Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bei Rechnungsaufforderung Anhang geöffnet. (https://www.trojaner-board.de/166713-rechnungsaufforderung-anhang-geoeffnet.html)

DummDumm 06.05.2015 17:21
Bei Rechnungsaufforderung Anhang geöffnet.
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo,

meine Frau hatte gestern leider eine unbekannte Zahlungsaufforderung für voll genommen
und das angehangene ZIP-File geöffnet.
Es hatte daraufhin eine Fehlermeldung gegeben, aber Sie konnte mir nicht sagen, was
darin gestanden hat.

System: Win 8.1
Systemschutz: Outpost Security Suite Pro 9.1

Logfile von Outpost nur als Bild. Habe die Textdatei nicht gefunden.

schrauber 06.05.2015 17:57
Hi,

Logs bitte immer in codetags in den Thread posten :)

DummDumm 06.05.2015 18:55
Ähh, auf Deutsch heißt das ?

schrauber 07.05.2015 07:49
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

DummDumm 07.05.2015 13:14
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:40 on 06/05/2015 (Meine)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Meine (administrator) on SCHATZI on 06-05-2015 17:41:48
Running from C:\Rettung
Loaded Profiles: Meine (Available profiles: Meine)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe [4732792 2014-07-20] (Agnitum Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hoo~1.dll => c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook64.dll [1126232 2014-02-26] (Agnitum Ltd.)
AppInit_DLLs-x32: c:\progra~1\agnitum\outpos~1\wl_hook.dll => c:\Program Files\Agnitum\Outpost Security Suite Pro\wl_hook.dll [837320 2014-02-26] (Agnitum Ltd.)
ShellIconOverlayIdentifiers: [Outpost] -> {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} => C:\Program Files\Agnitum\Outpost Security Suite Pro\op_shell.dll [2014-02-26] (Agnitum Ltd.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Meine\AppData\Roaming\Mozilla\Firefox\Profiles\j2hiupz2.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acssrv; C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe [3408736 2014-07-20] (Agnitum Ltd.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 afw; C:\Windows\system32\DRIVERS\afw.sys [40544 2012-10-16] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [470224 2014-02-04] (Agnitum Ltd.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R1 SandBox; C:\WINDOWS\system32\drivers\SandBox64.sys [1324992 2013-12-20] (Agnitum Ltd.)
R3 VBEngNT; C:\WINDOWS\system32\drivers\VBEngNT.sys [318040 2012-11-20] (VirusBuster Kft.)
R3 VBFilt; C:\WINDOWS\system32\Filt\VBFilt64.dll [84872 2013-12-20] (Agnitum Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U3 VBCoreNT.0; \SystemRoot\System32\Filt\tmp\51peq11v.vbt [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 17:41 - 2015-05-06 17:41 - 00000000 ____D () C:\FRST
2015-05-06 17:40 - 2015-05-06 17:40 - 00000000 _____ () C:\Users\Meine\defogger_reenable
2015-05-06 17:39 - 2015-05-06 17:41 - 00000000 ____D () C:\Rettung
2015-04-22 14:31 - 2015-04-22 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 21:22 - 2015-04-15 21:22 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 20:09 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 20:09 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 20:09 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 20:09 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 20:09 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 20:09 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 20:09 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 20:09 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 20:09 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 20:09 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 20:09 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 20:09 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 20:09 - 2015-03-14 10:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 20:09 - 2015-03-14 10:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 20:08 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 20:08 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 20:08 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 20:08 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 20:08 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 20:08 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 20:08 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 20:08 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 20:08 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 20:08 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 20:08 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 20:08 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 20:08 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 20:08 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 20:08 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 20:08 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 20:08 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 20:08 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 20:08 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 20:08 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 20:08 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 20:08 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 20:08 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 20:08 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 20:08 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 20:08 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 20:08 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 20:08 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 20:08 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 20:08 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 20:08 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 20:08 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 20:08 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 20:08 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 20:07 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 20:07 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 20:07 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 20:07 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 20:07 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 20:07 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 20:07 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 20:07 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 20:07 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 20:07 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 20:07 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 20:07 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 20:07 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 20:07 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 20:07 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 20:07 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 20:07 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 20:07 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-07 20:14 - 2015-04-07 20:14 - 00284536 _____ () C:\WINDOWS\Minidump\040715-66531-01.dmp
2015-04-07 20:14 - 2015-04-07 20:14 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-06 19:24 - 2015-04-06 19:26 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-06 19:24 - 2015-04-06 19:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 17:41 - 2014-07-21 06:17 - 00109795 _____ () C:\WINDOWS\system32\config\rules.rdb
2015-05-06 17:40 - 2013-11-20 18:48 - 00000000 ____D () C:\Users\Meine
2015-05-06 17:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-06 16:35 - 2013-11-20 19:02 - 01166429 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-06 16:13 - 2013-10-31 10:23 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-06 10:59 - 2014-01-30 19:18 - 00000000 __RDO () C:\Users\Meine\SkyDrive
2015-05-05 21:01 - 2013-04-19 12:44 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1670282916-2329448813-2146751438-1001
2015-05-05 20:26 - 2014-01-26 11:11 - 00000000 ____D () C:\Spielideen
2015-05-05 20:19 - 2014-01-06 11:14 - 00000000 ____D () C:\Textdokumente
2015-05-05 19:57 - 2015-03-27 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-05 19:57 - 2015-03-27 16:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-05 19:44 - 2014-07-21 06:15 - 00000000 ____D () C:\WINDOWS\system32\Filt
2015-05-05 19:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-23 19:59 - 2015-04-04 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-04-23 19:59 - 2014-09-10 17:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-22 20:46 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-22 20:46 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-22 20:46 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-19 09:33 - 2013-04-19 12:37 - 00000000 ____D () C:\Users\Meine\AppData\Local\Packages
2015-04-18 13:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 20:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 08:25 - 2013-08-22 16:46 - 00291855 _____ () C:\WINDOWS\setupact.log
2015-04-16 08:25 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 21:24 - 2014-07-21 08:00 - 00265006 _____ () C:\WINDOWS\system32\config\afw_db.conf
2015-04-15 21:24 - 2014-07-21 08:00 - 00000664 _____ () C:\WINDOWS\system32\config\afw_hm.conf
2015-04-15 21:24 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-15 21:22 - 2015-03-14 15:22 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 21:19 - 2014-07-21 06:17 - 89071616 _____ () C:\WINDOWS\system32\config\sscan.xas
2015-04-15 20:28 - 2013-10-17 15:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 20:24 - 2013-04-21 10:46 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 20:24 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 20:13 - 2013-10-31 10:23 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-15 20:07 - 2014-11-12 09:01 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 01:24 - 2014-08-17 20:14 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-08-17 20:14 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 20:14 - 2013-08-22 16:44 - 00513528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-07 20:13 - 2013-09-29 21:04 - 00026598 _____ () C:\WINDOWS\PFRO.log
2015-04-07 20:13 - 2013-07-07 18:41 - 571211197 _____ () C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories =======

2014-01-06 01:11 - 2014-01-06 01:11 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Meine\AppData\Local\Temp\avgnt.exe
C:\Users\Meine\AppData\Local\Temp\de_ww_Package.exe
C:\Users\Meine\AppData\Local\Temp\OutpostSecuritySuiteProInstall64_NoBase.exe
C:\Users\Meine\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-01 11:12

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015
Ran by Meine at 2015-05-06 17:42:38
Running from C:\Rettung
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1670282916-2329448813-2146751438-500 - Administrator - Disabled)
Gast (S-1-5-21-1670282916-2329448813-2146751438-501 - Limited - Disabled)
Meine (S-1-5-21-1670282916-2329448813-2146751438-1001 - Administrator - Enabled) => C:\Users\Meine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Outpost Security Suite Pro (Enabled - Up to date) {CA353927-A29E-272A-EC5E-4FB545C2A8D0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Outpost Security Suite Pro (Enabled - Up to date) {7154D8C3-84A4-28A4-D6EE-74C73E45E26D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Security Suite Pro (Enabled) {F20EB802-E8F1-2672-C701-E680BB11EFAB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.1.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
O&O MediaRecovery (HKLM\...\{92F3C431-A478-428E-B320-BBCA6022B126}) (Version: 10.0.117 - O&O Software GmbH)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Outpost Security Suite Pro 9.1 (HKLM\...\Agnitum Outpost Security Suite Pro_is1) (Version: 9.1 - Agnitum, Ltd.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-04-2015 20:17:47 Windows Update
27-04-2015 12:49:58 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E047C66-97AF-4569-A87F-6818669EF82D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {165D6E02-8365-4D16-8704-4DE8C99620FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation)
Task: {21CD5D69-90E0-493B-B171-CDA4955704AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {7D6E7AA5-92E7-4787-B2C6-F51CF0583AD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9A801839-9FA6-4F77-A62F-DD5E83D374A3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {AE257D19-0711-4A5D-A12D-CA5DE8F6DBE3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B44BC16B-4A15-4889-B3D9-E6B84D62FC6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C4D49BDE-69FA-403E-835C-62FB6C044533} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C7ED2E12-92B2-4E49-8D63-0EBA99748391} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {D75D229F-9ED5-45EA-8D14-E54778C8A9B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {D945AEA9-0925-4C46-8A3C-EAB7E961CC9A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {E1681451-D56D-45C5-8C78-9B6757CFF8BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation)
Task: {FEFC0514-A15E-46AF-8BF8-9868A66E1ABC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-21 06:16 - 2013-07-31 12:37 - 00183296 _____ () C:\Program Files\Agnitum\Outpost Security Suite Pro\zlib.dll
2014-07-21 06:16 - 2013-09-19 17:51 - 00351232 _____ () C:\Program Files\Agnitum\Outpost Security Suite Pro\unrar.dll
2015-03-27 16:11 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-12 16:38 - 2012-12-12 16:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-19 13:19 - 2012-06-26 01:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Meine\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Meine\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acssrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acssrv => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1670282916-2329448813-2146751438-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img7.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{4B6871EA-7F56-4524-A6A5-0BF2E972F38C}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [TCP Query User{15A1C2D6-40B1-412A-BF99-76F051025540}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [{AF5AEE63-C2B5-4D50-9174-837F5DD59606}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{761A78B2-9AD4-423D-9963-C4040DA6FC5C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{4F44D7ED-82DC-4695-803E-400D9C225462}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{650F06F3-C6B1-4842-BDEA-82012393A613}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{C28A4DBB-496B-4A94-989D-646B0BD7900B}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CF742BA4-3A31-4CDD-AEF0-2B00A6FE8840}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1AD58298-0ED6-418E-ACD2-A2F0AD77C6CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C336454-D11C-458F-B3C1-CD9C3BA639C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19D2A823-BC32-4CB7-BAAC-065D00F3ADB2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FCCF347F-AD82-437C-B434-0E8CBD09576B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7B70A031-A042-4EBD-9344-40C58DEF002D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4A57F3F2-501D-433B-A554-943C68F6499D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{39FF1F8C-243F-4850-8720-215A44435B76}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2015 05:35:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9a8

Startzeit: 01d08811954f8595

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 88d85828-f405-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 05:30:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 174c

Startzeit: 01d08810de95ebf7

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: d214266f-f404-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 04:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1908

Startzeit: 01d0880af20de854

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: e59505c9-f3fe-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 04:11:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1a64

Startzeit: 01d08805df3ef1cc

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: d2c0a375-f3f9-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 03:48:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1240

Startzeit: 01d0880290475a44

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 83d4f26d-f3f6-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 03:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7c8

Startzeit: 01d087fe5f61cc2d

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 52ffe6e0-f3f2-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 02:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1340

Startzeit: 01d087fa2e7b388d

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 221a267e-f3ee-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 02:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e40

Startzeit: 01d087f5fda0d2c1

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: f17bd72a-f3e9-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 01:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11d4

Startzeit: 01d087f193c31c79

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 873a0ae8-f3e5-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 01:18:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c0c

Startzeit: 01d087ed9bd5dcb3

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 8f5dfc7c-f3e1-11e4-beaa-96929d121a1b

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (04/13/2015 08:29:50 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/07/2015 08:14:46 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0xffffd001d1b64000, 0x0000000000000002, 0x0000000000000000, 0xfffff800887a9b3a)C:\WINDOWS\MEMORY.DMP040715-66531-01

Error: (04/07/2015 08:14:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎04.‎2015 um 21:59:56 unerwartet heruntergefahren.

Error: (04/04/2015 08:49:27 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/04/2015 08:47:27 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/04/2015 08:45:33 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/02/2015 07:58:31 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/02/2015 07:56:31 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (04/02/2015 07:54:37 PM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (03/29/2015 09:04:45 AM) (Source: DCOM) (EventID: 10010) (User: SCHATZI)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca


Microsoft Office Sessions:
=========================
Error: (05/06/2015 05:35:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206899a801d08811954f85954294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe88d85828-f405-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 05:30:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689174c01d08810de95ebf74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed214266f-f404-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 04:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689190801d0880af20de8544294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exee59505c9-f3fe-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 04:11:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891a6401d08805df3ef1cc4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed2c0a375-f3f9-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 03:48:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689124001d0880290475a444294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe83d4f26d-f3f6-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 03:18:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206897c801d087fe5f61cc2d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe52ffe6e0-f3f2-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 02:48:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689134001d087fa2e7b388d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe221a267e-f3ee-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 02:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891e4001d087f5fda0d2c14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exef17bd72a-f3e9-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 01:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068911d401d087f193c31c794294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe873a0ae8-f3e5-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/06/2015 01:18:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206891c0c01d087ed9bd5dcb34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe8f5dfc7c-f3e1-11e4-beaa-96929d121a1bmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2328M CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 3983.28 MB
Available physical RAM: 1971.89 MB
Total Pagefile: 8079.28 MB
Available Pagefile: 6044.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.24 GB) (Free:428.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A3543C19)

Partition: GPT Partition Type.

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-06 17:50:00
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002e Hitachi_HTS545050A7E380 rev.GG2OA7A0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Meine\AppData\Local\Temp\fwldypow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                          fffff9600017fa00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                                                    fffff9600017fa11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- User code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                        00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                        00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\svchost.exe[676] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                        00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\System32\svchost.exe[1020] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\System32\spoolsv.exe[1180] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\KERNEL32.DLL!DeleteFileA + 8                                              00007ffb36ff47c8 14 bytes [30, 7E, 84, 31, F7, 7F, 00, ...]
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                  00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                  00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                  00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                            00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                      00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1316] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\svchost.exe[1660] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!SetWindowPos                    00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46    00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!IsChild + 328                  00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152              00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA        00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[7956] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534  00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                      00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                      00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                          00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\System32\WinLogon.exe[4248] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                    00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                    00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                    00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                    00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                              00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                        00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\taskhostex.exe[5544] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                  00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                                00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                                00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                              00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                          00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                                    00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\Explorer.EXE[7800] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                              00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                      00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                      00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                          00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Windows\System32\skydrive.exe[1852] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                    00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                          00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                          00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                        00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                    00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                              00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5056] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                        00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                      00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                      00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                          00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Windows\System32\igfxtray.exe[2156] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                    00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                      00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                      00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                          00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4420] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                    00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                          00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                          00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                        00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                    00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                              00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Windows\System32\hkcmd.exe[1916] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                        00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!SetWindowPos                                                      00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46                                      00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                                                00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA                                          00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Windows\System32\igfxpers.exe[3432] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534                                    00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\KERNEL32.DLL!DeleteFileA + 8                    00007ffb36ff47c8 14 bytes [A0, FD, 08, 1A, F6, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SetWindowPos                        00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46        00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW + 216          00007ffb36b26388 14 bytes [C0, FE, 08, 1A, F6, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!IsChild + 328                        00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152                  00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA            00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534      00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe[7732] C:\WINDOWS\system32\USER32.dll!SetWindowsHookA + 24                00007ffb36b80f58 14 bytes [50, FE, 08, 1A, F6, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!SetWindowPos                    00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46    00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!IsChild + 328                    00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152              00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA        00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[460] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534  00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!SetWindowPos                    00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!WindowFromPhysicalPoint + 46    00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!IsChild + 328                  00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!SubtractRect + 152              00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA        00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[2844] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExA + 534  00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                  00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                  00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                            00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                      00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[4364] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowPos                                                      00007ffb36b210e0 6 bytes {JMP QWORD [RIP+0xf98]}
.text  C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!WindowFromPhysicalPoint + 46                                      00007ffb36b2207e 8 bytes [C0, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!IsChild + 328                                                      00007ffb36b29db8 14 bytes [50, 20, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!SubtractRect + 152                                                00007ffb36b37728 14 bytes [10, 22, 53, 34, FB, 7F, 00, ...]
.text  C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA                                          00007ffb36b60350 6 bytes {JMP QWORD [RIP+0x210]}
.text  C:\WINDOWS\system32\taskhost.exe[5820] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExA + 534                                    00007ffb36b60566 8 bytes [A0, 21, 53, 34, FB, 7F, 00, ...]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [7160:6832]                                                                                                fffff9600094a2d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 08.05.2015 08:55
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DummDumm 08.05.2015 10:55
Code:
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.08.02
  rootkit: v2015.04.21.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
Meine :: SCHATZI [administrator]

08.05.2015 11:16:59
mbar-log-2015-05-08 (11-16-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 368266
Time elapsed: 27 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Code:
11:48:05.0110 0x1eb4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:48:05.0110 0x1eb4  UEFI system
11:48:08.0562 0x1eb4  ============================================================
11:48:08.0562 0x1eb4  Current date / time: 2015/05/08 11:48:08.0562
11:48:08.0562 0x1eb4  SystemInfo:
11:48:08.0562 0x1eb4 
11:48:08.0562 0x1eb4  OS Version: 6.3.9600 ServicePack: 0.0
11:48:08.0562 0x1eb4  Product type: Workstation
11:48:08.0562 0x1eb4  ComputerName: SCHATZI
11:48:08.0563 0x1eb4  UserName: Meine
11:48:08.0563 0x1eb4  Windows directory: C:\WINDOWS
11:48:08.0563 0x1eb4  System windows directory: C:\WINDOWS
11:48:08.0563 0x1eb4  Running under WOW64
11:48:08.0563 0x1eb4  Processor architecture: Intel x64
11:48:08.0563 0x1eb4  Number of processors: 4
11:48:08.0563 0x1eb4  Page size: 0x1000
11:48:08.0563 0x1eb4  Boot type: Normal boot
11:48:08.0563 0x1eb4  ============================================================
11:48:09.0515 0x1eb4  KLMD registered as C:\WINDOWS\system32\drivers\51986081.sys
11:48:10.0754 0x1eb4  System UUID: {BD6DBF0D-102C-4D83-F748-6C09EBBF114F}
11:48:11.0771 0x1eb4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:48:11.0932 0x1eb4  ============================================================
11:48:11.0932 0x1eb4  \Device\Harddisk0\DR0:
11:48:11.0933 0x1eb4  GPT partitions:
11:48:11.0933 0x1eb4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B5AA1838-17DB-4DFB-9974-9414685CFF61}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
11:48:11.0933 0x1eb4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FF7D21EA-ED2B-4497-B932-57164902A023}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
11:48:11.0933 0x1eb4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {76443595-77C3-4428-9EDF-2D3F6711575B}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
11:48:11.0933 0x1eb4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5D7F0DB4-FB42-4150-9921-DA1A7057885C}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x3A27D000
11:48:11.0933 0x1eb4  MBR partitions:
11:48:11.0933 0x1eb4  ============================================================
11:48:11.0958 0x1eb4  C: <-> \Device\Harddisk0\DR0\Partition4
11:48:11.0958 0x1eb4  ============================================================
11:48:11.0958 0x1eb4  Initialize success
11:48:11.0958 0x1eb4  ============================================================
11:48:38.0075 0x163c  ============================================================
11:48:38.0075 0x163c  Scan started
11:48:38.0075 0x163c  Mode: Manual;
11:48:38.0075 0x163c  ============================================================
11:48:38.0075 0x163c  KSN ping started
11:48:40.0513 0x163c  KSN ping finished: true
11:48:43.0341 0x163c  ================ Scan system memory ========================
11:48:43.0341 0x163c  System memory - ok
11:48:43.0341 0x163c  ================ Scan services =============================
11:48:43.0670 0x163c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
11:48:43.0670 0x163c  1394ohci - ok
11:48:43.0701 0x163c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\WINDOWS\system32\drivers\3ware.sys
11:48:43.0701 0x163c  3ware - ok
11:48:43.0779 0x163c  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
11:48:43.0795 0x163c  ACPI - ok
11:48:43.0826 0x163c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
11:48:43.0826 0x163c  acpiex - ok
11:48:43.0841 0x163c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
11:48:43.0841 0x163c  acpipagr - ok
11:48:43.0873 0x163c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\WINDOWS\System32\drivers\acpipmi.sys
11:48:43.0873 0x163c  AcpiPmi - ok
11:48:43.0888 0x163c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
11:48:43.0888 0x163c  acpitime - ok
11:48:44.0091 0x163c  [ B3F9449F572D70507756189CBB18B5CE, 3B39FD9CE4FE4979CCCFF4C68FA1F99500D20CB6C097C64BA9F90D287E3D0B2D ] acssrv          C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
11:48:44.0170 0x163c  acssrv - ok
11:48:44.0263 0x163c  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:48:44.0263 0x163c  AdobeARMservice - ok
11:48:44.0373 0x163c  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:44.0388 0x163c  AdobeFlashPlayerUpdateSvc - ok
11:48:44.0451 0x163c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\WINDOWS\system32\drivers\ADP80XX.SYS
11:48:44.0482 0x163c  ADP80XX - ok
11:48:44.0513 0x163c  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc    C:\WINDOWS\System32\aelupsvc.dll
11:48:44.0513 0x163c  AeLookupSvc - ok
11:48:44.0576 0x163c  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\WINDOWS\system32\drivers\afd.sys
11:48:44.0592 0x163c  AFD - ok
11:48:44.0623 0x163c  [ A12CC7EA6448C7BADC8677593C2AC55D, 38D12D815BDC39CCF02D905BD6EC2BF073160CC2426401ED3377AB452A23FD37 ] afw            C:\WINDOWS\system32\DRIVERS\afw.sys
11:48:44.0623 0x163c  afw - ok
11:48:44.0670 0x163c  [ B998EC04EF865567B78D4F0E36530FFC, D5B8C2DACE0E771936B9CE9D4E7527255FC70C46FD149484087C083559537F08 ] afwcore        C:\WINDOWS\system32\drivers\afwcore.sys
11:48:44.0685 0x163c  afwcore - ok
11:48:44.0732 0x163c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
11:48:44.0732 0x163c  agp440 - ok
11:48:44.0763 0x163c  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache        C:\WINDOWS\system32\DRIVERS\ahcache.sys
11:48:44.0763 0x163c  ahcache - ok
11:48:44.0795 0x163c  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG            C:\WINDOWS\System32\alg.exe
11:48:44.0795 0x163c  ALG - ok
11:48:44.0810 0x163c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\WINDOWS\System32\drivers\amdk8.sys
11:48:44.0826 0x163c  AmdK8 - ok
11:48:44.0842 0x163c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
11:48:44.0842 0x163c  AmdPPM - ok
11:48:44.0873 0x163c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\WINDOWS\system32\drivers\amdsata.sys
11:48:44.0873 0x163c  amdsata - ok
11:48:44.0889 0x163c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
11:48:44.0904 0x163c  amdsbs - ok
11:48:44.0951 0x163c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\WINDOWS\system32\drivers\amdxata.sys
11:48:44.0951 0x163c  amdxata - ok
11:48:44.0967 0x163c  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID          C:\WINDOWS\system32\drivers\appid.sys
11:48:44.0967 0x163c  AppID - ok
11:48:44.0998 0x163c  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
11:48:45.0014 0x163c  AppIDSvc - ok
11:48:45.0029 0x163c  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo        C:\WINDOWS\System32\appinfo.dll
11:48:45.0029 0x163c  Appinfo - ok
11:48:45.0107 0x163c  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
11:48:45.0139 0x163c  AppReadiness - ok
11:48:45.0201 0x163c  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc        C:\WINDOWS\system32\appxdeploymentserver.dll
11:48:45.0232 0x163c  AppXSvc - ok
11:48:45.0264 0x163c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
11:48:45.0264 0x163c  arcsas - ok
11:48:45.0295 0x163c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\WINDOWS\system32\drivers\atapi.sys
11:48:45.0295 0x163c  atapi - ok
11:48:45.0326 0x163c  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:48:45.0326 0x163c  AudioEndpointBuilder - ok
11:48:45.0373 0x163c  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
11:48:45.0404 0x163c  Audiosrv - ok
11:48:45.0420 0x163c  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
11:48:45.0420 0x163c  AxInstSV - ok
11:48:45.0467 0x163c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\WINDOWS\system32\drivers\bxvbda.sys
11:48:45.0482 0x163c  b06bdrv - ok
11:48:45.0498 0x163c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:48:45.0498 0x163c  BasicDisplay - ok
11:48:45.0529 0x163c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\WINDOWS\System32\drivers\BasicRender.sys
11:48:45.0529 0x163c  BasicRender - ok
11:48:45.0560 0x163c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
11:48:45.0560 0x163c  bcmfn2 - ok
11:48:45.0597 0x163c  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
11:48:45.0613 0x163c  BDESVC - ok
11:48:45.0629 0x163c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:48:45.0629 0x163c  Beep - ok
11:48:45.0676 0x163c  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE            C:\WINDOWS\System32\bfe.dll
11:48:45.0707 0x163c  BFE - ok
11:48:45.0754 0x163c  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
11:48:45.0769 0x163c  BITS - ok
11:48:45.0785 0x163c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
11:48:45.0801 0x163c  bowser - ok
11:48:45.0832 0x163c  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:48:45.0847 0x163c  BrokerInfrastructure - ok
11:48:45.0894 0x163c  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser        C:\WINDOWS\System32\browser.dll
11:48:45.0894 0x163c  Browser - ok
11:48:45.0926 0x163c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:48:45.0941 0x163c  BthAvrcpTg - ok
11:48:45.0988 0x163c  [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum      C:\WINDOWS\System32\drivers\bthhfenum.sys
11:48:45.0988 0x163c  BthHFEnum - ok
11:48:46.0035 0x163c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
11:48:46.0051 0x163c  bthhfhid - ok
11:48:46.0082 0x163c  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
11:48:46.0097 0x163c  BthHFSrv - ok
11:48:46.0144 0x163c  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
11:48:46.0144 0x163c  BTHMODEM - ok
11:48:46.0176 0x163c  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv        C:\WINDOWS\system32\bthserv.dll
11:48:46.0191 0x163c  bthserv - ok
11:48:46.0207 0x163c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:48:46.0207 0x163c  cdfs - ok
11:48:46.0238 0x163c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\WINDOWS\System32\drivers\cdrom.sys
11:48:46.0238 0x163c  cdrom - ok
11:48:46.0269 0x163c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc    C:\WINDOWS\System32\certprop.dll
11:48:46.0285 0x163c  CertPropSvc - ok
11:48:46.0301 0x163c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
11:48:46.0316 0x163c  circlass - ok
11:48:46.0332 0x163c  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
11:48:46.0348 0x163c  CLFS - ok
11:48:46.0519 0x163c  [ 1352A95AD8150440E0A5DD9745154D74, CF78A6267A246F747844FFA255783B5867B0A7232C65AF6224B25B2FBB893313 ] ClickToRunSvc  C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
11:48:46.0566 0x163c  ClickToRunSvc - ok
11:48:46.0598 0x163c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
11:48:46.0598 0x163c  CmBatt - ok
11:48:46.0644 0x163c  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG            C:\WINDOWS\system32\Drivers\cng.sys
11:48:46.0660 0x163c  CNG - ok
11:48:46.0676 0x163c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
11:48:46.0676 0x163c  CompositeBus - ok
11:48:46.0691 0x163c  COMSysApp - ok
11:48:46.0707 0x163c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
11:48:46.0707 0x163c  condrv - ok
11:48:46.0754 0x163c  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
11:48:46.0769 0x163c  cphs - ok
11:48:46.0801 0x163c  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
11:48:46.0801 0x163c  CryptSvc - ok
11:48:46.0832 0x163c  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam            C:\WINDOWS\system32\drivers\dam.sys
11:48:46.0832 0x163c  dam - ok
11:48:46.0910 0x163c  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:48:46.0926 0x163c  DcomLaunch - ok
11:48:46.0988 0x163c  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc      C:\WINDOWS\System32\defragsvc.dll
11:48:47.0004 0x163c  defragsvc - ok
11:48:47.0035 0x163c  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:48:47.0051 0x163c  DeviceAssociationService - ok
11:48:47.0082 0x163c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall  C:\WINDOWS\system32\umpnpmgr.dll
11:48:47.0082 0x163c  DeviceInstall - ok
11:48:47.0113 0x163c  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
11:48:47.0113 0x163c  Dfsc - ok
11:48:47.0144 0x163c  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
11:48:47.0160 0x163c  Dhcp - ok
11:48:47.0191 0x163c  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
11:48:47.0191 0x163c  disk - ok
11:48:47.0207 0x163c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\WINDOWS\System32\drivers\dmvsc.sys
11:48:47.0207 0x163c  dmvsc - ok
11:48:47.0238 0x163c  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:48:47.0254 0x163c  Dnscache - ok
11:48:47.0285 0x163c  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc        C:\WINDOWS\System32\dot3svc.dll
11:48:47.0301 0x163c  dot3svc - ok
11:48:47.0332 0x163c  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS            C:\WINDOWS\system32\dps.dll
11:48:47.0348 0x163c  DPS - ok
11:48:47.0363 0x163c  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
11:48:47.0363 0x163c  drmkaud - ok
11:48:47.0394 0x163c  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
11:48:47.0394 0x163c  DsmSvc - ok
11:48:47.0504 0x163c  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl        C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:48:47.0535 0x163c  DXGKrnl - ok
11:48:47.0566 0x163c  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost        C:\WINDOWS\System32\eapsvc.dll
11:48:47.0566 0x163c  Eaphost - ok
11:48:47.0754 0x163c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\WINDOWS\system32\drivers\evbda.sys
11:48:47.0894 0x163c  ebdrv - ok
11:48:47.0926 0x163c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS            C:\WINDOWS\System32\lsass.exe
11:48:47.0926 0x163c  EFS - ok
11:48:47.0957 0x163c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\WINDOWS\system32\drivers\EhStorClass.sys
11:48:47.0957 0x163c  EhStorClass - ok
11:48:47.0973 0x163c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:48:47.0988 0x163c  EhStorTcgDrv - ok
11:48:48.0019 0x163c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
11:48:48.0019 0x163c  ErrDev - ok
11:48:48.0051 0x163c  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem    C:\WINDOWS\system32\es.dll
11:48:48.0066 0x163c  EventSystem - ok
11:48:48.0098 0x163c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\WINDOWS\system32\drivers\exfat.sys
11:48:48.0129 0x163c  exfat - ok
11:48:48.0144 0x163c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\WINDOWS\system32\drivers\fastfat.sys
11:48:48.0160 0x163c  fastfat - ok
11:48:48.0207 0x163c  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax            C:\WINDOWS\system32\fxssvc.exe
11:48:48.0223 0x163c  Fax - ok
11:48:48.0238 0x163c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\WINDOWS\System32\drivers\fdc.sys
11:48:48.0238 0x163c  fdc - ok
11:48:48.0269 0x163c  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost        C:\WINDOWS\system32\fdPHost.dll
11:48:48.0269 0x163c  fdPHost - ok
11:48:48.0301 0x163c  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
11:48:48.0301 0x163c  FDResPub - ok
11:48:48.0332 0x163c  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc          C:\WINDOWS\system32\fhsvc.dll
11:48:48.0332 0x163c  fhsvc - ok
11:48:48.0363 0x163c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
11:48:48.0363 0x163c  FileInfo - ok
11:48:48.0395 0x163c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\WINDOWS\system32\drivers\filetrace.sys
11:48:48.0395 0x163c  Filetrace - ok
11:48:48.0410 0x163c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
11:48:48.0410 0x163c  flpydisk - ok
11:48:48.0441 0x163c  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:48:48.0441 0x163c  FltMgr - ok
11:48:48.0519 0x163c  [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache      C:\WINDOWS\system32\FntCache.dll
11:48:48.0551 0x163c  FontCache - ok
11:48:48.0645 0x163c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:48.0645 0x163c  FontCache3.0.0.0 - ok
11:48:48.0676 0x163c  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends      C:\WINDOWS\system32\drivers\FsDepends.sys
11:48:48.0691 0x163c  FsDepends - ok
11:48:48.0707 0x163c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:48:48.0707 0x163c  Fs_Rec - ok
11:48:48.0769 0x163c  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:48:48.0785 0x163c  fvevol - ok
11:48:48.0816 0x163c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\WINDOWS\System32\drivers\fxppm.sys
11:48:48.0832 0x163c  FxPPM - ok
11:48:48.0848 0x163c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
11:48:48.0848 0x163c  gagp30kx - ok
11:48:48.0879 0x163c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
11:48:48.0879 0x163c  gencounter - ok
11:48:48.0910 0x163c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:48:48.0910 0x163c  GPIOClx0101 - ok
11:48:48.0988 0x163c  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc          C:\WINDOWS\System32\gpsvc.dll
11:48:49.0020 0x163c  gpsvc - ok
11:48:49.0066 0x163c  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
11:48:49.0066 0x163c  HdAudAddService - ok
11:48:49.0098 0x163c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
11:48:49.0098 0x163c  HDAudBus - ok
11:48:49.0113 0x163c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\WINDOWS\System32\drivers\HidBatt.sys
11:48:49.0113 0x163c  HidBatt - ok
11:48:49.0145 0x163c  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
11:48:49.0145 0x163c  HidBth - ok
11:48:49.0160 0x163c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
11:48:49.0160 0x163c  hidi2c - ok
11:48:49.0191 0x163c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\WINDOWS\System32\drivers\hidir.sys
11:48:49.0191 0x163c  HidIr - ok
11:48:49.0207 0x163c  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv        C:\WINDOWS\system32\hidserv.dll
11:48:49.0207 0x163c  hidserv - ok
11:48:49.0238 0x163c  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
11:48:49.0238 0x163c  HidUsb - ok
11:48:49.0270 0x163c  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
11:48:49.0285 0x163c  hkmsvc - ok
11:48:49.0316 0x163c  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:48:49.0332 0x163c  HomeGroupListener - ok
11:48:49.0363 0x163c  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:48:49.0379 0x163c  HomeGroupProvider - ok
11:48:49.0410 0x163c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
11:48:49.0410 0x163c  HpSAMD - ok
11:48:49.0488 0x163c  [ B6639BF8236BDD3427B10C581332BE71, A6A9DB37BB83C70F01E7D99CA4891FD32F93A96C84215CFCC85AF41625C1023C ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
11:48:49.0504 0x163c  HPSupportSolutionsFrameworkService - ok
11:48:49.0566 0x163c  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
11:48:49.0598 0x163c  HTTP - ok
11:48:49.0613 0x163c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
11:48:49.0613 0x163c  hwpolicy - ok
11:48:49.0645 0x163c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
11:48:49.0645 0x163c  hyperkbd - ok
11:48:49.0645 0x163c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:48:49.0645 0x163c  HyperVideo - ok
11:48:49.0676 0x163c  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
11:48:49.0676 0x163c  i8042prt - ok
11:48:49.0676 0x163c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
11:48:49.0676 0x163c  iaLPSSi_GPIO - ok
11:48:49.0691 0x163c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
11:48:49.0707 0x163c  iaLPSSi_I2C - ok
11:48:49.0738 0x163c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
11:48:49.0754 0x163c  iaStorAV - ok
11:48:49.0816 0x163c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\WINDOWS\system32\drivers\iaStorV.sys
11:48:49.0816 0x163c  iaStorV - ok
11:48:49.0879 0x163c  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
11:48:49.0895 0x163c  ICCS - ok
11:48:50.0035 0x163c  [ DEA2F976E7327716AA0038EBF550003A, 5EA4666874F1D03879EA95F28228AC9EA3D7DF0F2E199EEE9B5BC6C81CA290B3 ] IconMan_R      C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:48:50.0098 0x163c  IconMan_R - ok
11:48:50.0098 0x163c  IEEtwCollectorService - ok
11:48:50.0301 0x163c  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
11:48:50.0504 0x163c  igfx - ok
11:48:50.0582 0x163c  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
11:48:50.0613 0x163c  IKEEXT - ok
11:48:50.0645 0x163c  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:48:50.0645 0x163c  IntcDAud - ok
11:48:50.0738 0x163c  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:48:50.0770 0x163c  Intel(R) Capability Licensing Service Interface - ok
11:48:50.0785 0x163c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
11:48:50.0785 0x163c  intelide - ok
11:48:50.0801 0x163c  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
11:48:50.0801 0x163c  intelpep - ok
11:48:50.0848 0x163c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
11:48:50.0848 0x163c  intelppm - ok
11:48:50.0879 0x163c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:48:50.0910 0x163c  IpFilterDriver - ok
11:48:50.0988 0x163c  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
11:48:51.0020 0x163c  iphlpsvc - ok
11:48:51.0035 0x163c  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:48:51.0035 0x163c  IPMIDRV - ok
11:48:51.0051 0x163c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\WINDOWS\system32\drivers\ipnat.sys
11:48:51.0066 0x163c  IPNAT - ok
11:48:51.0082 0x163c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
11:48:51.0098 0x163c  IRENUM - ok
11:48:51.0129 0x163c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
11:48:51.0129 0x163c  isapnp - ok
11:48:51.0160 0x163c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
11:48:51.0176 0x163c  iScsiPrt - ok
11:48:51.0238 0x163c  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:48:51.0238 0x163c  jhi_service - ok
11:48:51.0270 0x163c  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
11:48:51.0270 0x163c  kbdclass - ok
11:48:51.0285 0x163c  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
11:48:51.0301 0x163c  kbdhid - ok
11:48:51.0332 0x163c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\WINDOWS\system32\DRIVERS\kdnic.sys
11:48:51.0332 0x163c  kdnic - ok
11:48:51.0348 0x163c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
11:48:51.0348 0x163c  KeyIso - ok
11:48:51.0379 0x163c  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
11:48:51.0379 0x163c  KSecDD - ok
11:48:51.0426 0x163c  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg        C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:48:51.0426 0x163c  KSecPkg - ok
11:48:51.0473 0x163c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\WINDOWS\system32\drivers\ksthunk.sys
11:48:51.0473 0x163c  ksthunk - ok
11:48:51.0504 0x163c  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm          C:\WINDOWS\system32\msdtckrm.dll
11:48:51.0504 0x163c  KtmRm - ok
11:48:51.0551 0x163c  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
11:48:51.0567 0x163c  LanmanServer - ok
11:48:51.0598 0x163c  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:48:51.0613 0x163c  LanmanWorkstation - ok
11:48:51.0660 0x163c  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc          C:\WINDOWS\System32\GeofenceMonitorService.dll
11:48:51.0676 0x163c  lfsvc - ok
11:48:51.0692 0x163c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
11:48:51.0707 0x163c  lltdio - ok
11:48:51.0738 0x163c  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc        C:\WINDOWS\System32\lltdsvc.dll
11:48:51.0754 0x163c  lltdsvc - ok
11:48:51.0801 0x163c  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts        C:\WINDOWS\System32\lmhsvc.dll
11:48:51.0801 0x163c  lmhosts - ok
11:48:51.0832 0x163c  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:48:51.0832 0x163c  LMS - ok
11:48:51.0879 0x163c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\WINDOWS\system32\drivers\lsi_sas.sys
11:48:51.0895 0x163c  LSI_SAS - ok
11:48:51.0910 0x163c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
11:48:51.0910 0x163c  LSI_SAS2 - ok
11:48:51.0926 0x163c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
11:48:51.0942 0x163c  LSI_SAS3 - ok
11:48:51.0957 0x163c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\WINDOWS\system32\drivers\lsi_sss.sys
11:48:51.0957 0x163c  LSI_SSS - ok
11:48:52.0035 0x163c  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM            C:\WINDOWS\System32\lsm.dll
11:48:52.0051 0x163c  LSM - ok
11:48:52.0082 0x163c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\WINDOWS\system32\drivers\luafv.sys
11:48:52.0082 0x163c  luafv - ok
11:48:52.0113 0x163c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\WINDOWS\system32\drivers\megasas.sys
11:48:52.0113 0x163c  megasas - ok
11:48:52.0145 0x163c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
11:48:52.0160 0x163c  megasr - ok
11:48:52.0192 0x163c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
11:48:52.0192 0x163c  MEIx64 - ok
11:48:52.0223 0x163c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS          C:\WINDOWS\system32\mmcss.dll
11:48:52.0223 0x163c  MMCSS - ok
11:48:52.0254 0x163c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\WINDOWS\system32\drivers\modem.sys
11:48:52.0254 0x163c  Modem - ok
11:48:52.0270 0x163c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\WINDOWS\System32\drivers\monitor.sys
11:48:52.0270 0x163c  monitor - ok
11:48:52.0301 0x163c  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
11:48:52.0301 0x163c  mouclass - ok
11:48:52.0317 0x163c  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
11:48:52.0317 0x163c  mouhid - ok
11:48:52.0348 0x163c  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
11:48:52.0348 0x163c  mountmgr - ok
11:48:52.0410 0x163c  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:48:52.0426 0x163c  MozillaMaintenance - ok
11:48:52.0457 0x163c  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
11:48:52.0457 0x163c  mpsdrv - ok
11:48:52.0535 0x163c  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
11:48:52.0551 0x163c  MpsSvc - ok
11:48:52.0598 0x163c  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
11:48:52.0598 0x163c  MRxDAV - ok
11:48:52.0629 0x163c  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:48:52.0645 0x163c  mrxsmb - ok
11:48:52.0692 0x163c  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:48:52.0723 0x163c  mrxsmb10 - ok
11:48:52.0754 0x163c  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:48:52.0754 0x163c  mrxsmb20 - ok
11:48:52.0801 0x163c  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
11:48:52.0801 0x163c  MsBridge - ok
11:48:52.0832 0x163c  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC          C:\WINDOWS\System32\msdtc.exe
11:48:52.0832 0x163c  MSDTC - ok
11:48:52.0879 0x163c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:48:52.0879 0x163c  Msfs - ok
11:48:52.0895 0x163c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:48:52.0895 0x163c  msgpiowin32 - ok
11:48:52.0926 0x163c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:48:52.0926 0x163c  mshidkmdf - ok
11:48:52.0942 0x163c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\WINDOWS\System32\drivers\mshidumdf.sys
11:48:52.0942 0x163c  mshidumdf - ok
11:48:52.0957 0x163c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
11:48:52.0957 0x163c  msisadrv - ok
11:48:52.0989 0x163c  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI        C:\WINDOWS\system32\iscsiexe.dll
11:48:53.0004 0x163c  MSiSCSI - ok
11:48:53.0004 0x163c  msiserver - ok
11:48:53.0020 0x163c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:48:53.0020 0x163c  MSKSSRV - ok
11:48:53.0036 0x163c  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
11:48:53.0036 0x163c  MsLldp - ok
11:48:53.0051 0x163c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:48:53.0051 0x163c  MSPCLOCK - ok
11:48:53.0067 0x163c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
11:48:53.0067 0x163c  MSPQM - ok
11:48:53.0098 0x163c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\WINDOWS\system32\drivers\MsRPC.sys
11:48:53.0114 0x163c  MsRPC - ok
11:48:53.0129 0x163c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
11:48:53.0129 0x163c  mssmbios - ok
11:48:53.0145 0x163c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\WINDOWS\system32\drivers\MSTEE.sys
11:48:53.0145 0x163c  MSTEE - ok
11:48:53.0161 0x163c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
11:48:53.0161 0x163c  MTConfig - ok
11:48:53.0176 0x163c  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\WINDOWS\system32\Drivers\mup.sys
11:48:53.0176 0x163c  Mup - ok
11:48:53.0192 0x163c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
11:48:53.0207 0x163c  mvumis - ok
11:48:53.0239 0x163c  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
11:48:53.0254 0x163c  napagent - ok
11:48:53.0286 0x163c  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP    C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:48:53.0301 0x163c  NativeWifiP - ok
11:48:53.0332 0x163c  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
11:48:53.0332 0x163c  NcaSvc - ok
11:48:53.0379 0x163c  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
11:48:53.0379 0x163c  NcbService - ok
11:48:53.0411 0x163c  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
11:48:53.0411 0x163c  NcdAutoSetup - ok
11:48:53.0473 0x163c  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
11:48:53.0489 0x163c  NDIS - ok
11:48:53.0520 0x163c  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap        C:\WINDOWS\system32\DRIVERS\ndiscap.sys
11:48:53.0520 0x163c  NdisCap - ok
11:48:53.0567 0x163c  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
11:48:53.0567 0x163c  NdisImPlatform - ok
11:48:53.0582 0x163c  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:48:53.0582 0x163c  NdisTapi - ok
11:48:53.0582 0x163c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:48:53.0582 0x163c  Ndisuio - ok
11:48:53.0614 0x163c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
11:48:53.0614 0x163c  NdisVirtualBus - ok
11:48:53.0629 0x163c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:53.0645 0x163c  NdisWan - ok
11:48:53.0645 0x163c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:48:53.0661 0x163c  NdisWanLegacy - ok
11:48:53.0692 0x163c  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
11:48:53.0692 0x163c  NDProxy - ok
11:48:53.0707 0x163c  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu            C:\WINDOWS\system32\drivers\Ndu.sys
11:48:53.0707 0x163c  Ndu - ok
11:48:53.0739 0x163c  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
11:48:53.0739 0x163c  NetBIOS - ok
11:48:53.0770 0x163c  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
11:48:53.0770 0x163c  NetBT - ok
11:48:53.0786 0x163c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:48:53.0801 0x163c  Netlogon - ok
11:48:53.0832 0x163c  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
11:48:53.0832 0x163c  Netman - ok
11:48:53.0879 0x163c  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
11:48:53.0895 0x163c  netprofm - ok
11:48:54.0020 0x163c  [ 76E90502D9001077DA92F81126D06C9B, 9E5B6DD3F1DAF49D303A7B3F6763A25C5F55F1E67A33AA8572204E9105B092EF ] netr28x        C:\WINDOWS\system32\DRIVERS\netr28x.sys
11:48:54.0082 0x163c  netr28x - ok
11:48:54.0129 0x163c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:48:54.0129 0x163c  NetTcpPortSharing - ok
11:48:54.0161 0x163c  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
11:48:54.0176 0x163c  netvsc - ok
11:48:54.0207 0x163c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
11:48:54.0223 0x163c  NlaSvc - ok
11:48:54.0254 0x163c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:48:54.0254 0x163c  Npfs - ok
11:48:54.0270 0x163c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\WINDOWS\System32\drivers\npsvctrig.sys
11:48:54.0286 0x163c  npsvctrig - ok
11:48:54.0301 0x163c  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi            C:\WINDOWS\system32\nsisvc.dll
11:48:54.0317 0x163c  nsi - ok
11:48:54.0332 0x163c  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
11:48:54.0332 0x163c  nsiproxy - ok
11:48:54.0426 0x163c  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:48:54.0473 0x163c  Ntfs - ok
11:48:54.0504 0x163c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:48:54.0504 0x163c  Null - ok
11:48:54.0520 0x163c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
11:48:54.0520 0x163c  nvraid - ok
11:48:54.0551 0x163c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
11:48:54.0551 0x163c  nvstor - ok
11:48:54.0582 0x163c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
11:48:54.0582 0x163c  nv_agp - ok
11:48:54.0645 0x163c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:54.0661 0x163c  ose - ok
11:48:54.0707 0x163c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:48:54.0723 0x163c  p2pimsvc - ok
11:48:54.0754 0x163c  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
11:48:54.0770 0x163c  p2psvc - ok
11:48:54.0801 0x163c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\WINDOWS\System32\drivers\parport.sys
11:48:54.0817 0x163c  Parport - ok
11:48:54.0848 0x163c  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr        C:\WINDOWS\system32\drivers\partmgr.sys
11:48:54.0848 0x163c  partmgr - ok
11:48:54.0895 0x163c  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
11:48:54.0911 0x163c  PcaSvc - ok
11:48:54.0942 0x163c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\WINDOWS\system32\drivers\pci.sys
11:48:54.0942 0x163c  pci - ok
11:48:54.0973 0x163c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
11:48:54.0973 0x163c  pciide - ok
11:48:54.0989 0x163c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
11:48:54.0989 0x163c  pcmcia - ok
11:48:55.0020 0x163c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\WINDOWS\system32\drivers\pcw.sys
11:48:55.0020 0x163c  pcw - ok
11:48:55.0036 0x163c  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc            C:\WINDOWS\system32\drivers\pdc.sys
11:48:55.0051 0x163c  pdc - ok
11:48:55.0114 0x163c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
11:48:55.0129 0x163c  PEAUTH - ok
11:48:55.0176 0x163c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
11:48:55.0192 0x163c  PerfHost - ok
11:48:55.0286 0x163c  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla            C:\WINDOWS\system32\pla.dll
11:48:55.0332 0x163c  pla - ok
11:48:55.0348 0x163c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
11:48:55.0364 0x163c  PlugPlay - ok
11:48:55.0379 0x163c  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg    C:\WINDOWS\system32\pnrpauto.dll
11:48:55.0379 0x163c  PNRPAutoReg - ok
11:48:55.0411 0x163c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:48:55.0426 0x163c  PNRPsvc - ok
11:48:55.0473 0x163c  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent    C:\WINDOWS\System32\ipsecsvc.dll
11:48:55.0473 0x163c  PolicyAgent - ok
11:48:55.0504 0x163c  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power          C:\WINDOWS\system32\umpo.dll
11:48:55.0520 0x163c  Power - ok
11:48:55.0692 0x163c  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
11:48:55.0770 0x163c  PrintNotify - ok
11:48:55.0817 0x163c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\WINDOWS\System32\drivers\processr.sys
11:48:55.0817 0x163c  Processor - ok
11:48:55.0879 0x163c  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc        C:\WINDOWS\system32\profsvc.dll
11:48:55.0879 0x163c  ProfSvc - ok
11:48:55.0911 0x163c  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
11:48:55.0926 0x163c  Psched - ok
11:48:55.0973 0x163c  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE          C:\WINDOWS\system32\qwave.dll
11:48:55.0989 0x163c  QWAVE - ok
11:48:56.0036 0x163c  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
11:48:56.0036 0x163c  QWAVEdrv - ok
11:48:56.0051 0x163c  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:48:56.0051 0x163c  RasAcd - ok
11:48:56.0083 0x163c  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
11:48:56.0098 0x163c  RasAuto - ok
11:48:56.0145 0x163c  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:48:56.0176 0x163c  RasMan - ok
11:48:56.0192 0x163c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:48:56.0208 0x163c  RasPppoe - ok
11:48:56.0239 0x163c  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:48:56.0254 0x163c  rdbss - ok
11:48:56.0286 0x163c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
11:48:56.0286 0x163c  rdpbus - ok
11:48:56.0301 0x163c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\WINDOWS\system32\drivers\rdpdr.sys
11:48:56.0317 0x163c  RDPDR - ok
11:48:56.0348 0x163c  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:48:56.0348 0x163c  RdpVideoMiniport - ok
11:48:56.0379 0x163c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
11:48:56.0379 0x163c  rdyboost - ok
11:48:56.0442 0x163c  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
11:48:56.0458 0x163c  ReFS - ok
11:48:56.0504 0x163c  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:48:56.0520 0x163c  RemoteAccess - ok
11:48:56.0567 0x163c  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:48:56.0567 0x163c  RemoteRegistry - ok
11:48:56.0598 0x163c  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
11:48:56.0614 0x163c  RpcEptMapper - ok
11:48:56.0645 0x163c  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:48:56.0645 0x163c  RpcLocator - ok
11:48:56.0708 0x163c  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
11:48:56.0723 0x163c  RpcSs - ok
11:48:56.0770 0x163c  [ 60BCF0F09DD963D0F89F571F9D1EB8C1, 59BC9EA4D6C5B24352FC7C2DF4856398F6F734A2C52FD9A9195539593C37C8BC ] RSP2STOR        C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
11:48:56.0770 0x163c  RSP2STOR - ok
11:48:56.0801 0x163c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:48:56.0817 0x163c  rspndr - ok
11:48:56.0864 0x163c  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168        C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
11:48:56.0879 0x163c  RTL8168 - ok
11:48:56.0895 0x163c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\WINDOWS\System32\drivers\vms3cap.sys
11:48:56.0895 0x163c  s3cap - ok
11:48:56.0926 0x163c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs          C:\WINDOWS\system32\lsass.exe
11:48:56.0926 0x163c  SamSs - ok
11:48:56.0989 0x163c  [ CB08A85D0CCC29F2D84D97D3A445841A, 6093CE81003AA955080B7916B17D15D442FF47C04CB55F597F30B62710DC380D ] SandBox        C:\WINDOWS\system32\drivers\SandBox64.sys
11:48:57.0020 0x163c  SandBox - ok
11:48:57.0051 0x163c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
11:48:57.0051 0x163c  sbp2port - ok
11:48:57.0098 0x163c  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
11:48:57.0114 0x163c  SCardSvr - ok
11:48:57.0161 0x163c  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
11:48:57.0161 0x163c  ScDeviceEnum - ok
11:48:57.0192 0x163c  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:48:57.0192 0x163c  scfilter - ok
11:48:57.0254 0x163c  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:48:57.0286 0x163c  Schedule - ok
11:48:57.0317 0x163c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc    C:\WINDOWS\System32\certprop.dll
11:48:57.0333 0x163c  SCPolicySvc - ok
11:48:57.0364 0x163c  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus          C:\WINDOWS\System32\drivers\sdbus.sys
11:48:57.0364 0x163c  sdbus - ok
11:48:57.0395 0x163c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
11:48:57.0395 0x163c  sdstor - ok
11:48:57.0442 0x163c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
11:48:57.0442 0x163c  secdrv - ok
11:48:57.0473 0x163c  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
11:48:57.0473 0x163c  seclogon - ok
11:48:57.0504 0x163c  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
11:48:57.0504 0x163c  SENS - ok
11:48:57.0536 0x163c  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
11:48:57.0551 0x163c  SensrSvc - ok
11:48:57.0583 0x163c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\WINDOWS\system32\drivers\SerCx.sys
11:48:57.0583 0x163c  SerCx - ok
11:48:57.0614 0x163c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
11:48:57.0629 0x163c  SerCx2 - ok
11:48:57.0645 0x163c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\WINDOWS\System32\drivers\serenum.sys
11:48:57.0645 0x163c  Serenum - ok
11:48:57.0661 0x163c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
11:48:57.0661 0x163c  Serial - ok
11:48:57.0676 0x163c  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
11:48:57.0676 0x163c  sermouse - ok
11:48:57.0723 0x163c  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
11:48:57.0739 0x163c  SessionEnv - ok
11:48:57.0755 0x163c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\WINDOWS\System32\drivers\sfloppy.sys
11:48:57.0755 0x163c  sfloppy - ok
11:48:57.0801 0x163c  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:48:57.0817 0x163c  SharedAccess - ok
11:48:57.0864 0x163c  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:48:57.0880 0x163c  ShellHWDetection - ok
11:48:57.0895 0x163c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:48:57.0895 0x163c  SiSRaid2 - ok
11:48:57.0926 0x163c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
11:48:57.0926 0x163c  SiSRaid4 - ok
11:48:58.0020 0x163c  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
11:48:58.0036 0x163c  SkypeUpdate - ok
11:48:58.0067 0x163c  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost        C:\WINDOWS\System32\smphost.dll
11:48:58.0067 0x163c  smphost - ok
11:48:58.0098 0x163c  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
11:48:58.0098 0x163c  SNMPTRAP - ok
11:48:58.0145 0x163c  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport      C:\WINDOWS\system32\drivers\spaceport.sys
11:48:58.0145 0x163c  spaceport - ok
11:48:58.0176 0x163c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\WINDOWS\system32\drivers\SpbCx.sys
11:48:58.0176 0x163c  SpbCx - ok
11:48:58.0223 0x163c  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler        C:\WINDOWS\System32\spoolsv.exe
11:48:58.0239 0x163c  Spooler - ok
11:48:58.0505 0x163c  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
11:48:58.0661 0x163c  sppsvc - ok
11:48:58.0708 0x163c  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\WINDOWS\system32\DRIVERS\srv.sys
11:48:58.0739 0x163c  srv - ok
11:48:58.0786 0x163c  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
11:48:58.0801 0x163c  srv2 - ok
11:48:58.0833 0x163c  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:48:58.0833 0x163c  srvnet - ok
11:48:58.0880 0x163c  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
11:48:58.0895 0x163c  SSDPSRV - ok
11:48:58.0911 0x163c  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc        C:\WINDOWS\system32\sstpsvc.dll
11:48:58.0926 0x163c  SstpSvc - ok
11:48:58.0958 0x163c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
11:48:58.0958 0x163c  stexstor - ok
11:48:58.0989 0x163c  [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam        C:\WINDOWS\System32\drivers\serscan.sys
11:48:58.0989 0x163c  StillCam - ok
11:48:59.0036 0x163c  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
11:48:59.0067 0x163c  stisvc - ok
11:48:59.0098 0x163c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
11:48:59.0098 0x163c  storahci - ok
11:48:59.0114 0x163c  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt        C:\WINDOWS\system32\drivers\vmstorfl.sys
11:48:59.0130 0x163c  storflt - ok
11:48:59.0161 0x163c  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
11:48:59.0161 0x163c  stornvme - ok
11:48:59.0192 0x163c  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc        C:\WINDOWS\system32\storsvc.dll
11:48:59.0192 0x163c  StorSvc - ok
11:48:59.0223 0x163c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\WINDOWS\system32\drivers\storvsc.sys
11:48:59.0223 0x163c  storvsc - ok
11:48:59.0255 0x163c  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc          C:\WINDOWS\system32\svsvc.dll
11:48:59.0255 0x163c  svsvc - ok
11:48:59.0270 0x163c  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
11:48:59.0270 0x163c  swenum - ok
11:48:59.0317 0x163c  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv          C:\WINDOWS\System32\swprv.dll
11:48:59.0333 0x163c  swprv - ok
11:48:59.0380 0x163c  [ 3F45C3FE208CA5E68832B65C597A35A6, EACE9AAFC01C2BA52F4DA129AEF7BFA3CF7F10146E4F4330CD344BFC39DC959C ] SynTP          C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:48:59.0395 0x163c  SynTP - ok
11:48:59.0458 0x163c  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain        C:\WINDOWS\system32\sysmain.dll
11:48:59.0489 0x163c  SysMain - ok
11:48:59.0520 0x163c  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:48:59.0520 0x163c  SystemEventsBroker - ok
11:48:59.0567 0x163c  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:48:59.0567 0x163c  TabletInputService - ok
11:48:59.0630 0x163c  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
11:48:59.0645 0x163c  TapiSrv - ok
11:48:59.0770 0x163c  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip          C:\WINDOWS\system32\drivers\tcpip.sys
11:48:59.0833 0x163c  Tcpip - ok
11:48:59.0911 0x163c  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:48:59.0958 0x163c  TCPIP6 - ok
11:49:00.0005 0x163c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
11:49:00.0005 0x163c  tcpipreg - ok
11:49:00.0036 0x163c  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\WINDOWS\system32\DRIVERS\tdx.sys
11:49:00.0036 0x163c  tdx - ok
11:49:00.0067 0x163c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
11:49:00.0067 0x163c  terminpt - ok
11:49:00.0145 0x163c  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService    C:\WINDOWS\System32\termsrv.dll
11:49:00.0176 0x163c  TermService - ok
11:49:00.0208 0x163c  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
11:49:00.0208 0x163c  Themes - ok
11:49:00.0223 0x163c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER    C:\WINDOWS\system32\mmcss.dll
11:49:00.0223 0x163c  THREADORDER - ok
11:49:00.0255 0x163c  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
11:49:00.0255 0x163c  TimeBroker - ok
11:49:00.0286 0x163c  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\WINDOWS\system32\drivers\tpm.sys
11:49:00.0301 0x163c  TPM - ok
11:49:00.0317 0x163c  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
11:49:00.0333 0x163c  TrkWks - ok
11:49:00.0380 0x163c  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:49:00.0380 0x163c  TrustedInstaller - ok
11:49:00.0395 0x163c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
11:49:00.0395 0x163c  TsUsbFlt - ok
11:49:00.0411 0x163c  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD        C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:49:00.0411 0x163c  TsUsbGD - ok
11:49:00.0458 0x163c  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
11:49:00.0458 0x163c  tunnel - ok
11:49:00.0473 0x163c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
11:49:00.0473 0x163c  uagp35 - ok
11:49:00.0505 0x163c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
11:49:00.0505 0x163c  UASPStor - ok
11:49:00.0536 0x163c  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
11:49:00.0536 0x163c  UCX01000 - ok
11:49:00.0567 0x163c  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
11:49:00.0583 0x163c  udfs - ok
11:49:00.0598 0x163c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
11:49:00.0614 0x163c  UEFI - ok
11:49:00.0645 0x163c  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect      C:\WINDOWS\system32\UI0Detect.exe
11:49:00.0645 0x163c  UI0Detect - ok
11:49:00.0677 0x163c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
11:49:00.0677 0x163c  uliagpkx - ok
11:49:00.0708 0x163c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\WINDOWS\System32\drivers\umbus.sys
11:49:00.0708 0x163c  umbus - ok
11:49:00.0723 0x163c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
11:49:00.0723 0x163c  UmPass - ok
11:49:00.0770 0x163c  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
11:49:00.0770 0x163c  UmRdpService - ok
11:49:00.0848 0x163c  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:49:00.0880 0x163c  UNS - ok
11:49:00.0927 0x163c  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:49:00.0973 0x163c  upnphost - ok
11:49:01.0005 0x163c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\WINDOWS\System32\drivers\usbccgp.sys
11:49:01.0005 0x163c  usbccgp - ok
11:49:01.0036 0x163c  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
11:49:01.0036 0x163c  usbcir - ok
11:49:01.0067 0x163c  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\WINDOWS\System32\drivers\usbehci.sys
11:49:01.0067 0x163c  usbehci - ok
11:49:01.0130 0x163c  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
11:49:01.0145 0x163c  usbhub - ok
11:49:01.0177 0x163c  [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3        C:\WINDOWS\System32\drivers\UsbHub3.sys
11:49:01.0177 0x163c  USBHUB3 - ok
11:49:01.0239 0x163c  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\WINDOWS\System32\drivers\usbohci.sys
11:49:01.0239 0x163c  usbohci - ok
11:49:01.0270 0x163c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
11:49:01.0286 0x163c  usbprint - ok
11:49:01.0333 0x163c  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:49:01.0333 0x163c  USBSTOR - ok
11:49:01.0364 0x163c  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\WINDOWS\System32\drivers\usbuhci.sys
11:49:01.0364 0x163c  usbuhci - ok
11:49:01.0411 0x163c  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
11:49:01.0411 0x163c  usbvideo - ok
11:49:01.0442 0x163c  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI        C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:49:01.0458 0x163c  USBXHCI - ok
11:49:01.0473 0x163c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
11:49:01.0489 0x163c  VaultSvc - ok
11:49:01.0536 0x163c  VBCoreNT.1 - ok
11:49:01.0567 0x163c  [ 5C6F242988940CEB75E8CB697F416094, 8AC700B88FD7DAA61E247C1FEC4B4F2C3A402E15840D7E30F91C08DB0A3DBB41 ] VBEngNT        C:\WINDOWS\system32\drivers\VBEngNT.sys
11:49:01.0583 0x163c  VBEngNT - ok
11:49:01.0583 0x163c  [ E3CCD7419EFC64FB57C0F650F295AFF1, E6E0F6852CD86214F9A8C61A605F025F2EB575AFBAFA0EEADA5F15E645712346 ] VBFilt          C:\WINDOWS\system32\Filt\VBFilt64.dll
11:49:01.0598 0x163c  VBFilt - ok
11:49:01.0614 0x163c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
11:49:01.0614 0x163c  vdrvroot - ok
11:49:01.0708 0x163c  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds            C:\WINDOWS\System32\vds.exe
11:49:01.0739 0x163c  vds - ok
11:49:01.0786 0x163c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\WINDOWS\system32\drivers\VerifierExt.sys
11:49:01.0786 0x163c  VerifierExt - ok
11:49:01.0833 0x163c  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp          C:\WINDOWS\System32\drivers\vhdmp.sys
11:49:01.0848 0x163c  vhdmp - ok
11:49:01.0864 0x163c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
11:49:01.0864 0x163c  viaide - ok
11:49:01.0880 0x163c  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus          C:\WINDOWS\system32\drivers\vmbus.sys
11:49:01.0895 0x163c  vmbus - ok
11:49:01.0911 0x163c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
11:49:01.0911 0x163c  VMBusHID - ok
11:49:01.0942 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
11:49:01.0958 0x163c  vmicguestinterface - ok
11:49:01.0989 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat  C:\WINDOWS\System32\ICSvc.dll
11:49:01.0989 0x163c  vmicheartbeat - ok
11:49:02.0020 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:49:02.0020 0x163c  vmickvpexchange - ok
11:49:02.0052 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv        C:\WINDOWS\System32\ICSvc.dll
11:49:02.0067 0x163c  vmicrdv - ok
11:49:02.0083 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
11:49:02.0098 0x163c  vmicshutdown - ok
11:49:02.0114 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
11:49:02.0130 0x163c  vmictimesync - ok
11:49:02.0145 0x163c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss        C:\WINDOWS\System32\ICSvc.dll
11:49:02.0161 0x163c  vmicvss - ok
11:49:02.0192 0x163c  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
11:49:02.0192 0x163c  volmgr - ok
11:49:02.0223 0x163c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\WINDOWS\system32\drivers\volmgrx.sys
11:49:02.0239 0x163c  volmgrx - ok
11:49:02.0270 0x163c  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\WINDOWS\system32\drivers\volsnap.sys
11:49:02.0286 0x163c  volsnap - ok
11:49:02.0317 0x163c  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
11:49:02.0317 0x163c  vpci - ok
11:49:02.0364 0x163c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\WINDOWS\system32\drivers\vsmraid.sys
11:49:02.0364 0x163c  vsmraid - ok
11:49:02.0442 0x163c  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS            C:\WINDOWS\system32\vssvc.exe
11:49:02.0473 0x163c  VSS - ok
11:49:02.0505 0x163c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
11:49:02.0520 0x163c  VSTXRAID - ok
11:49:02.0567 0x163c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
11:49:02.0567 0x163c  vwifibus - ok
11:49:02.0614 0x163c  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
11:49:02.0614 0x163c  vwififlt - ok
11:49:02.0630 0x163c  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp        C:\WINDOWS\system32\DRIVERS\vwifimp.sys
11:49:02.0630 0x163c  vwifimp - ok
11:49:02.0677 0x163c  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time        C:\WINDOWS\system32\w32time.dll
11:49:02.0692 0x163c  W32Time - ok
11:49:02.0708 0x163c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
11:49:02.0708 0x163c  WacomPen - ok
11:49:02.0786 0x163c  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
11:49:02.0817 0x163c  wbengine - ok
11:49:02.0864 0x163c  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
11:49:02.0880 0x163c  WbioSrvc - ok
11:49:02.0911 0x163c  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
11:49:02.0911 0x163c  Wcmsvc - ok
11:49:02.0974 0x163c  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc        C:\WINDOWS\System32\wcncsvc.dll
11:49:02.0974 0x163c  wcncsvc - ok
11:49:03.0005 0x163c  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:49:03.0005 0x163c  WcsPlugInService - ok
11:49:03.0036 0x163c  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
11:49:03.0036 0x163c  WdBoot - ok
11:49:03.0083 0x163c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
11:49:03.0114 0x163c  Wdf01000 - ok
11:49:03.0145 0x163c  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
11:49:03.0161 0x163c  WdFilter - ok
11:49:03.0192 0x163c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
11:49:03.0192 0x163c  WdiServiceHost - ok
11:49:03.0208 0x163c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost  C:\WINDOWS\system32\wdi.dll
11:49:03.0224 0x163c  WdiSystemHost - ok
11:49:03.0255 0x163c  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
11:49:03.0255 0x163c  WdNisDrv - ok
11:49:03.0270 0x163c  WdNisSvc - ok
11:49:03.0317 0x163c  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient      C:\WINDOWS\System32\webclnt.dll
11:49:03.0317 0x163c  WebClient - ok
11:49:03.0364 0x163c  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
11:49:03.0395 0x163c  Wecsvc - ok
11:49:03.0427 0x163c  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
11:49:03.0442 0x163c  WEPHOSTSVC - ok
11:49:03.0474 0x163c  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport  C:\WINDOWS\System32\wercplsupport.dll
11:49:03.0489 0x163c  wercplsupport - ok
11:49:03.0505 0x163c  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
11:49:03.0505 0x163c  WerSvc - ok
11:49:03.0552 0x163c  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS        C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
11:49:03.0552 0x163c  WFPLWFS - ok
11:49:03.0567 0x163c  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
11:49:03.0583 0x163c  WiaRpc - ok
11:49:03.0599 0x163c  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
11:49:03.0599 0x163c  WIMMount - ok
11:49:03.0614 0x163c  WinDefend - ok
11:49:03.0661 0x163c  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:49:03.0692 0x163c  WinHttpAutoProxySvc - ok
11:49:03.0739 0x163c  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
11:49:03.0755 0x163c  Winmgmt - ok
11:49:03.0895 0x163c  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM          C:\WINDOWS\system32\WsmSvc.dll
11:49:03.0974 0x163c  WinRM - ok
11:49:04.0020 0x163c  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
11:49:04.0036 0x163c  WirelessButtonDriver - ok
11:49:04.0099 0x163c  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc        C:\WINDOWS\System32\wlansvc.dll
11:49:04.0130 0x163c  WlanSvc - ok
11:49:04.0208 0x163c  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc        C:\WINDOWS\system32\wlidsvc.dll
11:49:04.0255 0x163c  wlidsvc - ok
11:49:04.0286 0x163c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\WINDOWS\System32\drivers\wmiacpi.sys
11:49:04.0286 0x163c  WmiAcpi - ok
11:49:04.0317 0x163c  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:49:04.0333 0x163c  wmiApSrv - ok
11:49:04.0349 0x163c  WMPNetworkSvc - ok
11:49:04.0380 0x163c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\WINDOWS\system32\drivers\Wof.sys
11:49:04.0395 0x163c  Wof - ok
11:49:04.0505 0x163c  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
11:49:04.0552 0x163c  workfolderssvc - ok
11:49:04.0567 0x163c  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr        C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:49:04.0583 0x163c  wpcfltr - ok
11:49:04.0599 0x163c  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
11:49:04.0599 0x163c  WPCSvc - ok
11:49:04.0630 0x163c  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
11:49:04.0630 0x163c  WPDBusEnum - ok
11:49:04.0677 0x163c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:49:04.0677 0x163c  WpdUpFltr - ok
11:49:04.0708 0x163c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:49:04.0708 0x163c  ws2ifsl - ok
11:49:04.0755 0x163c  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:49:04.0770 0x163c  wscsvc - ok
11:49:04.0786 0x163c  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
11:49:04.0786 0x163c  WSDPrintDevice - ok
11:49:04.0786 0x163c  WSearch - ok
11:49:04.0927 0x163c  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService      C:\WINDOWS\System32\WSService.dll
11:49:05.0099 0x163c  WSService - ok
11:49:05.0271 0x163c  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
11:49:05.0427 0x163c  wuauserv - ok
11:49:05.0458 0x163c  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
11:49:05.0458 0x163c  WudfPf - ok
11:49:05.0489 0x163c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
11:49:05.0505 0x163c  WUDFRd - ok
11:49:05.0536 0x163c  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc        C:\WINDOWS\System32\WUDFSvc.dll
11:49:05.0536 0x163c  wudfsvc - ok
11:49:05.0552 0x163c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs      C:\WINDOWS\System32\drivers\WUDFRd.sys
11:49:05.0552 0x163c  WUDFWpdFs - ok
11:49:05.0599 0x163c  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc        C:\WINDOWS\System32\wwansvc.dll
11:49:05.0614 0x163c  WwanSvc - ok
11:49:05.0646 0x163c  ================ Scan global ===============================
11:49:05.0708 0x163c  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
11:49:05.0739 0x163c  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
11:49:05.0771 0x163c  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
11:49:05.0833 0x163c  [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\WINDOWS\system32\services.exe
11:49:05.0849 0x163c  [ Global ] - ok
11:49:05.0849 0x163c  ================ Scan MBR ==================================
11:49:05.0864 0x163c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:49:05.0864 0x163c  \Device\Harddisk0\DR0 - ok
11:49:05.0864 0x163c  ================ Scan VBR ==================================
11:49:05.0880 0x163c  [ 7573D6ADFEA8D4D9096C8D09F6EA733F ] \Device\Harddisk0\DR0\Partition1
11:49:05.0880 0x163c  \Device\Harddisk0\DR0\Partition1 - ok
11:49:05.0896 0x163c  [ 0ED55A58558BE4CBC8791F0438C88EB7 ] \Device\Harddisk0\DR0\Partition2
11:49:05.0911 0x163c  \Device\Harddisk0\DR0\Partition2 - ok
11:49:05.0927 0x163c  [ 391BDA0E8531A3E7439920D3D0414463 ] \Device\Harddisk0\DR0\Partition3
11:49:05.0927 0x163c  \Device\Harddisk0\DR0\Partition3 - ok
11:49:05.0942 0x163c  [ C559B6AD88DFABAE85FFFE62BB3448A4 ] \Device\Harddisk0\DR0\Partition4
11:49:05.0974 0x163c  \Device\Harddisk0\DR0\Partition4 - ok
11:49:05.0974 0x163c  ================ Scan generic autorun ======================
11:49:06.0021 0x163c  SynTPEnh - ok
11:49:06.0052 0x163c  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\WINDOWS\system32\igfxtray.exe
11:49:06.0067 0x163c  IgfxTray - ok
11:49:06.0099 0x163c  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\WINDOWS\system32\hkcmd.exe
11:49:06.0114 0x163c  HotKeysCmds - ok
11:49:06.0130 0x163c  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\WINDOWS\system32\igfxpers.exe
11:49:06.0146 0x163c  Persistence - ok
11:49:06.0364 0x163c  [ BD707ECBC6B7EFA57F270D2378A46065, 1EDE0B87798E344A8EE9AAEACFB1E94323901803C95D3E7F3396B11EB993880E ] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
11:49:06.0458 0x163c  OutpostMonitor - ok
11:49:06.0536 0x163c  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
11:49:06.0552 0x163c  HP Software Update - ok
11:49:06.0708 0x163c  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
11:49:06.0755 0x163c  HP Officejet 6600 (NET) - ok
11:49:06.0755 0x163c  Waiting for KSN requests completion. In queue: 82
11:49:07.0771 0x163c  Waiting for KSN requests completion. In queue: 82
11:49:08.0786 0x163c  Waiting for KSN requests completion. In queue: 82
11:49:09.0896 0x163c  AV detected via SS2: Outpost Security Suite Pro, C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe ( 9.10.4643.15826 ), 0x42000 ( disabled : updated )
11:49:09.0896 0x163c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
11:49:09.0896 0x163c  FW detected via SS2: Outpost Security Suite Pro, C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe ( 9.10.4643.15826 ), 0x42010 ( disabled )
11:49:09.0943 0x163c  Win FW state via NFP2: disabled
11:49:12.0333 0x163c  ============================================================
11:49:12.0333 0x163c  Scan finished
11:49:12.0333 0x163c  ============================================================
11:49:12.0349 0x10a8  Detected object count: 0
11:49:12.0349 0x10a8  Actual detected object count: 0
11:49:20.0959 0x1650  Deinitialize success

schrauber 09.05.2015 08:10
Sieht eigentlich gut aus. Bemerkst Du irgendwelche Probleme?

DummDumm 09.05.2015 14:21
Äh, wir hatten den Rechner aus gelassen, um die Antwort abzuwarten.

schrauber 10.05.2015 06:18
Dann mal ausgiebig testen, die Logs sind sauber :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131