonconverter - ok
14:48:34.0090 0x0d7c [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg C:\Windows\System32\drivers\capimg.sys
14:48:34.0153 0x0d7c CapImg - ok
14:48:34.0169 0x0d7c [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:48:34.0200 0x0d7c cdfs - ok
14:48:34.0200 0x0d7c [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc C:\Windows\System32\CDPSvc.dll
14:48:34.0247 0x0d7c CDPSvc - ok
14:48:34.0262 0x0d7c [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom C:\Windows\System32\drivers\cdrom.sys
14:48:34.0262 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\cdrom.sys. md5: 82D97776BF982AA143BDC7DFB5054EA8, sha256: 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C
14:48:34.0262 0x0d7c cdrom - detected LockedFile.Multi.Generic ( 1 )
14:48:34.0372 0x0d7c Detect skipped due to KSN trusted
14:48:34.0372 0x0d7c cdrom - ok
14:48:34.0387 0x0d7c [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc C:\Windows\System32\certprop.dll
14:48:34.0465 0x0d7c CertPropSvc - ok
14:48:34.0465 0x0d7c [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass C:\Windows\System32\drivers\circlass.sys
14:48:34.0465 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\circlass.sys. md5: 0505C1D991D0F9D47F3353BB98597C7E, sha256: 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A
14:48:34.0465 0x0d7c circlass - detected LockedFile.Multi.Generic ( 1 )
14:48:34.0840 0x0d7c Detect skipped due to KSN trusted
14:48:34.0840 0x0d7c circlass - ok
14:48:34.0872 0x0d7c [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS C:\Windows\system32\drivers\CLFS.sys
14:48:34.0903 0x0d7c CLFS - ok
14:48:34.0934 0x0d7c [ BE10905777246CA6AA74F48FE9236517, D51B13FB176D82665C91B59B3C6E229CE746E20ED1BB20DADF6184C7A29E69AF ] ClipSVC C:\Windows\System32\ClipSVC.dll
14:48:34.0965 0x0d7c ClipSVC - ok
14:48:34.0981 0x0d7c [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
14:48:34.0981 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\CmBatt.sys. md5: 95832B049E2833B9F5189823CDF946C7, sha256: 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D
14:48:34.0981 0x0d7c CmBatt - detected LockedFile.Multi.Generic ( 1 )
14:48:35.0075 0x0d7c Detect skipped due to KSN trusted
14:48:35.0075 0x0d7c CmBatt - ok
14:48:35.0122 0x0d7c [ 80977779A19947939D680A4899E829EC, 6D510B1EFA39D79D0A8B3CD4F00937A4DDC1411664B001D4ABC546C98345F630 ] CNG C:\Windows\system32\Drivers\cng.sys
14:48:35.0153 0x0d7c CNG - ok
14:48:35.0153 0x0d7c [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist C:\Windows\system32\DRIVERS\cnghwassist.sys
14:48:35.0169 0x0d7c cnghwassist - ok
14:48:35.0184 0x0d7c [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
14:48:35.0215 0x0d7c CompositeBus - ok
14:48:35.0231 0x0d7c COMSysApp - ok
14:48:35.0231 0x0d7c [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv C:\Windows\system32\drivers\condrv.sys
14:48:35.0247 0x0d7c condrv - ok
14:48:35.0278 0x0d7c [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
14:48:35.0309 0x0d7c CoreMessagingRegistrar - ok
14:48:35.0356 0x0d7c [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:48:35.0481 0x0d7c cphs - ok
14:48:35.0497 0x0d7c [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:48:35.0528 0x0d7c CryptSvc - ok
14:48:35.0559 0x0d7c [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC C:\Windows\system32\drivers\csc.sys
14:48:35.0606 0x0d7c CSC - ok
14:48:35.0622 0x0d7c [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService C:\Windows\System32\cscsvc.dll
14:48:35.0700 0x0d7c CscService - ok
14:48:35.0700 0x0d7c [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam C:\Windows\system32\drivers\dam.sys
14:48:35.0715 0x0d7c dam - ok
14:48:35.0747 0x0d7c [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:48:35.0809 0x0d7c DcomLaunch - ok
14:48:35.0825 0x0d7c [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc C:\Windows\system32\dcpsvc.dll
14:48:35.0872 0x0d7c DcpSvc - ok
14:48:35.0887 0x0d7c [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc C:\Windows\System32\defragsvc.dll
14:48:35.0950 0x0d7c defragsvc - ok
14:48:35.0965 0x0d7c [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\Windows\system32\das.dll
14:48:36.0028 0x0d7c DeviceAssociationService - ok
14:48:36.0028 0x0d7c [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
14:48:36.0075 0x0d7c DeviceInstall - ok
14:48:36.0075 0x0d7c [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker C:\Windows\system32\DevQueryBroker.dll
14:48:36.0122 0x0d7c DevQueryBroker - ok
14:48:36.0137 0x0d7c [ C9478D7DB7BE5D7ACE65CB1167F07320, D5082D09EE62E34A195768040B741E22ACC9421CFF315423D77A63ABF8F5E39E ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
14:48:36.0169 0x0d7c Dfsc - ok
14:48:36.0184 0x0d7c [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:48:36.0231 0x0d7c Dhcp - ok
14:48:36.0231 0x0d7c [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
14:48:36.0262 0x0d7c diagnosticshub.standardcollector.service - ok
14:48:36.0309 0x0d7c [ 7AE76C7BC60B53999AD07F6A8AFF15C0, 8DC5DA1FAE508D03433C051C877657038BA346707D37FDBC2FE74B4C1F3509A0 ] DiagTrack C:\Windows\system32\diagtrack.dll
14:48:36.0372 0x0d7c DiagTrack - ok
14:48:36.0387 0x0d7c [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk C:\Windows\system32\drivers\disk.sys
14:48:36.0387 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\disk.sys. md5: 4904B152E4942BF700F2D73228B4D477, sha256: 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F
14:48:36.0387 0x0d7c disk - detected LockedFile.Multi.Generic ( 1 )
14:48:36.0497 0x0d7c Detect skipped due to KSN trusted
14:48:36.0497 0x0d7c disk - ok
14:48:36.0528 0x0d7c [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
14:48:36.0606 0x0d7c DmEnrollmentSvc - ok
14:48:36.0606 0x0d7c [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
14:48:36.0606 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dmvsc.sys. md5: 0197AE4B9790A4E73751CACFAA480126, sha256: 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F
14:48:36.0606 0x0d7c dmvsc - detected LockedFile.Multi.Generic ( 1 )
14:48:36.0684 0x0d7c Detect skipped due to KSN trusted
14:48:36.0684 0x0d7c dmvsc - ok
14:48:36.0700 0x0d7c [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
14:48:36.0731 0x0d7c dmwappushservice - ok
14:48:36.0747 0x0d7c [ 570BB222E3AFC4407636B53F6EABFA70, D0194A128370BB0A337B61402F9EEDD6F7942ADB19BF672D0F92DA2DA563D0DD ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:48:36.0778 0x0d7c Dnscache - ok
14:48:36.0794 0x0d7c [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc C:\Windows\System32\dot3svc.dll
14:48:36.0841 0x0d7c dot3svc - ok
14:48:36.0856 0x0d7c [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS C:\Windows\system32\dps.dll
14:48:36.0903 0x0d7c DPS - ok
14:48:36.0903 0x0d7c [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud C:\Windows\System32\drivers\drmkaud.sys
14:48:36.0903 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\drmkaud.sys. md5: 25FA06D3B49D6ADF8E874FFCDCD76B50, sha256: 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F
14:48:36.0903 0x0d7c drmkaud - detected LockedFile.Multi.Generic ( 1 )
14:48:36.0997 0x0d7c Detect skipped due to KSN trusted
14:48:36.0997 0x0d7c drmkaud - ok
14:48:37.0028 0x0d7c [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
14:48:37.0075 0x0d7c DsmSvc - ok
14:48:37.0075 0x0d7c [ 120BECF7452992DAEBD3878BFE5B2412, A1FE8FC039835A5B59ABD789F5C1BFEA2C091A29978CE386C9880E13178930E5 ] DsSvc C:\Windows\System32\DsSvc.dll
14:48:37.0122 0x0d7c DsSvc - ok
14:48:37.0169 0x0d7c [ A2512BC5F2ABD84D8B3CB0D76ADB749A, 14A1FBF606ED537B9E1B7A939C010A2BA9D609D147FB89AE52D116E59A21D99E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:48:37.0262 0x0d7c DXGKrnl - ok
14:48:37.0278 0x0d7c [ E716140ACA798A5EC48531F0739A0290, C585F1D9B08A406FE0ED35E07C2F20E793E67F8E153314A449701125C8EA7A4B ] e1iexpress C:\Windows\System32\drivers\e1i63x64.sys
14:48:37.0325 0x0d7c e1iexpress - ok
14:48:37.0341 0x0d7c [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost C:\Windows\System32\eapsvc.dll
14:48:37.0372 0x0d7c Eaphost - ok
14:48:37.0481 0x0d7c [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:48:37.0606 0x0d7c ebdrv - ok
14:48:37.0622 0x0d7c [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS C:\Windows\System32\lsass.exe
14:48:37.0637 0x0d7c EFS - ok
14:48:37.0637 0x0d7c [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
14:48:37.0653 0x0d7c EhStorClass - ok
14:48:37.0669 0x0d7c [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:48:37.0669 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\EhStorTcgDrv.sys. md5: 5B1EAAE3001A7A320C106FC3859F4111, sha256: 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951
14:48:37.0669 0x0d7c EhStorTcgDrv - detected LockedFile.Multi.Generic ( 1 )
14:48:37.0778 0x0d7c Detect skipped due to KSN trusted
14:48:37.0778 0x0d7c EhStorTcgDrv - ok
14:48:37.0794 0x0d7c [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode C:\Windows\System32\embeddedmodesvc.dll
14:48:37.0856 0x0d7c embeddedmode - ok
14:48:37.0872 0x0d7c [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc C:\Windows\system32\EnterpriseAppMgmtSvc.dll
14:48:37.0903 0x0d7c EntAppSvc - ok
14:48:37.0919 0x0d7c [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev C:\Windows\System32\drivers\errdev.sys
14:48:37.0919 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\errdev.sys. md5: 7A2705148A4BB3CA255F81624338B461, sha256: 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F
14:48:37.0919 0x0d7c ErrDev - detected LockedFile.Multi.Generic ( 1 )
14:48:38.0013 0x0d7c Detect skipped due to KSN trusted
14:48:38.0013 0x0d7c ErrDev - ok
14:48:38.0059 0x0d7c [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem C:\Windows\system32\es.dll
14:48:38.0106 0x0d7c EventSystem - ok
14:48:38.0122 0x0d7c [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat C:\Windows\system32\drivers\exfat.sys
14:48:38.0169 0x0d7c exfat - ok
14:48:38.0184 0x0d7c [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:48:38.0200 0x0d7c fastfat - ok
14:48:38.0231 0x0d7c [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax C:\Windows\system32\fxssvc.exe
14:48:38.0309 0x0d7c Fax - ok
14:48:38.0309 0x0d7c [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc C:\Windows\System32\drivers\fdc.sys
14:48:38.0309 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\fdc.sys. md5: 9D299AE86D671488926126A84DF77BFD, sha256: C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366
14:48:38.0309 0x0d7c fdc - detected LockedFile.Multi.Generic ( 1 )
14:48:38.0403 0x0d7c Detect skipped due to KSN trusted
14:48:38.0403 0x0d7c fdc - ok
14:48:38.0419 0x0d7c [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost C:\Windows\system32\fdPHost.dll
14:48:38.0481 0x0d7c fdPHost - ok
14:48:38.0544 0x0d7c [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub C:\Windows\system32\fdrespub.dll
14:48:38.0575 0x0d7c FDResPub - ok
14:48:38.0575 0x0d7c [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc C:\Windows\system32\fhsvc.dll
14:48:38.0622 0x0d7c fhsvc - ok
14:48:38.0622 0x0d7c [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt C:\Windows\system32\drivers\filecrypt.sys
14:48:38.0669 0x0d7c FileCrypt - ok
14:48:38.0669 0x0d7c [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:48:38.0684 0x0d7c FileInfo - ok
14:48:38.0684 0x0d7c [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:48:38.0731 0x0d7c Filetrace - ok
14:48:38.0731 0x0d7c [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
14:48:38.0731 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\flpydisk.sys. md5: E99261DD76D1C9E05AF575939CAE5AC5, sha256: A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C
14:48:38.0731 0x0d7c flpydisk - detected LockedFile.Multi.Generic ( 1 )
14:48:38.0856 0x0d7c Detect skipped due to KSN trusted
14:48:38.0856 0x0d7c flpydisk - ok
14:48:38.0888 0x0d7c [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:48:38.0934 0x0d7c FltMgr - ok
14:48:38.0981 0x0d7c [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache C:\Windows\system32\FntCache.dll
14:48:39.0091 0x0d7c FontCache - ok
14:48:39.0091 0x0d7c [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:48:39.0106 0x0d7c FsDepends - ok
14:48:39.0122 0x0d7c [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:48:39.0138 0x0d7c Fs_Rec - ok
14:48:39.0169 0x0d7c [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:48:39.0200 0x0d7c fvevol - ok
14:48:39.0200 0x0d7c [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:48:39.0200 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\gagp30kx.sys. md5: B9981A4CB9F728B3312A3885BFAA7204, sha256: 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8
14:48:39.0200 0x0d7c gagp30kx - detected LockedFile.Multi.Generic ( 1 )
14:48:39.0309 0x0d7c Detect skipped due to KSN trusted
14:48:39.0309 0x0d7c gagp30kx - ok
14:48:39.0325 0x0d7c [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
14:48:39.0325 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vmgencounter.sys. md5: 77555B11B264991DDC26872FFCF1AB97, sha256: D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44
14:48:39.0325 0x0d7c gencounter - detected LockedFile.Multi.Generic ( 1 )
14:48:39.0450 0x0d7c Detect skipped due to KSN trusted
14:48:39.0466 0x0d7c gencounter - ok
14:48:39.0466 0x0d7c [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn C:\Windows\System32\drivers\genericusbfn.sys
14:48:39.0466 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\genericusbfn.sys. md5: F3AC9652D88BF87BA6596CBEA28CE10F, sha256: 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F
14:48:39.0466 0x0d7c genericusbfn - detected LockedFile.Multi.Generic ( 1 )
14:48:39.0591 0x0d7c Detect skipped due to KSN trusted
14:48:39.0591 0x0d7c genericusbfn - ok
14:48:39.0606 0x0d7c [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
14:48:39.0653 0x0d7c GPIOClx0101 - ok
14:48:39.0700 0x0d7c [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc C:\Windows\System32\gpsvc.dll
14:48:39.0794 0x0d7c gpsvc - ok
14:48:39.0794 0x0d7c [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv C:\Windows\system32\drivers\gpuenergydrv.sys
14:48:39.0825 0x0d7c GpuEnergyDrv - ok
14:48:39.0841 0x0d7c [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
14:48:39.0841 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HdAudio.sys. md5: 0F93EBE9071A6BB1548BF0F816EEA24B, sha256: 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44
14:48:39.0841 0x0d7c HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
14:48:39.0950 0x0d7c Detect skipped due to KSN trusted
14:48:39.0950 0x0d7c HdAudAddService - ok
14:48:39.0966 0x0d7c [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
14:48:39.0981 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\HDAudBus.sys. md5: 84BC034B6BB763733C1949B7B9BAF976, sha256: 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23
14:48:39.0981 0x0d7c HDAudBus - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0106 0x0d7c Detect skipped due to KSN trusted
14:48:40.0106 0x0d7c HDAudBus - ok
14:48:40.0106 0x0d7c [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
14:48:40.0106 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\HidBatt.sys. md5: 6B8CB114B8E64C0636EB49F7B914D1FC, sha256: 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7
14:48:40.0122 0x0d7c HidBatt - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0247 0x0d7c Detect skipped due to KSN trusted
14:48:40.0247 0x0d7c HidBatt - ok
14:48:40.0263 0x0d7c [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth C:\Windows\System32\drivers\hidbth.sys
14:48:40.0263 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidbth.sys. md5: D1AD197CCDAAC0CB4819DA1D6EB17BAE, sha256: C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1
14:48:40.0263 0x0d7c HidBth - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0403 0x0d7c Detect skipped due to KSN trusted
14:48:40.0403 0x0d7c HidBth - ok
14:48:40.0403 0x0d7c [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
14:48:40.0419 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidi2c.sys. md5: 64909DECCFCC6FB5D9A5BAFDCCB31FEE, sha256: E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E
14:48:40.0419 0x0d7c hidi2c - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0544 0x0d7c Detect skipped due to KSN trusted
14:48:40.0544 0x0d7c hidi2c - ok
14:48:40.0544 0x0d7c [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt C:\Windows\System32\drivers\hidinterrupt.sys
14:48:40.0544 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidinterrupt.sys. md5: F510F7B7BF61DEAAC04E65C3B65E8D59, sha256: 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301
14:48:40.0544 0x0d7c hidinterrupt - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0669 0x0d7c Detect skipped due to KSN trusted
14:48:40.0669 0x0d7c hidinterrupt - ok
14:48:40.0684 0x0d7c [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr C:\Windows\System32\drivers\hidir.sys
14:48:40.0684 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidir.sys. md5: 90F3ED42D423C942BA5EA54E2FFE7AC7, sha256: BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8
14:48:40.0684 0x0d7c HidIr - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0794 0x0d7c Detect skipped due to KSN trusted
14:48:40.0794 0x0d7c HidIr - ok
14:48:40.0794 0x0d7c [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv C:\Windows\system32\hidserv.dll
14:48:40.0872 0x0d7c hidserv - ok
14:48:40.0888 0x0d7c [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
14:48:40.0888 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hidusb.sys. md5: 128DEDDD61915DBA4D451D91D21F0513, sha256: 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314
14:48:40.0888 0x0d7c HidUsb - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0981 0x0d7c Detect skipped due to KSN trusted
14:48:40.0981 0x0d7c HidUsb - ok
14:48:41.0013 0x0d7c [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:48:41.0075 0x0d7c HomeGroupListener - ok
14:48:41.0106 0x0d7c [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:48:41.0153 0x0d7c HomeGroupProvider - ok
14:48:41.0153 0x0d7c [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:48:41.0169 0x0d7c HpSAMD - ok
14:48:41.0200 0x0d7c [ A403DAE4B083EB96BC6CEDB47639B4F8, 6F5709CEA93789C075E4BE4041EC43C94910617DA4123DEE178E74E4A9B26708 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:48:41.0247 0x0d7c HTTP - ok
14:48:41.0263 0x0d7c [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:48:41.0278 0x0d7c hwpolicy - ok
14:48:41.0278 0x0d7c [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
14:48:41.0278 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\hyperkbd.sys. md5: D668FAB4B0397B426EE3D41683B9A1C0, sha256: 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8
14:48:41.0278 0x0d7c hyperkbd - detected LockedFile.Multi.Generic ( 1 )
14:48:41.0388 0x0d7c Detect skipped due to KSN trusted
14:48:41.0388 0x0d7c hyperkbd - ok
14:48:41.0403 0x0d7c [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
14:48:41.0403 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\i8042prt.sys. md5: 53FDD9E69189E546DE4740F8C4D8AB2F, sha256: 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D
14:48:41.0403 0x0d7c i8042prt - detected LockedFile.Multi.Generic ( 1 )
14:48:41.0513 0x0d7c Detect skipped due to KSN trusted
14:48:41.0513 0x0d7c i8042prt - ok
14:48:41.0528 0x0d7c [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\Windows\System32\drivers\iai2c.sys
14:48:41.0591 0x0d7c iai2c - ok
14:48:41.0607 0x0d7c [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
14:48:41.0622 0x0d7c iaLPSS2i_I2C - ok
14:48:41.0638 0x0d7c [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
14:48:41.0669 0x0d7c iaLPSSi_GPIO - ok
14:48:41.0669 0x0d7c [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
14:48:41.0700 0x0d7c iaLPSSi_I2C - ok
14:48:41.0732 0x0d7c [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
14:48:41.0763 0x0d7c iaStorAV - ok
14:48:41.0778 0x0d7c [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:48:41.0810 0x0d7c iaStorV - ok
14:48:41.0825 0x0d7c [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus C:\Windows\System32\drivers\ibbus.sys
14:48:41.0857 0x0d7c ibbus - ok
14:48:41.0857 0x0d7c [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
14:48:41.0872 0x0d7c iBtFltCoex - ok
14:48:41.0888 0x0d7c [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc C:\Windows\System32\tetheringservice.dll
14:48:41.0919 0x0d7c icssvc - ok
14:48:41.0919 0x0d7c IEEtwCollectorService - ok
14:48:42.0075 0x0d7c [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:48:42.0294 0x0d7c igfx - ok
14:48:42.0341 0x0d7c [ 12F8D27ED8623DDDC09A549EDADCBAC9, D3A3F0588D9CAF1027D8BC14601E2A6AB7E5924A2C23C90D38A9E14538DB02A9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:48:42.0419 0x0d7c IKEEXT - ok
14:48:42.0435 0x0d7c [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide C:\Windows\system32\drivers\intelide.sys
14:48:42.0435 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: ECDB27420D3A98424666904525A8562A, sha256: BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A
14:48:42.0435 0x0d7c intelide - detected LockedFile.Multi.Generic ( 1 )
14:48:42.0544 0x0d7c Detect skipped due to KSN trusted
14:48:42.0544 0x0d7c intelide - ok
14:48:42.0544 0x0d7c [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep C:\Windows\system32\drivers\intelpep.sys
14:48:42.0544 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelpep.sys. md5: 8FF1978643EFD219C5BA49690191D701, sha256: 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA
14:48:42.0560 0x0d7c intelpep - detected LockedFile.Multi.Generic ( 1 )
14:48:42.0669 0x0d7c Detect skipped due to KSN trusted
14:48:42.0669 0x0d7c intelpep - ok
14:48:42.0685 0x0d7c [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm C:\Windows\System32\drivers\intelppm.sys
14:48:42.0685 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\intelppm.sys. md5: B61B60F36E1C8022FA8166ABF0F66B07, sha256: 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968
14:48:42.0685 0x0d7c intelppm - detected LockedFile.Multi.Generic ( 1 )
14:48:42.0779 0x0d7c Detect skipped due to KSN trusted
14:48:42.0779 0x0d7c intelppm - ok
14:48:42.0794 0x0d7c [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos C:\Windows\system32\drivers\ioqos.sys
14:48:42.0857 0x0d7c IoQos - ok
14:48:42.0872 0x0d7c [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:42.0904 0x0d7c IpFilterDriver - ok
14:48:42.0935 0x0d7c [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:48:43.0013 0x0d7c iphlpsvc - ok
14:48:43.0013 0x0d7c [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
14:48:43.0013 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\IPMIDrv.sys. md5: 4F527ECB5EAB47D8EAF34A469666C469, sha256: 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495
14:48:43.0013 0x0d7c IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0122 0x0d7c Detect skipped due to KSN trusted
14:48:43.0122 0x0d7c IPMIDRV - ok
14:48:43.0138 0x0d7c [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:48:43.0185 0x0d7c IPNAT - ok
14:48:43.0185 0x0d7c [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:48:43.0216 0x0d7c IRENUM - ok
14:48:43.0216 0x0d7c [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:48:43.0216 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 531994A6D9399D9B74BE12B5BB58A81E, sha256: 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094
14:48:43.0216 0x0d7c isapnp - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0325 0x0d7c Detect skipped due to KSN trusted
14:48:43.0325 0x0d7c isapnp - ok
14:48:43.0357 0x0d7c [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
14:48:43.0357 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\msiscsi.sys. md5: 68D5354A4A9692EEC24664C60F47D4A2, sha256: 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD
14:48:43.0357 0x0d7c iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0450 0x0d7c Detect skipped due to KSN trusted
14:48:43.0450 0x0d7c iScsiPrt - ok
14:48:43.0466 0x0d7c [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
14:48:43.0466 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\kbdclass.sys. md5: 701D7DB13B0815E7076EF4CB4CE981F8, sha256: 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9
14:48:43.0466 0x0d7c kbdclass - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0591 0x0d7c Detect skipped due to KSN trusted
14:48:43.0591 0x0d7c kbdclass - ok
14:48:43.0591 0x0d7c [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
14:48:43.0591 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\kbdhid.sys. md5: 884EBBDDBF5968003B40185BD96FF0E6, sha256: E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3
14:48:43.0591 0x0d7c kbdhid - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0700 0x0d7c Detect skipped due to KSN trusted
14:48:43.0700 0x0d7c kbdhid - ok
14:48:43.0716 0x0d7c [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic C:\Windows\System32\drivers\kdnic.sys
14:48:43.0716 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\kdnic.sys. md5: 6B3A0C7902811E6372643447E41F7048, sha256: 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94
14:48:43.0716 0x0d7c kdnic - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0810 0x0d7c Detect skipped due to KSN trusted
14:48:43.0810 0x0d7c kdnic - ok
14:48:43.0810 0x0d7c [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso C:\Windows\system32\lsass.exe
14:48:43.0857 0x0d7c KeyIso - ok
14:48:43.0857 0x0d7c [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:48:43.0872 0x0d7c KSecDD - ok
14:48:43.0888 0x0d7c [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:48:43.0904 0x0d7c KSecPkg - ok
14:48:43.0904 0x0d7c [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:48:43.0935 0x0d7c ksthunk - ok
14:48:43.0950 0x0d7c [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm C:\Windows\system32\msdtckrm.dll
14:48:44.0013 0x0d7c KtmRm - ok
14:48:44.0013 0x0d7c [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:48:44.0060 0x0d7c LanmanServer - ok
14:48:44.0107 0x0d7c [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:48:44.0138 0x0d7c LanmanWorkstation - ok
14:48:44.0154 0x0d7c [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc C:\Windows\System32\lfsvc.dll
14:48:44.0185 0x0d7c lfsvc - ok
14:48:44.0185 0x0d7c [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager C:\Windows\system32\LicenseManagerSvc.dll
14:48:44.0232 0x0d7c LicenseManager - ok
14:48:44.0232 0x0d7c [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio C:\Windows\system32\drivers\lltdio.sys
14:48:44.0263 0x0d7c lltdio - ok
14:48:44.0279 0x0d7c [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:48:44.0325 0x0d7c lltdsvc - ok
14:48:44.0325 0x0d7c [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:48:44.0357 0x0d7c lmhosts - ok
14:48:44.0372 0x0d7c [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:48:44.0388 0x0d7c LSI_SAS - ok
14:48:44.0404 0x0d7c [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i C:\Windows\system32\drivers\lsi_sas2i.sys
14:48:44.0419 0x0d7c LSI_SAS2i - ok
14:48:44.0419 0x0d7c [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i C:\Windows\system32\drivers\lsi_sas3i.sys
14:48:44.0435 0x0d7c LSI_SAS3i - ok
14:48:44.0435 0x0d7c [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
14:48:44.0450 0x0d7c LSI_SSS - ok
14:48:44.0482 0x0d7c [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM C:\Windows\System32\lsm.dll
14:48:44.0560 0x0d7c LSM - ok
14:48:44.0575 0x0d7c [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv C:\Windows\system32\drivers\luafv.sys
14:48:44.0607 0x0d7c luafv - ok
14:48:44.0622 0x0d7c [ 88B38A7435DFA9B7E8F94F5D5FE999D2, FF4EBB6CE013D0EA62FEDA5FBBD1205D9A6F684E701F40039A95A4EF4145DC16 ] MapsBroker C:\Windows\System32\moshost.dll
14:48:44.0638 0x0d7c MapsBroker - ok
14:48:44.0654 0x0d7c [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:48:44.0669 0x0d7c MBAMProtector - ok
14:48:44.0716 0x0d7c [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
14:48:44.0763 0x0d7c MBAMScheduler - ok
14:48:44.0794 0x0d7c [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:48:44.0841 0x0d7c MBAMService - ok
14:48:44.0857 0x0d7c [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
14:48:44.0872 0x0d7c MBAMSwissArmy - ok
14:48:44.0872 0x0d7c [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:48:44.0888 0x0d7c MBAMWebAccessControl - ok
14:48:44.0888 0x0d7c [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas C:\Windows\system32\drivers\megasas.sys
14:48:44.0904 0x0d7c megasas - ok
14:48:44.0919 0x0d7c [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr C:\Windows\system32\drivers\megasr.sys
14:48:44.0951 0x0d7c megasr - ok
14:48:44.0966 0x0d7c [ C7DFCC5470DBBE00114723A233701CF8, 8E00E8975BD3ABDD7F774E76FE33024EE09755DFC3C46F880E4EAA7F7D8393B6 ] MEIx64 C:\Windows\System32\drivers\TeeDriverW8x64.sys
14:48:44.0997 0x0d7c MEIx64 - ok
14:48:44.0997 0x0d7c [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\Windows\System32\MessagingService.dll
14:48:45.0044 0x0d7c MessagingService - ok
14:48:45.0076 0x0d7c [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus C:\Windows\System32\drivers\mlx4_bus.sys
14:48:45.0107 0x0d7c mlx4_bus - ok
14:48:45.0107 0x0d7c [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS C:\Windows\system32\drivers\mmcss.sys
14:48:45.0138 0x0d7c MMCSS - ok
14:48:45.0138 0x0d7c [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem C:\Windows\system32\drivers\modem.sys
14:48:45.0169 0x0d7c Modem - ok
14:48:45.0169 0x0d7c [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor C:\Windows\System32\drivers\monitor.sys
14:48:45.0169 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\monitor.sys. md5: 78FEC1BDB168370F131BFBFEA0A04E9D, sha256: E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B
14:48:45.0185 0x0d7c monitor - detected LockedFile.Multi.Generic ( 1 )
14:48:45.0294 0x0d7c Detect skipped due to KSN trusted
14:48:45.0294 0x0d7c monitor - ok
14:48:45.0310 0x0d7c [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass C:\Windows\System32\drivers\mouclass.sys
14:48:45.0310 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mouclass.sys. md5: D1CC0833CFBC4222A95CAA5D0C8C78FF, sha256: 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D
14:48:45.0310 0x0d7c mouclass - detected LockedFile.Multi.Generic ( 1 )
14:48:45.0435 0x0d7c Detect skipped due to KSN trusted
14:48:45.0435 0x0d7c mouclass - ok
14:48:45.0435 0x0d7c [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid C:\Windows\System32\drivers\mouhid.sys
14:48:45.0435 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mouhid.sys. md5: C2E05EC6B80BCF5AE362DA873E1BCE64, sha256: 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B
14:48:45.0451 0x0d7c mouhid - detected LockedFile.Multi.Generic ( 1 )
14:48:45.0560 0x0d7c Detect skipped due to KSN trusted
14:48:45.0560 0x0d7c mouhid - ok
14:48:45.0576 0x0d7c [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:48:45.0622 0x0d7c mountmgr - ok
14:48:45.0622 0x0d7c [ 98DA127D0AB8B6CB5773546AF60D9217, BB07F34552342CA40E843F80AA32C928C29EF81789605E53C795EFD564F2DA7F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:48:45.0685 0x0d7c MozillaMaintenance - ok
14:48:45.0685 0x0d7c [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:48:45.0732 0x0d7c mpsdrv - ok
14:48:45.0747 0x0d7c [ 3B3906F069DB567C3D092F195FEA5F87, 1EAD704AD8E81D083FE3D458B529F8ECBE99569EFD20F7B520339F054E2F6515 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:48:45.0826 0x0d7c MpsSvc - ok
14:48:45.0826 0x0d7c [ 37C9EC0398BFC22C616711E41AE157D5, C8DD6B6B47513696CD4BD376C5D9F82C0F52F5A351FFAFE149E3B13C4684D40E ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:48:45.0872 0x0d7c MRxDAV - ok
14:48:45.0888 0x0d7c [ 61F9F27A8C3D7BCD287FE98A440421CE, 773208951BD0B8C0B9510F4C317484D5FCF36D09310D4E20F2BDB85D61088BA5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:45.0919 0x0d7c mrxsmb - ok
14:48:45.0919 0x0d7c [ CCAD845F4D21D0E0E0468205EE865473, 8F93B61F407BCE5910A7A9F01F8A51FDB7A3C4F03E59C144C1D4FD974D10C2D4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:45.0966 0x0d7c mrxsmb10 - ok
14:48:45.0966 0x0d7c [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:45.0997 0x0d7c mrxsmb20 - ok
14:48:45.0997 0x0d7c [ A934DF064C503A31683DD7EECDBD327A, 3ED943A2CFE9BB00898A4FCE08D3A5C814FE6E546FC10E9F30E6C2619B1AD162 ] MsBridge C:\Windows\system32\drivers\bridge.sys
14:48:46.0029 0x0d7c MsBridge - ok
14:48:46.0044 0x0d7c [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC C:\Windows\System32\msdtc.exe
14:48:46.0076 0x0d7c MSDTC - ok
14:48:46.0091 0x0d7c [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:48:46.0107 0x0d7c Msfs - ok
14:48:46.0122 0x0d7c [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
14:48:46.0122 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\msgpiowin32.sys. md5: B3358F380BA3F29F56BE0F7734C24D5F, sha256: 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5
14:48:46.0122 0x0d7c msgpiowin32 - detected LockedFile.Multi.Generic ( 1 )
14:48:46.0216 0x0d7c Detect skipped due to KSN trusted
14:48:46.0216 0x0d7c msgpiowin32 - ok
14:48:46.0232 0x0d7c [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:48:46.0279 0x0d7c mshidkmdf - ok
14:48:46.0294 0x0d7c [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
14:48:46.0326 0x0d7c mshidumdf - ok
14:48:46.0326 0x0d7c [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:48:46.0326 0x0d7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: 59307FEAFC9E72EEEC56B7FD7D294F4C, sha256: 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA
14:48:46.0326 0x0d7c msisadrv - detected LockedFile.Multi.Generic ( 1 )
14:48:46.0420 0x0d7c Detect skipped due to KSN trusted
14:48:46.0420 0x0d7c msisadrv - ok
14:48:46.0435 0x0d7c [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:48:46.0498 0x0d7c MSiSCSI - ok
14:48:46.0498 0x0d7c msiserver - ok
14:48:46.0513 0x0d7c [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV C:\Windows\system32\DRIVERS\MSKSSRV.sys
14:48:46.0529 0x0d7c MSKSSRV - ok
14:48:46.0544 0x0d7c [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp C:\Windows\system32\drivers\mslldp.sys
14:48:46.0560 0x0d7c MsLldp - ok
14:48:46.0576 0x0d7c [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK C:\Windows\system32\DRIVERS\MSPCLOCK.sys
14:48:46.0591 0x0d7c MSPCLOCK - ok
14:48:46.0607 0x0d7c [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM C:\Windows\system32\DRIVERS\MSPQM.sys
14:48:46.0623 0x0d7c MSPQM - ok
14:48:46.0638 0x0d7c [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:48:46.0669 0x0d7c MsRPC - ok
14:48:46.0669 0x0d7c [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
14:48:46.0669 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mssmbios.sys. md5: E887FFDD6734C496407E9219225CB6FF, sha256: 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D
14:48:46.0669 0x0d7c mssmbios - detected LockedFile.Multi.Generic ( 1 )
14:48:46.0795 0x0d7c Detect skipped due to KSN trusted
14:48:46.0795 0x0d7c mssmbios - ok
14:48:46.0795 0x0d7c [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE C:\Windows\system32\DRIVERS\MSTEE.sys
14:48:46.0841 0x0d7c MSTEE - ok
14:48:46.0857 0x0d7c [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
14:48:46.0857 0x0d7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\MTConfig.sys. md5: 4FA0483896FC16583851EFB733FCB083, sha256: BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35
14:48:46.0857 0x0d7c MTConfig - detected LockedFile.Multi.Generic ( 1 )
14:48:46.0966 0x0d7c Detect skipped due to KSN trusted
14:48:46.0966 0x0d7c MTConfig - ok
14:48:46.0982 0x0d7c [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup C:\Windows\system32\Drivers\mup.sys
14:48:47.0013 0x0d7c Mup - ok
14:48:47.0013 0x0d7c [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis C:\Windows\system32\drivers\mvumis.sys
14:48:47.0029 0x0d7c mvumis - ok
14:48:47.0045 0x0d7c [ 536A0806CE2061A2157E65D4D8ABF30C, F9893F66505E3F748365CD4625B34357531804BDFE33E57285C0106C03F7916C ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:48:47.0091 0x0d7c NativeWifiP - ok
14:48:47.0107 0x0d7c [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc C:\Windows\System32\ncasvc.dll
14:48:47.0154 0x0d7c NcaSvc - ok
14:48:47.0170 0x0d7c [ 7467BD76D6ED5981E6C3DBFEB50F0F4D, 237E1C2E15D5F3BAC49B09E1CD0EAE56A6998AE1FF560A4F7A7EFFEB46884798 ] NcbService C:\Windows\System32\ncbservice.dll
14:48:47.0216 0x0d7c NcbService - ok
14:48:47.0216 0x0d7c [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
14:48:47.0263 0x0d7c NcdAutoSetup - ok
14:48:47.0279 0x0d7c [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr C:\Windows\System32\drivers\ndfltr.sys
14:48:47.0279 0x0d7c ndfltr - ok
14:48:47.0326 0x0d7c [ AFAECF904F1C343EBD50F91BC8D0DBE8, FABAE70F62895708415B8E176A880D2D20D46D9A14C3D41D371B905CE4D64BA0 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:48:47.0373 0x0d7c NDIS - ok
*************************************************************
Ende Teil1
*************************************************************

ElPirato · 19.01.2016, 15:18

Sorrs, ich habe vergessen zu schreiben, das dies nun das fehlerfreie Log vom Toschiba ist.
Hier also der zweite Teil vom Kaspersky TDSSKiller

Code:

ATTFilter

14:48:47.0373 0x0d7c  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
14:48:47.0404 0x0d7c  NdisCap - ok
14:48:47.0420 0x0d7c  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
14:48:47.0451 0x0d7c  NdisImPlatform - ok
14:48:47.0451 0x0d7c  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:47.0482 0x0d7c  NdisTapi - ok
14:48:47.0482 0x0d7c  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
14:48:47.0513 0x0d7c  Ndisuio - ok
14:48:47.0513 0x0d7c  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
14:48:47.0545 0x0d7c  NdisVirtualBus - ok
14:48:47.0545 0x0d7c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
14:48:47.0591 0x0d7c  NdisWan - ok
14:48:47.0607 0x0d7c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:47.0623 0x0d7c  ndiswanlegacy - ok
14:48:47.0623 0x0d7c  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
14:48:47.0670 0x0d7c  ndproxy - ok
14:48:47.0670 0x0d7c  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\Windows\system32\drivers\Ndu.sys
14:48:47.0701 0x0d7c  Ndu - ok
14:48:47.0716 0x0d7c  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
14:48:47.0732 0x0d7c  NetBIOS - ok
14:48:47.0748 0x0d7c  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:48:47.0779 0x0d7c  NetBT - ok
14:48:47.0795 0x0d7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\Windows\system32\lsass.exe
14:48:47.0810 0x0d7c  Netlogon - ok
14:48:47.0826 0x0d7c  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\Windows\System32\netman.dll
14:48:47.0857 0x0d7c  Netman - ok
14:48:47.0888 0x0d7c  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\Windows\System32\netprofmsvc.dll
14:48:47.0935 0x0d7c  netprofm - ok
14:48:47.0951 0x0d7c  [ 01C759FD50DFD46E30CC56B2B672B1A7, 88F46C89DCE1869D9932E809A24718B50C3B0161A1DD63DED899C0AFA8C7CFF5 ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
14:48:47.0982 0x0d7c  NetSetupSvc - ok
14:48:47.0998 0x0d7c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:48:48.0013 0x0d7c  NetTcpPortSharing - ok
14:48:48.0373 0x0d7c  [ 272BB8C52BE106B5CC69171AF1D281D4, 3D65A772C15440DF5895843185241D890CCDECA0E02DD6CF32CCB9B5849E31A4 ] NETwNs64        C:\Windows\System32\drivers\Netwsw00.sys
14:48:48.0888 0x0d7c  NETwNs64 - ok
14:48:48.0920 0x0d7c  [ 91B32D7036700BEED5343E1F6A7122CC, 8123CA398A79F0E69126F962AA29C2464FAB50182E961CB6A6ADB6CEA09A6732 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
14:48:48.0967 0x0d7c  NgcCtnrSvc - ok
14:48:48.0982 0x0d7c  [ 4547118EADA9FDBB054A211CD01866BB, 51656BDAD78B4CC452B2AE06061247BECD07307BB31B9D6AA615917EC97342E0 ] NgcSvc          C:\Windows\system32\ngcsvc.dll
14:48:49.0045 0x0d7c  NgcSvc - ok
14:48:49.0060 0x0d7c  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:48:49.0107 0x0d7c  NlaSvc - ok
14:48:49.0123 0x0d7c  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:48:49.0138 0x0d7c  Npfs - ok
14:48:49.0154 0x0d7c  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
14:48:49.0154 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\npsvctrig.sys. md5: 29395C214D2CD4C81F73166AB988A797, sha256: 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7
14:48:49.0154 0x0d7c  npsvctrig - detected LockedFile.Multi.Generic ( 1 )
14:48:49.0263 0x0d7c  Detect skipped due to KSN trusted
14:48:49.0263 0x0d7c  npsvctrig - ok
14:48:49.0263 0x0d7c  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\Windows\system32\nsisvc.dll
14:48:49.0310 0x0d7c  nsi - ok
14:48:49.0310 0x0d7c  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:48:49.0342 0x0d7c  nsiproxy - ok
14:48:49.0404 0x0d7c  [ EFEFC245B884B1BE0401931398DCD707, 43A7BDB9BF523791EC41E76F51E7DC56EFC55CCDA0D130ECFCD9990C43D67587 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
14:48:49.0482 0x0d7c  NTFS - ok
14:48:49.0498 0x0d7c  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\Windows\system32\drivers\Null.sys
14:48:49.0529 0x0d7c  Null - ok
14:48:49.0529 0x0d7c  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:48:49.0545 0x0d7c  nvraid - ok
14:48:49.0560 0x0d7c  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:48:49.0576 0x0d7c  nvstor - ok
14:48:49.0576 0x0d7c  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:48:49.0576 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 31F990B2B6B91E9D7A667405CE12FCB1, sha256: 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC
14:48:49.0576 0x0d7c  nv_agp - detected LockedFile.Multi.Generic ( 1 )
14:48:49.0685 0x0d7c  Detect skipped due to KSN trusted
14:48:49.0685 0x0d7c  nv_agp - ok
14:48:49.0732 0x0d7c  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
14:48:49.0826 0x0d7c  OneSyncSvc - ok
14:48:49.0842 0x0d7c  [ 2B8E4C792BED0E5882702720BC528AE5, 6D7CB027BC6014CB268C49B46049CDFF3BA94D07102A65BD053335A28E83D125 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:48:49.0857 0x0d7c  ose - ok
14:48:49.0873 0x0d7c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:48:49.0920 0x0d7c  p2pimsvc - ok
14:48:49.0935 0x0d7c  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\Windows\system32\p2psvc.dll
14:48:49.0982 0x0d7c  p2psvc - ok
14:48:49.0982 0x0d7c  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\Windows\System32\drivers\parport.sys
14:48:49.0982 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\parport.sys. md5: 7D0FC96264C0F8F2C1321E33E8EB646C, sha256: 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447
14:48:49.0982 0x0d7c  Parport - detected LockedFile.Multi.Generic ( 1 )
14:48:50.0092 0x0d7c  Detect skipped due to KSN trusted
14:48:50.0092 0x0d7c  Parport - ok
14:48:50.0107 0x0d7c  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:48:50.0154 0x0d7c  partmgr - ok
14:48:50.0185 0x0d7c  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:48:50.0217 0x0d7c  PcaSvc - ok
14:48:50.0232 0x0d7c  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\Windows\system32\drivers\pci.sys
14:48:50.0232 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 1D4E995955BDAE781C46CB97AE1CFB58, sha256: FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB
14:48:50.0232 0x0d7c  pci - detected LockedFile.Multi.Generic ( 1 )
14:48:50.0342 0x0d7c  Detect skipped due to KSN trusted
14:48:50.0342 0x0d7c  pci - ok
14:48:50.0357 0x0d7c  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:48:50.0357 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: 2B4D98DF0CA57FB9536DBC80D2449D1F, sha256: AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09
14:48:50.0357 0x0d7c  pciide - detected LockedFile.Multi.Generic ( 1 )
14:48:50.0467 0x0d7c  Detect skipped due to KSN trusted
14:48:50.0467 0x0d7c  pciide - ok
14:48:50.0482 0x0d7c  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:48:50.0482 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcmcia.sys. md5: F4D5793BF2E58AF15C6CF2FEEF9E73EB, sha256: 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87
14:48:50.0482 0x0d7c  pcmcia - detected LockedFile.Multi.Generic ( 1 )
14:48:50.0607 0x0d7c  Detect skipped due to KSN trusted
14:48:50.0607 0x0d7c  pcmcia - ok
14:48:50.0607 0x0d7c  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:48:50.0639 0x0d7c  pcw - ok
14:48:50.0639 0x0d7c  [ 48F3A3222CF340FE31535CB6D49C6D6F, 5F8904871219FA6C1BD74747583855B0FBCE42F340A3BE10270D8D3F02766E9D ] pdc             C:\Windows\system32\drivers\pdc.sys
14:48:50.0654 0x0d7c  pdc - ok
14:48:50.0685 0x0d7c  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:48:50.0748 0x0d7c  PEAUTH - ok
14:48:50.0810 0x0d7c  [ C7D210982B6C8454E52191D0DCF6DC52, D53D575CD9A0AB7EA94E7D1B9730ABE0A582CA3460AEAC4680D01034D69D3949 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:48:50.0935 0x0d7c  PeerDistSvc - ok
14:48:50.0951 0x0d7c  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
14:48:50.0967 0x0d7c  percsas2i - ok
14:48:50.0967 0x0d7c  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
14:48:50.0982 0x0d7c  percsas3i - ok
14:48:51.0014 0x0d7c  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:48:51.0060 0x0d7c  PerfHost - ok
14:48:51.0092 0x0d7c  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\Windows\System32\PhoneService.dll
14:48:51.0139 0x0d7c  PhoneSvc - ok
14:48:51.0154 0x0d7c  [ 940BD7A32391F325A1A4285F91FAF7AC, A0FE4B8705B268E1978D9C66EB39B3DBBCB2A70F02F380C7062FE72E92DDF964 ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
14:48:51.0201 0x0d7c  PimIndexMaintenanceSvc - ok
14:48:51.0264 0x0d7c  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\Windows\system32\pla.dll
14:48:51.0373 0x0d7c  pla - ok
14:48:51.0373 0x0d7c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:48:51.0404 0x0d7c  PlugPlay - ok
14:48:51.0404 0x0d7c  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:48:51.0435 0x0d7c  PNRPAutoReg - ok
14:48:51.0451 0x0d7c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:48:51.0482 0x0d7c  PNRPsvc - ok
14:48:51.0498 0x0d7c  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:48:51.0545 0x0d7c  PolicyAgent - ok
14:48:51.0561 0x0d7c  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\Windows\system32\umpo.dll
14:48:51.0592 0x0d7c  Power - ok
14:48:51.0607 0x0d7c  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
14:48:51.0639 0x0d7c  PptpMiniport - ok
14:48:51.0732 0x0d7c  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
14:48:51.0951 0x0d7c  PrintNotify - ok
14:48:51.0967 0x0d7c  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\Windows\System32\drivers\processr.sys
14:48:51.0967 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\processr.sys. md5: 21AECFF3EB5748CBE12538A2500EFDE5, sha256: A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B
14:48:51.0967 0x0d7c  Processor - detected LockedFile.Multi.Generic ( 1 )
14:48:52.0076 0x0d7c  Detect skipped due to KSN trusted
14:48:52.0076 0x0d7c  Processor - ok
14:48:52.0092 0x0d7c  [ A08AAC62EF7A1E291B3E895B5864BB86, 340E6648F9A5F4B7543FDEC5BDAFBDA3DE319B8F998FF2EF60D02EE5EF3D56CB ] ProfSvc         C:\Windows\system32\profsvc.dll
14:48:52.0139 0x0d7c  ProfSvc - ok
14:48:52.0154 0x0d7c  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\Windows\system32\drivers\pacer.sys
14:48:52.0170 0x0d7c  Psched - ok
14:48:52.0186 0x0d7c  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\Windows\system32\qwave.dll
14:48:52.0232 0x0d7c  QWAVE - ok
14:48:52.0232 0x0d7c  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:48:52.0264 0x0d7c  QWAVEdrv - ok
14:48:52.0264 0x0d7c  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:48:52.0295 0x0d7c  RasAcd - ok
14:48:52.0295 0x0d7c  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
14:48:52.0326 0x0d7c  RasAgileVpn - ok
14:48:52.0342 0x0d7c  [ 2976970887157CBB05747CBCD0793354, 43499D90B6340BD679CA51FDAB4ABCD0CF7E995367876716B7879422D206D677 ] RasAuto         C:\Windows\System32\rasauto.dll
14:48:52.0373 0x0d7c  RasAuto - ok
14:48:52.0389 0x0d7c  [ 381B8F2311A0375676B635EA5E7C8AB0, F64697F75894844E72F260E9E88CCFE6B882BC89F6124DCA187771A29C3EF929 ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
14:48:52.0420 0x0d7c  Rasl2tp - ok
14:48:52.0436 0x0d7c  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\Windows\System32\rasmans.dll
14:48:52.0514 0x0d7c  RasMan - ok
14:48:52.0514 0x0d7c  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:52.0545 0x0d7c  RasPppoe - ok
14:48:52.0545 0x0d7c  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
14:48:52.0576 0x0d7c  RasSstp - ok
14:48:52.0592 0x0d7c  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:48:52.0623 0x0d7c  rdbss - ok
14:48:52.0623 0x0d7c  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
14:48:52.0623 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\rdpbus.sys. md5: D0221C13960E274CC539D72D5A842ED0, sha256: A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C
14:48:52.0623 0x0d7c  rdpbus - detected LockedFile.Multi.Generic ( 1 )
14:48:52.0748 0x0d7c  Detect skipped due to KSN trusted
14:48:52.0748 0x0d7c  rdpbus - ok
14:48:52.0764 0x0d7c  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:48:52.0811 0x0d7c  RDPDR - ok
14:48:52.0826 0x0d7c  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:48:52.0826 0x0d7c  RdpVideoMiniport - ok
14:48:52.0842 0x0d7c  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:48:52.0873 0x0d7c  rdyboost - ok
14:48:52.0889 0x0d7c  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
14:48:52.0936 0x0d7c  ReFSv1 - ok
14:48:52.0951 0x0d7c  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:48:53.0014 0x0d7c  RemoteAccess - ok
14:48:53.0029 0x0d7c  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:48:53.0076 0x0d7c  RemoteRegistry - ok
14:48:53.0108 0x0d7c  [ AD43141CE6D5074DA1D28B5BCD4E4507, C1A9AA856DD4FEE00BBA329C150E0CBCD1CE13ED0BB7B4AC9B152321CD854212 ] RetailDemo      C:\Windows\system32\RDXService.dll
14:48:53.0201 0x0d7c  RetailDemo - ok
14:48:53.0217 0x0d7c  [ 60BFD9EE962C87747A0EB648634281ED, 3E8610F597405944BFD42EE8C397818850BC7D97ACC14AC43B6E3632A1FB916C ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
14:48:53.0217 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\rfcomm.sys. md5: 60BFD9EE962C87747A0EB648634281ED, sha256: 3E8610F597405944BFD42EE8C397818850BC7D97ACC14AC43B6E3632A1FB916C
14:48:53.0217 0x0d7c  RFCOMM - detected LockedFile.Multi.Generic ( 1 )
14:48:53.0326 0x0d7c  Detect skipped due to KSN trusted
14:48:53.0326 0x0d7c  RFCOMM - ok
14:48:53.0342 0x0d7c  [ 5B5FF622A55B479E1F2DDD92FF6CBFD3, 6DA714E48D930198193E84360A4DC5B3042BF02EB3CB3AF8778E91366369372F ] risdxc          C:\Windows\System32\drivers\risdxc64.sys
14:48:53.0389 0x0d7c  risdxc - ok
14:48:53.0404 0x0d7c  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:48:53.0436 0x0d7c  RpcEptMapper - ok
14:48:53.0451 0x0d7c  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\Windows\system32\locator.exe
14:48:53.0483 0x0d7c  RpcLocator - ok
14:48:53.0514 0x0d7c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\Windows\system32\rpcss.dll
14:48:53.0561 0x0d7c  RpcSs - ok
14:48:53.0576 0x0d7c  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\Windows\system32\drivers\rspndr.sys
14:48:53.0608 0x0d7c  rspndr - ok
14:48:53.0608 0x0d7c  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
14:48:53.0608 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vms3cap.sys. md5: 044890BB0D6CF1E23C1087234D320509, sha256: FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF
14:48:53.0608 0x0d7c  s3cap - detected LockedFile.Multi.Generic ( 1 )
14:48:53.0733 0x0d7c  Detect skipped due to KSN trusted
14:48:53.0733 0x0d7c  s3cap - ok
14:48:53.0748 0x0d7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\Windows\system32\lsass.exe
14:48:53.0779 0x0d7c  SamSs - ok
14:48:53.0779 0x0d7c  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:48:53.0779 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 530F797129776AA7E81994783A97E2AD, sha256: F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A
14:48:53.0779 0x0d7c  sbp2port - detected LockedFile.Multi.Generic ( 1 )
14:48:53.0889 0x0d7c  Detect skipped due to KSN trusted
14:48:53.0889 0x0d7c  sbp2port - ok
14:48:53.0904 0x0d7c  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:48:53.0967 0x0d7c  SCardSvr - ok
14:48:53.0983 0x0d7c  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
14:48:54.0029 0x0d7c  ScDeviceEnum - ok
14:48:54.0045 0x0d7c  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:48:54.0076 0x0d7c  scfilter - ok
14:48:54.0108 0x0d7c  [ 5A459E0585FF3A980D10604B6D4BA03D, 3DF9CB96258A44458DF98EA4C6D57342D1207B7BFB94174461B347BE3B5CA317 ] Schedule        C:\Windows\system32\schedsvc.dll
14:48:54.0217 0x0d7c  Schedule - ok
14:48:54.0217 0x0d7c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:48:54.0248 0x0d7c  SCPolicySvc - ok
14:48:54.0264 0x0d7c  [ E1137E39C3BB3EF9AF2243745D901D60, 0BE86E4E48DA6D25AF0E71F09E55A5C4E525C61831EDC5135DEB240CCD02335D ] sdbus           C:\Windows\System32\drivers\sdbus.sys
14:48:54.0264 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\sdbus.sys. md5: E1137E39C3BB3EF9AF2243745D901D60, sha256: 0BE86E4E48DA6D25AF0E71F09E55A5C4E525C61831EDC5135DEB240CCD02335D
14:48:54.0264 0x0d7c  sdbus - detected LockedFile.Multi.Generic ( 1 )
14:48:54.0373 0x0d7c  Detect skipped due to KSN trusted
14:48:54.0373 0x0d7c  sdbus - ok
14:48:54.0389 0x0d7c  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:48:54.0436 0x0d7c  SDRSVC - ok
14:48:54.0436 0x0d7c  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
14:48:54.0436 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\sdstor.sys. md5: DE6D7DC78D956928F59F7415A0F41E13, sha256: C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805
14:48:54.0436 0x0d7c  sdstor - detected LockedFile.Multi.Generic ( 1 )
14:48:54.0701 0x0d7c  Detect skipped due to KSN trusted
14:48:54.0701 0x0d7c  sdstor - ok
14:48:54.0717 0x0d7c  [ 286450F698EBD81A8AC1B22CF6BABF11, ED05C2723FCD399FD085AE7AB1178D24F9745A4F31DD711DE896D15412B82BA2 ] seclogon        C:\Windows\system32\seclogon.dll
14:48:54.0795 0x0d7c  seclogon - ok
14:48:54.0795 0x0d7c  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\Windows\System32\sens.dll
14:48:54.0842 0x0d7c  SENS - ok
14:48:54.0873 0x0d7c  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\Windows\System32\SensorDataService.exe
14:48:54.0998 0x0d7c  SensorDataService - ok
14:48:55.0014 0x0d7c  [ A74C62AE99A015CD6275F0D8D8843886, DF08E0BB1160E054C6B000BC5F62DEF77C6D9E4B5679AD013C313BA14207B589 ] SensorService   C:\Windows\system32\SensorService.dll
14:48:55.0045 0x0d7c  SensorService - ok
14:48:55.0061 0x0d7c  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:48:55.0092 0x0d7c  SensrSvc - ok
14:48:55.0108 0x0d7c  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\Windows\system32\drivers\SerCx.sys
14:48:55.0123 0x0d7c  SerCx - ok
14:48:55.0123 0x0d7c  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
14:48:55.0139 0x0d7c  SerCx2 - ok
14:48:55.0154 0x0d7c  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\Windows\System32\drivers\serenum.sys
14:48:55.0154 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\serenum.sys. md5: D3A103944A8FCD78FD48B2B19092790C, sha256: 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9
14:48:55.0154 0x0d7c  Serenum - detected LockedFile.Multi.Generic ( 1 )
14:48:55.0264 0x0d7c  Detect skipped due to KSN trusted
14:48:55.0264 0x0d7c  Serenum - ok
14:48:55.0279 0x0d7c  [ 88D58E1DAA6C5062DD3A26273106961F, D1E2FF37C888245BD0BABCD7C6B76AD5A87415B68FEFE37B5FA29AE3342AE50B ] Serial          C:\Windows\System32\drivers\serial.sys
14:48:55.0279 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\serial.sys. md5: 88D58E1DAA6C5062DD3A26273106961F, sha256: D1E2FF37C888245BD0BABCD7C6B76AD5A87415B68FEFE37B5FA29AE3342AE50B
14:48:55.0279 0x0d7c  Serial - detected LockedFile.Multi.Generic ( 1 )
14:48:55.0389 0x0d7c  Detect skipped due to KSN trusted
14:48:55.0389 0x0d7c  Serial - ok
14:48:55.0389 0x0d7c  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
14:48:55.0389 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\sermouse.sys. md5: 0F5B43074AE731D2C6F061241C9D84A6, sha256: 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6
14:48:55.0405 0x0d7c  sermouse - detected LockedFile.Multi.Generic ( 1 )
14:48:55.0498 0x0d7c  Detect skipped due to KSN trusted
14:48:55.0498 0x0d7c  sermouse - ok
14:48:55.0530 0x0d7c  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\Windows\system32\sessenv.dll
14:48:55.0576 0x0d7c  SessionEnv - ok
14:48:55.0592 0x0d7c  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
14:48:55.0592 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\sfloppy.sys. md5: D9FE59276BD56A9643C32D5FACE2F251, sha256: 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033
14:48:55.0592 0x0d7c  sfloppy - detected LockedFile.Multi.Generic ( 1 )
14:48:55.0701 0x0d7c  Detect skipped due to KSN trusted
14:48:55.0701 0x0d7c  sfloppy - ok
14:48:55.0733 0x0d7c  [ 2C7B006EB0B5479ED389D0CA5DE6AB83, 2E7C6E3E99A2668CB361A31567A4DB81021530E78213B39983D14197DB72E43C ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:48:55.0795 0x0d7c  SharedAccess - ok
14:48:55.0826 0x0d7c  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:48:55.0905 0x0d7c  ShellHWDetection - ok
14:48:55.0905 0x0d7c  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:48:55.0920 0x0d7c  SiSRaid2 - ok
14:48:55.0936 0x0d7c  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:48:55.0951 0x0d7c  SiSRaid4 - ok
14:48:55.0951 0x0d7c  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\Windows\System32\smphost.dll
14:48:55.0998 0x0d7c  smphost - ok
14:48:56.0030 0x0d7c  [ 0BA53B01A02848A1545E2A743FF17B2F, ADAD55B9E0172BD7FBA92C5CD4870419FE9EF16F907DA1EEF2A9AE6492DE1909 ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
14:48:56.0108 0x0d7c  SmsRouter - ok
14:48:56.0123 0x0d7c  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:48:56.0155 0x0d7c  SNMPTRAP - ok
14:48:56.0186 0x0d7c  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\Windows\system32\drivers\spaceport.sys
14:48:56.0186 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spaceport.sys. md5: 1A6CB30F0EFC1632E6F1B852CA892583, sha256: 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A
14:48:56.0186 0x0d7c  spaceport - detected LockedFile.Multi.Generic ( 1 )
14:48:56.0295 0x0d7c  Detect skipped due to KSN trusted
14:48:56.0295 0x0d7c  spaceport - ok
14:48:56.0311 0x0d7c  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
14:48:56.0326 0x0d7c  SpbCx - ok
14:48:56.0358 0x0d7c  [ DC520253EC32B515E7792DB05DB43EB2, 8A614286522CA637EF0D58F79143146D5FB40DCD0CA1333752989BCD51DE00C0 ] Spooler         C:\Windows\System32\spoolsv.exe
14:48:56.0436 0x0d7c  Spooler - ok
14:48:56.0639 0x0d7c  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\Windows\system32\sppsvc.exe
14:48:56.0873 0x0d7c  sppsvc - ok
14:48:56.0905 0x0d7c  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:48:56.0951 0x0d7c  srv - ok
14:48:56.0967 0x0d7c  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:48:57.0030 0x0d7c  srv2 - ok
14:48:57.0045 0x0d7c  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:48:57.0076 0x0d7c  srvnet - ok
14:48:57.0076 0x0d7c  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:48:57.0123 0x0d7c  SSDPSRV - ok
14:48:57.0139 0x0d7c  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:48:57.0186 0x0d7c  SstpSvc - ok
14:48:57.0264 0x0d7c  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\Windows\system32\windows.staterepository.dll
14:48:57.0405 0x0d7c  StateRepository - ok
14:48:57.0405 0x0d7c  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:48:57.0420 0x0d7c  stexstor - ok
14:48:57.0451 0x0d7c  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\Windows\System32\wiaservc.dll
14:48:57.0514 0x0d7c  stisvc - ok
14:48:57.0530 0x0d7c  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\Windows\system32\drivers\storahci.sys
14:48:57.0530 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storahci.sys. md5: BF8EA6FC3358C2F69678E3E94F764F84, sha256: D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920
14:48:57.0530 0x0d7c  storahci - detected LockedFile.Multi.Generic ( 1 )
14:48:57.0623 0x0d7c  Detect skipped due to KSN trusted
14:48:57.0623 0x0d7c  storahci - ok
14:48:57.0639 0x0d7c  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:48:57.0639 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmstorfl.sys. md5: 32FF460DA8C1F370F5C08B7654899B73, sha256: 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057
14:48:57.0639 0x0d7c  storflt - detected LockedFile.Multi.Generic ( 1 )
14:48:57.0764 0x0d7c  Detect skipped due to KSN trusted
14:48:57.0764 0x0d7c  storflt - ok
14:48:57.0764 0x0d7c  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\Windows\system32\drivers\stornvme.sys
14:48:57.0764 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\stornvme.sys. md5: CC21DB3EF619B9480FE31A4EFE92CBEB, sha256: 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E
14:48:57.0764 0x0d7c  stornvme - detected LockedFile.Multi.Generic ( 1 )
14:48:57.0873 0x0d7c  Detect skipped due to KSN trusted
14:48:57.0873 0x0d7c  stornvme - ok
14:48:57.0873 0x0d7c  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
14:48:57.0905 0x0d7c  storqosflt - ok
14:48:57.0936 0x0d7c  [ B1305CDD98D5FC49863279D4B51DB510, 4B745E8D14591CA69429CA579467B9528B94C54EBD2FCFD446000C9C1BCB3B07 ] StorSvc         C:\Windows\system32\storsvc.dll
14:48:57.0983 0x0d7c  StorSvc - ok
14:48:57.0998 0x0d7c  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\Windows\system32\drivers\storufs.sys
14:48:57.0998 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storufs.sys. md5: 770A92D9D3A0BF61C97C3AFCB36847D9, sha256: 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9
14:48:57.0998 0x0d7c  storufs - detected LockedFile.Multi.Generic ( 1 )
14:48:58.0092 0x0d7c  Detect skipped due to KSN trusted
14:48:58.0092 0x0d7c  storufs - ok
14:48:58.0108 0x0d7c  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:48:58.0108 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storvsc.sys. md5: 736A2418E3E7F3DB3CF6EB0A55D1D581, sha256: 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82
14:48:58.0108 0x0d7c  storvsc - detected LockedFile.Multi.Generic ( 1 )
14:48:58.0217 0x0d7c  Detect skipped due to KSN trusted
14:48:58.0217 0x0d7c  storvsc - ok
14:48:58.0233 0x0d7c  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\Windows\system32\svsvc.dll
14:48:58.0280 0x0d7c  svsvc - ok
14:48:58.0280 0x0d7c  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\Windows\System32\drivers\swenum.sys
14:48:58.0295 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\swenum.sys. md5: BD98B0225BCD49E8A62F4F8EE1D1F613, sha256: CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90
14:48:58.0295 0x0d7c  swenum - detected LockedFile.Multi.Generic ( 1 )
14:48:58.0405 0x0d7c  Detect skipped due to KSN trusted
14:48:58.0405 0x0d7c  swenum - ok
14:48:58.0436 0x0d7c  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\Windows\System32\swprv.dll
14:48:58.0498 0x0d7c  swprv - ok
14:48:58.0514 0x0d7c  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
14:48:58.0545 0x0d7c  Synth3dVsc - ok
14:48:58.0577 0x0d7c  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\Windows\system32\sysmain.dll
14:48:58.0670 0x0d7c  SysMain - ok
14:48:58.0686 0x0d7c  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:48:58.0733 0x0d7c  SystemEventsBroker - ok
14:48:58.0748 0x0d7c  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:48:58.0780 0x0d7c  TabletInputService - ok
14:48:58.0795 0x0d7c  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:48:58.0842 0x0d7c  TapiSrv - ok
14:48:58.0920 0x0d7c  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:48:58.0998 0x0d7c  Tcpip - ok
14:48:59.0077 0x0d7c  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
14:48:59.0170 0x0d7c  Tcpip6 - ok
14:48:59.0186 0x0d7c  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:48:59.0217 0x0d7c  tcpipreg - ok
14:48:59.0233 0x0d7c  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:48:59.0248 0x0d7c  tdx - ok
14:48:59.0248 0x0d7c  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
14:48:59.0264 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\terminpt.sys. md5: E730D0EB1B84EBC98423FC8D285EDBC0, sha256: 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767
14:48:59.0264 0x0d7c  terminpt - detected LockedFile.Multi.Generic ( 1 )
14:48:59.0342 0x0d7c  Detect skipped due to KSN trusted
14:48:59.0342 0x0d7c  terminpt - ok
14:48:59.0405 0x0d7c  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\Windows\System32\termsrv.dll
14:48:59.0483 0x0d7c  TermService - ok
14:48:59.0498 0x0d7c  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\Windows\system32\themeservice.dll
14:48:59.0530 0x0d7c  Themes - ok
14:48:59.0545 0x0d7c  [ 93EBCBD28E42875B223C6824AF66DFAA, 681DA2A03A7ABEF97593B45E458A0E2DA671350F3A8741DB6C43F8298DC21FF3 ] Thotkey         C:\Windows\System32\drivers\Thotkey.sys
14:48:59.0561 0x0d7c  Thotkey - ok
14:48:59.0577 0x0d7c  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
14:48:59.0623 0x0d7c  TieringEngineService - ok
14:48:59.0655 0x0d7c  [ FC971E1D1B5900C231591A7720FCD8B8, DF58C350977019E4A8F381FB35702E9BEA89F6A8C6BF36C56376D36BC8FE630F ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
14:48:59.0702 0x0d7c  tiledatamodelsvc - ok
14:48:59.0717 0x0d7c  [ 4BA0AB760971A0109A3442BD8B4F9AA0, 681171ECE155B7B1048525AA9BF14E4FDB437EE6BD91B6C5C9FFE122757D6BEB ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
14:48:59.0748 0x0d7c  TimeBroker - ok
14:48:59.0764 0x0d7c  [ 9B0917DFF257E3F7F36F41BA6BDB0FC8, 87EAFB90BD146222CC81510CA8F3E0095D3601981392F780E76CAA7EF8534FB7 ] tosrfec         C:\Windows\System32\drivers\tosrfec.sys
14:48:59.0780 0x0d7c  tosrfec - ok
14:48:59.0780 0x0d7c  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\Windows\System32\drivers\tpm.sys
14:48:59.0780 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\tpm.sys. md5: 169B0A246067457FEF8A18EED7EED9D5, sha256: BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66
14:48:59.0780 0x0d7c  TPM - detected LockedFile.Multi.Generic ( 1 )
14:48:59.0874 0x0d7c  Detect skipped due to KSN trusted
14:48:59.0874 0x0d7c  TPM - ok
14:48:59.0889 0x0d7c  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\Windows\System32\trkwks.dll
14:48:59.0967 0x0d7c  TrkWks - ok
14:48:59.0967 0x0d7c  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:49:00.0014 0x0d7c  TrustedInstaller - ok
14:49:00.0014 0x0d7c  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
14:49:00.0045 0x0d7c  tsusbflt - ok
14:49:00.0061 0x0d7c  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
14:49:00.0061 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\TsUsbGD.sys. md5: 267C76EE60736EA5A1811A53FA02AABE, sha256: 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165
14:49:00.0061 0x0d7c  TsUsbGD - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0170 0x0d7c  Detect skipped due to KSN trusted
14:49:00.0170 0x0d7c  TsUsbGD - ok
14:49:00.0186 0x0d7c  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\Windows\System32\drivers\tunnel.sys
14:49:00.0233 0x0d7c  tunnel - ok
14:49:00.0249 0x0d7c  [ 9155CA0108CAEA5984021369784E105D, C5437896D03ED20C50FC792D31E105FE96C12A743F2A4D524BBD3AE034110509 ] TVALZ           C:\Windows\system32\drivers\TVALZ.SYS
14:49:00.0280 0x0d7c  TVALZ - ok
14:49:00.0280 0x0d7c  [ 1A9A77ACDAC29C39F50D2A492FD0DB16, E21F2E2BA6EABE0F6B5A1930DDB2CE5A921389A58C08A2D3F66D245E8698E6B4 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
14:49:00.0311 0x0d7c  tzautoupdate - ok
14:49:00.0311 0x0d7c  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:49:00.0311 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uagp35.sys. md5: 42C546414F80BD6C0137FC3A106F8A69, sha256: 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6
14:49:00.0311 0x0d7c  uagp35 - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0420 0x0d7c  Detect skipped due to KSN trusted
14:49:00.0420 0x0d7c  uagp35 - ok
14:49:00.0436 0x0d7c  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
14:49:00.0436 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\uaspstor.sys. md5: 1686DBC81748B096232B15F16C302985, sha256: 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A
14:49:00.0436 0x0d7c  UASPStor - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0561 0x0d7c  Detect skipped due to KSN trusted
14:49:00.0561 0x0d7c  UASPStor - ok
14:49:00.0561 0x0d7c  [ 3995CC3DEDED258768B8EBC2F4C0DC73, 130E99EF13EB494B8BB6A8E037DD8D59C195190EA3C27CA9E3A695AF4349DC7C ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
14:49:00.0592 0x0d7c  UcmCx0101 - ok
14:49:00.0608 0x0d7c  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
14:49:00.0608 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\UcmUcsi.sys. md5: 1C95F7CE37D9EFB90EBE987A9712356C, sha256: B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF
14:49:00.0608 0x0d7c  UcmUcsi - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0702 0x0d7c  Detect skipped due to KSN trusted
14:49:00.0702 0x0d7c  UcmUcsi - ok
14:49:00.0717 0x0d7c  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
14:49:00.0733 0x0d7c  Ucx01000 - ok
14:49:00.0733 0x0d7c  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
14:49:00.0780 0x0d7c  UdeCx - ok
14:49:00.0795 0x0d7c  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:49:00.0842 0x0d7c  udfs - ok
14:49:00.0842 0x0d7c  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
14:49:00.0842 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\UEFI.sys. md5: BA760F8E66428BA9FF1E8BFBC6248136, sha256: BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0
14:49:00.0842 0x0d7c  UEFI - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0889 0x0a30  Object required for P2P: [ A403DAE4B083EB96BC6CEDB47639B4F8 ] HTTP
14:49:00.0952 0x0d7c  Detect skipped due to KSN trusted
14:49:00.0952 0x0d7c  UEFI - ok
14:49:00.0967 0x0d7c  [ 5F0D997E6FC5A418D7673148CEF72887, 6C142CB8F06E5958045451253C9188CE876A84D08266FFD7F64AAE09964D8431 ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
14:49:00.0999 0x0d7c  Ufx01000 - ok
14:49:00.0999 0x0d7c  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
14:49:00.0999 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\UfxChipidea.sys. md5: 2B1DABA97DDF5365FC66EE7DEDD86A13, sha256: 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8
14:49:00.0999 0x0d7c  UfxChipidea - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0061 0x0a30  Object send P2P result: true
14:49:01.0061 0x0a30  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
14:49:01.0092 0x0d7c  Detect skipped due to KSN trusted
14:49:01.0092 0x0d7c  UfxChipidea - ok
14:49:01.0108 0x0d7c  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
14:49:01.0108 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\ufxsynopsys.sys. md5: DB630FC660443D63EBAB2C830C298EFE, sha256: 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296
14:49:01.0108 0x0d7c  ufxsynopsys - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0217 0x0d7c  Detect skipped due to KSN trusted
14:49:01.0217 0x0d7c  ufxsynopsys - ok
14:49:01.0217 0x0d7c  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:49:01.0233 0x0a30  Object send P2P result: true
14:49:01.0233 0x0a30  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
14:49:01.0280 0x0d7c  UI0Detect - ok
14:49:01.0295 0x0d7c  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:49:01.0295 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 6DE78C04BF32ECA7AF3064F53687C9A5, sha256: 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600
14:49:01.0295 0x0d7c  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0389 0x0a30  Object send P2P result: true
14:49:01.0389 0x0d7c  Detect skipped due to KSN trusted
14:49:01.0389 0x0d7c  uliagpkx - ok
14:49:01.0405 0x0a30  Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
14:49:01.0405 0x0d7c  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\Windows\System32\drivers\umbus.sys
14:49:01.0405 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\umbus.sys. md5: 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, sha256: BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37
14:49:01.0405 0x0d7c  umbus - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0514 0x0d7c  Detect skipped due to KSN trusted
14:49:01.0514 0x0d7c  umbus - ok
14:49:01.0530 0x0d7c  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\Windows\System32\drivers\umpass.sys
14:49:01.0530 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\umpass.sys. md5: 11680607944A719EF20E0E740785712A, sha256: 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47
14:49:01.0530 0x0d7c  UmPass - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0577 0x0a30  Object send P2P result: true
14:49:01.0608 0x0a30  Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
14:49:01.0655 0x0d7c  Detect skipped due to KSN trusted
14:49:01.0655 0x0d7c  UmPass - ok
14:49:01.0670 0x0d7c  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:49:01.0717 0x0d7c  UmRdpService - ok
14:49:01.0749 0x0d7c  [ 87E291D9CC3ECE9AA56ABFD8063C4050, 781958969DB79454C91156473B4DA363F6D540D99974C2924ED81604CF45C3E0 ] UnistoreSvc     C:\Windows\System32\unistore.dll
14:49:01.0811 0x0a30  Object send P2P result: true
14:49:01.0811 0x0a30  Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
14:49:01.0827 0x0d7c  UnistoreSvc - ok
14:49:01.0858 0x0d7c  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\Windows\System32\upnphost.dll
14:49:01.0905 0x0d7c  upnphost - ok
14:49:01.0920 0x0d7c  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
14:49:01.0920 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\urschipidea.sys. md5: 2410A0C20D21A25E6C01979FA886BE90, sha256: DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75
14:49:01.0920 0x0d7c  UrsChipidea - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0967 0x0a30  Object send P2P result: true
14:49:02.0014 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0014 0x0d7c  UrsChipidea - ok
14:49:02.0014 0x0d7c  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
14:49:02.0030 0x0d7c  UrsCx01000 - ok
14:49:02.0030 0x0d7c  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
14:49:02.0030 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\urssynopsys.sys. md5: E8A59FA109A22FC07E44BDFCC9727DBD, sha256: 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16
14:49:02.0030 0x0d7c  UrsSynopsys - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0155 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0155 0x0d7c  UrsSynopsys - ok
14:49:02.0170 0x0d7c  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
14:49:02.0170 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbccgp.sys. md5: D8A44550ECE102B6443F5D54DCE7DAB3, sha256: 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912
14:49:02.0186 0x0d7c  usbccgp - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0295 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0295 0x0d7c  usbccgp - ok
14:49:02.0295 0x0d7c  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\Windows\System32\drivers\usbcir.sys
14:49:02.0295 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbcir.sys. md5: 66B3D22DAB5312FF238ABF5C6D9F8FAB, sha256: 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB
14:49:02.0295 0x0d7c  usbcir - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0421 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0421 0x0d7c  usbcir - ok
14:49:02.0436 0x0d7c  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\Windows\System32\drivers\usbehci.sys
14:49:02.0436 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbehci.sys. md5: 3E4F20DB902D2E2914F3FF3DB9772200, sha256: F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C
14:49:02.0436 0x0d7c  usbehci - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0561 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0561 0x0d7c  usbehci - ok
14:49:02.0608 0x0d7c  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\Windows\System32\drivers\usbhub.sys
14:49:02.0608 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbhub.sys. md5: 41F7F00D76904416EF1F9EFA1A4C37A2, sha256: 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A
14:49:02.0608 0x0d7c  usbhub - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0702 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0702 0x0d7c  usbhub - ok
14:49:02.0733 0x0d7c  [ 12A0B486EA13DF46C27B90CC2CE92FE5, 643D8B906F02FBC0802B3468C24D6C6A0BDB07FEA894B68E0F404AB5287C4409 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
14:49:02.0733 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\UsbHub3.sys. md5: 12A0B486EA13DF46C27B90CC2CE92FE5, sha256: 643D8B906F02FBC0802B3468C24D6C6A0BDB07FEA894B68E0F404AB5287C4409
14:49:02.0733 0x0d7c  USBHUB3 - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0842 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0842 0x0d7c  USBHUB3 - ok
14:49:02.0842 0x0d7c  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
14:49:02.0858 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbohci.sys. md5: DAB35CCA86F5FBE77D870A40089BC4A1, sha256: 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8
14:49:02.0858 0x0d7c  usbohci - detected LockedFile.Multi.Generic ( 1 )
14:49:02.0967 0x0d7c  Detect skipped due to KSN trusted
14:49:02.0967 0x0d7c  usbohci - ok
14:49:02.0967 0x0d7c  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
14:49:02.0967 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbprint.sys. md5: 21162F65C7756AAECAEBED9E67D0A5FE, sha256: DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688
14:49:02.0967 0x0d7c  usbprint - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0092 0x0d7c  Detect skipped due to KSN trusted
14:49:03.0092 0x0d7c  usbprint - ok
14:49:03.0092 0x0d7c  [ CA6369870F91F3D367D26278E0AD0DDF, 651B97E73AFC615C80DE2076872DEB49DCD775B5C9988AB4AC0A0162DAB09F70 ] usbser          C:\Windows\System32\drivers\usbser.sys
14:49:03.0092 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbser.sys. md5: CA6369870F91F3D367D26278E0AD0DDF, sha256: 651B97E73AFC615C80DE2076872DEB49DCD775B5C9988AB4AC0A0162DAB09F70
14:49:03.0092 0x0d7c  usbser - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0202 0x0d7c  Detect skipped due to KSN trusted
14:49:03.0202 0x0d7c  usbser - ok
14:49:03.0217 0x0d7c  [ 37C2CD8587BF7F785381EB7B26916B52, E8F65BF7BBDEF82BD97629921A1148304CA44DCD03E079E28D75D04244B71C39 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
14:49:03.0217 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\USBSTOR.SYS. md5: 37C2CD8587BF7F785381EB7B26916B52, sha256: E8F65BF7BBDEF82BD97629921A1148304CA44DCD03E079E28D75D04244B71C39
14:49:03.0217 0x0d7c  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0311 0x0d7c  Detect skipped due to KSN trusted
14:49:03.0311 0x0d7c  USBSTOR - ok
14:49:03.0311 0x0d7c  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
14:49:03.0311 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\usbuhci.sys. md5: 8B3E458A8851F9A3B2109B1680EE1159, sha256: 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC
14:49:03.0311 0x0d7c  usbuhci - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0421 0x0d7c  Detect skipped due to KSN trusted
14:49:03.0421 0x0d7c  usbuhci - ok
14:49:03.0436 0x0d7c  [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:49:03.0436 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 4B13B61CBB9CC3CB373C60B930D648F5, sha256: C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B
14:49:03.0436 0x0d7c  usbvideo - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0530 0x0d7c  Detect skipped due to KSN trusted
14:49:03.0530 0x0d7c  usbvideo - ok
14:49:03.0546 0x0d7c  [ 325727F01F03C504CF788618A13DC266, 9F685113F714ADBC6DCD423CCD205F71E00D1AA9B5DD045B95E61E53B0F8E9AF ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
14:49:03.0546 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\USBXHCI.SYS. md5: 325727F01F03C504CF788618A13DC266, sha256: 9F685113F714ADBC6DCD423CCD205F71E00D1AA9B5DD045B95E61E53B0F8E9AF
14:49:03.0546 0x0d7c  USBXHCI - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0655 0x0d7c  Detect skipped due to KSN trusted
14:49:03.0655 0x0d7c  USBXHCI - ok
14:49:03.0702 0x0d7c  [ ED06681482E0B9B4D573684CD5FB18F5, 1CCFBD37F8B895900B860AAF107130C5890C01F5327A4AEBB910F6B2BB0BA61D ] UserDataSvc     C:\Windows\System32\userdataservice.dll
14:49:03.0811 0x0d7c  UserDataSvc - ok
14:49:03.0842 0x0d7c  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\Windows\System32\usermgr.dll
14:49:03.0905 0x0d7c  UserManager - ok
14:49:03.0921 0x0d7c  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\Windows\system32\usocore.dll
14:49:03.0983 0x0d7c  UsoSvc - ok
14:49:03.0983 0x0d7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\Windows\system32\lsass.exe
14:49:03.0999 0x0d7c  VaultSvc - ok
14:49:03.0999 0x0d7c  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:49:03.0999 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: E1BE37312785A71862516F66B3FD24CE, sha256: D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B
14:49:03.0999 0x0d7c  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
14:49:04.0124 0x0d7c  Detect skipped due to KSN trusted
14:49:04.0124 0x0d7c  vdrvroot - ok
14:49:04.0171 0x0d7c  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\Windows\System32\vds.exe
14:49:04.0264 0x0d7c  vds - ok
14:49:04.0280 0x0d7c  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
14:49:04.0296 0x0d7c  VerifierExt - ok
14:49:04.0327 0x0d7c  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
14:49:04.0327 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vhdmp.sys. md5: EC15FD6A28757793E2DA394CD94ABD52, sha256: DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468
14:49:04.0327 0x0d7c  vhdmp - detected LockedFile.Multi.Generic ( 1 )
14:49:04.0421 0x0d7c  Detect skipped due to KSN trusted
14:49:04.0421 0x0d7c  vhdmp - ok
14:49:04.0436 0x0d7c  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\Windows\System32\drivers\vhf.sys
14:49:04.0483 0x0d7c  vhf - ok
14:49:04.0483 0x0d7c  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:49:04.0483 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmbus.sys. md5: E886CB75DA2B6EB35469EF10135624C7, sha256: 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D
14:49:04.0483 0x0d7c  vmbus - detected LockedFile.Multi.Generic ( 1 )
14:49:04.0577 0x0d7c  Detect skipped due to KSN trusted
14:49:04.0577 0x0d7c  vmbus - ok
14:49:04.0577 0x0d7c  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
14:49:04.0577 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\VMBusHID.sys. md5: 46D2EC27820EC0F798F85821E53C2942, sha256: D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC
14:49:04.0577 0x0d7c  VMBusHID - detected LockedFile.Multi.Generic ( 1 )
14:49:04.0702 0x0d7c  Detect skipped due to KSN trusted
14:49:04.0702 0x0d7c  VMBusHID - ok
14:49:04.0733 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\Windows\System32\ICSvc.dll
14:49:04.0780 0x0d7c  vmicguestinterface - ok
14:49:04.0811 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
14:49:04.0842 0x0d7c  vmicheartbeat - ok
14:49:04.0874 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:49:04.0905 0x0d7c  vmickvpexchange - ok
14:49:04.0936 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\Windows\System32\ICSvc.dll
14:49:04.0967 0x0d7c  vmicrdv - ok
14:49:04.0983 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\Windows\System32\ICSvc.dll
14:49:05.0030 0x0d7c  vmicshutdown - ok
14:49:05.0046 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\Windows\System32\ICSvc.dll
14:49:05.0093 0x0d7c  vmictimesync - ok
14:49:05.0108 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\Windows\System32\ICSvc.dll
14:49:05.0155 0x0d7c  vmicvmsession - ok
14:49:05.0171 0x0d7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\Windows\System32\ICSvc.dll
14:49:05.0218 0x0d7c  vmicvss - ok
14:49:05.0233 0x0d7c  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:49:05.0233 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: B9265F47E7A354BAAA0AF5CBA3F8F7CE, sha256: F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52
14:49:05.0233 0x0d7c  volmgr - detected LockedFile.Multi.Generic ( 1 )
14:49:05.0343 0x0d7c  Detect skipped due to KSN trusted
14:49:05.0343 0x0d7c  volmgr - ok
14:49:05.0358 0x0d7c  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:49:05.0374 0x0d7c  volmgrx - ok
14:49:05.0468 0x0d7c  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:49:05.0468 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: E1F91A727A04C9F8199D04FF3BBBF63C, sha256: 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031
14:49:05.0468 0x0d7c  volsnap - detected LockedFile.Multi.Generic ( 1 )
14:49:05.0546 0x0d7c  Detect skipped due to KSN trusted
14:49:05.0546 0x0d7c  volsnap - ok
14:49:05.0561 0x0d7c  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\Windows\System32\drivers\vpci.sys
14:49:05.0561 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vpci.sys. md5: F7B1B1101271E31F43CC76E890704F51, sha256: 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4
14:49:05.0561 0x0d7c  vpci - detected LockedFile.Multi.Generic ( 1 )
14:49:05.0655 0x0d7c  Detect skipped due to KSN trusted
14:49:05.0655 0x0d7c  vpci - ok
14:49:05.0671 0x0d7c  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:49:05.0702 0x0d7c  vsmraid - ok
14:49:05.0749 0x0d7c  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\Windows\system32\vssvc.exe
14:49:05.0858 0x0d7c  VSS - ok
14:49:05.0874 0x0d7c  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
14:49:05.0889 0x0d7c  VSTXRAID - ok
14:49:05.0905 0x0d7c  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:49:05.0936 0x0d7c  vwifibus - ok
14:49:05.0936 0x0d7c  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
14:49:05.0968 0x0d7c  vwififlt - ok
14:49:05.0983 0x0d7c  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\Windows\system32\w32time.dll
14:49:06.0061 0x0d7c  W32Time - ok
14:49:06.0061 0x0d7c  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
14:49:06.0061 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\wacompen.sys. md5: 00C27B64C758C111E5D78A70DE6CA2B6, sha256: C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D
14:49:06.0061 0x0d7c  WacomPen - detected LockedFile.Multi.Generic ( 1 )
14:49:06.0171 0x0d7c  Detect skipped due to KSN trusted
14:49:06.0171 0x0d7c  WacomPen - ok
14:49:06.0218 0x0d7c  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\Windows\system32\WalletService.dll
14:49:06.0296 0x0d7c  WalletService - ok
14:49:06.0311 0x0d7c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:49:06.0343 0x0d7c  wanarp - ok
14:49:06.0343 0x0d7c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:49:06.0374 0x0d7c  wanarpv6 - ok
14:49:06.0421 0x0d7c  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\Windows\system32\wbengine.exe
14:49:06.0561 0x0d7c  wbengine - ok
14:49:06.0593 0x0d7c  [ 6950271D0C75A33BD05F7155EF1B2DD4, C6959972D490710CA7539EA8F51B5CC1FA64FF9799242075719C4FD394B6F9C7 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:49:06.0655 0x0d7c  WbioSrvc - ok
14:49:06.0686 0x0d7c  [ 39E07EE74F50C39C1EB315152F03199C, 053562C2656A76265AE09045952A4C9473BE2B4426D9ECC1A025ED4BC204AC25 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
14:49:06.0733 0x0d7c  Wcmsvc - ok
14:49:06.0749 0x0d7c  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:49:06.0811 0x0d7c  wcncsvc - ok
14:49:06.0811 0x0d7c  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:49:06.0858 0x0d7c  WcsPlugInService - ok
14:49:06.0874 0x0d7c  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
14:49:06.0889 0x0d7c  WdBoot - ok
14:49:06.0921 0x0d7c  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:49:06.0952 0x0d7c  Wdf01000 - ok
14:49:06.0968 0x0d7c  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
14:49:06.0999 0x0d7c  WdFilter - ok
14:49:06.0999 0x0d7c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:49:07.0046 0x0d7c  WdiServiceHost - ok
14:49:07.0061 0x0d7c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:49:07.0093 0x0d7c  WdiSystemHost - ok
14:49:07.0108 0x0d7c  [ E70DDD8E2245CC67547B0861983912D8, 64C73B1496FFF1F6BB3D877CB5BE54DE35C303AE234B11FC90038DC4F73241D9 ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
14:49:07.0186 0x0d7c  wdiwifi - ok
14:49:07.0186 0x0d7c  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
14:49:07.0202 0x0d7c  WdNisDrv - ok
14:49:07.0218 0x0d7c  WdNisSvc - ok
14:49:07.0233 0x0d7c  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\Windows\System32\webclnt.dll
14:49:07.0264 0x0d7c  WebClient - ok
14:49:07.0280 0x0d7c  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:49:07.0327 0x0d7c  Wecsvc - ok
14:49:07.0327 0x0d7c  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
14:49:07.0374 0x0d7c  WEPHOSTSVC - ok
14:49:07.0374 0x0d7c  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:49:07.0421 0x0d7c  wercplsupport - ok
14:49:07.0421 0x0d7c  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:49:07.0468 0x0d7c  WerSvc - ok
14:49:07.0483 0x0d7c  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
14:49:07.0499 0x0d7c  WFPLWFS - ok
14:49:07.0499 0x0d7c  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\Windows\System32\wiarpc.dll
14:49:07.0546 0x0d7c  WiaRpc - ok
14:49:07.0546 0x0d7c  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:49:07.0561 0x0d7c  WIMMount - ok
14:49:07.0561 0x0d7c  WinDefend - ok
14:49:07.0577 0x0d7c  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
14:49:07.0593 0x0d7c  WindowsTrustedRT - ok
14:49:07.0593 0x0d7c  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
14:49:07.0608 0x0d7c  WindowsTrustedRTProxy - ok
14:49:07.0640 0x0d7c  [ 1859EEE0BAFDF8F20B7B3C40708B1CD3, C17792B9B41D384751A601A3B2CC3C35089257C6D4B63FC5CC0ABC7A34814688 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:49:07.0686 0x0d7c  WinHttpAutoProxySvc - ok
14:49:07.0686 0x0d7c  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\Windows\System32\drivers\winmad.sys
14:49:07.0702 0x0d7c  WinMad - ok
14:49:07.0733 0x0d7c  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:49:07.0765 0x0d7c  Winmgmt - ok
14:49:07.0843 0x0d7c  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\Windows\system32\WsmSvc.dll
14:49:08.0015 0x0d7c  WinRM - ok
14:49:08.0030 0x0d7c  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
14:49:08.0030 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\WinUSB.SYS. md5: 260907CE034FE327AC99BDA4153AB22F, sha256: B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30
14:49:08.0030 0x0d7c  WINUSB - detected LockedFile.Multi.Generic ( 1 )
14:49:08.0140 0x0d7c  Detect skipped due to KSN trusted
14:49:08.0140 0x0d7c  WINUSB - ok
14:49:08.0140 0x0d7c  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
14:49:08.0155 0x0d7c  WinVerbs - ok
14:49:08.0233 0x0d7c  [ EF0A5EFFBC78F7677D3591BB58AC5A52, 0860B9D0F1A1FFE14F1A0FDFD3B66C90CED90092D9CF9AA35D6D6D088E2DC4A9 ] WlanSvc         C:\Windows\System32\wlansvc.dll
14:49:08.0390 0x0d7c  WlanSvc - ok
14:49:08.0452 0x0d7c  [ 58A8B8B2A343829602AC105F66988583, 46D142A3A7D74F6383B8D7E642E796535CE15BEDAF82AEFB4BEF46F0355411FD ] wlidsvc         C:\Windows\system32\wlidsvc.dll
14:49:08.0640 0x0d7c  wlidsvc - ok
14:49:08.0655 0x0d7c  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
14:49:08.0655 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\wmiacpi.sys. md5: 8F010BF65238F3F822D22BA12831796E, sha256: 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694
14:49:08.0655 0x0d7c  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
14:49:08.0765 0x0d7c  Detect skipped due to KSN trusted
14:49:08.0765 0x0d7c  WmiAcpi - ok
14:49:08.0780 0x0d7c  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:49:08.0827 0x0d7c  wmiApSrv - ok
14:49:08.0827 0x0d7c  WMPNetworkSvc - ok
14:49:08.0843 0x0d7c  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\Windows\system32\drivers\Wof.sys
14:49:08.0858 0x0d7c  Wof - ok
14:49:08.0921 0x0d7c  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
14:49:09.0077 0x0d7c  workfolderssvc - ok
14:49:09.0077 0x0d7c  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
14:49:09.0093 0x0d7c  wpcfltr - ok
14:49:09.0108 0x0d7c  [ D282ECA35ADAC7A93D6B4943E775010B, A76A9698A95646FA63AC18DFFA02B744D7C6043934CBF6C37832ED2E6B21F570 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:49:09.0140 0x0d7c  WPDBusEnum - ok
14:49:09.0140 0x0d7c  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
14:49:09.0155 0x0d7c  WpdUpFltr - ok
14:49:09.0171 0x0d7c  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\Windows\system32\WpnService.dll
14:49:09.0202 0x0d7c  WpnService - ok
14:49:09.0202 0x0d7c  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:49:09.0233 0x0d7c  ws2ifsl - ok
14:49:09.0249 0x0d7c  [ FB45052D7C13963465DFF8D56746B10B, 21B0DC0D383061CEF079586AE8E2FD5E8BBA22B8494666F14D5A8591275943E5 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:49:09.0280 0x0d7c  wscsvc - ok
14:49:09.0280 0x0d7c  WSearch - ok
14:49:09.0390 0x0d7c  [ A904D7950ED275273357AA7B1EAE445F, 0E41EA26A923FCE7072CC7DDDDB852E54C95992E01A79C67D1D544B1CB1E18DA ] WSService       C:\Windows\System32\WSService.dll
14:49:09.0530 0x0d7c  WSService - ok
14:49:09.0608 0x0d7c  [ C46159A366C6AA90F1B742999745FA36, AE55797A1C703726359B0B609BEDB7F3C59BE3E81FF736987CD8E5E23195B42E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:49:09.0718 0x0d7c  wuauserv - ok
14:49:09.0733 0x0d7c  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:49:09.0765 0x0d7c  WudfPf - ok
14:49:09.0780 0x0d7c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\Windows\system32\drivers\WudfRd.sys
14:49:09.0811 0x0d7c  WUDFRd - ok
14:49:09.0811 0x0d7c  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:49:09.0858 0x0d7c  wudfsvc - ok
14:49:09.0858 0x0d7c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
14:49:09.0890 0x0d7c  WUDFWpdFs - ok
14:49:09.0937 0x0d7c  [ 2D7E3C2913AAE063774795E6790BCC48, 686CF1CE1CF2553236E0983CBF283D841FB5FBB998C33D97FBB5D7A83EF83867 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:49:09.0999 0x0d7c  WwanSvc - ok
14:49:10.0030 0x0d7c  [ 7443938BC4B8DCE1D8E6C51BC3F9DBFE, F2D41BFB2303AEAE39A33E6873A9C07DEF9090CA6D5602B2D232C59D1899D620 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
14:49:10.0093 0x0d7c  XblAuthManager - ok
14:49:10.0140 0x0d7c  [ FACC53D144952319038FAE7442FCC045, 8BCA4ADC5162FC12AF2A88A8A570DA9DAB80AE9B62C873A2121EBAF8AA9FBA98 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
14:49:10.0265 0x0d7c  XblGameSave - ok
14:49:10.0265 0x0d7c  [ 80BC02A73A3949A7AEF34791206C7D7F, 41E547EFC722D3E01CD8E261FA233D8C799FC59A9C5320B7FD65B09831373CDB ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
14:49:10.0265 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\xboxgip.sys. md5: 80BC02A73A3949A7AEF34791206C7D7F, sha256: 41E547EFC722D3E01CD8E261FA233D8C799FC59A9C5320B7FD65B09831373CDB
14:49:10.0265 0x0d7c  xboxgip - detected LockedFile.Multi.Generic ( 1 )
14:49:10.0358 0x0d7c  Detect skipped due to KSN trusted
14:49:10.0358 0x0d7c  xboxgip - ok
14:49:10.0390 0x0d7c  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
14:49:10.0468 0x0d7c  XboxNetApiSvc - ok
14:49:10.0483 0x0d7c  [ 1F1EF8E701859581251B52035C1C1CEF, 3A7D3EC619A7F45FBB04EDA6963E3C55DC50358CF2D71ED66EE4BB07ACC0EE3C ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
14:49:10.0483 0x0d7c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\xinputhid.sys. md5: 1F1EF8E701859581251B52035C1C1CEF, sha256: 3A7D3EC619A7F45FBB04EDA6963E3C55DC50358CF2D71ED66EE4BB07ACC0EE3C
14:49:10.0483 0x0d7c  xinputhid - detected LockedFile.Multi.Generic ( 1 )
14:49:10.0593 0x0d7c  Detect skipped due to KSN trusted
14:49:10.0593 0x0d7c  xinputhid - ok
14:49:10.0593 0x0d7c  ================ Scan global ===============================
14:49:10.0593 0x0d7c  [ D923EC03E24F7633DED3F2D46AD59A28, C635DB4483E24BE0188583E63B06D0F37BDE7AD944E4D0246A7D19CBC3EA3A6B ] C:\Windows\system32\basesrv.dll
14:49:10.0608 0x0d7c  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\Windows\system32\winsrv.dll
14:49:10.0624 0x0d7c  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\Windows\system32\sxssrv.dll
14:49:10.0640 0x0d7c  [ 2AB2C72D88CE2BC73E6F708D0B1A9657, 8DF9D8C83BC2078D88FE7B2E9CDD5ABA9A2075F40D30CD344595DA217ECCCB3B ] C:\Windows\system32\services.exe
14:49:10.0655 0x0d7c  [ Global ] - ok
14:49:10.0655 0x0d7c  ================ Scan MBR ==================================
14:49:10.0655 0x0d7c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:49:10.0796 0x0d7c  \Device\Harddisk0\DR0 - ok
14:49:10.0796 0x0d7c  ================ Scan VBR ==================================
14:49:10.0812 0x0d7c  [ 19F9707356B0372313F669B3F45C938E ] \Device\Harddisk0\DR0\Partition1
14:49:10.0812 0x0d7c  \Device\Harddisk0\DR0\Partition1 - ok
14:49:10.0812 0x0d7c  [ 0B346E048B0667BF3DD537070A22ECB3 ] \Device\Harddisk0\DR0\Partition2
14:49:10.0812 0x0d7c  \Device\Harddisk0\DR0\Partition2 - ok
14:49:10.0812 0x0d7c  ================ Scan generic autorun ======================
14:49:10.0827 0x0d7c  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\Windows\system32\igfxtray.exe
14:49:10.0905 0x0d7c  IgfxTray - ok
14:49:10.0921 0x0d7c  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\Windows\system32\hkcmd.exe
14:49:10.0999 0x0d7c  HotKeysCmds - ok
14:49:11.0046 0x0d7c  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\Windows\system32\igfxpers.exe
14:49:11.0124 0x0d7c  Persistence - ok
14:49:11.0374 0x0d7c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
14:49:11.0640 0x0d7c  OneDriveSetup - ok
14:49:11.0874 0x0d7c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
14:49:12.0108 0x0d7c  OneDriveSetup - ok
14:49:12.0327 0x0d7c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
14:49:12.0546 0x0d7c  OneDriveSetup - ok
14:49:12.0577 0x0d7c  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:49:12.0609 0x0d7c  OneDrive - ok
14:49:12.0624 0x0d7c  [ 2010CA459E5EC8F9D5FC8B000D130294, 058FF215A3AAD04F2A4CF23B2CC62A5EA28F5A705EFA689DCE9126720CF33229 ] C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:49:12.0655 0x0d7c  OneDrive - ok
14:49:12.0655 0x0d7c  Waiting for KSN requests completion. In queue: 89
14:49:12.0859 0x123c  Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
14:49:13.0046 0x123c  Object send P2P result: true
14:49:13.0062 0x123c  Object required for P2P: [ 2010CA459E5EC8F9D5FC8B000D130294 ] C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:49:13.0234 0x123c  Object send P2P result: true
14:49:13.0234 0x123c  Object required for P2P: [ 2010CA459E5EC8F9D5FC8B000D130294 ] C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
14:49:13.0421 0x123c  Object send P2P result: true
14:49:13.0796 0x0d7c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
14:49:13.0796 0x0d7c  Win FW state via NFP2: enabled ( trusted )
14:49:13.0905 0x0d7c  ============================================================
14:49:13.0905 0x0d7c  Scan finished
14:49:13.0905 0x0d7c  ============================================================
14:49:13.0921 0x10f0  Detected object count: 0
14:49:13.0921 0x10f0  Actual detected object count: 0
15:02:10.0869 0x10ec  Deinitialize success

cosinus · 19.01.2016, 15:30

Was willst du jetzt mit Logs von anderen Rechnern, das ist doch völlig Quatsch, wir wollen wissen was mit dem spinnenden System ist, nicht mit irgendwelchen anderen.

19.01.2016, 12:40	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos Bitte meine Frage nach der Quelle beantworten. __________________ Logfiles bitte immer in CODE-Tags posten

19.01.2016, 14:58	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos Vllt verträgt dein Rechner einfach kein W10 Installier mal testweise auf diesem Rechner ein Ubuntu MATE siehe https://wiki.ubuntuusers.de/Einsteiger/ __________________ Logfiles bitte immer in CODE-Tags posten

19.01.2016, 15:30	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos Was willst du jetzt mit Logs von anderen Rechnern, das ist doch völlig Quatsch, wir wollen wissen was mit dem spinnenden System ist, nicht mit irgendwelchen anderen. __________________ Logfiles bitte immer in CODE-Tags posten

Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos

Log-Analyse und Auswertung: Keine Kontrolle über Win10 Rechner werde ausgespäht - Virenscanner finden nichts - Neuinstallation erfolglos