| |
| |||||||
Log-Analyse und Auswertung: Email Account gehacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.12.2016, 17:51
| #1 |
 |  Email Account gehackt Hallo, in meinem Email Account wurde ohne mein Wissen eine Weiterleitung auf eine mir unbekannte Email-Adresse eingerichtet. Habe dies erst nach ein paar Tagen entdeckt, aber dann umgehend die Weiterleitung entfernt, mein Passwort geändert und die Wichtigsten Webseiten darauf geprüft, ob jeweils mein altes Passwort noch gültig ist und nicht geändert wurde (konnte auch dort nirgends einen Fremdzugriff feststellen). Ich habe einen FRST-Scan durchgeführt und die Logs angehängt. |
|
13.12.2016, 18:23
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Email Account gehackt Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Logs bitte in Code-Tags posten... 
__________________ |
|
13.12.2016, 18:47
| #3 |
| | Email Account gehackt FRST.txt
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
durchgeführt von manfred-win7 (Administrator) auf MANFRED-WIN7-PC (13-12-2016 16:30:03)
Gestartet von C:\Users\manfred-win7\Downloads
Geladene Profile: manfred-win7 (Verfügbare Profile: manfred-win7 & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() C:\Windows\System32\FspService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\...\RunOnce: [Uninstall C:\Users\manfred-win7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\manfred-win7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{43fb6cdf-625e-4c67-9f13-7be2ce75bea5}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{955A8131-2289-4B49-9009-692242F670F8}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b630595a-1f98-41ca-b659-bc7cd3604fea}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP31&ocid=univskyhp
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
SearchScopes: HKU\S-1-5-21-4074570379-3889221817-2714387551-1000 -> DefaultScope {AE0BC8DF-BBDE-4CE4-96CA-9B909932F2A8} URL = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4074570379-3889221817-2714387551-1000 -> {AE0BC8DF-BBDE-4CE4-96CA-9B909932F2A8} URL = hxxp://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-4074570379-3889221817-2714387551-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4074570379-3889221817-2714387551-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [Keine Datei]
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> ist aktiviert.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\manfred-win7\AppData\Local\Google\Chrome\User Data\Default [2016-12-13]
CHR Extension: (uBlock Origin) - C:\Users\manfred-win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-02]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\manfred-win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\manfred-win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [274944 2011-01-24] (Intel Corporation) [Datei ist nicht signiert]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 fspad_win764; C:\WINDOWS\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
S3 iBtFltCoex; C:\WINDOWS\System32\DRIVERS\iBtFltCoex.sys [59904 2011-01-24] (Intel Corporation) [Datei ist nicht signiert]
S3 mod7764; C:\WINDOWS\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-12-10] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 X10Hid; C:\WINDOWS\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\WINDOWS\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-13 16:30 - 2016-12-13 16:31 - 00014685 _____ C:\Users\manfred-win7\Downloads\FRST.txt
2016-12-13 16:28 - 2016-12-13 16:30 - 00000000 ____D C:\FRST
2016-12-13 16:27 - 2016-12-13 16:28 - 02420224 _____ (Farbar) C:\Users\manfred-win7\Downloads\FRST64.exe
2016-12-04 17:19 - 2016-12-04 17:19 - 00000015 _____ C:\Users\manfred-win7\Desktop\Distribution Sun Dec 04 17_19_50 2016.wchtl
2016-12-03 16:39 - 2016-12-03 16:39 - 00000655 _____ C:\Users\manfred-win7\Desktop\readme.txt
2016-12-03 16:38 - 2016-12-03 16:39 - 00268288 _____ C:\Users\manfred-win7\Desktop\Wichteln.exe
2016-12-03 12:57 - 2016-12-03 12:57 - 00197269 _____ C:\Users\manfred-win7\Downloads\msvcp110.zip
2016-11-17 13:52 - 2016-11-17 13:52 - 00809112 _____ C:\Users\manfred-win7\Downloads\Rechnung-2016668229-000583002.pdf
2016-11-15 11:14 - 2016-11-15 11:14 - 01705779 _____ C:\Users\manfred-win7\Downloads\filename-=utf-8''34748_Pläne.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-12-13 16:22 - 2016-09-26 06:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-13 13:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 13:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 13:30 - 2013-02-24 16:52 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-13 09:22 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-13 09:22 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-10 13:30 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-02 09:01 - 2015-07-30 21:16 - 00000000 ____D C:\Users\manfred-win7\AppData\Local\Packages
2016-11-29 19:52 - 2016-10-03 16:32 - 00000000 ____D C:\Users\manfred-win7\Documents\Philip
2016-11-21 19:17 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-13 10:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-09-26 06:14 - 2016-09-26 06:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\manfred-win7\createfileassoc.exe
C:\Users\manfred-win7\error_report.exe
C:\Users\manfred-win7\libeay32.dll
C:\Users\manfred-win7\msvcp110.dll
C:\Users\manfred-win7\msvcr110.dll
C:\Users\manfred-win7\OverwolfTeamSpeakInstaller.exe
C:\Users\manfred-win7\package_inst.exe
C:\Users\manfred-win7\Qt5Core.dll
C:\Users\manfred-win7\Qt5Gui.dll
C:\Users\manfred-win7\Qt5Network.dll
C:\Users\manfred-win7\Qt5Sql.dll
C:\Users\manfred-win7\Qt5Widgets.dll
C:\Users\manfred-win7\quazip.dll
C:\Users\manfred-win7\ssleay32.dll
C:\Users\manfred-win7\ts3client_win32.exe
C:\Users\manfred-win7\update.exe
Einige Dateien in TEMP:
====================
C:\Users\manfred-win7\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-12-06 07:29
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von manfred-win7 (13-12-2016 16:31:56)
Gestartet von C:\Users\manfred-win7\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-26 05:49:52)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4074570379-3889221817-2714387551-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4074570379-3889221817-2714387551-503 - Limited - Disabled)
Gast (S-1-5-21-4074570379-3889221817-2714387551-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4074570379-3889221817-2714387551-1002 - Limited - Enabled)
manfred-win7 (S-1-5-21-4074570379-3889221817-2714387551-1000 - Administrator - Enabled) => C:\Users\manfred-win7
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.1.588 - Corel Corporation) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.3.170.20151019 - Landesfinanzdirektion Thüringen)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{C7B40C35-85AE-4303-9EEA-1A1EA779664D}) (Version: 1.0.2.0518 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
MEDION GoPal Assistant (HKLM-x32\...\{12C77A13-A31B-4565-8E60-494FD65EBB2F}) (Version: 6.4.17.13525 - MEDION)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar FlowSync Version 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.12.0 - Synaptics Incorporated)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
X10 Hardware(TM) (HKLM-x32\...\X10Hardware) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4074570379-3889221817-2714387551-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00DCEBF9-8941-455E-835C-19FF18832CAC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {16962EA3-5C4A-45A0-886E-E32903275E58} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2CCC73E5-D728-42DE-9E59-384701364878} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {30EAC3B5-EDE2-4F93-971B-C2ED25B768AC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3B5BE476-B10D-4574-84EF-F100BEABD112} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {462659AB-6E73-4013-A2CB-ECF6B23AA84B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4CF239CE-E492-4D0A-AA83-46BA75C52B84} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F3CA30B-0DAE-4124-9AA5-8A7F7A33E429} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {502F1E4D-DCED-4245-BC39-65848D20AC10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {5924C13F-54D4-451B-8AFB-6E448DBD3533} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {604D6659-4FD9-484F-81BE-587A630DD87F} - System32\Tasks\{3C3D6DAA-69DD-4FF5-9814-EA66FDA2AA58} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {66F84A46-801C-4881-9A92-BDBD8EC7FA4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {676EA69E-9C5E-4B92-AFCA-B55F10A693B4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6FC50C5E-D29E-4269-9C4F-B201E842D8F0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73B212A8-A420-476C-B69E-88DDD0D3E8FC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {7B36793E-B8F9-44B9-B3CE-2FF01EACB5AC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8A43414C-75B7-4137-BE5C-4616408C0735} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8B012E22-A3A3-4DED-B483-672129D0ECFD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {91362129-5CF9-41E6-B555-8C955AAD2587} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {977AEE8C-2C33-4F34-8182-79B151716335} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {9BE090FC-CC34-4D6F-90CA-308DFA37B580} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A11D4C68-B92A-4B1F-8EF8-F197D5A66549} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A2070FF4-8B83-44C1-9B12-A9D76BA4BA72} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {A22C0D11-EE6B-4FF3-84E7-22D8B3DF8987} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5541685-8954-4587-A09E-AE6AC7F4FCB2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {ADB68C3D-6BA2-4AC7-BB5E-9532CCC3B11A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BDE25054-1763-4218-9012-88630F725C8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {BE79EACB-600F-4EB1-A47F-BEE45A322445} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {C4184095-61D1-4673-856C-552EFAE746DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C4E95EF3-C93B-42E2-ADD2-9946FEB479BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D3B6FCA6-AA34-47A8-8C83-4FE498A18B3A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6956277-5F9E-4BA0-8CA5-253C3112CBE2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D6AE8F30-7390-4EC5-91CA-F05536B148D7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7869461-B0DF-45C3-A433-8D7BF3507A3B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {DEC4771C-A292-4F81-A782-D6D6120BCA19} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {E06570B8-0F06-470F-AB70-E9690A385F6A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {E22FF09B-DE37-4190-A3E3-5056086BE8FA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6C21C18-106E-4964-8555-C3C99A8F4D95} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E7EB88E0-D623-4F2D-AF7D-E5D2B271C3C5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAB21F60-4C82-4A39-B1C6-1474D4EF7691} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EC97DCEE-D391-4259-A691-BE863BD41456} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD54D1B7-454E-4FE3-9F20-4533DC8A05E5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FE80B526-06B3-4931-81FC-99AD50810E20} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-29 06:29 - 2015-05-29 06:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2016-09-30 18:45 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 18:45 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-27 07:08 - 2016-09-27 07:08 - 01864384 _____ () C:\Users\manfred-win7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-30 18:45 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-26 06:56 - 2016-09-26 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 14:51 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 14:49 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 14:49 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 14:49 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 14:49 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 14:49 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:49 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-11-17 08:57 - 2016-11-17 08:58 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 08:57 - 2016-11-17 08:58 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 08:57 - 2016-11-17 08:58 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-27 07:08 - 2016-09-27 07:08 - 01383616 _____ () C:\Users\manfred-win7\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-10 02:02 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-10 02:02 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupreg: HotkeyApp => "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4074570379-3889221817-2714387551-1000\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{E9526493-DBB4-47DA-A7F2-68DDC1C9810A}] => LPort=5354
FirewallRules: [{D5169882-FE1C-4C28-8384-3809CDC26C44}] => LPort=5354
FirewallRules: [{6D1376F0-CDB5-4F82-9FF0-530B5341AB00}] => LPort=5354
FirewallRules: [{E0FA5BB6-AF0D-4B8E-81EC-9A657B734F16}] => LPort=5354
FirewallRules: [UDP Query User{50DB3831-74CD-442A-9202-71997F3FE5F0}C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe] => C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{481A5C83-B19E-4F07-A6E2-2BD05747B136}C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe] => C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6FFEC9DE-E941-4172-A2FF-EEEBB1FFACE0}C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe] => C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7CEB144A-5C0A-4288-8435-554A0F210AC2}C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe] => C:\users\manfred-win7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CA9A6FE5-D2B4-490D-9301-D6344B151B55}C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2f.exe] => C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2f.exe
FirewallRules: [TCP Query User{B2DEC7E9-B373-4037-A5E2-29E7D6BF9286}C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2f.exe] => C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2f.exe
FirewallRules: [UDP Query User{4CA7FE09-B839-4DF7-870F-746876A9F2C5}C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2_windows_8.1.exe] => C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2_windows_8.1.exe
FirewallRules: [TCP Query User{47A2EAFA-4CF5-4C84-A883-64F48F3C6967}C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2_windows_8.1.exe] => C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2_windows_8.1.exe
FirewallRules: [{AA1AF29C-4793-47C9-BFAD-1E112D28329A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9F7BE297-3985-4B1C-9373-522F7A7D85FA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2724B835-52C2-407F-8763-5071A78CEA3D}] => C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AFB4C994-349E-4ABF-B1C8-A4FB8B20FE49}] => C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{85B82740-B23B-4AE3-AFCD-2A2ECDC5D7FD}] => C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{DD6B90CF-E8D5-4FEB-99F9-251878C9B7C9}] => C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{6CBBB85A-0870-43AC-A3C3-DA197D7ABA53}] => C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{8E804290-C8FF-421A-8EA4-113F4AD1D5EB}] => C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{BFBF111E-761B-40E5-9631-CB65757A24A3}] => C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{7A005EF9-AFCE-4D9B-9C9B-2C428C8A1708}] => C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [UDP Query User{F522770E-E550-4EFD-9809-183663DF4BD6}C:\users\manfred-win7\appdata\local\temp\rar$exa0.641\aom client\.aom.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.641\aom client\.aom.exe
FirewallRules: [TCP Query User{67313DC4-E9C5-49E3-A6D3-482D56F5B072}C:\users\manfred-win7\appdata\local\temp\rar$exa0.641\aom client\.aom.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.641\aom client\.aom.exe
FirewallRules: [UDP Query User{6A5691C8-1054-4D69-8C08-E9A99C24FF8D}C:\users\manfred-win7\desktop\aom client\.aom.exe] => C:\users\manfred-win7\desktop\aom client\.aom.exe
FirewallRules: [TCP Query User{9EACF0E1-5401-4BDB-A347-A33D397741E1}C:\users\manfred-win7\desktop\aom client\.aom.exe] => C:\users\manfred-win7\desktop\aom client\.aom.exe
FirewallRules: [UDP Query User{041BD32A-A7FF-46D5-AAA5-17E78CA4D719}C:\users\manfred-win7\appdata\local\temp\rar$exa0.984\aom client\acore.dll] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.984\aom client\acore.dll
FirewallRules: [TCP Query User{1F87A546-C467-4441-AC1D-2882CFFE542B}C:\users\manfred-win7\appdata\local\temp\rar$exa0.984\aom client\acore.dll] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.984\aom client\acore.dll
FirewallRules: [{607AF2CC-4644-479B-A7C3-F035E6BD09BC}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{82EB86E1-41E8-4FC6-9CFD-EE603F9E4083}] => C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{541EAC49-BD3F-4CFE-9B4E-003BB6B8A057}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [UDP Query User{47A69C5A-E54E-4A89-A122-0C35E487D336}C:\users\manfred-win7\desktop\felix\games\aom client\.aom.exe] => C:\users\manfred-win7\desktop\felix\games\aom client\.aom.exe
FirewallRules: [TCP Query User{FD2CEFF1-859C-48D0-892D-E57683A5E872}C:\users\manfred-win7\desktop\felix\games\aom client\.aom.exe] => C:\users\manfred-win7\desktop\felix\games\aom client\.aom.exe
FirewallRules: [UDP Query User{C7AEDF6C-278E-4F25-A373-1DF58C3BA82C}C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.bin] => C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.bin
FirewallRules: [TCP Query User{BF0BAD9E-E3D8-47F0-89E1-F995B8C40992}C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.bin] => C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.bin
FirewallRules: [UDP Query User{FAC55686-2DE2-464B-BA23-3FE4B9DF5268}C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.exe] => C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.exe
FirewallRules: [TCP Query User{00274190-0C7A-40BD-86F4-E20BFE338A09}C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.exe] => C:\users\manfred-win7\desktop\felix\games\finalcut3-client 24-08-2013\metin2.exe
FirewallRules: [UDP Query User{579C262F-B44D-482A-8C22-C9EA47C169D4}C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2.exe] => C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2.exe
FirewallRules: [TCP Query User{F6373CAB-0DDC-4244-B8B4-ACE383A8100D}C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2.exe] => C:\users\manfred-win7\desktop\felix\games\shiro2_client _2013\shiro2.exe
FirewallRules: [UDP Query User{F11CC9A1-872D-486E-87DA-82757431D236}C:\users\manfred-win7\desktop\felix\games\celestialpatcher\mt2.exe] => C:\users\manfred-win7\desktop\felix\games\celestialpatcher\mt2.exe
FirewallRules: [TCP Query User{86372C19-CCB5-48AF-8E85-4581F5DE230A}C:\users\manfred-win7\desktop\felix\games\celestialpatcher\mt2.exe] => C:\users\manfred-win7\desktop\felix\games\celestialpatcher\mt2.exe
FirewallRules: [{F2319F07-7B0F-4C73-8A4D-F77D263057E4}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{8285F150-1CB3-46DD-A782-B48CAC4D6B66}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F8275304-A732-4C1D-B7A6-9D57A124A376}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{09A38BF4-A8C0-4B5B-A0B8-55F505E56BB1}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1DF2F035-1B21-4E22-9B69-0AA432834254}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1E82B501-F542-4E1B-B205-1024BE2C7DE8}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{95826535-A963-4A23-A67C-FC926A55CDD8}] => C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{59291880-4596-446C-94A6-185C15B9A931}] => C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{A13D044F-5E95-4080-96BA-A72F220B29EB}] => C:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D8357383-3B76-43D4-A2B3-B216112DE96D}] => C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{ACF73F28-C2F9-42CE-A8C1-A4CE008F4565}] => C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{B325E469-A39E-4278-8086-1425C100721C}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AAFCEA9C-0D3E-4891-9F5D-C17217FD793A}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA1E9CF1-8065-440B-8DC6-13DAD3E387A0}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{E609176B-A907-4D14-A129-C03494131B91}] => C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [UDP Query User{F48FF83B-4515-48E9-8BEB-EB6F6C5602D7}C:\users\manfred-win7\desktop\felix\games\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\desktop\felix\games\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{8813422B-9632-4CAE-9640-B88399183676}C:\users\manfred-win7\desktop\felix\games\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\desktop\felix\games\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{4F22F494-8E95-43DD-B8CF-467AA99EEF39}C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin
FirewallRules: [TCP Query User{2019B2CE-4F26-499A-BE4D-4A402AD03B35}C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin
FirewallRules: [UDP Query User{AF945B18-E2D6-4E1E-A9CE-2BFDAD7F623B}C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin
FirewallRules: [TCP Query User{D640E452-688D-4A8F-95AB-4ED264C2A325}C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\games\celestialpatcher\celestial.bin
FirewallRules: [UDP Query User{640EF8E4-EBC9-44C6-BDF6-C9BB46AD3E58}C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin
FirewallRules: [TCP Query User{48FE4C05-C961-4716-8C70-185709EBA3F5}C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin
FirewallRules: [{BBD8E28C-3AED-435F-A039-EC76F86389CB}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{761ACD22-013F-4E90-9437-3445CD12B145}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{A3281EF9-E6FF-48BD-B856-C65462EE1B44}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{36009395-4879-4EF9-BF17-7715CE70D9CA}] => C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [UDP Query User{B3C0CBA4-D431-4795-AFDF-A6A066749829}C:\users\manfred-win7\desktop\felix\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\desktop\felix\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{98F6644A-6E12-4E43-B804-3CEC3CF2E28A}C:\users\manfred-win7\desktop\felix\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\desktop\felix\dark-mt2 2012\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{81BCC976-AE3F-4B98-BDC9-D1C27A1A0911}C:\users\manfred-win7\appdata\local\temp\rar$exa0.038\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.038\celestial.bin
FirewallRules: [TCP Query User{56DA54DB-30D3-47CA-9359-449756FFCBC1}C:\users\manfred-win7\appdata\local\temp\rar$exa0.038\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.038\celestial.bin
FirewallRules: [UDP Query User{60087BFD-03AB-442B-BE88-39AAAC25A9BC}C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin
FirewallRules: [TCP Query User{7C61ACB9-F381-48D1-8273-FEE3793F6579}C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin] => C:\users\manfred-win7\desktop\felix\celestialpatcher\celestial.bin
FirewallRules: [UDP Query User{16552391-A93F-4674-9DD7-4C1B90EA4561}C:\users\manfred-win7\appdata\local\temp\rar$exa0.012\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.012\celestial.bin
FirewallRules: [TCP Query User{8A59119D-50E9-480A-A910-11FC9036B115}C:\users\manfred-win7\appdata\local\temp\rar$exa0.012\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.012\celestial.bin
FirewallRules: [UDP Query User{AFDDF92A-1D6C-4AB9-82A8-C3E4B490D1A3}C:\users\manfred-win7\appdata\local\temp\rar$exa0.338\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.338\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{ECAFAD0E-636D-415E-8B28-6925F9CBD115}C:\users\manfred-win7\appdata\local\temp\rar$exa0.338\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.338\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{56A523A9-7358-4591-92B2-9FA07AACE3E8}C:\users\manfred-win7\appdata\local\temp\rar$exa0.774\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.774\celestial.bin
FirewallRules: [TCP Query User{3A5F9C57-B9E0-40A4-A392-57358085841F}C:\users\manfred-win7\appdata\local\temp\rar$exa0.774\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.774\celestial.bin
FirewallRules: [UDP Query User{1E2060A2-F442-4DCE-95EB-B74D8AC2E464}C:\users\manfred-win7\appdata\local\temp\rar$exa0.371\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.371\celestial.bin
FirewallRules: [TCP Query User{3BABEFD1-3CFA-411A-A88D-A8841F1B5CE2}C:\users\manfred-win7\appdata\local\temp\rar$exa0.371\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.371\celestial.bin
FirewallRules: [UDP Query User{AA3C6FBB-0BE3-42E6-A3DD-F338F94CA295}C:\users\manfred-win7\appdata\local\temp\rar$exa0.763\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.763\celestial.bin
FirewallRules: [TCP Query User{2262B54D-A8DC-4B75-A950-F8AF80D6F499}C:\users\manfred-win7\appdata\local\temp\rar$exa0.763\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.763\celestial.bin
FirewallRules: [UDP Query User{7D1D3249-DEAB-4FF0-A4BF-28B7149CDF06}C:\users\manfred-win7\appdata\local\temp\rar$exa0.444\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.444\celestial.bin
FirewallRules: [TCP Query User{432AF911-9262-4991-8D0C-2599316579FD}C:\users\manfred-win7\appdata\local\temp\rar$exa0.444\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.444\celestial.bin
FirewallRules: [UDP Query User{24D3A537-7DBD-4140-827B-859BF5F08492}C:\users\manfred-win7\appdata\local\temp\rar$exa0.403\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.403\celestial.bin
FirewallRules: [TCP Query User{6D131AFE-16BD-4CEB-87BC-4FFA018C81D0}C:\users\manfred-win7\appdata\local\temp\rar$exa0.403\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.403\celestial.bin
FirewallRules: [UDP Query User{70F911F2-42AD-43A9-99A3-5CA00D4A423A}C:\users\manfred-win7\appdata\local\temp\rar$exa0.030\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.030\celestial.bin
FirewallRules: [TCP Query User{D884C3F3-2423-41FF-8AFF-CD326FBB5C37}C:\users\manfred-win7\appdata\local\temp\rar$exa0.030\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.030\celestial.bin
FirewallRules: [{B58FCA24-BC2D-4E1D-8302-3E9392E0F44D}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{101EFE81-837C-4CD8-A5AF-A6AFF9A36FB8}] => C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{2CF3B34A-23A3-4390-BC1F-F131CF7D6076}] => C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{50679308-1175-4C0D-81C3-AFB2E23812DC}] => C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [UDP Query User{2B1BC277-31F4-4071-B708-0DF313EE7028}C:\users\manfred-win7\appdata\local\temp\rar$exa0.233\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.233\celestial.bin
FirewallRules: [TCP Query User{F3D759F8-36D7-45C1-920C-723A1649B28D}C:\users\manfred-win7\appdata\local\temp\rar$exa0.233\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.233\celestial.bin
FirewallRules: [UDP Query User{56B6D16E-09F2-4E96-B450-5641BB584BDD}C:\users\manfred-win7\appdata\local\temp\rar$exa0.449\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.449\celestial.bin
FirewallRules: [TCP Query User{65650066-AAEA-4250-BFBB-349D725DFE8F}C:\users\manfred-win7\appdata\local\temp\rar$exa0.449\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.449\celestial.bin
FirewallRules: [UDP Query User{A226A58D-15BB-4136-9FD1-05D383B55D0E}C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\celestial.bin
FirewallRules: [TCP Query User{F4052426-06AB-41B7-9151-42049F8E6988}C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\celestial.bin
FirewallRules: [UDP Query User{0891AFFB-61ED-42CB-AB04-B25ED6FBB4A8}C:\users\manfred-win7\appdata\local\temp\rar$exa0.385\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.385\celestial.bin
FirewallRules: [TCP Query User{0A115376-EFFC-41DB-BD5D-0CB98270D8E1}C:\users\manfred-win7\appdata\local\temp\rar$exa0.385\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.385\celestial.bin
FirewallRules: [UDP Query User{D437BA37-6D42-4FA2-A236-0841EAB4EFB2}C:\users\manfred-win7\appdata\local\temp\rar$exa0.171\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.171\celestial.bin
FirewallRules: [TCP Query User{D20E2655-734A-461D-A2B0-36D568217AD9}C:\users\manfred-win7\appdata\local\temp\rar$exa0.171\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.171\celestial.bin
FirewallRules: [UDP Query User{0A122EA6-DA9F-4C11-9B6F-5DEBEAEA709D}C:\users\manfred-win7\appdata\local\temp\rar$exa0.048\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.048\celestial.bin
FirewallRules: [TCP Query User{4444488B-F113-4202-AAD1-11151C70FAF2}C:\users\manfred-win7\appdata\local\temp\rar$exa0.048\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.048\celestial.bin
FirewallRules: [UDP Query User{89BFA238-FEB1-47E8-B710-7B20F607FC44}C:\users\manfred-win7\appdata\local\temp\rar$exa0.604\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.604\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{ECF3A903-FF58-4D0C-B90E-9090D880F663}C:\users\manfred-win7\appdata\local\temp\rar$exa0.604\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.604\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{38B3B851-765B-4CA3-9F84-4D23D74DBD7B}C:\users\manfred-win7\appdata\local\temp\rar$exa0.627\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.627\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{9ABB8045-D0BD-4F1F-890B-57F657640F91}C:\users\manfred-win7\appdata\local\temp\rar$exa0.627\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.627\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{D76D7C6D-7865-4ECA-8776-50FCD6001633}C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{AB4B57F5-F290-4DC4-8B74-336EB1103000}C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.566\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{EF08E796-BAEC-4868-B16B-8AC84A572FE7}C:\users\manfred-win7\appdata\local\temp\rar$exa0.266\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.266\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{2EE667D1-CAA5-4322-B0F3-7E80234633A6}C:\users\manfred-win7\appdata\local\temp\rar$exa0.266\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.266\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{48E0F118-DF68-4FD5-82C4-F9D719215933}C:\users\manfred-win7\appdata\local\temp\rar$exa0.420\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.420\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{D489974A-15BE-4A5F-8B97-A57A87FBD0FE}C:\users\manfred-win7\appdata\local\temp\rar$exa0.420\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.420\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{AC7E2283-6D52-416D-BA79-58EDAA146875}C:\users\manfred-win7\appdata\local\temp\rar$exa0.734\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.734\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [TCP Query User{E6E6DAD9-6D54-433E-9D65-A37E1BE09974}C:\users\manfred-win7\appdata\local\temp\rar$exa0.734\dark-mt2 2012\dark-mt2 2012 starter.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.734\dark-mt2 2012\dark-mt2 2012 starter.exe
FirewallRules: [UDP Query User{365009BD-88AE-40BA-917F-E42665BC0FC9}C:\users\manfred-win7\downloads\client.exe] => C:\users\manfred-win7\downloads\client.exe
FirewallRules: [TCP Query User{A4E68E06-7D1A-4DDE-8F27-15A1423A903F}C:\users\manfred-win7\downloads\client.exe] => C:\users\manfred-win7\downloads\client.exe
FirewallRules: [UDP Query User{98707E40-99C4-4183-BC5B-1FEE03406B2A}C:\users\manfred-win7\appdata\local\temp\rar$exa0.581\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.581\celestial-world\celestial.exe
FirewallRules: [TCP Query User{2CFF8B2B-51A4-4980-8629-640BFD7C0B94}C:\users\manfred-win7\appdata\local\temp\rar$exa0.581\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.581\celestial-world\celestial.exe
FirewallRules: [UDP Query User{2844F622-7B62-4D2C-8223-01E9E6110C22}C:\users\manfred-win7\appdata\local\temp\rar$exa0.412\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.412\celestial-world\celestial.exe
FirewallRules: [TCP Query User{D8B788FB-A393-4330-B2F7-BCF135C3A68D}C:\users\manfred-win7\appdata\local\temp\rar$exa0.412\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.412\celestial-world\celestial.exe
FirewallRules: [UDP Query User{F0E76519-8369-47C0-974C-7E27DFDC9004}C:\users\manfred-win7\appdata\local\temp\rar$exa0.206\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.206\celestial-world\celestial.exe
FirewallRules: [TCP Query User{C4AA4144-4357-467D-9DC1-11FB6BE3AEED}C:\users\manfred-win7\appdata\local\temp\rar$exa0.206\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.206\celestial-world\celestial.exe
FirewallRules: [UDP Query User{9700EBA8-38D8-45A6-93D0-224F84067F18}C:\users\manfred-win7\appdata\local\temp\rar$exa0.335\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.335\celestial-world\celestial.exe
FirewallRules: [TCP Query User{6BAFF1B7-CC42-4DB6-A7E9-0391ADDDE5A4}C:\users\manfred-win7\appdata\local\temp\rar$exa0.335\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.335\celestial-world\celestial.exe
FirewallRules: [UDP Query User{C13A9D87-FECB-45CC-9848-92868B39F52C}C:\users\manfred-win7\appdata\local\temp\rar$exa0.667\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.667\celestial-world\celestial.exe
FirewallRules: [TCP Query User{D907DC8B-A3A4-4631-B43F-FEE0799C5392}C:\users\manfred-win7\appdata\local\temp\rar$exa0.667\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.667\celestial-world\celestial.exe
FirewallRules: [UDP Query User{AFFF52DF-F19A-4170-B8C6-89517EE4DC60}C:\users\manfred-win7\appdata\local\temp\rar$exa0.561\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.561\celestial-world\celestial.exe
FirewallRules: [TCP Query User{D3E7061B-94A8-4229-A8ED-53C0CC0A9C94}C:\users\manfred-win7\appdata\local\temp\rar$exa0.561\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.561\celestial-world\celestial.exe
FirewallRules: [UDP Query User{1689BDD5-E1AE-463A-9C81-A4C153AE5FA2}C:\users\manfred-win7\appdata\local\temp\rar$exa0.148\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.148\celestial-world\celestial.exe
FirewallRules: [TCP Query User{7C1CFCCB-86CA-4503-A579-0D66FDAD1095}C:\users\manfred-win7\appdata\local\temp\rar$exa0.148\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.148\celestial-world\celestial.exe
FirewallRules: [UDP Query User{44D02621-0599-46EB-95B6-A2311D072B15}C:\users\manfred-win7\appdata\local\temp\rar$exa0.635\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.635\celestial-world\celestial.exe
FirewallRules: [TCP Query User{F82300D9-F875-4E55-9854-D3DE4C0167FB}C:\users\manfred-win7\appdata\local\temp\rar$exa0.635\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.635\celestial-world\celestial.exe
FirewallRules: [UDP Query User{BAD41882-D60C-4A05-A3D1-BB9591AFB249}C:\users\manfred-win7\appdata\local\temp\rar$exa0.662\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.662\celestial-world\celestial.exe
FirewallRules: [TCP Query User{0DD5DC34-F23F-4619-8542-8880C57A5301}C:\users\manfred-win7\appdata\local\temp\rar$exa0.662\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.662\celestial-world\celestial.exe
FirewallRules: [UDP Query User{FC5F06AF-47DA-4252-BCDB-62C375AC0CC3}C:\users\manfred-win7\appdata\local\temp\rar$exa0.819\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.819\celestial-world\celestial.exe
FirewallRules: [TCP Query User{62FE30F3-B081-45FF-AF5B-5B4858080FCB}C:\users\manfred-win7\appdata\local\temp\rar$exa0.819\celestial-world\celestial.exe] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.819\celestial-world\celestial.exe
FirewallRules: [{E93EF897-3857-414F-8551-A05F8123B4E5}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D18917A0-7383-4B42-889A-4CA95C1BD36C}C:\users\manfred-win7\appdata\local\temp\rar$exa0.024\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.024\celestial.bin
FirewallRules: [TCP Query User{0F2CD27F-421B-403A-A06C-E50B31A4BE7A}C:\users\manfred-win7\appdata\local\temp\rar$exa0.024\celestial.bin] => C:\users\manfred-win7\appdata\local\temp\rar$exa0.024\celestial.bin
FirewallRules: [{F9917739-11A1-4B93-B3A1-15526A57E100}] => C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{92B34D84-38AF-4943-B509-7052D4AC55C2}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4038F270-2A84-4076-AE78-3D4D78C873D8}] => C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{4C221CAA-299D-48CA-AFB3-CE141C138418}] => C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{F4D81288-2E51-4DC0-82D2-418CCBEAE378}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
26-11-2016 08:01:08 Geplanter Prüfpunkt
05-12-2016 10:50:00 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/05/2016 10:50:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (12/03/2016 12:58:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x1390
Startzeit der fehlerhaften Anwendung: 0x01d24d5c9b63e317
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: a86aeb3f-f809-4020-88c4-cf4003b14fef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (12/03/2016 12:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x21c8
Startzeit der fehlerhaften Anwendung: 0x01d24d5c8af5101f
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: d3ece84f-449f-4d45-bba9-65ccb65b63a4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/29/2016 07:59:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x574
Startzeit der fehlerhaften Anwendung: 0x01d24a72b3357c4a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: 91757547-fdac-481f-8ee4-f00f0ba12eca
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/29/2016 07:52:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x28dc
Startzeit der fehlerhaften Anwendung: 0x01d24a71cc9c6c2d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: ede0c63a-f80b-45ab-86e8-b3d348b90b91
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/26/2016 08:01:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/21/2016 05:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x604
Startzeit der fehlerhaften Anwendung: 0x01d2441290ea446f
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: abadcf69-d2e0-42b4-ba16-8b60ad843ce1
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/21/2016 05:15:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x2378
Startzeit der fehlerhaften Anwendung: 0x01d244126cf19780
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: 282fb81b-0101-42d3-9d83-79861a45d652
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/21/2016 05:01:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x1950
Startzeit der fehlerhaften Anwendung: 0x01d2441075c95a46
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: a13d3cdb-7c4b-4394-822b-897bc72bde58
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/21/2016 05:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Name des fehlerhaften Moduls: devmonsrv.exe, Version: 1.0.0.49, Zeitstempel: 0x4d38243e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040ebc
ID des fehlerhaften Prozesses: 0x1e18
Startzeit der fehlerhaften Anwendung: 0x01d2441062995611
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Berichtskennung: 694febad-ac6a-4e72-b727-96d330e450bb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/13/2016 09:18:03 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.
Error: (12/13/2016 09:18:01 AM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.
Error: (12/12/2016 07:02:10 PM) (Source: DCOM) (EventID: 10010) (User: manfred-win7-PC)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/12/2016 07:00:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
Error: (12/12/2016 05:46:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 8 0x0 0x0
Error: (12/12/2016 05:46:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 2 0xdeaddeed 0xeeec
Error: (12/12/2016 05:46:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT-AUTORITÄT)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 1 0xc 0x4
Error: (12/12/2016 01:15:39 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.
Error: (12/12/2016 01:15:37 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.
Error: (12/10/2016 02:40:36 PM) (Source: i8042prt) (EventID: 41) (User: )
Description: Beim Aktivieren der Maus für die Informationsübertragung ist ein Fehler aufgetreten. Das Gerät wurde zurückgesetzt, um es wieder funktionstüchtig zu machen.
CodeIntegrity:
===================================
Date: 2016-12-13 16:19:35.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:35.164
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:35.158
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:35.005
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:35.002
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:34.998
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:34.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:34.731
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:34.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-13 16:19:34.487
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 78%
Installierter physikalischer RAM: 4003.07 MB
Verfügbarer physikalischer RAM: 871.47 MB
Summe virtueller Speicher: 14555.35 MB
Verfügbarer virtueller Speicher: 3879.15 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:597.5 GB) NTFS
Drive d: (Recover) (Fixed) (Total:38 GB) (Free:16.15 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D3AF660C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=657.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende von Addition.txt ============================
|
|
14.12.2016, 17:52
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Email Account gehackt Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
15.12.2016, 13:44
| #5 |
| | Email Account gehackt TDSKiller 1. Teil Code:
ATTFilter 13:37:52.0552 0x0d3c TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
13:37:56.0672 0x0d3c ============================================================
13:37:56.0672 0x0d3c Current date / time: 2016/12/15 13:37:56.0672
13:37:56.0672 0x0d3c SystemInfo:
13:37:56.0672 0x0d3c
13:37:56.0672 0x0d3c OS Version: 10.0.14393 ServicePack: 0.0
13:37:56.0672 0x0d3c Product type: Workstation
13:37:56.0672 0x0d3c ComputerName: MANFRED-WIN7-PC
13:37:56.0672 0x0d3c UserName: manfred-win7
13:37:56.0672 0x0d3c Windows directory: C:\WINDOWS
13:37:56.0672 0x0d3c System windows directory: C:\WINDOWS
13:37:56.0672 0x0d3c Running under WOW64
13:37:56.0672 0x0d3c Processor architecture: Intel x64
13:37:56.0672 0x0d3c Number of processors: 4
13:37:56.0672 0x0d3c Page size: 0x1000
13:37:56.0672 0x0d3c Boot type: Normal boot
13:37:56.0672 0x0d3c CodeIntegrityOptions = 0x00000001
13:37:56.0672 0x0d3c ============================================================
13:37:57.0006 0x0d3c KLMD registered as C:\WINDOWS\system32\drivers\26049172.sys
13:37:57.0006 0x0d3c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.447, osProperties = 0x19
13:37:58.0038 0x0d3c System UUID: {5479365F-34C0-14C4-741B-B133347B67DB}
13:37:58.0834 0x0d3c Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:37:58.0834 0x0d3c ============================================================
13:37:58.0834 0x0d3c \Device\Harddisk0\DR0:
13:37:58.0834 0x0d3c MBR partitions:
13:37:58.0834 0x0d3c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:37:58.0834 0x0d3c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x52312800
13:37:58.0866 0x0d3c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x52345800, BlocksNum 0x4BFE000
13:37:58.0897 0x0d3c ============================================================
13:37:58.0944 0x0d3c C: <-> \Device\Harddisk0\DR0\Partition2
13:37:58.0975 0x0d3c D: <-> \Device\Harddisk0\DR0\Partition3
13:37:58.0975 0x0d3c ============================================================
13:37:58.0975 0x0d3c Initialize success
13:37:58.0975 0x0d3c ============================================================
13:38:18.0830 0x1344 ============================================================
13:38:18.0830 0x1344 Scan started
13:38:18.0830 0x1344 Mode: Manual; SigCheck; TDLFS;
13:38:18.0830 0x1344 ============================================================
13:38:18.0830 0x1344 KSN ping started
13:38:18.0895 0x1344 KSN ping finished: true
13:38:20.0882 0x1344 ================ Scan system memory ========================
13:38:20.0882 0x1344 System memory - ok
13:38:20.0882 0x1344 ================ Scan services =============================
13:38:21.0104 0x1344 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
13:38:21.0513 0x1344 1394ohci - ok
13:38:21.0537 0x1344 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
13:38:21.0568 0x1344 3ware - ok
13:38:21.0631 0x1344 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
13:38:21.0662 0x1344 ACPI - ok
13:38:21.0678 0x1344 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
13:38:21.0725 0x1344 AcpiDev - ok
13:38:21.0740 0x1344 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
13:38:21.0756 0x1344 acpiex - ok
13:38:21.0804 0x1344 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
13:38:21.0870 0x1344 acpipagr - ok
13:38:21.0907 0x1344 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
13:38:21.0986 0x1344 AcpiPmi - ok
13:38:22.0013 0x1344 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
13:38:22.0047 0x1344 acpitime - ok
13:38:22.0126 0x1344 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:38:22.0139 0x1344 AdobeARMservice - ok
13:38:22.0269 0x1344 [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:38:22.0289 0x1344 AdobeFlashPlayerUpdateSvc - ok
13:38:22.0361 0x1344 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:38:22.0416 0x1344 ADP80XX - ok
13:38:22.0460 0x1344 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
13:38:22.0498 0x1344 AFD - ok
13:38:22.0539 0x1344 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:38:22.0759 0x1344 ahcache - ok
13:38:22.0787 0x1344 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
13:38:22.0870 0x1344 AJRouter - ok
13:38:22.0901 0x1344 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
13:38:22.0963 0x1344 ALG - ok
13:38:22.0994 0x1344 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
13:38:23.0088 0x1344 AmdK8 - ok
13:38:23.0119 0x1344 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
13:38:23.0166 0x1344 AmdPPM - ok
13:38:23.0182 0x1344 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
13:38:23.0198 0x1344 amdsata - ok
13:38:23.0229 0x1344 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
13:38:23.0244 0x1344 amdsbs - ok
13:38:23.0260 0x1344 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
13:38:23.0276 0x1344 amdxata - ok
13:38:23.0320 0x1344 [ DA11F970926C91646AAF872E019ED780, D4DC7C867D251BA7B2B0029D2B6D3EE3C7582BC5608EC9EA51A1C1A4927F5E6E ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys
13:38:23.0476 0x1344 AMPPAL - ok
13:38:23.0538 0x1344 [ 5B0F4FB165256DE463A51E3A3127969E, 6751ADFFE95FA671C584427A9624EEB79518DE08132FD7A83148700B75487316 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
13:38:23.0695 0x1344 AppHostSvc - ok
13:38:23.0742 0x1344 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
13:38:23.0757 0x1344 AppID - ok
13:38:23.0788 0x1344 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
13:38:23.0867 0x1344 AppIDSvc - ok
13:38:23.0898 0x1344 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
13:38:24.0101 0x1344 Appinfo - ok
13:38:24.0117 0x1344 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
13:38:24.0210 0x1344 applockerfltr - ok
13:38:24.0249 0x1344 [ 21DC11DA29484AE026E536F2EA7E79E5, 6E17B679494CB293DE13DFA18F79A9DFAFEEBAAE41943F95B5E1AE0720A5CA26 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
13:38:24.0341 0x1344 AppReadiness - ok
13:38:24.0443 0x1344 [ F9F4CFCB3845EABF81A654001C80854C, 2CB7BED0A838585903056E41D46C2604B5EECA3B6C673497A22BFFCAE7986C5F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
13:38:24.0591 0x1344 AppXSvc - ok
13:38:24.0615 0x1344 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
13:38:24.0637 0x1344 arcsas - ok
13:38:24.0803 0x1344 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:38:24.0820 0x1344 aspnet_state - ok
13:38:24.0847 0x1344 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
13:38:24.0905 0x1344 AsyncMac - ok
13:38:24.0935 0x1344 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
13:38:24.0950 0x1344 atapi - ok
13:38:24.0983 0x1344 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:38:25.0059 0x1344 AudioEndpointBuilder - ok
13:38:25.0121 0x1344 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
13:38:25.0199 0x1344 Audiosrv - ok
13:38:25.0262 0x1344 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
13:38:25.0309 0x1344 AxInstSV - ok
13:38:25.0356 0x1344 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
13:38:25.0402 0x1344 b06bdrv - ok
13:38:25.0418 0x1344 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:38:25.0496 0x1344 BasicDisplay - ok
13:38:25.0512 0x1344 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
13:38:25.0543 0x1344 BasicRender - ok
13:38:25.0559 0x1344 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
13:38:25.0590 0x1344 bcmfn - ok
13:38:25.0606 0x1344 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
13:38:25.0621 0x1344 bcmfn2 - ok
13:38:25.0668 0x1344 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
13:38:25.0746 0x1344 BDESVC - ok
13:38:25.0793 0x1344 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:38:25.0871 0x1344 Beep - ok
13:38:25.0965 0x1344 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
13:38:26.0090 0x1344 BFE - ok
13:38:26.0137 0x1344 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
13:38:26.0294 0x1344 BITS - ok
13:38:26.0387 0x1344 [ 832314A5AC804DEE429A009A3D41B99B, 8F8D8C376F9FA6459E5856EB7F5575960133AC0B876EEF28DA131BAD71CAB14E ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:38:26.0419 0x1344 Bluetooth Device Monitor - ok
13:38:26.0482 0x1344 [ 35C701C5A286543973F0FC8BC195515E, 6FF6034C72BD1287954D7A27F48957700E20FDF30BF6576A9693164A4E49F78D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:38:26.0513 0x1344 Bluetooth Media Service - ok
13:38:26.0576 0x1344 [ A475D68B03FEBF6C371F0D9644C2E12D, 6CC4276D104B75DDCC788C1929E6A725EECC73F0AEFE234B5EC7E7852066CDCB ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:38:26.0607 0x1344 Bluetooth OBEX Service - ok
13:38:26.0638 0x1344 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
13:38:26.0716 0x1344 bowser - ok
13:38:26.0779 0x1344 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:38:26.0888 0x1344 BrokerInfrastructure - ok
13:38:26.0935 0x1344 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
13:38:26.0998 0x1344 Browser - ok
13:38:27.0029 0x1344 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:38:27.0091 0x1344 BthAvrcpTg - ok
13:38:27.0107 0x1344 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
13:38:27.0123 0x1344 BthHFEnum - ok
13:38:27.0138 0x1344 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
13:38:27.0154 0x1344 bthhfhid - ok
13:38:27.0204 0x1344 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
13:38:27.0251 0x1344 BthHFSrv - ok
13:38:27.0282 0x1344 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
13:38:27.0313 0x1344 BTHMODEM - ok
13:38:27.0329 0x1344 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
13:38:27.0376 0x1344 bthserv - ok
13:38:27.0407 0x1344 [ BA554BFCBF21201D310738A42C9C19E1, 336925BFEB9ECCE94255F6D46388CED95A207392DE9E6211A5EE28B409C526D9 ] btmaux C:\WINDOWS\system32\DRIVERS\btmaux.sys
13:38:27.0422 0x1344 btmaux - ok
13:38:27.0454 0x1344 [ 0010A54571F525A97EED8C091E96EAA9, 6BA69BD0BEAFAF0385C53E2FEB3C7E19DA797C4C732F60600243F2B79B6CDC64 ] btmhsf C:\WINDOWS\system32\DRIVERS\btmhsf.sys
13:38:27.0516 0x1344 btmhsf - detected UnsignedFile.Multi.Generic ( 1 )
13:38:27.0594 0x1344 Detect skipped due to KSN trusted
13:38:27.0594 0x1344 btmhsf - ok
13:38:27.0610 0x1344 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
13:38:27.0688 0x1344 buttonconverter - ok
13:38:27.0704 0x1344 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
13:38:27.0829 0x1344 CapImg - ok
13:38:27.0860 0x1344 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:38:27.0926 0x1344 cdfs - ok
13:38:27.0958 0x1344 [ B737F6FB33A6F79BCBC293A5B32C1C4E, B2EAF621052A4CBEE78208ECF1AC9286BD1EB431019372254E442319308112F8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
13:38:28.0067 0x1344 CDPSvc - ok
13:38:28.0098 0x1344 [ 2531EF3423A9FE1692005A41907E3BE3, 4E7D3E216937305B73CBCC5031F513CEC38F4FEFE3F2291DED5F37641221CCA0 ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
13:38:28.0145 0x1344 CDPUserSvc - ok
13:38:28.0208 0x1344 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
13:38:28.0239 0x1344 cdrom - ok
13:38:28.0270 0x1344 [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
13:38:28.0317 0x1344 CertPropSvc - ok
13:38:28.0348 0x1344 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
13:38:28.0380 0x1344 cht4iscsi - ok
13:38:28.0473 0x1344 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
13:38:28.0544 0x1344 cht4vbd - ok
13:38:28.0591 0x1344 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
13:38:28.0622 0x1344 circlass - ok
13:38:28.0669 0x1344 [ 39591D8510CEC3BA6ED4330EE689B791, E827DEA20AB338308D6E4EEFEF551088088B77CD10BF08C8BE568090E04172E2 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
13:38:28.0685 0x1344 CLFS - ok
13:38:28.0732 0x1344 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
13:38:28.0778 0x1344 ClipSVC - ok
13:38:28.0810 0x1344 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
13:38:28.0857 0x1344 clreg - ok
13:38:28.0904 0x1344 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd C:\WINDOWS\system32\DRIVERS\clwvd.sys
13:38:28.0919 0x1344 clwvd - ok
13:38:28.0950 0x1344 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
13:38:28.0966 0x1344 CmBatt - ok
13:38:29.0013 0x1344 [ 3E502EB1701CF54CF237B6250FBE38EA, E63F6F45D3990ACBCA96003F67C83697BA5B74B89F972C5E9CC45F90D05519FF ] CNG C:\WINDOWS\system32\Drivers\cng.sys
13:38:29.0044 0x1344 CNG - ok
13:38:29.0075 0x1344 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
13:38:29.0091 0x1344 cnghwassist - ok
13:38:29.0169 0x1344 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
13:38:29.0200 0x1344 CompositeBus - ok
13:38:29.0216 0x1344 COMSysApp - ok
13:38:29.0247 0x1344 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
13:38:29.0263 0x1344 condrv - ok
13:38:29.0310 0x1344 [ 03DCC01047713690E312B013C60881AE, B98174222DDFDA2A31BAC4795D99FA07D1D03107ABDB27BF5069FAFBBF00D278 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
13:38:29.0357 0x1344 CoreMessagingRegistrar - ok
13:38:29.0466 0x1344 [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
13:38:29.0638 0x1344 cphs - ok
13:38:29.0669 0x1344 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
13:38:29.0732 0x1344 CryptSvc - ok
13:38:29.0763 0x1344 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
13:38:29.0779 0x1344 dam - ok
13:38:29.0841 0x1344 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:38:29.0919 0x1344 DcomLaunch - ok
13:38:29.0950 0x1344 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
13:38:29.0982 0x1344 DcpSvc - ok
13:38:30.0029 0x1344 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
13:38:30.0091 0x1344 defragsvc - ok
13:38:30.0138 0x1344 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:38:30.0216 0x1344 DeviceAssociationService - ok
13:38:30.0247 0x1344 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
13:38:30.0294 0x1344 DeviceInstall - ok
13:38:30.0325 0x1344 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
13:38:30.0404 0x1344 DevQueryBroker - ok
13:38:30.0435 0x1344 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
13:38:30.0513 0x1344 Dfsc - ok
13:38:30.0544 0x1344 [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
13:38:30.0560 0x1344 dg_ssudbus - ok
13:38:30.0591 0x1344 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
13:38:30.0732 0x1344 Dhcp - ok
13:38:30.0794 0x1344 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:38:30.0904 0x1344 diagnosticshub.standardcollector.service - ok
13:38:30.0997 0x1344 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
13:38:31.0185 0x1344 DiagTrack - ok
13:38:31.0216 0x1344 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
13:38:31.0247 0x1344 disk - ok
13:38:31.0294 0x1344 [ 44A5CAF4E736BCD4360015BB3B841179, 8CD74620C3E163FF998CA8C09A999FED5C9EFDC88D07493192A57032D18CA973 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
13:38:31.0357 0x1344 DmEnrollmentSvc - ok
13:38:31.0388 0x1344 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
13:38:31.0435 0x1344 dmvsc - ok
13:38:31.0466 0x1344 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
13:38:31.0544 0x1344 dmwappushservice - ok
13:38:31.0588 0x1344 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:38:31.0674 0x1344 Dnscache - ok
13:38:31.0716 0x1344 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
13:38:31.0786 0x1344 dot3svc - ok
13:38:31.0825 0x1344 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
13:38:31.0887 0x1344 DPS - ok
13:38:31.0917 0x1344 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
13:38:31.0933 0x1344 drmkaud - ok
13:38:31.0972 0x1344 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
13:38:32.0035 0x1344 DsmSvc - ok
13:38:32.0082 0x1344 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
13:38:32.0113 0x1344 DsSvc - ok
13:38:32.0207 0x1344 [ 125C83C44EEE61E2ED5893F23AEF0FC9, D6599AFFA1A554124AEF6862C69027F9FF9B343362091439866641A1CFB0E76A ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:38:32.0300 0x1344 DXGKrnl - ok
13:38:32.0332 0x1344 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:38:32.0363 0x1344 EapHost - ok
13:38:32.0516 0x1344 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
13:38:32.0686 0x1344 ebdrv - ok
13:38:32.0719 0x1344 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
13:38:32.0736 0x1344 EFS - ok
13:38:32.0756 0x1344 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
13:38:32.0773 0x1344 EhStorClass - ok
13:38:32.0808 0x1344 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:38:32.0815 0x1344 EhStorTcgDrv - ok
13:38:32.0862 0x1344 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
13:38:32.0893 0x1344 embeddedmode - ok
13:38:32.0924 0x1344 [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
13:38:32.0971 0x1344 EntAppSvc - ok
13:38:32.0971 0x1344 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
13:38:33.0034 0x1344 ErrDev - ok
13:38:33.0096 0x1344 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
13:38:33.0159 0x1344 EventSystem - ok
13:38:33.0206 0x1344 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
13:38:33.0268 0x1344 exfat - ok
13:38:33.0284 0x1344 [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
13:38:33.0315 0x1344 fastfat - ok
13:38:33.0362 0x1344 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
13:38:33.0456 0x1344 Fax - ok
13:38:33.0471 0x1344 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
13:38:33.0503 0x1344 fdc - ok
13:38:33.0534 0x1344 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
13:38:33.0581 0x1344 fdPHost - ok
13:38:33.0596 0x1344 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
13:38:33.0628 0x1344 FDResPub - ok
13:38:33.0643 0x1344 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
13:38:33.0737 0x1344 fhsvc - ok
13:38:33.0768 0x1344 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
13:38:33.0831 0x1344 FileCrypt - ok
13:38:33.0862 0x1344 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
13:38:33.0878 0x1344 FileInfo - ok
13:38:33.0894 0x1344 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
13:38:33.0940 0x1344 Filetrace - ok
13:38:33.0956 0x1344 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
13:38:34.0019 0x1344 flpydisk - ok
13:38:34.0034 0x1344 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:38:34.0066 0x1344 FltMgr - ok
13:38:34.0147 0x1344 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
13:38:34.0323 0x1344 FontCache - ok
13:38:34.0432 0x1344 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:38:34.0448 0x1344 FontCache3.0.0.0 - ok
13:38:34.0495 0x1344 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
13:38:34.0604 0x1344 FrameServer - ok
13:38:34.0635 0x1344 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
13:38:34.0651 0x1344 FsDepends - ok
13:38:34.0682 0x1344 [ 97E192AD3C00286CB02B9E76565EF38B, 47BEC132D1A425A49E0E023B94BA47E08B40304CD3DD8031F2E345CD1F14539C ] fspad_win764 C:\WINDOWS\system32\DRIVERS\fspad_win764.sys
13:38:34.0698 0x1344 fspad_win764 - ok
13:38:34.0807 0x1344 [ 41AEDA395F97B67CD997DDE048EB9F6D, D0369330D8FC2CFE7FBCA48055195EE2BD54E6A0E2A92A14E34B7136166BCC35 ] FspSvc C:\Windows\System32\FspService.exe
13:38:34.0885 0x1344 FspSvc - ok
13:38:34.0901 0x1344 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:38:34.0901 0x1344 Fs_Rec - ok
13:38:34.0949 0x1344 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:38:34.0981 0x1344 fvevol - ok
13:38:35.0012 0x1344 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
13:38:35.0090 0x1344 gencounter - ok
13:38:35.0106 0x1344 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
13:38:35.0153 0x1344 genericusbfn - ok
13:38:35.0168 0x1344 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:38:35.0184 0x1344 GPIOClx0101 - ok
13:38:35.0246 0x1344 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
13:38:35.0403 0x1344 gpsvc - ok
13:38:35.0434 0x1344 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
13:38:35.0465 0x1344 GpuEnergyDrv - ok
13:38:35.0528 0x1344 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:38:35.0543 0x1344 gupdate - ok
13:38:35.0559 0x1344 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:38:35.0559 0x1344 gupdatem - ok
13:38:35.0574 0x1344 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
13:38:35.0634 0x1344 HDAudBus - ok
13:38:35.0649 0x1344 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
13:38:35.0696 0x1344 HidBatt - ok
13:38:35.0712 0x1344 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
13:38:35.0743 0x1344 HidBth - ok
13:38:35.0769 0x1344 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
13:38:35.0784 0x1344 hidi2c - ok
13:38:35.0815 0x1344 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
13:38:35.0831 0x1344 hidinterrupt - ok
13:38:35.0847 0x1344 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
13:38:35.0878 0x1344 HidIr - ok
13:38:35.0909 0x1344 [ 957BD482212B77624E63A54EDDB414F8, A82668FE65473B45179EE163A9E01BB36C0F6A9662EDF344423A858562E135B2 ] hidkmdf C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
13:38:35.0925 0x1344 hidkmdf - ok
13:38:35.0948 0x1344 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
13:38:36.0025 0x1344 hidserv - ok
13:38:36.0062 0x1344 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
13:38:36.0156 0x1344 HidUsb - ok
13:38:36.0187 0x1344 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:38:36.0250 0x1344 HomeGroupListener - ok
13:38:36.0297 0x1344 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:38:36.0359 0x1344 HomeGroupProvider - ok
13:38:36.0391 0x1344 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
13:38:36.0406 0x1344 HpSAMD - ok
13:38:36.0453 0x1344 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
13:38:36.0511 0x1344 HTTP - ok
13:38:36.0542 0x1344 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
13:38:36.0605 0x1344 HvHost - ok
13:38:36.0636 0x1344 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
13:38:36.0652 0x1344 hvservice - ok
13:38:36.0699 0x1344 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
13:38:36.0714 0x1344 hwpolicy - ok
13:38:36.0730 0x1344 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
13:38:36.0761 0x1344 hyperkbd - ok
13:38:36.0792 0x1344 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
13:38:36.0886 0x1344 i8042prt - ok
13:38:36.0917 0x1344 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
13:38:36.0996 0x1344 iagpio - ok
13:38:37.0011 0x1344 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
13:38:37.0058 0x1344 iai2c - ok
13:38:37.0089 0x1344 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
13:38:37.0105 0x1344 iaLPSS2i_GPIO2 - ok
13:38:37.0152 0x1344 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
13:38:37.0167 0x1344 iaLPSS2i_I2C - ok
13:38:37.0183 0x1344 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:38:37.0199 0x1344 iaLPSSi_GPIO - ok
13:38:37.0214 0x1344 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:38:37.0230 0x1344 iaLPSSi_I2C - ok
13:38:37.0262 0x1344 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
13:38:37.0308 0x1344 iaStorAV - ok
13:38:37.0324 0x1344 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
13:38:37.0355 0x1344 iaStorV - ok
13:38:37.0402 0x1344 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
13:38:37.0433 0x1344 ibbus - ok
13:38:37.0449 0x1344 [ 50B8AB6013EF9970AC85FDBA0F622300, 8E52098830DCF8E35286AFE73047AB00C2F10A139E405A05364F819978F1CBB3 ] iBtFltCoex C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
13:38:37.0496 0x1344 iBtFltCoex - detected UnsignedFile.Multi.Generic ( 1 )
13:38:37.0575 0x1344 Detect skipped due to KSN trusted
13:38:37.0575 0x1344 iBtFltCoex - ok
13:38:37.0595 0x1344 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
13:38:37.0689 0x1344 icssvc - ok
13:38:37.0882 0x1344 [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
13:38:38.0143 0x1344 igfx - ok
13:38:38.0205 0x1344 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
13:38:38.0283 0x1344 IKEEXT - ok
13:38:38.0299 0x1344 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
13:38:38.0330 0x1344 IndirectKmd - ok
13:38:38.0502 0x1344 [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:38:38.0705 0x1344 IntcAzAudAddService - ok
13:38:38.0737 0x1344 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
13:38:38.0846 0x1344 IntcDAud - ok
13:38:38.0924 0x1344 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
13:38:38.0924 0x1344 intelide - ok
13:38:38.0971 0x1344 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
13:38:38.0987 0x1344 intelpep - ok
13:38:39.0002 0x1344 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
13:38:39.0034 0x1344 intelppm - ok
13:38:39.0065 0x1344 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
13:38:39.0065 0x1344 iorate - ok
13:38:39.0096 0x1344 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:38:39.0143 0x1344 IpFilterDriver - ok
13:38:39.0200 0x1344 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
13:38:39.0309 0x1344 iphlpsvc - ok
13:38:39.0325 0x1344 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:38:39.0340 0x1344 IPMIDRV - ok
13:38:39.0372 0x1344 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
13:38:39.0403 0x1344 IPNAT - ok
13:38:39.0419 0x1344 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
13:38:39.0455 0x1344 irda - ok
13:38:39.0485 0x1344 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
13:38:39.0504 0x1344 IRENUM - ok
13:38:39.0530 0x1344 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
13:38:39.0577 0x1344 irmon - ok
13:38:39.0605 0x1344 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
13:38:39.0620 0x1344 isapnp - ok
13:38:39.0657 0x1344 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
13:38:39.0684 0x1344 iScsiPrt - ok
13:38:39.0706 0x1344 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
13:38:39.0723 0x1344 kbdclass - ok
13:38:39.0744 0x1344 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
13:38:39.0800 0x1344 kbdhid - ok
13:38:39.0825 0x1344 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
13:38:39.0861 0x1344 kdnic - ok
13:38:39.0898 0x1344 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
13:38:39.0915 0x1344 KeyIso - ok
13:38:39.0955 0x1344 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
13:38:39.0974 0x1344 KSecDD - ok
13:38:40.0009 0x1344 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:38:40.0023 0x1344 KSecPkg - ok
13:38:40.0054 0x1344 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
13:38:40.0116 0x1344 ksthunk - ok
13:38:40.0226 0x1344 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
13:38:40.0304 0x1344 KtmRm - ok
13:38:40.0335 0x1344 [ 4E444F41E69BBE2E0BAE34D5DFCB5732, ACAEFB839CF7A3113D026B9A715994C3DFF8797D73B991253959EF606C4FBC00 ] L1C C:\WINDOWS\System32\drivers\L1C63x64.sys
13:38:40.0366 0x1344 L1C - ok
13:38:40.0398 0x1344 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
13:38:40.0445 0x1344 LanmanServer - ok
13:38:40.0491 0x1344 [ B581907FD94F1FF148BF695331F67612, 05D1FFA456557A291566D788B8DE2485552E361EC3C0F63EA1A710BE940A5398 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:38:40.0554 0x1344 LanmanWorkstation - ok
13:38:40.0591 0x1344 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
13:38:40.0670 0x1344 lfsvc - ok
13:38:40.0685 0x1344 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
13:38:40.0779 0x1344 LicenseManager - ok
13:38:40.0795 0x1344 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
13:38:40.0826 0x1344 lltdio - ok
13:38:40.0873 0x1344 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
13:38:40.0920 0x1344 lltdsvc - ok
13:38:40.0935 0x1344 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
13:38:40.0966 0x1344 lmhosts - ok
13:38:40.0998 0x1344 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
13:38:41.0013 0x1344 LSI_SAS - ok
13:38:41.0045 0x1344 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
13:38:41.0060 0x1344 LSI_SAS2i - ok
13:38:41.0076 0x1344 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
13:38:41.0091 0x1344 LSI_SAS3i - ok
13:38:41.0123 0x1344 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
13:38:41.0138 0x1344 LSI_SSS - ok
13:38:41.0201 0x1344 [ 06276381A0797FD417E7068C1210FA06, 204144E9792216F952CED869ECB6B26FB466BF730B8A73FA4799B1EBC1A630AB ] LSM C:\WINDOWS\System32\lsm.dll
13:38:41.0310 0x1344 LSM - ok
13:38:41.0341 0x1344 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
13:38:41.0388 0x1344 luafv - ok
13:38:41.0420 0x1344 [ ED5B42D75F3DEE93040B3930DA9F3009, E919DA20E46FE1C81CB76090B799DD858DD4771DB0EBDE4545DB4681A0AFFE8E ] MapsBroker C:\WINDOWS\System32\moshost.dll
13:38:41.0482 0x1344 MapsBroker - ok
13:38:41.0513 0x1344 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
13:38:41.0529 0x1344 megasas - ok
13:38:41.0545 0x1344 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
13:38:41.0560 0x1344 megasas2i - ok
13:38:41.0591 0x1344 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
13:38:41.0623 0x1344 megasr - ok
13:38:41.0654 0x1344 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
13:38:41.0670 0x1344 MessagingService - ok
13:38:41.0763 0x1344 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
13:38:41.0826 0x1344 mlx4_bus - ok
13:38:41.0842 0x1344 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
13:38:41.0920 0x1344 MMCSS - ok
13:38:41.0982 0x1344 [ 97B041BB78636EDC0A7B0AB68C98EB9B, 2467BE97094D5169858AB2D62B7AC490E22D98EBDF8955A2B5809BD5DA2964B3 ] mod7764 C:\WINDOWS\system32\DRIVERS\mod77-64.sys
13:38:42.0060 0x1344 mod7764 - ok
13:38:42.0076 0x1344 [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem C:\WINDOWS\system32\drivers\modem.sys
13:38:42.0107 0x1344 Modem - ok
13:38:42.0123 0x1344 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
13:38:42.0154 0x1344 monitor - ok
13:38:42.0170 0x1344 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
13:38:42.0185 0x1344 mouclass - ok
13:38:42.0201 0x1344 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
13:38:42.0263 0x1344 mouhid - ok
13:38:42.0279 0x1344 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
13:38:42.0295 0x1344 mountmgr - ok
13:38:42.0326 0x1344 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
13:38:42.0404 0x1344 mpsdrv - ok
13:38:42.0467 0x1344 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
13:38:42.0529 0x1344 MpsSvc - ok
13:38:42.0560 0x1344 [ 4FC62380457DE25B69011D3542E954AC, D212DDD2446618A6215CF9FC370FA2634F027BC92D1D4999E019BEF8A86AA6EB ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
13:38:42.0623 0x1344 MQAC - ok
13:38:42.0654 0x1344 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
13:38:42.0810 0x1344 MRxDAV - ok
13:38:42.0842 0x1344 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:38:42.0873 0x1344 mrxsmb - ok
13:38:42.0920 0x1344 [ 200E4A385F5F370D8866BAE25B0D9D32, 114AD45000A0C74EAE26C3075BBFEF80B9386C69D58CE4436CAFCF13613EAEFA ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:38:43.0014 0x1344 mrxsmb10 - ok
13:38:43.0045 0x1344 [ F7C22604CD8AFB9AF1C1E3CE39A5A09F, 3F7B39336F8A72525C667D45C9300CA6D017BDE17A6E23EF794BA59D2F3C78F3 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:38:43.0060 0x1344 mrxsmb20 - ok
13:38:43.0092 0x1344 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
13:38:43.0107 0x1344 MsBridge - ok
13:38:43.0139 0x1344 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:38:43.0185 0x1344 MSDTC - ok
13:38:43.0201 0x1344 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:38:43.0264 0x1344 Msfs - ok
13:38:43.0295 0x1344 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:38:43.0310 0x1344 msgpiowin32 - ok
13:38:43.0326 0x1344 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:38:43.0389 0x1344 mshidkmdf - ok
13:38:43.0404 0x1344 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
13:38:43.0436 0x1344 mshidumdf - ok
13:38:43.0467 0x1344 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
13:38:43.0467 0x1344 msisadrv - ok
13:38:43.0514 0x1344 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
13:38:43.0576 0x1344 MSiSCSI - ok
13:38:43.0576 0x1344 msiserver - ok
13:38:43.0592 0x1344 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
13:38:43.0639 0x1344 MSKSSRV - ok
13:38:43.0670 0x1344 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
13:38:43.0717 0x1344 MsLldp - ok
13:38:43.0748 0x1344 [ F3EF38D07A4ADCDF922EEEAF0FED7D4D, B9D436BFA29AA0A7B00889D96C4F8BC33C1809E19B7A71A69AB2E534E9794BF0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
13:38:43.0764 0x1344 MSMQ - ok
13:38:43.0764 0x1344 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
13:38:43.0811 0x1344 MSPCLOCK - ok
13:38:43.0826 0x1344 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
13:38:43.0857 0x1344 MSPQM - ok
13:38:43.0873 0x1344 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
13:38:43.0904 0x1344 MsRPC - ok
13:38:43.0904 0x1344 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
13:38:43.0920 0x1344 mssmbios - ok
13:38:43.0936 0x1344 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
13:38:43.0967 0x1344 MSTEE - ok
13:38:43.0982 0x1344 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
13:38:44.0014 0x1344 MTConfig - ok
13:38:44.0045 0x1344 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
13:38:44.0061 0x1344 Mup - ok
13:38:44.0076 0x1344 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
13:38:44.0092 0x1344 mvumis - ok
13:38:44.0154 0x1344 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:38:44.0264 0x1344 NativeWifiP - ok
13:38:44.0311 0x1344 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
13:38:44.0389 0x1344 NcaSvc - ok
13:38:44.0420 0x1344 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
13:38:44.0467 0x1344 NcbService - ok
13:38:44.0482 0x1344 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
13:38:44.0561 0x1344 NcdAutoSetup - ok
13:38:44.0592 0x1344 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
13:38:44.0607 0x1344 ndfltr - ok
13:38:44.0670 0x1344 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
13:38:44.0732 0x1344 NDIS - ok
13:38:44.0764 0x1344 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
13:38:44.0811 0x1344 NdisCap - ok
13:38:44.0842 0x1344 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
13:38:44.0889 0x1344 NdisImPlatform - ok
13:38:44.0904 0x1344 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:38:44.0951 0x1344 NdisTapi - ok
13:38:44.0967 0x1344 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
13:38:44.0998 0x1344 Ndisuio - ok
13:38:45.0014 0x1344 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:38:45.0029 0x1344 NdisVirtualBus - ok
13:38:45.0061 0x1344 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
13:38:45.0092 0x1344 NdisWan - ok
13:38:45.0107 0x1344 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:38:45.0139 0x1344 ndiswanlegacy - ok
13:38:45.0170 0x1344 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
13:38:45.0201 0x1344 ndproxy - ok
13:38:45.0217 0x1344 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
13:38:45.0279 0x1344 Ndu - ok
13:38:45.0311 0x1344 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
13:38:45.0373 0x1344 NetAdapterCx - ok
13:38:45.0389 0x1344 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
13:38:45.0404 0x1344 NetBIOS - ok
13:38:45.0436 0x1344 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:38:45.0483 0x1344 NetBT - ok
13:38:45.0498 0x1344 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:38:45.0514 0x1344 Netlogon - ok
13:38:45.0530 0x1344 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
13:38:45.0576 0x1344 Netman - ok
13:38:45.0623 0x1344 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:38:45.0639 0x1344 NetMsmqActivator - ok
13:38:45.0655 0x1344 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:38:45.0670 0x1344 NetPipeActivator - ok
13:38:45.0717 0x1344 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
13:38:45.0795 0x1344 netprofm - ok
13:38:45.0826 0x1344 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
13:38:45.0905 0x1344 NetSetupSvc - ok
13:38:45.0920 0x1344 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:38:45.0936 0x1344 NetTcpActivator - ok
13:38:45.0951 0x1344 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:38:45.0967 0x1344 NetTcpPortSharing - ok
13:38:46.0374 0x1344 [ 272BB8C52BE106B5CC69171AF1D281D4, 3D65A772C15440DF5895843185241D890CCDECA0E02DD6CF32CCB9B5849E31A4 ] NETwNs64 C:\WINDOWS\System32\drivers\Netwsw00.sys
13:38:47.0005 0x1344 NETwNs64 - ok
13:38:47.0061 0x1344 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
13:38:47.0123 0x1344 NgcCtnrSvc - ok
13:38:47.0186 0x1344 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
13:38:47.0280 0x1344 NgcSvc - ok
13:38:47.0311 0x1344 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
13:38:47.0405 0x1344 NlaSvc - ok
13:38:47.0420 0x1344 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:38:47.0451 0x1344 Npfs - ok
13:38:47.0467 0x1344 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
13:38:47.0530 0x1344 npsvctrig - ok
13:38:47.0561 0x1344 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
13:38:47.0592 0x1344 nsi - ok
13:38:47.0608 0x1344 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
13:38:47.0640 0x1344 nsiproxy - ok
13:38:47.0734 0x1344 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
13:38:47.0843 0x1344 NTFS - ok
13:38:47.0874 0x1344 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
13:38:47.0890 0x1344 Null - ok
13:38:47.0921 0x1344 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
13:38:47.0937 0x1344 nvraid - ok
13:38:47.0953 0x1344 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
13:38:47.0968 0x1344 nvstor - ok
13:38:48.0015 0x1344 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
13:38:48.0078 0x1344 OneSyncSvc - ok
13:38:48.0140 0x1344 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
13:38:48.0202 0x1344 p2pimsvc - ok
13:38:48.0234 0x1344 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
13:38:48.0265 0x1344 p2psvc - ok
13:38:48.0296 0x1344 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
13:38:48.0343 0x1344 Parport - ok
13:38:48.0374 0x1344 [ 9DB326B54C03EF2892E7551D8B354036, 64CD77E8A4425E80CFB61DEE33C1A677A4044C6FC0614D74B20BDDD7C5D5334D ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
13:38:48.0390 0x1344 partmgr - ok
13:38:48.0437 0x1344 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
13:38:48.0468 0x1344 PcaSvc - ok
13:38:48.0499 0x1344 [ 101CC1FD8D48ED1EF71F0840158D0E6D, A944D70DE230E3FBD8B371EF3BED1FCD12AAFD56945A8F5C44994AF13283FCCD ] pci C:\WINDOWS\system32\drivers\pci.sys
13:38:48.0531 0x1344 pci - ok
13:38:48.0576 0x1344 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
13:38:48.0590 0x1344 pciide - ok
13:38:48.0606 0x1344 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
13:38:48.0625 0x1344 pcmcia - ok
13:38:48.0636 0x1344 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
13:38:48.0652 0x1344 pcw - ok
13:38:48.0669 0x1344 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
13:38:48.0687 0x1344 pdc - ok
13:38:48.0731 0x1344 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
13:38:48.0788 0x1344 PEAUTH - ok
13:38:48.0822 0x1344 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
13:38:48.0838 0x1344 percsas2i - ok
13:38:48.0852 0x1344 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
13:38:48.0869 0x1344 percsas3i - ok
13:38:48.0978 0x1344 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
13:38:49.0041 0x1344 PerfHost - ok
13:38:49.0102 0x1344 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
13:38:49.0245 0x1344 PhoneSvc - ok
13:38:49.0272 0x1344 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
13:38:49.0381 0x1344 PimIndexMaintenanceSvc - ok
13:38:49.0491 0x1344 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
13:38:49.0600 0x1344 pla - ok
13:38:49.0631 0x1344 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
13:38:49.0662 0x1344 PlugPlay - ok
13:38:49.0694 0x1344 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
13:38:49.0725 0x1344 PNRPAutoReg - ok
13:38:49.0756 0x1344 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc
|
|
15.12.2016, 13:45
| #6 |
| | Email Account gehackt TDSKiller 2. Teil: Code:
ATTFilter C:\WINDOWS\system32\pnrpsvc.dll
13:38:49.0787 0x1344 PNRPsvc - ok
13:38:49.0834 0x1344 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
13:38:49.0881 0x1344 PolicyAgent - ok
13:38:49.0913 0x1344 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
13:38:49.0944 0x1344 Power - ok
13:38:49.0959 0x1344 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
13:38:50.0006 0x1344 PptpMiniport - ok
13:38:50.0172 0x1344 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:38:50.0469 0x1344 PrintNotify - ok
13:38:50.0516 0x1344 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
13:38:50.0547 0x1344 Processor - ok
13:38:50.0578 0x1344 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
13:38:50.0687 0x1344 ProfSvc - ok
13:38:50.0705 0x1344 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
13:38:50.0748 0x1344 Psched - ok
13:38:50.0781 0x1344 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
13:38:50.0853 0x1344 QWAVE - ok
13:38:50.0884 0x1344 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
13:38:50.0916 0x1344 QWAVEdrv - ok
13:38:50.0938 0x1344 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:38:50.0965 0x1344 RasAcd - ok
13:38:50.0992 0x1344 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
13:38:51.0049 0x1344 RasAgileVpn - ok
13:38:51.0074 0x1344 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:38:51.0105 0x1344 RasAuto - ok
13:38:51.0126 0x1344 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
13:38:51.0167 0x1344 Rasl2tp - ok
13:38:51.0219 0x1344 [ 3C0A10FFC3CB95D249CA64D62BC912EF, 8A75398EF3FF4BBE822031B3D1C63BFC75ABE11AB35BC0451DFF3B1D56477D97 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:38:51.0341 0x1344 RasMan - ok
13:38:51.0358 0x1344 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:38:51.0379 0x1344 RasPppoe - ok
13:38:51.0404 0x1344 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
13:38:51.0442 0x1344 RasSstp - ok
13:38:51.0487 0x1344 [ EDAF0E161BE98CCC4FC9671481600745, 50DB73C341086E346F6EF57E40A7C3A8F6279E5EBB53A67F9B71B7877EB75734 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:38:51.0518 0x1344 rdbss - ok
13:38:51.0556 0x1344 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
13:38:51.0583 0x1344 rdpbus - ok
13:38:51.0604 0x1344 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
13:38:51.0640 0x1344 RDPDR - ok
13:38:51.0668 0x1344 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:38:51.0683 0x1344 RdpVideoMiniport - ok
13:38:51.0718 0x1344 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
13:38:51.0731 0x1344 rdyboost - ok
13:38:51.0778 0x1344 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
13:38:51.0825 0x1344 ReFSv1 - ok
13:38:51.0872 0x1344 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:38:51.0963 0x1344 RemoteAccess - ok
13:38:51.0994 0x1344 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:38:52.0025 0x1344 RemoteRegistry - ok
13:38:52.0072 0x1344 [ FA62C4E1D753B489832DD0A7033665EE, BB0B59ABC79CEFA949632179239D711944C29E93EBCE60E629DE75AF2C3268B2 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
13:38:52.0134 0x1344 RetailDemo - ok
13:38:52.0166 0x1344 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
13:38:52.0197 0x1344 RmSvc - ok
13:38:52.0228 0x1344 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
13:38:52.0259 0x1344 RpcEptMapper - ok
13:38:52.0277 0x1344 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
13:38:52.0292 0x1344 RpcLocator - ok
13:38:52.0339 0x1344 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:38:52.0402 0x1344 RpcSs - ok
13:38:52.0417 0x1344 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
13:38:52.0449 0x1344 rspndr - ok
13:38:52.0501 0x1344 [ 3940780911A7BD1793B7CEEC9E4429C2, 539511D26D2EE348F80D9EFA414FD731983B14D8218E498217E7A0A0E439E41C ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
13:38:52.0522 0x1344 RTSUER - ok
13:38:52.0553 0x1344 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
13:38:52.0569 0x1344 s3cap - ok
13:38:52.0584 0x1344 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
13:38:52.0615 0x1344 SamSs - ok
13:38:52.0642 0x1344 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
13:38:52.0660 0x1344 sbp2port - ok
13:38:52.0701 0x1344 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
13:38:52.0758 0x1344 SCardSvr - ok
13:38:52.0780 0x1344 [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
13:38:52.0823 0x1344 ScDeviceEnum - ok
13:38:52.0851 0x1344 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:38:52.0888 0x1344 scfilter - ok
13:38:52.0942 0x1344 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:38:53.0018 0x1344 Schedule - ok
13:38:53.0034 0x1344 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
13:38:53.0052 0x1344 scmbus - ok
13:38:53.0082 0x1344 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
13:38:53.0121 0x1344 scmdisk0101 - ok
13:38:53.0152 0x1344 [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
13:38:53.0180 0x1344 SCPolicySvc - ok
13:38:53.0219 0x1344 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
13:38:53.0246 0x1344 sdbus - ok
13:38:53.0277 0x1344 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
13:38:53.0338 0x1344 SDRSVC - ok
13:38:53.0379 0x1344 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
13:38:53.0446 0x1344 sdstor - ok
13:38:53.0519 0x1344 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
13:38:53.0601 0x1344 seclogon - ok
13:38:53.0643 0x1344 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
13:38:53.0689 0x1344 SENS - ok
13:38:53.0764 0x1344 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
13:38:53.0910 0x1344 SensorDataService - ok
13:38:53.0947 0x1344 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
13:38:54.0015 0x1344 SensorService - ok
13:38:54.0052 0x1344 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
13:38:54.0113 0x1344 SensrSvc - ok
13:38:54.0125 0x1344 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
13:38:54.0143 0x1344 SerCx - ok
13:38:54.0163 0x1344 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
13:38:54.0183 0x1344 SerCx2 - ok
13:38:54.0202 0x1344 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
13:38:54.0234 0x1344 Serenum - ok
13:38:54.0255 0x1344 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
13:38:54.0270 0x1344 Serial - ok
13:38:54.0286 0x1344 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
13:38:54.0317 0x1344 sermouse - ok
13:38:54.0366 0x1344 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
13:38:54.0454 0x1344 SessionEnv - ok
13:38:54.0474 0x1344 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
13:38:54.0486 0x1344 sfloppy - ok
13:38:54.0533 0x1344 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:38:54.0595 0x1344 SharedAccess - ok
13:38:54.0650 0x1344 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:38:54.0712 0x1344 ShellHWDetection - ok
13:38:54.0744 0x1344 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
13:38:54.0806 0x1344 shpamsvc - ok
13:38:54.0837 0x1344 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:38:54.0837 0x1344 SiSRaid2 - ok
13:38:54.0853 0x1344 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
13:38:54.0869 0x1344 SiSRaid4 - ok
13:38:54.0947 0x1344 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:38:54.0963 0x1344 SkypeUpdate - ok
13:38:54.0994 0x1344 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
13:38:55.0072 0x1344 smphost - ok
13:38:55.0131 0x1344 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
13:38:55.0208 0x1344 SmsRouter - ok
13:38:55.0235 0x1344 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
13:38:55.0266 0x1344 SNMPTRAP - ok
13:38:55.0297 0x1344 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
13:38:55.0344 0x1344 spaceport - ok
13:38:55.0375 0x1344 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
13:38:55.0391 0x1344 SpbCx - ok
13:38:55.0422 0x1344 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
13:38:55.0550 0x1344 Spooler - ok
13:38:55.0748 0x1344 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
13:38:55.0964 0x1344 sppsvc - ok
13:38:56.0034 0x1344 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:38:56.0095 0x1344 srv - ok
13:38:56.0154 0x1344 [ 1312896CAE6AF0D4557DB7B37283C116, 9E3701DBBF0F45368A217549A7DFDA2543C4AB3AC9CCF65A73E1FE27CC4A278E ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
13:38:56.0237 0x1344 srv2 - ok
13:38:56.0271 0x1344 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:38:56.0323 0x1344 srvnet - ok
13:38:56.0367 0x1344 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:38:56.0446 0x1344 SSDPSRV - ok
13:38:56.0493 0x1344 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
13:38:56.0536 0x1344 SstpSvc - ok
13:38:56.0562 0x1344 [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
13:38:56.0563 0x1344 ssudmdm - ok
13:38:56.0752 0x1344 [ FD881B87C853EB2F0B8B7B5CC71D6FE3, 780038C203C9277C366794302D90BC0AE75568863F1FB7044197BA20D798E4BA ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
13:38:57.0037 0x1344 StateRepository - ok
13:38:57.0060 0x1344 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
13:38:57.0076 0x1344 stexstor - ok
13:38:57.0137 0x1344 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
13:38:57.0219 0x1344 stisvc - ok
13:38:57.0255 0x1344 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
13:38:57.0260 0x1344 storahci - ok
13:38:57.0291 0x1344 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
13:38:57.0307 0x1344 storflt - ok
13:38:57.0338 0x1344 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
13:38:57.0354 0x1344 stornvme - ok
13:38:57.0385 0x1344 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
13:38:57.0463 0x1344 storqosflt - ok
13:38:57.0494 0x1344 [ 6C982BC7E4DB161530A0D831718D7113, B0FAEACC91023031E53A161ECEFCF62764C96B8705E9089B4A7B4F7A2F3B6BAA ] StorSvc C:\WINDOWS\system32\storsvc.dll
13:38:57.0572 0x1344 StorSvc - ok
13:38:57.0588 0x1344 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
13:38:57.0604 0x1344 storufs - ok
13:38:57.0604 0x1344 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
13:38:57.0619 0x1344 storvsc - ok
13:38:57.0666 0x1344 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
13:38:57.0682 0x1344 svsvc - ok
13:38:57.0713 0x1344 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
13:38:57.0728 0x1344 swenum - ok
13:38:57.0742 0x1344 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
13:38:57.0789 0x1344 swprv - ok
13:38:57.0838 0x1344 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
13:38:57.0889 0x1344 Synth3dVsc - ok
13:38:57.0947 0x1344 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
13:38:58.0012 0x1344 SysMain - ok
13:38:58.0043 0x1344 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:38:58.0097 0x1344 SystemEventsBroker - ok
13:38:58.0123 0x1344 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:38:58.0168 0x1344 TabletInputService - ok
13:38:58.0190 0x1344 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:38:58.0222 0x1344 TapiSrv - ok
13:38:58.0337 0x1344 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
13:38:58.0447 0x1344 Tcpip - ok
13:38:58.0521 0x1344 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
13:38:58.0615 0x1344 Tcpip6 - ok
13:38:58.0688 0x1344 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
13:38:58.0736 0x1344 tcpipreg - ok
13:38:58.0783 0x1344 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
13:38:58.0799 0x1344 tdx - ok
13:38:58.0799 0x1344 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
13:38:58.0815 0x1344 terminpt - ok
13:38:58.0896 0x1344 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
13:38:58.0986 0x1344 TermService - ok
13:38:59.0017 0x1344 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
13:38:59.0048 0x1344 Themes - ok
13:38:59.0095 0x1344 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
13:38:59.0138 0x1344 TieringEngineService - ok
13:38:59.0170 0x1344 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
13:38:59.0279 0x1344 tiledatamodelsvc - ok
13:38:59.0323 0x1344 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
13:38:59.0360 0x1344 TimeBrokerSvc - ok
13:38:59.0393 0x1344 [ 3D04046C468AD2868A093925B5E2AA0A, 44696259BEF49AC200DEE146DE0E4375B0CD09F9356CCFA22BD7AD8B53E48658 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
13:38:59.0402 0x1344 TPM - ok
13:38:59.0433 0x1344 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
13:38:59.0480 0x1344 TrkWks - ok
13:38:59.0529 0x1344 [ AF343840E793BE63A9C646760BE8F2CD, 483FE55873A01DB7ACEC99B6823DAACC9EA7C67D36C6F12698113B31A7D5B8BE ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:38:59.0583 0x1344 TrustedInstaller - ok
13:38:59.0599 0x1344 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
13:38:59.0646 0x1344 tsusbflt - ok
13:38:59.0675 0x1344 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:38:59.0701 0x1344 TsUsbGD - ok
13:38:59.0717 0x1344 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
13:38:59.0764 0x1344 tunnel - ok
13:38:59.0779 0x1344 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
13:38:59.0889 0x1344 tzautoupdate - ok
13:38:59.0920 0x1344 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
13:38:59.0935 0x1344 UASPStor - ok
13:38:59.0951 0x1344 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
13:38:59.0998 0x1344 UcmCx0101 - ok
13:39:00.0029 0x1344 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
13:39:00.0060 0x1344 UcmTcpciCx0101 - ok
13:39:00.0076 0x1344 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
13:39:00.0092 0x1344 UcmUcsi - ok
13:39:00.0123 0x1344 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
13:39:00.0141 0x1344 Ucx01000 - ok
13:39:00.0172 0x1344 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
13:39:00.0230 0x1344 UdeCx - ok
13:39:00.0246 0x1344 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
13:39:00.0293 0x1344 udfs - ok
13:39:00.0309 0x1344 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
13:39:00.0323 0x1344 UEFI - ok
13:39:00.0341 0x1344 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
13:39:00.0349 0x1344 Ufx01000 - ok
13:39:00.0399 0x1344 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
13:39:00.0416 0x1344 UfxChipidea - ok
13:39:00.0448 0x1344 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
13:39:00.0479 0x1344 ufxsynopsys - ok
13:39:00.0530 0x1344 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
13:39:00.0548 0x1344 UI0Detect - ok
13:39:00.0548 0x1344 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
13:39:00.0580 0x1344 umbus - ok
13:39:00.0580 0x1344 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
13:39:00.0630 0x1344 UmPass - ok
13:39:00.0665 0x1344 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
13:39:00.0696 0x1344 UmRdpService - ok
13:39:00.0765 0x1344 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
13:39:00.0864 0x1344 UnistoreSvc - ok
13:39:00.0945 0x1344 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:39:00.0979 0x1344 upnphost - ok
13:39:01.0002 0x1344 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
13:39:01.0017 0x1344 UrsChipidea - ok
13:39:01.0039 0x1344 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
13:39:01.0046 0x1344 UrsCx01000 - ok
13:39:01.0062 0x1344 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
13:39:01.0077 0x1344 UrsSynopsys - ok
13:39:01.0109 0x1344 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
13:39:01.0124 0x1344 usbccgp - ok
13:39:01.0171 0x1344 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
13:39:01.0191 0x1344 usbcir - ok
13:39:01.0196 0x1344 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
13:39:01.0226 0x1344 usbehci - ok
13:39:01.0259 0x1344 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
13:39:01.0291 0x1344 usbhub - ok
13:39:01.0328 0x1344 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
13:39:01.0360 0x1344 USBHUB3 - ok
13:39:01.0375 0x1344 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
13:39:01.0410 0x1344 usbohci - ok
13:39:01.0431 0x1344 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
13:39:01.0446 0x1344 usbprint - ok
13:39:01.0477 0x1344 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
13:39:01.0508 0x1344 usbser - ok
13:39:01.0539 0x1344 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:39:01.0555 0x1344 USBSTOR - ok
13:39:01.0555 0x1344 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
13:39:01.0586 0x1344 usbuhci - ok
13:39:01.0711 0x1344 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:39:01.0774 0x1344 USBXHCI - ok
13:39:01.0858 0x1344 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
13:39:01.0959 0x1344 UserDataSvc - ok
13:39:02.0029 0x1344 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
13:39:02.0137 0x1344 UserManager - ok
13:39:02.0168 0x1344 [ C75B1B48BCAADEB0275C1EBE2EAE742D, 19875B87BDB23E5B60D6D3173FDF7A7634E81E43501529A56FFCCEE21B7E3B71 ] UsoSvc C:\WINDOWS\system32\usocore.dll
13:39:02.0262 0x1344 UsoSvc - ok
13:39:02.0278 0x1344 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
13:39:02.0293 0x1344 VaultSvc - ok
13:39:02.0325 0x1344 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
13:39:02.0340 0x1344 vdrvroot - ok
13:39:02.0387 0x1344 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
13:39:02.0465 0x1344 vds - ok
13:39:02.0481 0x1344 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
13:39:02.0512 0x1344 VerifierExt - ok
13:39:02.0543 0x1344 [ 46ADD0CD4473AAEF1C68266A803F704D, D521E46891253884CF8285E864FAE63F2E8E0974AD8D2EB4D910E8A35350844F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
13:39:02.0599 0x1344 vhdmp - ok
13:39:02.0619 0x1344 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
13:39:02.0646 0x1344 vhf - ok
13:39:02.0678 0x1344 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
13:39:02.0695 0x1344 vmbus - ok
13:39:02.0705 0x1344 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
13:39:02.0722 0x1344 VMBusHID - ok
13:39:02.0739 0x1344 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
13:39:02.0757 0x1344 vmgid - ok
13:39:02.0790 0x1344 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
13:39:02.0871 0x1344 vmicguestinterface - ok
13:39:02.0887 0x1344 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
13:39:02.0931 0x1344 vmicheartbeat - ok
13:39:02.0943 0x1344 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
13:39:02.0972 0x1344 vmickvpexchange - ok
13:39:03.0006 0x1344 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
13:39:03.0073 0x1344 vmicrdv - ok
13:39:03.0104 0x1344 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
13:39:03.0141 0x1344 vmicshutdown - ok
13:39:03.0153 0x1344 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
13:39:03.0173 0x1344 vmictimesync - ok
13:39:03.0189 0x1344 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
13:39:03.0220 0x1344 vmicvmsession - ok
13:39:03.0235 0x1344 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
13:39:03.0276 0x1344 vmicvss - ok
13:39:03.0295 0x1344 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
13:39:03.0305 0x1344 volmgr - ok
13:39:03.0321 0x1344 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
13:39:03.0352 0x1344 volmgrx - ok
13:39:03.0399 0x1344 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
13:39:03.0415 0x1344 volsnap - ok
13:39:03.0430 0x1344 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
13:39:03.0446 0x1344 volume - ok
13:39:03.0477 0x1344 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
13:39:03.0493 0x1344 vpci - ok
13:39:03.0508 0x1344 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
13:39:03.0524 0x1344 vsmraid - ok
13:39:03.0602 0x1344 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
13:39:03.0696 0x1344 VSS - ok
13:39:03.0727 0x1344 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
13:39:03.0760 0x1344 VSTXRAID - ok
13:39:03.0787 0x1344 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
13:39:03.0819 0x1344 vwifibus - ok
13:39:03.0850 0x1344 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
13:39:03.0891 0x1344 vwififlt - ok
13:39:03.0912 0x1344 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
13:39:03.0920 0x1344 vwifimp - ok
13:39:03.0967 0x1344 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
13:39:04.0029 0x1344 W32Time - ok
13:39:04.0076 0x1344 [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
13:39:04.0108 0x1344 w3logsvc - ok
13:39:04.0154 0x1344 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:39:04.0208 0x1344 W3SVC - ok
13:39:04.0218 0x1344 [ 2F4B66BAB9F4C9D0FF4FCAA6D8888991, 471BF705247CD0FDFFCB5C58CEB2E66E011FFE399018EB1180259E1D4B63B1D4 ] WacHidRouter C:\WINDOWS\system32\DRIVERS\wachidrouter.sys
13:39:04.0234 0x1344 WacHidRouter - ok
13:39:04.0279 0x1344 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
13:39:04.0313 0x1344 WacomPen - ok
13:39:04.0334 0x1344 [ 366669F53F8CAF96AF9264EF9BC95084, 96F1E7E65941862DC2662D31616BFCC2A6F40CE4B415EBAC2C0310FAC45360EE ] wacomrouterfilter C:\WINDOWS\system32\DRIVERS\wacomrouterfilter.sys
13:39:04.0334 0x1344 wacomrouterfilter - ok
13:39:04.0387 0x1344 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
13:39:04.0449 0x1344 WalletService - ok
13:39:04.0478 0x1344 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:39:04.0517 0x1344 wanarp - ok
13:39:04.0517 0x1344 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:39:04.0548 0x1344 wanarpv6 - ok
13:39:04.0588 0x1344 [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
13:39:04.0628 0x1344 WAS - ok
13:39:04.0697 0x1344 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
13:39:04.0841 0x1344 wbengine - ok
13:39:04.0883 0x1344 [ 7C4FAE7A8D55C897E5AE681B245A005F, 7E1E6299579BF02E89C5B828A1C19A43FF4E1F43D46D058F8DC0A8E6421C86A7 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
13:39:04.0983 0x1344 WbioSrvc - ok
13:39:05.0014 0x1344 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
13:39:05.0029 0x1344 wcifs - ok
13:39:05.0093 0x1344 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
13:39:05.0147 0x1344 Wcmsvc - ok
13:39:05.0185 0x1344 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
13:39:05.0247 0x1344 wcncsvc - ok
13:39:05.0263 0x1344 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
13:39:05.0300 0x1344 wcnfs - ok
13:39:05.0327 0x1344 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
13:39:05.0332 0x1344 WdBoot - ok
13:39:05.0387 0x1344 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
13:39:05.0429 0x1344 Wdf01000 - ok
13:39:05.0447 0x1344 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
13:39:05.0463 0x1344 WdFilter - ok
13:39:05.0503 0x1344 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
13:39:05.0530 0x1344 WdiServiceHost - ok
13:39:05.0530 0x1344 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
13:39:05.0562 0x1344 WdiSystemHost - ok
13:39:05.0614 0x1344 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
13:39:05.0703 0x1344 wdiwifi - ok
13:39:05.0734 0x1344 [ 5E1640435DD54D00451156CA5340B109, 414044DAA1ACA5161CEF9D48F9796B1C10E350C187A1CE0703E432E9D6248259 ] wdkmd C:\WINDOWS\System32\drivers\WDKMD.sys
13:39:05.0744 0x1344 wdkmd - ok
13:39:05.0763 0x1344 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:39:05.0795 0x1344 WdNisDrv - ok
13:39:05.0817 0x1344 WdNisSvc - ok
13:39:05.0831 0x1344 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:39:05.0877 0x1344 WebClient - ok
13:39:05.0893 0x1344 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
13:39:05.0945 0x1344 Wecsvc - ok
13:39:05.0945 0x1344 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
13:39:05.0992 0x1344 WEPHOSTSVC - ok
13:39:06.0023 0x1344 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
13:39:06.0086 0x1344 wercplsupport - ok
13:39:06.0117 0x1344 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
13:39:06.0180 0x1344 WerSvc - ok
13:39:06.0195 0x1344 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
13:39:06.0217 0x1344 WFPLWFS - ok
13:39:06.0246 0x1344 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
13:39:06.0277 0x1344 WiaRpc - ok
13:39:06.0293 0x1344 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
13:39:06.0309 0x1344 WIMMount - ok
13:39:06.0324 0x1344 WinDefend - ok
13:39:06.0340 0x1344 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
13:39:06.0355 0x1344 WindowsTrustedRT - ok
13:39:06.0400 0x1344 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
13:39:06.0414 0x1344 WindowsTrustedRTProxy - ok
13:39:06.0459 0x1344 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:39:06.0524 0x1344 WinHttpAutoProxySvc - ok
13:39:06.0549 0x1344 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
13:39:06.0561 0x1344 WinMad - ok
13:39:06.0626 0x1344 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:39:06.0676 0x1344 Winmgmt - ok
13:39:06.0787 0x1344 [ A26570B4A21AD6F4D597148D3C22274E, 594BD3B9B9B4027E5A7025CAB715378FB565FC5E00A0315A2EC3A6EFBC9CC72E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:39:06.0953 0x1344 WinRM - ok
13:39:06.0992 0x1344 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
13:39:07.0007 0x1344 WINUSB - ok
13:39:07.0042 0x1344 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
13:39:07.0057 0x1344 WinVerbs - ok
13:39:07.0104 0x1344 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
13:39:07.0192 0x1344 wisvc - ok
13:39:07.0304 0x1344 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
13:39:07.0440 0x1344 WlanSvc - ok
13:39:07.0518 0x1344 [ 8CBA7957D7F7B48C0D396E40AA2FBCDA, 15B0B46B0C6B90350948BA4780C0AADC16FD1754F56D14F5F5C23560190EFAFF ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
13:39:07.0719 0x1344 wlidsvc - ok
13:39:07.0750 0x1344 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
13:39:07.0766 0x1344 WmiAcpi - ok
13:39:07.0797 0x1344 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:39:07.0828 0x1344 wmiApSrv - ok
13:39:07.0860 0x1344 WMPNetworkSvc - ok
13:39:07.0891 0x1344 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
13:39:07.0906 0x1344 Wof - ok
13:39:08.0000 0x1344 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
13:39:08.0153 0x1344 workfolderssvc - ok
13:39:08.0171 0x1344 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
13:39:08.0253 0x1344 WPDBusEnum - ok
13:39:08.0284 0x1344 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:39:08.0300 0x1344 WpdUpFltr - ok
13:39:08.0352 0x1344 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
13:39:08.0425 0x1344 WpnService - ok
13:39:08.0454 0x1344 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
13:39:08.0485 0x1344 WpnUserService - ok
13:39:08.0516 0x1344 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:39:08.0548 0x1344 ws2ifsl - ok
13:39:08.0595 0x1344 [ FF190115CBA067F58C981F0A9F43ABDF, C90353C748C02DB38B561C250682E12C82985A6F7ED7D497AF5DE10EC243FCBA ] wscsvc C:\WINDOWS\System32\wscsvc.dll
13:39:08.0657 0x1344 wscsvc - ok
13:39:08.0673 0x1344 [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
13:39:08.0688 0x1344 WSDPrintDevice - ok
13:39:08.0688 0x1344 WSearch - ok
13:39:08.0782 0x1344 [ 6BA66FE47BFAF223AEE6C98F28EB4D8E, 3B380329594DAD5BB50301F5A8A912BF6121788F395133C70C893879F68450FB ] wuauserv C:\WINDOWS\system32\wuaueng.dll
13:39:08.0948 0x1344 wuauserv - ok
13:39:08.0979 0x1344 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
13:39:09.0000 0x1344 WudfPf - ok
13:39:09.0018 0x1344 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys
13:39:09.0065 0x1344 WUDFRd - ok
13:39:09.0100 0x1344 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
13:39:09.0117 0x1344 wudfsvc - ok
13:39:09.0133 0x1344 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:39:09.0164 0x1344 WUDFWpdFs - ok
13:39:09.0180 0x1344 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
13:39:09.0206 0x1344 WUDFWpdMtp - ok
13:39:09.0265 0x1344 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
13:39:09.0411 0x1344 WwanSvc - ok
13:39:09.0440 0x1344 [ BAA813A76F5DB6CC3C2CEAB7D82B6972, 783B7AF92E98623FDB9B395F3BC1D30736902A68E3AE78249243CE97548387FA ] X10Hid C:\WINDOWS\System32\Drivers\x10hid.sys
13:39:09.0448 0x1344 X10Hid - ok
13:39:09.0514 0x1344 [ 5A0C788C5BC5F2C993CB60940ADCF95E, FEEC158466040A6528E7FC8D33706B50D2F03479E0B62DF8F06B69A1A850A9FB ] x10nets C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
13:39:09.0529 0x1344 x10nets - detected UnsignedFile.Multi.Generic ( 1 )
13:39:09.0615 0x1344 Detect skipped due to KSN trusted
13:39:09.0615 0x1344 x10nets - ok
13:39:09.0684 0x1344 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
13:39:09.0778 0x1344 XblAuthManager - ok
13:39:09.0865 0x1344 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
13:39:10.0028 0x1344 XblGameSave - ok
13:39:10.0077 0x1344 [ C1E85B4FB08B4CCF16841B165910148B, AB33A6630BFC0E230BA464F721DD4ABB7DF79DF2D81C9C7366CC0BA2251F09F3 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
13:39:10.0160 0x1344 xboxgip - ok
13:39:10.0212 0x1344 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
13:39:10.0299 0x1344 XboxNetApiSvc - ok
13:39:10.0315 0x1344 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
13:39:10.0393 0x1344 xinputhid - ok
13:39:10.0409 0x1344 [ A4B2A8751A8F96134BE6063B8A759116, F8E8A5554C8E4364C127CCDCF2F816C6CB34E14C677A350A3DAF6ED168F0643D ] XUIF C:\WINDOWS\System32\Drivers\x10ufx2.sys
13:39:10.0440 0x1344 XUIF - ok
13:39:10.0440 0x1344 ================ Scan global ===============================
13:39:10.0471 0x1344 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
13:39:10.0521 0x1344 [ C509CCD23B086DFC9EAF86E280043672, BF431DC1C618BAF0CB67976C5A8BCCDC3F3CB266F83C614D605BA559BA8EDFD8 ] C:\WINDOWS\system32\winsrv.dll
13:39:10.0557 0x1344 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
13:39:10.0609 0x1344 [ 133390D061D94917125DC666DA67ECD0, 69D6FFF3E0A0C4D77A62B4D71E1E3A8D10D93C46782A1B05F0EC4B8919C384B9 ] C:\WINDOWS\system32\services.exe
13:39:10.0625 0x1344 [ Global ] - ok
13:39:10.0625 0x1344 ================ Scan MBR ==================================
13:39:10.0625 0x1344 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
13:39:13.0483 0x1344 \Device\Harddisk0\DR0 - ok
13:39:13.0483 0x1344 ================ Scan VBR ==================================
13:39:13.0503 0x1344 [ 6D53A936299A236DA5B48F105360DBDA ] \Device\Harddisk0\DR0\Partition1
13:39:13.0505 0x1344 \Device\Harddisk0\DR0\Partition1 - ok
13:39:13.0513 0x1344 [ FFD155FD02E253D892B7CD9864FD795D ] \Device\Harddisk0\DR0\Partition2
13:39:13.0515 0x1344 \Device\Harddisk0\DR0\Partition2 - ok
13:39:13.0540 0x1344 [ 7B8A5632E986A97E74617F3F9101B17A ] \Device\Harddisk0\DR0\Partition3
13:39:13.0544 0x1344 \Device\Harddisk0\DR0\Partition3 - ok
13:39:13.0544 0x1344 ================ Scan generic autorun ======================
13:39:13.0569 0x1344 fspuip - ok
13:39:13.0600 0x1344 [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
13:39:13.0616 0x1344 IgfxTray - ok
13:39:13.0678 0x1344 [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
13:39:13.0685 0x1344 HotKeysCmds - ok
13:39:13.0735 0x1344 [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
13:39:13.0771 0x1344 Persistence - ok
13:39:14.0287 0x1344 [ 65E8545F1297CD83534C354A7BED1848, 19B3F3C17A335837454DC1851C6436D0BB2D8B1595AEB4DC71265FB20868B48F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:39:14.0900 0x1344 RtHDVCpl - ok
13:39:14.0993 0x1344 [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
13:39:15.0040 0x1344 RtHDVBg_Dolby - ok
13:39:15.0096 0x1344 [ 31821EC63BDEDE18E64C11F7248B32AB, 6982AE866F8EC7943FDB3E4B77B03542A2E3E07F080B8D806C4ED903DE3368CE ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
13:39:15.0144 0x1344 RtHDVBg - ok
13:39:15.0144 0x1344 BTMTrayAgent - ok
13:39:15.0213 0x1344 [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\WINDOWS\WindowsMobile\wmdc.exe
13:39:15.0245 0x1344 Windows Mobile Device Center - ok
13:39:15.0245 0x1344 WindowsDefender - ok
13:39:15.0273 0x1344 [ 9D51EA92A612B37E76E5E4621650C50A, 00BD61C8527A80C0F684882379A0AC2E5A54E8BBECC797087B960CDC8454C373 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
13:39:15.0283 0x1344 NUSB3MON - ok
13:39:15.0677 0x1344 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:39:16.0053 0x1344 OneDriveSetup - ok
13:39:16.0352 0x1344 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:39:16.0618 0x1344 OneDriveSetup - ok
13:39:16.0804 0x1344 [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\manfred-win7\AppData\Local\Microsoft\OneDrive\OneDrive.exe
13:39:16.0855 0x1344 OneDrive - ok
13:39:16.0910 0x1344 [ F4F684066175B77E0C3A000549D2922C, 935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2 ] C:\WINDOWS\system32\cmd.exe
13:39:16.0954 0x1344 Uninstall C:\Users\manfred-win7\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
13:39:17.0256 0x1344 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:39:17.0522 0x1344 OneDriveSetup - ok
13:39:17.0628 0x1344 [ 2781E6EF593909A8B73FE1AD397F778A, E892D6C57F8903E20129E75A9B877690229280FD8106B5C7F96173175EA1AC4E ] C:\Program Files (x86)\Windows Mail\wab.exe
13:39:17.0730 0x1344 WAB Migrate - ok
13:39:17.0731 0x1344 Waiting for KSN requests completion. In queue: 220
13:39:18.0754 0x1344 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
13:39:18.0764 0x1344 Win FW state via NFP2: enabled ( trusted )
13:39:18.0848 0x1344 ============================================================
13:39:18.0848 0x1344 Scan finished
13:39:18.0848 0x1344 ============================================================
13:39:18.0850 0x2828 Detected object count: 0
13:39:18.0850 0x2828 Actual detected object count: 0
|
|
15.12.2016, 14:22
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | Email Account gehackt Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
16.12.2016, 14:45
| #8 |
| | Email Account gehackt ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fa60aab110dfac4cbfdb2639fedbcca8
# end=init
# utc_time=2016-12-15 05:43:53
# local_time=2016-12-15 06:43:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 31747
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fa60aab110dfac4cbfdb2639fedbcca8
# end=updated
# utc_time=2016-12-15 05:47:43
# local_time=2016-12-15 06:47:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fa60aab110dfac4cbfdb2639fedbcca8
# engine=31747
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-12-15 08:05:41
# local_time=2016-12-15 09:05:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 53814 13162957 0 0
# scanned=235926
# found=2
# cleaned=0
# scan_time=8277
sh=165BD2BCF050F76EDBF1D4BE775D2092D428680C ft=1 fh=942e610b97f7eb08 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\manfred-win7\Downloads\micro SIM Schablone PDF Vorlage - CHIP-Installer.exe"
sh=2153D234D166D72F04F9870D9541869CCADAB151 ft=1 fh=67447e761e537db3 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_ext.exe"
|
|
16.12.2016, 18:24
| #9 |
| /// TB-Ausbilder /// Anleitungs-Guru | Email Account gehackt Was isn des für ein Zeug: celestialpatcher dark-mt2 2012 starter.exe
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
17.12.2016, 13:06
| #10 |
| | Email Account gehackt Das dürfte zu dem Gratis-Spiel "Metin 2" gehören, was vor längerer Zeit auf dem Rechner gespielt wurde. Wird nicht mehr benutzt, kann also problemlos entfernt werden. Soll ich es deinstallieren? |
|
18.12.2016, 15:07
| #11 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Email Account gehacktZitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.12.2016, 15:24
| #12 |
| | Email Account gehackt Sprich, ich sollte davon ausgehen, dass mein Email-Konto wohl von außerhalb und nicht über meinen PC gehackt wurde? D.h. dass ich abgesehen von der Passwort-Änderung nichts weiter tun kann? (Bei der Polizei war ich übrigens sicherheitshalber auch. Aber da mir kein finanzieller Schaden entstanden ist, meinten die auch nur, dass eine Anzeige nur im Sand verlaufen würde.) |
|
18.12.2016, 15:51
| #13 |
| /// TB-Ausbilder /// Anleitungs-Guru | Email Account gehackt Der Email-Anbieter muss doch wissen, ob ein Fremdzugriff stattgefunden hat? Und wie u.v.a. warum soll ein Trojaner auf dem PC, eine Email-Weiterleitung einrichten wenn er ALLES auf dem PC unter Kontrolle hat?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.12.2016, 17:37
| #14 |
| | Email Account gehackt Den Email-Anbieter habe ich kontaktiert, der meinte aber, dass er nicht befugt sei diese Informationen einzusehen bzw. an mich weiterzuleiten. Dafür sei die Polizei notwendig... Alles was ich festgestellt habe war, dass ohne mein Wissen plötzlich in meinem Email-Account eine Weiterleitung von allen eingehenden Emails auf eine mir nicht bekannte Email-Adresse angelegt war. Wie derjenige den Zugang auf meinen Account bekommen hat weiß ich nicht. Ob er das durch Schadsoftware auf meinem Rechner erreicht hat, da hab ich echt keine Ahnung, kann ich jedenfalls nicht ausschließen. Ich will mich jetzt einfach nur in jeder Hinsicht absichern, da ein Fremdzugriff auf mein Email-Konto erheblichen Schaden mit sich ziehen kann (er könnte sich Zugangsdaten zu sämtlichen Accounts besorgen, wo meine Bankdaten hinterlegt sind, wie PayPal, Amazon, usw.). Und daher bat ich um Eure Hilfe, um Sicherzustellen, dass auf meinem PC alles in Ordnung ist. |
|
18.12.2016, 17:57
| #15 |
| /// TB-Ausbilder /// Anleitungs-Guru | Email Account gehackt Alles verständlich. Aber ein guter Email-Provider informiert sofort wenn z.B. ein neues Gerät oder ein anderer Ort zum Login benutzt wurde. Accounts werden i.d.R. online gehackt. Mehr kann ich dazu nicht sagen und nahezu 100%ige Sicherheit gäbe nur eine Neu-Installation wenn es sich um eine PC-Infektion handeln sollte.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Email Account gehackt |
| account, altes, angehängt, bekannte, durchgeführt, email, entdeck, entdeckt, entfern, entfernt, feststellen, fremdzugriff, gehackt, geändert, gültig, konnte, nirgends, passwort, stelle, tagen, unbekannte, webseite, webseiten, weiterleitung, wissen |
Linear-Darstellung
