| |
| |||||||
Log-Analyse und Auswertung: Entfernung von Trojaner: Crypt6.MAXWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.11.2016, 18:58
| #1 |
| |  Entfernung von Trojaner: Crypt6.MAX Hallo, Das Problem: Trojaner: Crypt6.MAX.Von: f:/BONZI BUDDY FREE 32 DOWNLOADER.EXE. Ich habe mir am 14.11 die Schadware "Crypt6.MAX eingefangen, als ich mir eine Version von "Bonzi Buddy herunterladen wollte. Leider wusste ich zu diesem Zeitpunkt noch nicht, dass dieses (nicht alle) Programm schädlich ist.Es hat sich im "Ordner" DVD-Laufwerk eingenistet. Ich habe noch nichts dagegen unternommen, da ich nicht weiß, wie ich es entfernen soll und da es bis jetzt noch nichts (wie die meisten Crypto-Trojaner) gesperrt hat. Mein Antivirus Programm behauptet, dass es schädlich ist und als Vorsichtsmaßnahme will ich es nicht auf meinem Rechner haben. Ich bedanke mich für Ihre Hilfe. |
|
19.11.2016, 19:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Entfernung von Trojaner: Crypt6.MAX Hallo und
__________________ +++ WICHTIGER HINWEIS +++ Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache. Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung! Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben. Gelesen und verstanden? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
20.11.2016, 20:41
| #3 |
| | Entfernung von Trojaner: Crypt6.MAX Es tut mir Leid, aber ich bin diese Woche sehr beschäftigt und habe viel zu tun. Ich werde es bis Freitag nicht mehr schaffen, diese Dinge zu tun. Ich werde es dann wahrscheinlich am Freitag machen.
__________________Danke für die Antwort. PS: Das ist das einzige Antivirenprogramm, welches ich besitze. Das war der einzige Log. |
|
25.11.2016, 19:32
| #4 |
| | FRST.txtCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
durchgeführt von Niklas (Administrator) auf NIKLASPC (25-11-2016 19:22:40)
Gestartet von C:\Users\Niklas\Downloads
Geladene Profile: Niklas (Verfügbare Profile: Niklas)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitsum LLC) C:\Program Files\ParkControl\ParkControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\Discord.exe
(Spotify Ltd) C:\Users\Niklas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Niklas\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Mindspark) C:\Program Files (x86)\DownSpeedTest_dq\bar\1.bin\AppIntegrator64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Spotify Ltd) C:\Users\Niklas\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Niklas\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Niklas\AppData\Roaming\Spotify\Spotify.exe
(Hammer & Chisel, Inc.) C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\Discord.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7546072 2014-03-10] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DownSpeedTest AppIntegrator 64-bit] => C:\Program Files (x86)\DownSpeedTest_dq\bar\1.bin\AppIntegrator64.exe [265752 2015-07-19] (Mindspark)
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [DiskPower] => "C:\Program Files (x86)\DPower\DiskPower.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Run: [Discord] => C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Run: [Spotify Web Helper] => C:\Users\Niklas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-14] (Spotify Ltd)
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Run: [Spotify] => C:\Users\Niklas\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-11-14] (Spotify Ltd)
Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{13E7A4B4-0FAC-42FC-90E7-81521E8CBA09}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{F9859426-C3DC-474E-ACA4-D9C927BB889E}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207569081364620&GUID=DDB3F432-670E-6E3C-1C37-D244DC1CD63C
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207569081398516&GUID=DDB3F432-670E-6E3C-1C37-D244DC1CD63C
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207569081375244&GUID=DDB3F432-670E-6E3C-1C37-D244DC1CD63C
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6OrSFcuUx2RZvL_kx9wcD57RY0w4yjKnhT_NQh5_5ptlnE4vXI0_0qoZeU0KYcyIUKCyxwdA45GnJcanRqCiM3rvRs9wblTXEtaIEcwEF-eYuzdSkdpvjwjcpfLNXg2i8qM2CQ0hYrRwbINQYlzehazLr8vYViC8EDndS7Jjpk,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6OrSFcuUx2RZvL_kx9wcD57RY0w4yjKnhT_NQh5_5ptlnE4vXI0_0qoZeU0KYcyIUKCyxwdA45GnJcanRqCiM3rvRs9wblTXEtaIEcwEF-eYuzdSkdpvjwjcpfLNXg2i8qM2CQ0hYrRwbINQYlzehazLr8vYViC8EDndS7Jjpk,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {4780C440-678E-4273-A476-3EFABB6AB846} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {ca6a7ab9-f4b5-4d50-b5d2-33e996549ae3} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BXM^xdm002^YYA^at&ptb=D306D7C9-CDA9-4A99-8B5A-898F4D8252F3&ind=2015071908&n=781b8ea4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-4002155861-1023576183-3166084196-1002 -> {4780C440-678E-4273-A476-3EFABB6AB846} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4002155861-1023576183-3166084196-1002 -> {ca6a7ab9-f4b5-4d50-b5d2-33e996549ae3} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BXM^xdm002^YYA^at&ptb=D306D7C9-CDA9-4A99-8B5A-898F4D8252F3&ind=2015071908&n=781b8ea4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-4002155861-1023576183-3166084196-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6OrSFcuUx2RZvL_kx9wcD57RY0w4yjKnhT_NQh5_5ptlnE4vXI0_0qoZeU0KYcyIUKCyxwdA45GnJcanRqCiM3rvRs9wblTXEtaIEcwEF-eYuzdSkdpvjwjcpfLNXg2i8qM2CQ0hYrRwbINQYlzehazLr8vYViC8EDndS7Jjpk,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-11-18] (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {481f6b47-2ad8-4c6a-8554-a2897e6cf900} -> C:\Program Files (x86)\DownSpeedTest_dq\bar\1.bin\dqSrcAs.dll [2015-07-19] (Mindspark)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-11-18] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-18] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin HKU\S-1-5-21-4002155861-1023576183-3166084196-1002: @nsroblox.roblox.com/launcher -> C:\Users\Niklas\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4002155861-1023576183-3166084196-1002: @nsroblox.roblox.com/launcher64 -> C:\Users\Niklas\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
Chrome:
=======
CHR Profile: C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default [2016-11-25]
CHR Extension: (Google Docs) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-25]
CHR Extension: (Google Drive) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-25]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-10-25]
CHR Extension: (YouTube) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-25]
CHR Extension: (Adblock Plus) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Tabellen) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-25]
CHR Extension: (AdBlock) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-25]
CHR Extension: (Google Mail) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-05] () [Datei ist nicht signiert]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2050040 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-10-30] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-06] (Hewlett-Packard Development Company, L.P.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [Datei ist nicht signiert]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-05-31] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-05-30] (Razer Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-04] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-17] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-17] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-17] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [73480 2016-06-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [Datei ist nicht signiert]
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3468504 2014-05-23] (Realtek Semiconductor Corporation )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-06-01] (Razer, Inc.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R2 zdwfp; C:\Windows\system32\Drivers\zdwfp64.sys [46352 2016-03-04] (zdengine)
S3 GENERICDRV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\pftA2FC.tmp\amifldrv64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-11-25 19:22 - 2016-11-25 19:24 - 00027456 _____ C:\Users\Niklas\Downloads\FRST.txt
2016-11-25 19:22 - 2016-11-25 19:22 - 00000000 ____D C:\FRST
2016-11-25 19:07 - 2016-11-25 19:07 - 02412032 _____ (Farbar) C:\Users\Niklas\Downloads\FRST64.exe
2016-11-25 19:00 - 2016-11-25 19:00 - 00000000 ____D C:\Users\Niklas\AppData\Local\ElevatedDiagnostics
2016-11-25 18:56 - 2016-11-25 18:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-25 18:56 - 2016-11-25 18:56 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-11-19 21:47 - 2016-11-19 21:47 - 00000221 _____ C:\Users\Niklas\Desktop\Rock of Ages.url
2016-11-14 20:19 - 2016-11-14 20:18 - 01157120 _____ C:\Users\Niklas\Downloads\Bonzi Buddy Free 32 Downloader.iso
2016-11-14 18:35 - 2016-11-14 18:35 - 00000000 ____D C:\Program Files (x86)\BonziBuddy432
2016-11-14 18:29 - 2016-10-28 22:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-14 18:29 - 2016-10-28 22:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-11 19:21 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-11 19:21 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-11 19:21 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-11 19:21 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-11 19:21 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-11 19:21 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-11 19:21 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-11 19:21 - 2016-10-25 15:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-11 19:21 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-11 19:21 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-11 19:21 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-11 19:21 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-11 19:21 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-11 19:21 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-11 19:21 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-11 19:21 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-11 19:21 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-11 19:21 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-11 19:21 - 2016-09-09 23:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-11-11 19:21 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-11-11 19:21 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-11 19:20 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-11 19:20 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-11 19:20 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-11 19:20 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-11 19:20 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-11 19:20 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-11 19:20 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-11 19:20 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-11 19:20 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-11 19:20 - 2016-10-27 18:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-11 19:20 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-11 19:20 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-11 19:20 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-11 19:20 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-11 19:20 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-11 19:20 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-11 19:20 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-11 19:20 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-11 19:20 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-11 19:20 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-11 19:20 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-11 19:20 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-11 19:20 - 2016-10-22 17:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-11 19:20 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-11 19:20 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-11 19:20 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-11 19:20 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-11 19:20 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-11 19:20 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-11 19:20 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-11 19:20 - 2016-10-12 09:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-11 19:20 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-11 19:20 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-11 19:20 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-11 19:20 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-11 19:20 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-11 19:20 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-11 19:20 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-11 19:20 - 2016-10-09 23:59 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-11 19:20 - 2016-10-09 00:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-11 19:20 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-11-11 19:20 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-11 19:20 - 2016-10-08 23:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-11 19:20 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-11 19:20 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-11 19:20 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-11 19:20 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-11 19:20 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-11 19:20 - 2016-09-09 23:14 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-11-11 19:20 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-11-11 19:20 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-11-11 19:20 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-11 19:20 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2016-11-11 19:20 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2016-11-11 19:20 - 2016-09-09 14:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-11 19:20 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll
2016-11-11 19:20 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2016-11-11 19:20 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll
2016-11-11 19:20 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-11-11 19:20 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-11-11 19:20 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-11-11 19:20 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-11-11 19:20 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-11-11 19:20 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-11-11 19:20 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-11-11 19:20 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-11-11 19:20 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2016-11-11 19:20 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2016-11-11 19:20 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-11-11 19:20 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-10-30 18:25 - 2016-11-25 19:07 - 00000000 ____D C:\Users\Niklas\Documents\Youcam
2016-10-28 20:27 - 2016-10-28 20:27 - 00002515 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2016-10-28 20:27 - 2016-10-28 20:27 - 00000000 ____D C:\Users\Niklas\AppData\Roaming\WildTangent
2016-10-28 20:27 - 2016-10-28 20:27 - 00000000 ____D C:\ProgramData\BlueStacks
2016-10-28 20:19 - 2016-10-28 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParkControl
2016-10-28 20:17 - 2016-10-28 20:17 - 00000000 ____D C:\Users\Niklas\AppData\LocalLow\Oracle
2016-10-28 16:45 - 2016-10-28 16:45 - 00000000 ____D C:\Users\Niklas\Documents\OneNote Notebooks
2016-10-28 16:44 - 2016-10-28 16:44 - 00344064 _____ C:\Users\Niklas\Documents\My New App.accdb
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-11-25 19:23 - 2016-01-04 16:18 - 00000000 ____D C:\Users\Niklas\Documents\My Games
2016-11-25 19:23 - 2016-01-02 15:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-25 19:22 - 2016-01-08 15:30 - 00000000 ____D C:\Users\Niklas\AppData\Roaming\Skype
2016-11-25 19:09 - 2016-09-17 19:03 - 00000000 ____D C:\Users\Niklas\AppData\Roaming\Spotify
2016-11-25 19:08 - 2015-07-19 12:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4002155861-1023576183-3166084196-1002
2016-11-25 19:05 - 2016-09-17 19:04 - 00000000 ____D C:\Users\Niklas\AppData\Local\Spotify
2016-11-25 19:04 - 2016-10-25 13:36 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-25 19:04 - 2015-07-19 12:20 - 00000000 ___DO C:\Users\Niklas\OneDrive
2016-11-25 19:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2016-11-25 18:51 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-25 18:51 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-25 18:42 - 2016-10-25 13:37 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-25 18:33 - 2016-09-23 17:07 - 00000000 ____D C:\Users\Niklas\AppData\Roaming\.minecraft
2016-11-25 18:28 - 2016-08-21 17:14 - 00000000 ____D C:\ProgramData\MFAData
2016-11-19 21:47 - 2016-01-03 18:44 - 00000000 ____D C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-19 21:43 - 2015-08-10 12:32 - 00000000 ____D C:\Users\Niklas\AppData\Roaming\TS3Client
2016-11-19 20:02 - 2015-07-19 12:16 - 00000000 ____D C:\Users\Niklas\AppData\Local\Packages
2016-11-19 18:47 - 2015-09-13 14:19 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-19 18:46 - 2015-09-13 14:20 - 00000000 ____D C:\Users\Niklas\AppData\Local\Battle.net
2016-11-18 19:54 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-18 19:51 - 2014-07-11 01:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-18 19:44 - 2016-10-25 13:45 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-18 19:44 - 2016-10-25 13:45 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-18 19:24 - 2016-01-08 15:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-18 19:24 - 2016-01-08 15:30 - 00000000 ____D C:\ProgramData\Skype
2016-11-18 19:22 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-11-14 20:55 - 2016-04-04 16:04 - 00000000 ____D C:\Users\Niklas\AppData\Local\Ubisoft Game Launcher
2016-11-14 18:39 - 2016-10-19 19:23 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-11-14 18:37 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-11-14 18:34 - 2014-07-11 09:54 - 00752454 _____ C:\Windows\system32\perfh007.dat
2016-11-14 18:34 - 2014-07-11 09:54 - 00171314 _____ C:\Windows\system32\perfc007.dat
2016-11-14 18:34 - 2014-03-18 10:53 - 01768208 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 18:28 - 2014-10-10 09:31 - 20464283 _____ C:\Windows\SysWOW64\rootpa.e2e
2016-11-14 18:27 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 18:27 - 2013-08-22 15:44 - 00497872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-11 22:00 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-11 19:35 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-11 19:27 - 2015-08-25 18:04 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-11 19:27 - 2015-08-25 18:04 - 00000000 ____D C:\Windows\system32\MRT
2016-11-02 14:44 - 2015-09-15 17:53 - 00000000 ____D C:\Users\Niklas\Documents\Outlook Files
2016-11-01 18:00 - 2015-09-05 13:16 - 00000000 ____D C:\Users\Niklas\AppData\Local\Google
2016-11-01 17:31 - 2016-09-23 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-01 17:31 - 2016-09-23 17:16 - 00000000 ____D C:\Program Files\Java
2016-11-01 17:31 - 2015-08-10 10:54 - 00000000 ____D C:\ProgramData\Oracle
2016-11-01 17:30 - 2016-09-23 17:16 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-31 17:57 - 2015-07-19 12:13 - 00000000 ____D C:\Users\Niklas
2016-10-31 14:22 - 2016-10-19 19:24 - 00001004 _____ C:\Users\Public\Desktop\AVG.lnk
2016-10-31 14:22 - 2016-10-19 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-10-28 20:28 - 2014-10-10 09:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-28 20:28 - 2014-10-10 09:40 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-10-28 20:27 - 2014-10-10 09:40 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-28 20:19 - 2016-06-25 16:33 - 00000000 ____D C:\Program Files\ParkControl
2016-10-28 18:00 - 2016-07-12 14:24 - 00000000 ____D C:\Users\Niklas\Desktop\YT
2016-10-28 16:42 - 2016-10-19 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-10-28 16:42 - 2016-10-19 19:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-28 16:39 - 2016-08-21 17:11 - 00000000 ____D C:\Users\Niklas\AppData\Local\AvgSetupLog
2016-10-26 10:32 - 2015-09-05 13:05 - 01444352 ___SH C:\Users\Niklas\Desktop\Thumbs.db
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-08-21 16:21 - 2016-08-21 16:21 - 7118336 _____ () C:\Users\Niklas\AppData\Roaming\agent.dat
2016-08-21 16:21 - 2016-08-21 16:21 - 0054272 _____ () C:\Users\Niklas\AppData\Roaming\ApplicationHosting.dat
2016-08-21 16:21 - 2016-08-21 16:21 - 0070704 _____ () C:\Users\Niklas\AppData\Roaming\Config.xml
2016-08-21 16:20 - 2016-08-21 16:21 - 0020016 _____ () C:\Users\Niklas\AppData\Roaming\InstallationConfiguration.xml
2016-08-21 16:20 - 2016-08-21 16:20 - 0138240 _____ () C:\Users\Niklas\AppData\Roaming\Installer.dat
2016-08-21 16:21 - 2016-08-21 16:21 - 1901168 _____ () C:\Users\Niklas\AppData\Roaming\Kaydax.tst
2016-08-21 16:21 - 2016-08-21 16:21 - 0126464 _____ () C:\Users\Niklas\AppData\Roaming\lobby.dat
2016-08-21 16:21 - 2016-08-21 16:21 - 0018432 _____ () C:\Users\Niklas\AppData\Roaming\Main.dat
2016-08-21 16:21 - 2016-08-21 16:21 - 0005568 _____ () C:\Users\Niklas\AppData\Roaming\md.xml
2016-08-21 16:21 - 2016-08-21 16:21 - 0126464 _____ () C:\Users\Niklas\AppData\Roaming\noah.dat
2016-08-21 16:21 - 2016-08-21 16:21 - 0072716 _____ () C:\Users\Niklas\AppData\Roaming\Tindax.tst
2016-08-21 16:21 - 2016-08-21 16:21 - 0032038 _____ () C:\Users\Niklas\AppData\Roaming\uninstall_temp.ico
2016-09-09 20:27 - 2016-09-09 20:27 - 0010851 _____ () C:\Users\Niklas\AppData\Local\recently-used.xbel
Einige Dateien in TEMP:
====================
C:\Users\Niklas\AppData\Local\Temp\jre-8u111-windows-au.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-11-19 18:22
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-11-2016
durchgeführt von Niklas (25-11-2016 19:25:21)
Gestartet von C:\Users\Niklas\Downloads
Windows 8.1 (Update) (X64) (2015-07-19 11:15:21)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4002155861-1023576183-3166084196-500 - Administrator - Disabled)
Gast (S-1-5-21-4002155861-1023576183-3166084196-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4002155861-1023576183-3166084196-1004 - Limited - Enabled)
Niklas (S-1-5-21-4002155861-1023576183-3166084196-1002 - Administrator - Enabled) => C:\Users\Niklas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{37E4001C-918A-1D69-DC9F-F165576BA716}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.111.2.45832 - AVG Technologies)
AVG (Version: 16.121.7859 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.121.7859 - AVG Technologies)
AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - Playsaurus)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5307 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5307 - Ihr Firmenname) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3018 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3018 - Ihr Firmenname) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Discord (HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9D7BFF2A-F810-4E35-BE2C-A6CB4B9202DB}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{2E88735F-0A9A-45B5-8B10-8330862343C5}) (Version: 1.1.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2105 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MORE! 4 Grammar Practice (HKLM-x32\...\MoreGrammarPractice4) (Version: V1.01-AT - Helbling Languages )
MORE! 4 Grammar Practice (x32 Version: 1.01 - Helbling Languages ) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Ihr Firmenname)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
ParkControl (HKLM-x32\...\ParkControl) (Version: 1.1.3.2 - Bitsum)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rayman Legends (HKLM\...\Steam App 242550) (Version: - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.10 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
ROBLOX Player for Niklas (HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Rock of Ages (HKLM\...\Steam App 22230) (Version: - ACE Team)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Scrap Mechanic (HKLM\...\Steam App 387990) (Version: - Axolot Games)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.13 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Pirate: Caribbean Hunt (HKLM\...\Steam App 512470) (Version: - Home Net Games)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Usb GamePad (HKLM-x32\...\{DEC7CD2E-2BB5-40C3-9592-078F64677E6C}) (Version: 1.00.0000 - )
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Who's Your Daddy (HKLM\...\Steam App 427730) (Version: - Joe Williams)
WildTangent Games App für HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4002155861-1023576183-3166084196-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Niklas\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4002155861-1023576183-3166084196-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Niklas\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\RobloxProxy64.dll (ROBLOX Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0CC54B97-29BD-49A3-ABAA-055F337AD8A2} - System32\Tasks\psv_Freshit => /c regedit.exe /s "C:\ProgramData\Nimfind\Goodzenphase.reg" & del "C:\ProgramData\Nimfind\Goodzenphase.reg" & SCHTASKS /Delete /TN "psv_Freshit" /F <==== ACHTUNG
Task: {130497BF-BBAA-4FA3-8E98-1D626DC1851C} - System32\Tasks\psv_Zonefix => /c regedit.exe /s "C:\ProgramData\Nimfind\Bluelottech.reg" & del "C:\ProgramData\Nimfind\Bluelottech.reg" & SCHTASKS /Delete /TN "psv_Zonefix" /F <==== ACHTUNG
Task: {166124CC-26E7-40F3-B738-9F435796E722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {3913FEB9-6F3A-41B2-B737-D3A2B93DB314} - System32\Tasks\snf => C:\ProgramData\Nimfind\Nimfind.exe <==== ACHTUNG
Task: {3C4D02B5-F7E0-4B9B-8F6A-F754F961CD0D} - System32\Tasks\ParkControl => C:\Program Files\ParkControl\parkcontrol.exe [2016-09-09] (Bitsum LLC)
Task: {3E380FC9-2230-46E1-A524-7FD7DB74CD9A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {4AB1E89F-7169-4600-ABC8-37138CEFA5C0} - System32\Tasks\vwe3034 => C:\Program Files (x86)\OtherSearch\vwe3034.exe <==== ACHTUNG
Task: {4B31B096-1D3C-497C-B97C-9640E74F9414} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-11] (Microsoft Corporation)
Task: {54D08BD2-BCE5-485D-8314-0E4638E63669} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {560CDFB2-F1DB-47A9-800F-D360F1911CA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {62616C76-FF88-4F6E-92E4-5792E6A93640} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {6F0AF2C2-E2F9-412A-844A-E66C1EF1C283} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {702C5FEA-5ECF-4FC7-BF0B-D8F7DB4A7BC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {7F7FA730-7A73-425D-AAB4-6FA3CBDB84D6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {823146B6-3C03-4701-BE10-364A95010F99} - System32\Tasks\{43A48FE4-D973-41A9-BB8B-F352025BB8BF} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.17.0.106/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {82376F9A-75CD-444A-B0DD-370AC31A3E0D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {9FAEF88C-C469-4263-A4FF-602D6C69BD3F} - System32\Tasks\psv_Lexidex => /c regedit.exe /s "C:\ProgramData\Nimfind\Tripple-Ex.reg" & del "C:\ProgramData\Nimfind\Tripple-Ex.reg" & SCHTASKS /Delete /TN "psv_Lexidex" /F <==== ACHTUNG
Task: {A471C215-AAF3-401F-BF51-A214ABF0A3FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {AB898591-8ECE-4A88-B848-D5AB9AA70639} - System32\Tasks\dxr3027 => C:\Program Files (x86)\QuickSearch\dxr3027.exe <==== ACHTUNG
Task: {B320387D-75C8-4EF9-B941-5368F9D12012} - System32\Tasks\snp => C:\ProgramData\Nimfind\Nimfind.exe <==== ACHTUNG
Task: {C5FBD9E4-9543-4D94-9751-8A28A18746FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {C9250A85-EFC2-400D-BA07-67DEC24E415D} - System32\Tasks\Coerwcult Center => C:\Program Files (x86)\Crecult\Coerwcultcntdnk.exe
Task: {CA865D95-A2AC-4CC5-861F-C3ABC1769ED3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-12-18] (Hewlett-Packard)
Task: {CDFC7487-2468-4584-9DE1-3F36917686C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {CE31995E-E31E-4685-9BE1-8783230FFA44} - System32\Tasks\LuckyBrowse => C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe <==== ACHTUNG
Task: {D36B541C-7C9D-4F14-8D56-012053D2B693} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {ED04CF22-C444-48B4-81C7-C71AD84D1264} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {EF267BFF-46BF-417C-8DD5-B46FD357455C} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Niklas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\df9f54850a7f7c1c\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=clacachthergidrigi
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-06-05 21:42 - 2014-06-05 21:42 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-06-05 21:40 - 2014-06-05 21:40 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-10 09:26 - 2014-03-05 17:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-05-31 23:31 - 2016-05-31 23:31 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-10-10 09:57 - 2014-04-14 17:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-05-05 17:18 - 2016-11-18 19:48 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-11-18 19:44 - 2016-11-08 22:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-18 19:44 - 2016-11-08 22:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-01-02 15:40 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-02 15:40 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-02 15:40 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-02 15:40 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-02 15:40 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-02 15:40 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-02 15:40 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-02 15:40 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-02 15:40 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-02 15:40 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-02 15:40 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 18:27 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-08-25 16:01 - 2016-08-24 16:49 - 01950392 _____ () C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-25 16:01 - 2016-11-19 18:13 - 01058816 _____ () \\?\C:\Users\Niklas\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-25 16:01 - 2016-11-19 18:13 - 03801088 _____ () \\?\C:\Users\Niklas\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-25 16:01 - 2016-08-25 16:01 - 00894136 _____ () \\?\C:\Users\Niklas\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-25 16:01 - 2016-08-25 16:01 - 01119416 _____ () \\?\C:\Users\Niklas\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-09-17 19:04 - 2016-11-14 18:32 - 51776112 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\libcef.dll
2016-10-19 19:23 - 2016-10-19 19:22 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-09-17 19:04 - 2016-11-14 18:32 - 01803888 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\libglesv2.dll
2016-09-17 19:04 - 2016-11-14 18:32 - 00086128 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\libegl.dll
2016-08-25 16:01 - 2016-08-24 16:49 - 02230456 _____ () C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-25 16:01 - 2016-08-24 16:49 - 00088760 _____ () C:\Users\Niklas\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-20 16:45 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-11-25 19:06 - 2016-11-25 19:06 - 00170496 _____ () \\?\C:\Users\Niklas\AppData\Local\Temp\6762.tmp.node
2016-08-25 16:01 - 2016-10-14 14:08 - 02658304 _____ () \\?\C:\Users\Niklas\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-02 13:10 - 2016-10-14 14:08 - 02147328 _____ () \\?\C:\Users\Niklas\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-11-19 21:47 - 2016-11-25 18:37 - 03024152 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_core_vc_custom.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 00336152 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_aui_vc_custom.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 00553752 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_xrc_vc_custom.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 00794904 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_richtext_vc_custom.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 00505624 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_html_vc_custom.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 00721176 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_adv_vc_custom.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 01302296 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_vc_custom.dll
2016-11-25 18:37 - 2016-11-25 18:37 - 00130840 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\wxmsw28u_xml_vc_custom.dll
2016-01-02 15:40 - 2016-10-13 02:58 - 00380704 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-11-19 21:47 - 2016-11-25 18:37 - 00496920 _____ () C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\FonixTtsDtSimplegr.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-11-25 18:30 - 00002384 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 malwr.com
127.0.0.1 cuckoosandbox.org
127.0.0.1 www.threatexpert.com
127.0.0.1 github.com/rshipp/awesome-malware-analysis
127.0.0.1 www.sendspace.com
127.0.0.1 www.m2k.to
127.0.0.1 movie4k-to.com
127.0.0.1 nobrain.dk
127.0.0.1 goggle.com
127.0.0.1 internetisseriousbusiness.com
127.0.0.1 spysheriff.com
127.0.0.1 malwarealarm.com
127.0.0.1 pesttrap.com
127.0.0.1 mylazysundays.com
127.0.0.1 sourmath.com
127.0.0.1 youtubecracker.on.nimp.org
127.0.0.1 internetisseriousbusiness.on.nimp.org
127.0.0.1 freeipods.zoy.org
127.0.0.1 www.youareanidiot.org
127.0.0.1 archive.org
127.0.0.1 www.torchtorsearch.com
127.0.0.1 xmh57jrzrnw6insl.onion.to
127.0.0.1 waybackmachine.org
127.0.0.1 www.evil-shit.de
127.0.0.1 agor.io
127.0.0.1 www.freeipods.com
127.0.0.1 bonzi.link
127.0.0.1 www.chip.de
127.0.0.1 www.angelfire.com
127.0.0.1 www.reddit.com
Da befinden sich 24 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4002155861-1023576183-3166084196-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "avgnt"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B136D187-8C73-4DD5-99B1-59260F84D2DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03710A60-D6A0-4EDC-B54A-C3A96E9460C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{848F1313-1907-426B-A76F-F9F1501B141D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0AA3989-85FF-4397-A70A-F3B2037F64F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77726BD6-2CFB-48AB-80B9-58A48C6FFEA0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7BD3A062-69E7-4012-9717-B37285857827}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{57D3ECCF-CBB1-48AC-9688-C52FE952E0B2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{9EC26224-C021-45D4-ABC3-E6AE281D25AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{3CCE379F-7660-4088-A2A3-FDC4F5AAAA8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FA2B099B-8F80-47B5-A4FA-AD606CA435D4}] => (Allow) LPort=2869
FirewallRules: [{701C9488-F07F-4B8B-AD5B-0691F01AD918}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2BF7157A-1891-4ABA-B542-5D38289CBB01}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{224C1421-DCF1-44D6-8D34-274571E660A7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A0A5356B-6194-4F08-8A21-0009ADA3C992}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{25D51065-204E-47B6-9D0C-2F58FE75DD70}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{F9635704-C936-40A7-BC44-C3024B183070}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9ED1A070-7AD5-412D-9BF6-14F73BC15AFA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6194A5AD-9DA3-4977-8952-A5926FEDC98A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA1392B8-C7A5-4994-9B81-428E0F397C39}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7BCB5CD2-5C8E-41BC-BDFF-69FFCE843163}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1E64F809-9431-495B-94B3-BEF5F8ADBB29}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{213AB2ED-6E36-4C83-8086-977174739686}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{50649E64-F138-4759-AA32-D2BD6FBB979A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [TCP Query User{07D91F59-F2B4-490A-8749-CE9972B3CA25}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6A4539B8-6EF5-4EF2-B91D-E193D210743B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9BCB89E8-781D-4254-BAF9-7434F202CB82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [{A3764A92-E26A-40D4-8548-6DB0AD5C4F19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{92855D18-43E1-42AD-AC23-B83477D53BAB}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{5287D044-83A1-4E2D-B409-DB490C72C642}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{6A2B0733-C984-48D4-8FD6-F1D401DC988C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{6393308E-FE08-4035-99BC-467BFE757436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{435D55A6-6093-4137-8D2D-65DF278D75D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{DF59210F-FBA7-46B0-8343-57251342C56F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{0A67AF26-04C2-403A-8FA4-8194B46BDBF8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{4D72FC59-01CA-41AC-A862-50C0846037FC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{670B60C9-192D-4098-9453-DA6E3054D7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rayman Legends\Rayman Legends.exe
FirewallRules: [{704CAD88-C1E6-41BE-8F09-2D7EB8E4A5FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rayman Legends\Rayman Legends.exe
FirewallRules: [{B139486F-311F-42AA-A860-0527930725D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [{DD403CF4-434C-41FA-A39E-5387A41A7122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe
FirewallRules: [TCP Query User{46034E05-AE45-418A-92A2-DEC7E3FB6873}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{B5B1EF9D-BCFF-4D46-AD0F-3DF0DA9E53D5}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{C31D35CF-9F5E-483D-92EC-1A3D930162D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pirate Caribbean Hunt\ThePirate.exe
FirewallRules: [{6333CF0E-B3C8-4642-BE77-C0A24B03DB81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Pirate Caribbean Hunt\ThePirate.exe
FirewallRules: [TCP Query User{2F0112AF-E520-4420-BFC8-DF6344380E1E}C:\users\niklas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\niklas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8DA9389B-9F35-49BF-8E51-5889773A93A5}C:\users\niklas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\niklas\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7EC28454-F4F5-4BBE-8CF1-8D9D12A2760F}C:\users\niklas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\niklas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{248B4670-57C3-425F-86E3-10F420602DF0}C:\users\niklas\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\niklas\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E32EC03F-13BD-48EC-A84D-3069CF139F5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{87D45F03-220F-4719-8E35-110E113DF1FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6B9E509E-63CD-46E8-B4D7-4E0608E78A0B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F65926B3-C29C-40C7-8AED-CE480663EB0A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{FE561BF2-6739-46BD-B984-548EC97485F5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{DFFCA927-FBBE-4916-B814-56B501D26436}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A51DE5FC-1C38-408A-9737-A343F337303D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{24EBA647-039D-4472-A3A9-C213F116555F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{554146F4-27CF-4D0B-8578-34793877BE4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{9D2EB6CC-A850-4CF4-A627-6CE8AA35390D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1FF5CD71-2311-43E4-BA21-BFFC1EBDC0D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FED5F2F1-40D6-43FB-8AFE-EFF3018D2575}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D94B1FDC-A13A-4B25-838D-0096AA2FBB7A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EF58FFE4-2143-42EE-904C-70FE0BA3D0E1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{4821603D-9467-49A6-9F0E-9BACBBD498DA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7D6DB967-1A94-4875-92CC-68EFFE63D45C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{246C966F-A898-4AD3-9C0C-E6D53D93F0C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\RoA.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/25/2016 07:22:55 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (11/25/2016 07:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31234
Error: (11/25/2016 07:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31234
Error: (11/25/2016 07:02:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/25/2016 07:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609
Error: (11/25/2016 07:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609
Error: (11/25/2016 07:02:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/25/2016 06:56:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_PcaSvc, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.18438, Zeitstempel: 0x57ae642e
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000925fa
ID des fehlerhaften Prozesses: 0x65c
Startzeit der fehlerhaften Anwendung: 0x01d23e9c645749c7
Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 8c59384c-b338-11e6-84f5-c038968b88c2
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/18/2016 10:00:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34672
Error: (11/18/2016 10:00:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34672
Systemfehler:
=============
Error: (11/25/2016 07:02:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avgsvc erreicht.
Error: (11/25/2016 06:57:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Gerätezuordnungsdienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Diagnosesystemhost" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/25/2016 06:56:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Netzwerkverbindungsbroker" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2016-11-25 19:24:26.184
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 19:24:24.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 19:24:21.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 19:24:19.017
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 19:24:16.110
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 19:24:13.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 18:27:04.839
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 18:27:04.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 18:27:02.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-25 18:27:02.091
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 7103.49 MB
Verfügbarer physikalischer RAM: 2874.92 MB
Summe virtueller Speicher: 8255.49 MB
Verfügbarer virtueller Speicher: 3678.93 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:908.49 GB) (Free:808.86 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.01 GB) (Free:2.47 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1119D06D)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
25.11.2016, 21:26
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung von Trojaner: Crypt6.MAX AVG bitte deinstallieren damit wir effektiv bereinigen können. Wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, denn ich rate von AVG ab (auch von Avira und Avast) Gib Bescheid wenn erledigt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.12.2016, 19:10
| #6 |
| | Entfernung von Trojaner: Crypt6.MAX Soll ich nach der deinstallation nochmal einen Scan mit dem Programm machen? Habe AVG deinstalliert Was soll ich nun machen ? |
|
03.12.2016, 19:42
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung von Trojaner: Crypt6.MAX 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.12.2016, 21:03
| #8 |
| | Entfernung von Trojaner: Crypt6.MAXCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.12.03.07
rootkit: v2016.11.20.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18525
Niklas :: NIKLASPC [administrator]
03.12.2016 20:16:21
mbar-log-2016-12-03 (20-16-21).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 304029
Time elapsed: 58 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\zdwfp (Rootkit.Komodia.PUA) -> Delete on reboot. [ba39439fd4c6ea4c0c3097e2af54e719]
Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{6C92AC07-F6F7-41F2-9D5B-B8328D56B84E}|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://stoppblock.org/wpad.dat?2155a76e3454d6d90a8ceb5661745ad714823299 -> Delete on reboot. [668df3eff3a788aeed8c1af510f0cd33]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\WINDOWS\SYSTEM32\drivers\zdwfp64.sys (PUP.Optional.Komodia) -> Delete on reboot. [a767ff3670b7349e961687c29ea9054e]
C:\Windows\System32\drivers\etc\hosts (Hijack.Host) -> Bad: (127.0.0.1 malwr.com) Good: () -> Replace on reboot. [e40fdd0528729f975016508938cb16ea]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 20:56:32.0268 0x1b00 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
20:56:32.0269 0x1b00 UEFI system
20:56:37.0962 0x1b00 ============================================================
20:56:37.0962 0x1b00 Current date / time: 2016/12/10 20:56:37.0962
20:56:37.0962 0x1b00 SystemInfo:
20:56:37.0962 0x1b00
20:56:37.0962 0x1b00 OS Version: 6.3.9600 ServicePack: 0.0
20:56:37.0962 0x1b00 Product type: Workstation
20:56:37.0962 0x1b00 ComputerName: NIKLASPC
20:56:37.0962 0x1b00 UserName: Niklas
20:56:37.0962 0x1b00 Windows directory: C:\Windows
20:56:37.0962 0x1b00 System windows directory: C:\Windows
20:56:37.0962 0x1b00 Running under WOW64
20:56:37.0962 0x1b00 Processor architecture: Intel x64
20:56:37.0963 0x1b00 Number of processors: 4
20:56:37.0963 0x1b00 Page size: 0x1000
20:56:37.0963 0x1b00 Boot type: Normal boot
20:56:37.0963 0x1b00 CodeIntegrityOptions = 0x00000001
20:56:37.0963 0x1b00 ============================================================
20:56:37.0964 0x1b00 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 9600.18505, osProperties = 0x19
20:56:38.0186 0x1b00 System UUID: {7F6CC291-E1D9-1B6C-818E-71E526C792AF}
20:56:38.0668 0x1b00 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:38.0674 0x1b00 ============================================================
20:56:38.0674 0x1b00 \Device\Harddisk0\DR0:
20:56:38.0674 0x1b00 GPT partitions:
20:56:38.0674 0x1b00 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {03768418-5E69-4B72-82D7-D5C58A226BD0}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x145000
20:56:38.0675 0x1b00 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {8A523F45-6EF7-4FB5-A290-74296A87F6FA}, Name: EFI system partition, StartLBA 0x145800, BlocksNum 0x82000
20:56:38.0675 0x1b00 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {191153C2-ED96-45AD-AF34-FFA40D193355}, Name: Microsoft reserved partition, StartLBA 0x1C7800, BlocksNum 0x40000
20:56:38.0675 0x1b00 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA3940E0-DD79-4779-9E6D-D6680DBE26F4}, Name: Basic data partition, StartLBA 0x207800, BlocksNum 0x718F8800
20:56:38.0675 0x1b00 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6FE50486-764A-4F7F-92C8-C2596D3808F2}, Name: Basic data partition, StartLBA 0x71B00000, BlocksNum 0x2C04000
20:56:38.0675 0x1b00 MBR partitions:
20:56:38.0675 0x1b00 ============================================================
20:56:38.0690 0x1b00 C: <-> \Device\Harddisk0\DR0\Partition4
20:56:38.0756 0x1b00 D: <-> \Device\Harddisk0\DR0\Partition5
20:56:38.0756 0x1b00 ============================================================
20:56:38.0756 0x1b00 Initialize success
20:56:38.0756 0x1b00 ============================================================
20:56:44.0645 0x195c ============================================================
20:56:44.0646 0x195c Scan started
20:56:44.0646 0x195c Mode: Manual; SigCheck; TDLFS;
20:56:44.0646 0x195c ============================================================
20:56:44.0646 0x195c KSN ping started
20:56:44.0765 0x195c KSN ping finished: true
20:56:46.0628 0x195c ================ Scan system memory ========================
20:56:46.0628 0x195c System memory - ok
20:56:46.0629 0x195c ================ Scan services =============================
20:56:46.0769 0x195c [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
20:56:46.0823 0x195c 1394ohci - ok
20:56:46.0851 0x195c [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
20:56:46.0869 0x195c 3ware - ok
20:56:46.0912 0x195c [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:56:46.0923 0x195c Accelerometer - ok
20:56:46.0967 0x195c [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:56:47.0020 0x195c ACPI - ok
20:56:47.0047 0x195c [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
20:56:47.0065 0x195c acpiex - ok
20:56:47.0084 0x195c [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
20:56:47.0108 0x195c acpipagr - ok
20:56:47.0115 0x195c [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
20:56:47.0165 0x195c AcpiPmi - ok
20:56:47.0173 0x195c [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
20:56:47.0204 0x195c acpitime - ok
20:56:47.0254 0x195c [ 888F4402946656D27E763B839CC26BFC, EEB2E7A0022F69A1F7D8145313390B6F89397F138D88E327BC68D5DAD75C8328 ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
20:56:47.0274 0x195c AdaptiveSleepService - detected UnsignedFile.Multi.Generic ( 1 )
20:56:47.0442 0x195c Detect skipped due to KSN trusted
20:56:47.0443 0x195c AdaptiveSleepService - ok
20:56:47.0501 0x195c [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
20:56:47.0546 0x195c ADP80XX - ok
20:56:47.0589 0x195c [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:56:47.0642 0x195c AeLookupSvc - ok
20:56:47.0685 0x195c [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\Windows\system32\drivers\afd.sys
20:56:47.0753 0x195c AFD - ok
20:56:47.0781 0x195c [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:56:47.0796 0x195c agp440 - ok
20:56:47.0824 0x195c [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
20:56:47.0851 0x195c ahcache - ok
20:56:47.0890 0x195c [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
20:56:47.0965 0x195c ALG - ok
20:56:47.0991 0x195c [ 1EBCFCD3A7852A6D7E109C3A45000F8F, B7943B98B68D8841AA462EA57FFF087A8CBEC7CED18F08224E4C2FD5679BB7B9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:56:48.0036 0x195c AMD External Events Utility - ok
20:56:48.0070 0x195c AMD FUEL Service - ok
20:56:48.0091 0x195c [ C3E8F88B4D196110673DA03E2E95D83B, E4F80DCAD69BCF6D0821AB27BA3BBAEB3C5A9C3CB089BC86B6FAE78B7A441EA1 ] AmdAS4 C:\Windows\System32\drivers\AmdAS4.sys
20:56:48.0109 0x195c AmdAS4 - ok
20:56:48.0129 0x195c [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
20:56:48.0157 0x195c AmdK8 - ok
20:56:48.0211 0x195c [ 02F26B62F44850545B78850B662C9EB5, 341492715263CFB1A56951FC5A2FA76483FC75FA185ADBDA9D31C0EEB8172D07 ] amdkmcsp C:\Windows\system32\DRIVERS\amdkmcsp.sys
20:56:48.0222 0x195c amdkmcsp - ok
20:56:48.0758 0x195c [ C28F48A1030B3F1D8CB77C10FC0091FB, F1A3334BB93FF7AD406B1C28818F3EDD50F2212C7F8FD776548B5A1C8E8CCEDE ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:56:49.0340 0x195c amdkmdag - ok
20:56:49.0476 0x195c [ 62926583F72143241921D7DA78509CCA, E1B98ADCC009C3DBD54081C020750C2F4E7F7B984A2064DACF15FCC32F083C3B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:56:49.0522 0x195c amdkmdap - ok
20:56:49.0543 0x195c [ C04F35935BF6274F5593B78C7B295760, 29BC36696B3D5C75DEF9C9D96D3C06E5C6D964A00B4D5CD354CB08002E085191 ] amdkmpfd C:\Windows\system32\drivers\amdkmpfd.sys
20:56:49.0553 0x195c amdkmpfd - ok
20:56:49.0576 0x195c [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
20:56:49.0600 0x195c AmdPPM - ok
20:56:49.0625 0x195c [ 1EDE6ADCA69E2F44EE2628DD4DAA30C5, A49875468FC592C2657534DFF443DA19BA02C3F0DC0F8192CD5A270C43C88B62 ] amdpsp C:\Windows\system32\DRIVERS\amdpsp.sys
20:56:49.0643 0x195c amdpsp - ok
20:56:49.0674 0x195c [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:56:49.0690 0x195c amdsata - ok
20:56:49.0714 0x195c [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:56:49.0738 0x195c amdsbs - ok
20:56:49.0752 0x195c [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:56:49.0766 0x195c amdxata - ok
20:56:49.0817 0x195c [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:56:49.0915 0x195c AppHostSvc - ok
20:56:49.0955 0x195c [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
20:56:50.0060 0x195c AppID - ok
20:56:50.0089 0x195c [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:56:50.0121 0x195c AppIDSvc - ok
20:56:50.0156 0x195c [ 734622FBA766DBD65B1803549B24A04A, 3B6872B87A60D4DA265D3B8AB0561A929CFE2C097419183E93D3843422363C89 ] Appinfo C:\Windows\System32\appinfo.dll
20:56:50.0280 0x195c Appinfo - ok
20:56:50.0327 0x195c [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
20:56:50.0415 0x195c AppReadiness - ok
20:56:50.0493 0x195c [ E0F846ADE7DED88981D0908DE56FF160, D8F536438091878724A5004849306ADFB96A2778A9D958ED3DCC0CD9E35160BB ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
20:56:50.0638 0x195c AppXSvc - ok
20:56:50.0672 0x195c [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:56:50.0690 0x195c arcsas - ok
20:56:50.0776 0x195c [ 49C65599344CCADFD085709745761ED4, F8797F59B752A7F4BD66596DCE178BD993C73B6091A5CE7C9EFA1B557AA950E9 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:56:50.0791 0x195c aspnet_state - ok
20:56:50.0813 0x195c [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
20:56:50.0827 0x195c atapi - ok
20:56:50.0861 0x195c [ 517334A411CD079EE9AEF4C2167875A5, 7C6A450BADCA211D553102ABDC06E1F367FBFC359711AF1DC88027B34502B484 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
20:56:50.0910 0x195c AtiHDAudioService - ok
20:56:50.0951 0x195c [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
20:56:51.0032 0x195c AudioEndpointBuilder - ok
20:56:51.0099 0x195c [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:56:51.0158 0x195c Audiosrv - ok
20:56:51.0206 0x195c [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:56:51.0270 0x195c AxInstSV - ok
20:56:51.0316 0x195c [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:56:51.0351 0x195c b06bdrv - ok
20:56:51.0375 0x195c [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
20:56:51.0399 0x195c BasicDisplay - ok
20:56:51.0417 0x195c [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
20:56:51.0448 0x195c BasicRender - ok
20:56:51.0481 0x195c [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
20:56:51.0491 0x195c bcmfn2 - ok
20:56:51.0534 0x195c [ 174394F4EF93C117BF7BE3878046A1B1, D58E868342D1DAFC4B04384A3713F729DF07F408AA6AE4762E6A4244F976526A ] BDESVC C:\Windows\System32\bdesvc.dll
20:56:51.0613 0x195c BDESVC - ok
20:56:51.0635 0x195c [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
20:56:51.0667 0x195c Beep - ok
20:56:51.0730 0x195c [ 5059D93764340D4EAEDF49C47133118F, 26C5779469E04BEAFD290B619CA355648F3911C66D41B22D2C3DCA909FCA0F6E ] BFE C:\Windows\System32\bfe.dll
20:56:51.0829 0x195c BFE - ok
20:56:51.0934 0x195c [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
20:56:52.0069 0x195c BITS - ok
20:56:52.0121 0x195c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:56:52.0144 0x195c Bonjour Service - ok
20:56:52.0180 0x195c [ 4938A9236300A356F97E378491EE4844, 60D892960D48EEF48F8EC4DE4F174EBD0BC0E7B28B6D8723D554CD1979EB55B4 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:56:52.0246 0x195c bowser - ok
20:56:52.0271 0x195c [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
20:56:52.0375 0x195c BrokerInfrastructure - ok
20:56:52.0402 0x195c [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
20:56:52.0475 0x195c Browser - ok
20:56:52.0610 0x195c [ 0D78CF518DDED441E22663A9C8F74D57, 1704F37002EC290A0F2365E93D02B5F009AEEEECAFF3636B8220370F0DFE7125 ] BTDevManager C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
20:56:52.0639 0x195c BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )
20:56:52.0799 0x195c Detect skipped due to KSN trusted
20:56:52.0799 0x195c BTDevManager - ok
20:56:52.0817 0x195c [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
20:56:52.0834 0x195c BthAvrcpTg - ok
20:56:52.0878 0x195c [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
20:56:52.0907 0x195c BthEnum - ok
20:56:52.0941 0x195c [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
20:56:52.0994 0x195c BthHFEnum - ok
20:56:53.0018 0x195c [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
20:56:53.0047 0x195c bthhfhid - ok
20:56:53.0084 0x195c [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
20:56:53.0127 0x195c BthHFSrv - ok
20:56:53.0166 0x195c [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
20:56:53.0204 0x195c BthLEEnum - ok
20:56:53.0243 0x195c [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
20:56:53.0265 0x195c BTHMODEM - ok
20:56:53.0300 0x195c [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan C:\Windows\System32\drivers\bthpan.sys
20:56:53.0332 0x195c BthPan - ok
20:56:53.0407 0x195c [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:56:53.0480 0x195c BTHPORT - ok
20:56:53.0524 0x195c [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
20:56:53.0575 0x195c bthserv - ok
20:56:53.0621 0x195c [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:56:53.0647 0x195c BTHUSB - ok
20:56:53.0663 0x195c [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:56:53.0695 0x195c cdfs - ok
20:56:53.0716 0x195c [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
20:56:53.0751 0x195c cdrom - ok
20:56:53.0790 0x195c [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
20:56:53.0839 0x195c CertPropSvc - ok
20:56:53.0852 0x195c [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
20:56:53.0878 0x195c circlass - ok
20:56:53.0920 0x195c [ 28D94419E856D61D7686ED942611D15E, AC9ED48AA09B09B854512B35E905C8C4C451B34F59951661367392AF64E8ADE7 ] CLFS C:\Windows\system32\drivers\CLFS.sys
20:56:53.0950 0x195c CLFS - ok
20:56:54.0115 0x195c [ 5AB5AEB8B92D06B07ED0C44365A16CEB, 40FAEB0AD4055519A6B9DE9805E0E64ABA9364FA2260F0D2EF59524C161C67C4 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
20:56:54.0234 0x195c ClickToRunSvc - ok
20:56:54.0275 0x195c [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
20:56:54.0288 0x195c CLVirtualDrive - ok
20:56:54.0324 0x195c [ 9731DAFDC7B690B2C7752FDFF045BFD8, 9DDBDC4FE519AF38993EAB2F16602B2B71CF8675BDD1F651F22DFA8C5C2C80F7 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
20:56:54.0334 0x195c clwvd - ok
20:56:54.0352 0x195c [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
20:56:54.0378 0x195c CmBatt - ok
20:56:54.0432 0x195c [ 5CBF8B3E27D824D2AA2A34AFB406F1D0, 955AF1307C02D2B4DEEB150F37F77B8631C0F3C450037C233E9E27D6571B0265 ] CNG C:\Windows\system32\Drivers\cng.sys
20:56:54.0472 0x195c CNG - ok
20:56:54.0500 0x195c [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
20:56:54.0525 0x195c CompositeBus - ok
20:56:54.0532 0x195c COMSysApp - ok
20:56:54.0553 0x195c [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
20:56:54.0610 0x195c condrv - ok
20:56:54.0643 0x195c [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:56:54.0776 0x195c CryptSvc - ok
20:56:54.0795 0x195c [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
20:56:54.0810 0x195c dam - ok
20:56:54.0833 0x195c [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\Windows\System32\drivers\dc3d.sys
20:56:54.0854 0x195c dc3d - detected UnsignedFile.Multi.Generic ( 1 )
20:56:55.0122 0x195c Detect skipped due to KSN trusted
20:56:55.0122 0x195c dc3d - ok
20:56:55.0181 0x195c [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:56:55.0333 0x195c DcomLaunch - ok
20:56:55.0393 0x195c [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
20:56:55.0477 0x195c defragsvc - ok
20:56:55.0531 0x195c [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
20:56:55.0584 0x195c DeviceAssociationService - ok
20:56:55.0613 0x195c [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
20:56:55.0691 0x195c DeviceInstall - ok
20:56:55.0727 0x195c [ FBFF94FC1FE0699A6BC5ACE270AB9EA1, 7D67E7BE539D9D515A1A6B9282C72114310E874DD1FE51E71F002DBB0E1439FB ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
20:56:55.0799 0x195c Dfsc - ok
20:56:55.0839 0x195c [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
20:56:55.0910 0x195c Dhcp - ok
20:56:56.0001 0x195c [ 0AC9F83A5508935DE89C447473085EEA, 223782B17BACEFB0A663EB13514B68B919C95EF641CDDA7AC30CB239BC4307EC ] DiagTrack C:\Windows\system32\diagtrack.dll
20:56:56.0150 0x195c DiagTrack - ok
20:56:56.0190 0x195c [ 8B1E62881D5AC68E673CD94B136B34AC, A0C50F17041E43AC07B67A74F2C408820316201439F47CDEA37A4F5891CC0E6F ] disk C:\Windows\system32\drivers\disk.sys
20:56:56.0209 0x195c disk - ok
20:56:56.0238 0x195c [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
20:56:56.0301 0x195c dmvsc - ok
20:56:56.0342 0x195c [ 561CBB163EB3C8221D9B1D7D1E5CA477, 4D235E73CC127769A257B31A92180552276EC8DDD991F1106815FADEF385E72D ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:56:56.0433 0x195c Dnscache - ok
20:56:56.0469 0x195c [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
20:56:56.0539 0x195c dot3svc - ok
20:56:56.0574 0x195c [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
20:56:56.0609 0x195c DPS - ok
20:56:56.0636 0x195c [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:56:56.0649 0x195c drmkaud - ok
20:56:56.0687 0x195c [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
20:56:56.0719 0x195c DsmSvc - ok
20:56:56.0806 0x195c [ F74B839FA0F4E6060CA1DA6B8DA17941, EF493E1F55FCD6A8C32B3D5D5809B7EFCCC9829E9A347522D1E6FE080D41BF37 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:56:56.0907 0x195c DXGKrnl - ok
20:56:56.0942 0x195c [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
20:56:56.0993 0x195c Eaphost - ok
20:56:57.0127 0x195c [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:56:57.0312 0x195c ebdrv - ok
20:56:57.0355 0x195c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
20:56:57.0370 0x195c EFS - ok
20:56:57.0398 0x195c [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
20:56:57.0414 0x195c EhStorClass - ok
20:56:57.0442 0x195c [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
20:56:57.0460 0x195c EhStorTcgDrv - ok
20:56:57.0490 0x195c [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
20:56:57.0503 0x195c EpsonScanSvc - ok
20:56:57.0524 0x195c [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
20:56:57.0548 0x195c ErrDev - ok
20:56:57.0610 0x195c [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
20:56:57.0751 0x195c EventSystem - ok
20:56:57.0782 0x195c [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
20:56:57.0855 0x195c exfat - ok
20:56:57.0890 0x195c [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:56:57.0912 0x195c fastfat - ok
20:56:57.0962 0x195c [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
20:56:58.0051 0x195c Fax - ok
20:56:58.0066 0x195c [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
20:56:58.0097 0x195c fdc - ok
20:56:58.0118 0x195c [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
20:56:58.0178 0x195c fdPHost - ok
20:56:58.0214 0x195c [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
20:56:58.0241 0x195c FDResPub - ok
20:56:58.0268 0x195c [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
20:56:58.0360 0x195c fhsvc - ok
20:56:58.0377 0x195c [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:56:58.0392 0x195c FileInfo - ok
20:56:58.0426 0x195c [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:56:58.0464 0x195c Filetrace - ok
20:56:58.0478 0x195c [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
20:56:58.0511 0x195c flpydisk - ok
20:56:58.0551 0x195c [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:56:58.0579 0x195c FltMgr - ok
20:56:58.0661 0x195c [ 1EFEF3B4EF2B241263F0F791EA128598, B6CADC254B0779E43E0D6AB6125A7E7ED8FF50C3158911681BA7B43160A08176 ] FontCache C:\Windows\system32\FntCache.dll
20:56:58.0825 0x195c FontCache - ok
20:56:58.0882 0x195c [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:56:58.0895 0x195c FontCache3.0.0.0 - ok
20:56:58.0930 0x195c [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:56:58.0946 0x195c FsDepends - ok
20:56:58.0985 0x195c [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:56:58.0999 0x195c Fs_Rec - ok
20:56:59.0047 0x195c [ D4AB6EE3D715BC44C00277FD934FAACF, DE8A8B14D7BA73BA1B5A833DE193CA65EDFE512A57D84F4F2CE19D9646D97F4E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:56:59.0085 0x195c fvevol - ok
20:56:59.0102 0x195c [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
20:56:59.0124 0x195c FxPPM - ok
20:56:59.0134 0x195c [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:56:59.0151 0x195c gagp30kx - ok
20:56:59.0211 0x195c [ 714CC2E431883AF55A9686FF637ED2D2, 7944ECC2401E808D74D238F11DF0A2759BC99984284CD75D95D9792EA8EECD28 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
20:56:59.0231 0x195c GamesAppIntegrationService - ok
20:56:59.0249 0x195c [ E3E4F1CEF352E2AA9DB1EDAF5063313E, 705B0E1ECE7CF1A0E68ECF83F3A6F62A6A17EC40B8E146AE3966F26D8CF244BB ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:56:59.0265 0x195c GamesAppService - ok
20:56:59.0284 0x195c [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
20:56:59.0308 0x195c gencounter - ok
20:56:59.0335 0x195c GENERICDRV - ok
20:56:59.0374 0x195c [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
20:56:59.0392 0x195c GPIOClx0101 - ok
20:56:59.0463 0x195c [ 9678FD4747A4F2E2318245EE6099482E, C76AE30E8BA77DC330F9CFE5ECEA58FAE0995396742923B564A2257DE24D7B32 ] gpsvc C:\Windows\System32\gpsvc.dll
20:56:59.0601 0x195c gpsvc - ok
20:56:59.0653 0x195c [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:59.0669 0x195c gupdate - ok
20:56:59.0678 0x195c [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:59.0692 0x195c gupdatem - ok
20:56:59.0727 0x195c [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:56:59.0777 0x195c HdAudAddService - ok
20:56:59.0799 0x195c [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
20:56:59.0817 0x195c HDAudBus - ok
20:56:59.0839 0x195c [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
20:56:59.0854 0x195c HidBatt - ok
20:56:59.0879 0x195c [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
20:56:59.0910 0x195c HidBth - ok
20:56:59.0919 0x195c [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
20:56:59.0941 0x195c hidi2c - ok
20:56:59.0975 0x195c [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
20:56:59.0992 0x195c HidIr - ok
20:57:00.0026 0x195c [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
20:57:00.0059 0x195c hidserv - ok
20:57:00.0113 0x195c [ 49676FEC898AB2A11B157F848269A56E, 011E6DDEF9570212520F92FEFD205E1F8104F198B57C40D11BE857FCBCC5F68D ] HidUsb C:\Windows\System32\drivers\hidusb.sys
20:57:00.0180 0x195c HidUsb - ok
20:57:00.0213 0x195c [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
20:57:00.0242 0x195c hkmsvc - ok
20:57:00.0274 0x195c [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:57:00.0346 0x195c HomeGroupListener - ok
20:57:00.0387 0x195c [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:57:00.0435 0x195c HomeGroupProvider - ok
20:57:00.0493 0x195c [ 94D91D0DA8499D19F963DA69B8DB1371, 33559E64AFF9F56D9F1D8015CB1B090E947469E337CBD362EBCC96500FD6347D ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:57:00.0516 0x195c HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
20:57:00.0827 0x195c Detect skipped due to KSN trusted
20:57:00.0827 0x195c HP Support Assistant Service - ok
20:57:00.0852 0x195c [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:57:00.0862 0x195c hpdskflt - ok
20:57:00.0959 0x195c [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:57:01.0004 0x195c hpqwmiex - ok
20:57:01.0021 0x195c [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:57:01.0037 0x195c HpSAMD - ok
20:57:01.0068 0x195c [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv C:\Windows\system32\Hpservice.exe
20:57:01.0079 0x195c hpsrv - ok
20:57:01.0136 0x195c [ E2C5982A07AEB52A18A66BA1A06CFCD8, DAC0E2BAFF24A72FD28426D17DD30D9B8B7DB410A3A5E912C9581EDF1665A447 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
20:57:01.0159 0x195c HPWMISVC - ok
20:57:01.0215 0x195c [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:57:01.0269 0x195c HTTP - ok
20:57:01.0295 0x195c [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:57:01.0309 0x195c hwpolicy - ok
20:57:01.0330 0x195c [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
20:57:01.0360 0x195c hyperkbd - ok
20:57:01.0381 0x195c [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
20:57:01.0407 0x195c HyperVideo - ok
20:57:01.0430 0x195c [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
20:57:01.0511 0x195c i8042prt - ok
20:57:01.0523 0x195c [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
20:57:01.0533 0x195c iaLPSSi_GPIO - ok
20:57:01.0568 0x195c [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
20:57:01.0582 0x195c iaLPSSi_I2C - ok
20:57:01.0624 0x195c [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
20:57:01.0657 0x195c iaStorAV - ok
20:57:01.0693 0x195c [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:57:01.0723 0x195c iaStorV - ok
20:57:01.0730 0x195c IEEtwCollectorService - ok
20:57:01.0788 0x195c [ 5697FD05EC6915A1E7193D658D8D6E05, 0179C3AF29880AA21F609CB471034EA5FA49324ACCE12736866675C037EBEC7A ] IKEEXT C:\Windows\System32\ikeext.dll
20:57:01.0882 0x195c IKEEXT - ok
20:57:02.0045 0x195c [ 01262E2BE97708F54666E700482027DE, 7643FCFB6EBFABDD7D1A914C40FADE97DDC633C5D75BE2CADBAC61675564E5CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:57:02.0216 0x195c IntcAzAudAddService - ok
20:57:02.0240 0x195c [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
20:57:02.0255 0x195c intelide - ok
20:57:02.0285 0x195c [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
20:57:02.0299 0x195c intelpep - ok
20:57:02.0322 0x195c [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
20:57:02.0353 0x195c intelppm - ok
20:57:02.0374 0x195c [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:57:02.0400 0x195c IpFilterDriver - ok
20:57:02.0457 0x195c [ B452623C1DE60544054E784D94A7AA47, 57AECDEE0AB2B80DFFE11E43608988D46E9169288CB56D644DDE2CAFED6AFD40 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:57:02.0563 0x195c iphlpsvc - ok
20:57:02.0603 0x195c [ C800DCD904016B2BF6AB541083770A3A, 95A8FB9AB2818A4F44AFCBF2715B0B3024DCE38E1406EA639F2A5ECA105D2290 ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
20:57:02.0664 0x195c IPMIDRV - ok
20:57:02.0700 0x195c [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:57:02.0753 0x195c IPNAT - ok
20:57:02.0777 0x195c [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:57:02.0810 0x195c IRENUM - ok
20:57:02.0828 0x195c [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:57:02.0842 0x195c isapnp - ok
20:57:02.0881 0x195c [ AD3C1F4BD9167420F04052FDA197CF29, 82B687092DFC50E8885656AF06BFB7559930750F4905BC4DBDA3A5D334A443D1 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
20:57:02.0905 0x195c iScsiPrt - ok
20:57:02.0924 0x195c [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
20:57:02.0940 0x195c kbdclass - ok
20:57:02.0968 0x195c [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
20:57:02.0998 0x195c kbdhid - ok
20:57:03.0019 0x195c [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
20:57:03.0092 0x195c kdnic - ok
20:57:03.0112 0x195c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
20:57:03.0128 0x195c KeyIso - ok
20:57:03.0162 0x195c [ 304DA394D958BC3B62AF6DF514005B01, 8D17777C82F034E800181E82D30FCED800CBC46CD659AE2E0D972CA1381BD4C2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:57:03.0179 0x195c KSecDD - ok
20:57:03.0215 0x195c [ 3D4AE520CD6F6FFE549DD195C1F515BE, 2AD3E07F504CE50956C391FD4633D20B354A854C940B3563A67B79BB6E40218F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:57:03.0236 0x195c KSecPkg - ok
20:57:03.0265 0x195c [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:57:03.0292 0x195c ksthunk - ok
20:57:03.0323 0x195c [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:57:03.0368 0x195c KtmRm - ok
20:57:03.0399 0x195c [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
20:57:03.0458 0x195c LanmanServer - ok
20:57:03.0503 0x195c [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:57:03.0549 0x195c LanmanWorkstation - ok
20:57:03.0600 0x195c [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
20:57:03.0657 0x195c lfsvc - ok
20:57:03.0692 0x195c [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:57:03.0712 0x195c lltdio - ok
20:57:03.0756 0x195c [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:57:03.0792 0x195c lltdsvc - ok
20:57:03.0813 0x195c [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:57:03.0850 0x195c lmhosts - ok
20:57:03.0871 0x195c [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:57:03.0890 0x195c LSI_SAS - ok
20:57:03.0928 0x195c [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:57:03.0945 0x195c LSI_SAS2 - ok
20:57:03.0962 0x195c [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
20:57:03.0979 0x195c LSI_SAS3 - ok
20:57:04.0008 0x195c [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
20:57:04.0025 0x195c LSI_SSS - ok
20:57:04.0081 0x195c [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
20:57:04.0174 0x195c LSM - ok
20:57:04.0196 0x195c [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
20:57:04.0229 0x195c luafv - ok
20:57:04.0255 0x195c [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
20:57:04.0270 0x195c megasas - ok
20:57:04.0307 0x195c [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
20:57:04.0344 0x195c megasr - ok
20:57:04.0398 0x195c [ F2488CA175845927E9A370C55184D73C, 7AE3AA00ECEE54FD8F6C105EEFE9FFC03789DD111AB9E266C642265BF108E634 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:57:04.0440 0x195c mfehidk - ok
20:57:04.0510 0x195c [ EA5A2B5A8036B8208679DB347C000B7D, D11D12F5BDB7C4D3130E2261C9D4BCD303D1870277E0F92C6473D01D3105AD9A ] mfemms C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
20:57:04.0531 0x195c mfemms - ok
20:57:04.0600 0x195c [ 5726EBCA4F9C75F37A7E4C82F155E096, 2F64CB94E45E588CB0CD5384371B2750E669E925406E948256B2E4675F380671 ] mfevtp C:\Windows\system32\mfevtps.exe
20:57:04.0618 0x195c mfevtp - ok
20:57:04.0664 0x195c [ 48189215E7638D8AACE9B2627AB6D974, 4B230E6D5DD5A94DFDF4812F74B8064A712EECB6103FC6AD187C8EF3A5DDF2C1 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
20:57:04.0684 0x195c mfewfpk - ok
20:57:04.0714 0x195c [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
20:57:04.0802 0x195c MMCSS - ok
20:57:04.0816 0x195c [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
20:57:04.0844 0x195c Modem - ok
20:57:04.0864 0x195c [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
20:57:04.0888 0x195c monitor - ok
20:57:04.0910 0x195c [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys
20:57:04.0925 0x195c mouclass - ok
20:57:04.0945 0x195c [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys
20:57:04.0988 0x195c mouhid - ok
20:57:05.0023 0x195c [ 24DABC0A77FAFDC0E379AB3B30F61BB6, E66624ABBF1D742879035F9161F9D3713DE7B759B3D3CF8B96C9E397A02FCF82 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:57:05.0039 0x195c mountmgr - ok
20:57:05.0074 0x195c [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:57:05.0113 0x195c mpsdrv - ok
20:57:05.0177 0x195c [ D1418745A5472F3930A288E05B9E2C05, 95785F0FA7EE239459C0288DB37E9E54648029FD6FE45A61E6343526D67FFA32 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:57:05.0252 0x195c MpsSvc - ok
20:57:05.0289 0x195c [ 3F818C1518DA702C8F10259095C9BDE0, B98C1A6F9A3C01A10503B2B2C45CC89AFF17B346B15990F4DB4820F68BDC62C8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:57:05.0380 0x195c MRxDAV - ok
20:57:05.0418 0x195c [ 3AF30CEB99E581E2FADA0B5FC4B551D8, 59BDE83C10D6F31E13B81FC317F1DE0E00793FBA288EAF844E29CFA0EB184502 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:57:05.0573 0x195c mrxsmb - ok
20:57:05.0622 0x195c [ 15D7AF1A26CCEBA32DF21A8E2098F463, 84390806AD3A9651DAB803E9257EEE851B898ED2AB56D8936E8C9F6B41967243 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:57:05.0801 0x195c mrxsmb10 - ok
20:57:05.0859 0x195c [ 0790EEB1EC199F8BE8259E47B373ED23, F9330F43B40675CCB60804182EF04BFBA3837ED14C798788A4B27D65A646D1C7 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:57:05.0913 0x195c mrxsmb20 - ok
20:57:05.0949 0x195c [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
20:57:05.0978 0x195c MsBridge - ok
20:57:06.0015 0x195c [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
20:57:06.0039 0x195c MSDTC - ok
20:57:06.0084 0x195c [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:57:06.0119 0x195c Msfs - ok
20:57:06.0141 0x195c [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
20:57:06.0158 0x195c msgpiowin32 - ok
20:57:06.0167 0x195c [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:57:06.0191 0x195c mshidkmdf - ok
20:57:06.0206 0x195c [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
20:57:06.0234 0x195c mshidumdf - ok
20:57:06.0249 0x195c [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:57:06.0264 0x195c msisadrv - ok
20:57:06.0298 0x195c [ A06142B3850B06972F1C89748FAA2C02, B1CCC5C8D100FEB384FCC85FED2A77F47DA4C9BA5F6889A130F4D73E30ACAA78 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:57:06.0352 0x195c MSiSCSI - ok
20:57:06.0360 0x195c msiserver - ok
20:57:06.0389 0x195c [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:57:06.0416 0x195c MSKSSRV - ok
20:57:06.0452 0x195c [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
20:57:06.0492 0x195c MsLldp - ok
20:57:06.0513 0x195c [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:57:06.0542 0x195c MSPCLOCK - ok
20:57:06.0557 0x195c [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:57:06.0577 0x195c MSPQM - ok
20:57:06.0612 0x195c [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:57:06.0641 0x195c MsRPC - ok
20:57:06.0666 0x195c [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
20:57:06.0681 0x195c mssmbios - ok
20:57:06.0703 0x195c [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:57:06.0735 0x195c MSTEE - ok
20:57:06.0757 0x195c [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
20:57:06.0784 0x195c MTConfig - ok
20:57:06.0815 0x195c [ 438EA7A2D8D4F9B8AFB64748ACA70BA8, AEEB7B657B645C4006C6D5E8D07ECE581DEE7AD22EA1A587C552574990CF091B ] Mup C:\Windows\system32\Drivers\mup.sys
20:57:06.0836 0x195c Mup - ok
20:57:06.0858 0x195c [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
20:57:06.0875 0x195c mvumis - ok
20:57:06.0930 0x195c [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
20:57:06.0984 0x195c napagent - ok
20:57:07.0038 0x195c [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:57:07.0087 0x195c NativeWifiP - ok
20:57:07.0124 0x195c [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
20:57:07.0182 0x195c NcaSvc - ok
20:57:07.0225 0x195c [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
20:57:07.0310 0x195c NcbService - ok
20:57:07.0342 0x195c [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
20:57:07.0385 0x195c NcdAutoSetup - ok
20:57:07.0469 0x195c [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:57:07.0531 0x195c NDIS - ok
20:57:07.0564 0x195c [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:57:07.0590 0x195c NdisCap - ok
20:57:07.0625 0x195c [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
20:57:07.0702 0x195c NdisImPlatform - ok
20:57:07.0731 0x195c [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:57:07.0775 0x195c NdisTapi - ok
20:57:07.0810 0x195c [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:57:07.0845 0x195c Ndisuio - ok
20:57:07.0865 0x195c [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
20:57:07.0900 0x195c NdisVirtualBus - ok
20:57:07.0934 0x195c [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:07.0987 0x195c NdisWan - ok
20:57:07.0998 0x195c [ C3755FCF9A0B5C6FE8ED9E873B85D3CE, 4D3DAFAFA5FB2930522D6DA536E3A731BABE0C24613C190D2330DB415D1A6515 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:08.0022 0x195c NdisWanLegacy - ok
20:57:08.0058 0x195c [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:57:08.0076 0x195c NDProxy - ok
20:57:08.0100 0x195c [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
20:57:08.0132 0x195c Ndu - ok
20:57:08.0163 0x195c [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:57:08.0194 0x195c NetBIOS - ok
20:57:08.0239 0x195c [ 9DC17B7D9D84C37C102D379FCC7D4942, D522022ED4395686837E96F57EE29F8065FB749D1195B60D2A406FB33F696C09 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:57:08.0266 0x195c NetBT - ok
20:57:08.0303 0x195c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
20:57:08.0320 0x195c Netlogon - ok
20:57:08.0360 0x195c [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
20:57:08.0389 0x195c Netman - ok
20:57:08.0436 0x195c [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
20:57:08.0476 0x195c netprofm - ok
20:57:08.0517 0x195c [ 2635C2A431F5F04DFFE23C2678BBA410, D6F6973B57D2ED4DC4BF097CBBECFDA3045CED2C7E970CF7E127961F196893BD ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:57:08.0556 0x195c NetTcpPortSharing - ok
20:57:08.0591 0x195c [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
20:57:08.0660 0x195c netvsc - ok
20:57:08.0707 0x195c [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
20:57:08.0758 0x195c NlaSvc - ok
20:57:08.0786 0x195c [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:57:08.0818 0x195c Npfs - ok
20:57:08.0836 0x195c [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
20:57:08.0861 0x195c npsvctrig - ok
20:57:08.0898 0x195c [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
20:57:08.0988 0x195c nsi - ok
20:57:09.0018 0x195c [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:57:09.0047 0x195c nsiproxy - ok
20:57:09.0168 0x195c [ 9980B262DBE439AE6BDC91AA985F19EE, E998E4CAE9CD103ADA9CA3C737C4DAD017D056828BFA42A41C7B4E4E108FB13C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:57:09.0264 0x195c Ntfs - ok
20:57:09.0291 0x195c [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
20:57:09.0309 0x195c Null - ok
20:57:09.0329 0x195c [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:57:09.0350 0x195c nvraid - ok
20:57:09.0363 0x195c [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:57:09.0384 0x195c nvstor - ok
20:57:09.0397 0x195c [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:57:09.0417 0x195c nv_agp - ok
20:57:09.0479 0x195c [ 8DD366F3B9F16ED722A6A66D956DA27F, 3A61B3D7B0D60CAA801FFDA086BFDDCF9C820CB11114DC60FDC9B30F828CC04F ] omniserv C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
20:57:09.0498 0x195c omniserv - detected UnsignedFile.Multi.Generic ( 1 )
20:57:09.0821 0x195c Detect skipped due to KSN trusted
20:57:09.0821 0x195c omniserv - ok
20:57:09.0895 0x195c [ B301012418301697F71E5E85C782CC0F, FA639B87AE5008C7EA54AE042786CA7CEFFDFEA17659FC4B3C0410E14905D9C5 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:57:09.0917 0x195c ose - ok
20:57:09.0956 0x195c [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:57:10.0055 0x195c p2pimsvc - ok
20:57:10.0099 0x195c [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
20:57:10.0166 0x195c p2psvc - ok
20:57:10.0203 0x195c [ 57DCE4FB0467986AE78E1C6FC5240D32, F7F3ADD1B48E4D6BB0A664A2FE556F71ED7453054B4FB667A29BE050C845045B ] Parport C:\Windows\System32\drivers\parport.sys
20:57:10.0304 0x195c Parport - ok
20:57:10.0332 0x195c [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:57:10.0350 0x195c partmgr - ok
20:57:10.0393 0x195c [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:57:10.0433 0x195c PcaSvc - ok
20:57:10.0470 0x195c [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
20:57:10.0499 0x195c pci - ok
20:57:10.0529 0x195c [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
20:57:10.0544 0x195c pciide - ok
20:57:10.0571 0x195c [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:57:10.0594 0x195c pcmcia - ok
20:57:10.0613 0x195c [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
20:57:10.0630 0x195c pcw - ok
20:57:10.0650 0x195c [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
20:57:10.0669 0x195c pdc - ok
20:57:10.0709 0x195c [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:57:10.0765 0x195c PEAUTH - ok
20:57:10.0833 0x195c [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:57:10.0939 0x195c PerfHost - ok
20:57:11.0041 0x195c [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
20:57:11.0149 0x195c pla - ok
20:57:11.0188 0x195c [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:57:11.0210 0x195c PlugPlay - ok
20:57:11.0252 0x195c [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:57:11.0272 0x195c PNRPAutoReg - ok
20:57:11.0306 0x195c [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:57:11.0336 0x195c PNRPsvc - ok
20:57:11.0382 0x195c [ 0FF8507A8B901B904E98EB36B9E347EE, FE4A9A6159A8490F3155D166656748722EFDEDCDC447C09155A5AD6D9F5D294D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:57:11.0425 0x195c PolicyAgent - ok
20:57:11.0461 0x195c [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
20:57:11.0540 0x195c Power - ok
20:57:11.0698 0x195c [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
20:57:11.0936 0x195c PrintNotify - ok
20:57:11.0978 0x195c [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
20:57:12.0014 0x195c Processor - ok
20:57:12.0055 0x195c [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\Windows\system32\profsvc.dll
20:57:12.0107 0x195c ProfSvc - ok
20:57:12.0136 0x195c [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:57:12.0173 0x195c Psched - ok
20:57:12.0211 0x195c [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
20:57:12.0241 0x195c QWAVE - ok
20:57:12.0264 0x195c [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:57:12.0299 0x195c QWAVEdrv - ok
20:57:12.0334 0x195c [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:57:12.0354 0x195c RasAcd - ok
20:57:12.0391 0x195c [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
20:57:12.0423 0x195c RasAuto - ok
20:57:12.0468 0x195c [ 15C0034561FE5B03FA376F1A6232478B, 0F9B5C2BD7D8803FF3C5ED957D3F0859F2A59B74510E4659FBF05EDCBF230208 ] RasMan C:\Windows\System32\rasmans.dll
20:57:12.0542 0x195c RasMan - ok
20:57:12.0568 0x195c [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:57:12.0607 0x195c RasPppoe - ok
20:57:12.0757 0x195c [ 3ED3D2FD983A4649A2E466DE75627A5E, 12DF9D6A2157788A59076BCE46B45667A52F9D77875804DE14EE8AF7E55FA939 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
20:57:12.0774 0x195c Razer Game Scanner Service - ok
20:57:12.0841 0x195c [ D67ED4AB59D1EF66B05AD1A81AC28B26, 72E750A9A6B484D8BEDE52FA6DABEF4D95765DE491152E1F6C856D0590B50C28 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:57:12.0905 0x195c rdbss - ok
20:57:12.0935 0x195c [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
20:57:12.0964 0x195c rdpbus - ok
20:57:12.0993 0x195c [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:57:13.0068 0x195c RDPDR - ok
20:57:13.0104 0x195c [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:57:13.0120 0x195c RdpVideoMiniport - ok
20:57:13.0152 0x195c [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:57:13.0176 0x195c rdyboost - ok
20:57:13.0246 0x195c [ 759FB47B96FA0A9D767B3269F76E5E25, B19EF75D2ECC9041F2578D6D4574302A06A12E551CE6211C049CD642E92D4D3E ] ReFS C:\Windows\system32\drivers\ReFS.sys
20:57:13.0297 0x195c ReFS - ok
20:57:13.0328 0x195c [ DF78648AC3C8DC9D70E6714AF785382F, 56E104939ED0AB5B26AE07BAB1BBB7D15828DBD3A2AD35361423D7ADDA4BA551 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:57:13.0366 0x195c RemoteAccess - ok
20:57:13.0394 0x195c [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:57:13.0459 0x195c RemoteRegistry - ok
20:57:13.0515 0x195c [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
20:57:13.0537 0x195c RFCOMM - ok
20:57:13.0611 0x195c [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
20:57:13.0633 0x195c RichVideo64 - ok
20:57:13.0665 0x195c [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:57:13.0688 0x195c RpcEptMapper - ok
20:57:13.0712 0x195c [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
20:57:13.0768 0x195c RpcLocator - ok
20:57:13.0827 0x195c [ 7830CEA509693DE0817DF2F3F2D80E89, 7B1786CD225E2D6BCFA484D0BFB81DD162D5713EAEC80C53317CC6950E3D17F3 ] RpcSs C:\Windows\system32\rpcss.dll
20:57:13.0879 0x195c RpcSs - ok
20:57:13.0911 0x195c [ 6A940599A059C6C9D6E54D7A3EF356B8, 3C3B7706197CD4A43369C639BB8F4A101EC0B159ABADA91373824B06615D4411 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
20:57:13.0936 0x195c RSP2STOR - ok
20:57:13.0965 0x195c [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:57:14.0008 0x195c rspndr - ok
20:57:14.0081 0x195c [ F1D20C2B36F78863530B251DF504CC51, A3C71BDB45B1DB321BC2D9889CB25CF7840E145DFB769882748B7D507A605A42 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
20:57:14.0103 0x195c RtkAudioService - ok
20:57:14.0152 0x195c [ 453DDFFB29FE8C453034F5FA2963CA48, 4492E98A92F7CBA0185E0F55236736DBFD64BE1B50D77CB0F1ED5E21C9EF9B2D ] RtkBtFilter C:\Windows\system32\DRIVERS\RtkBtfilter.sys
20:57:14.0182 0x195c RtkBtFilter - ok
20:57:14.0244 0x195c [ 7CC0D898D00675F14BA0C4BF056C1CF4, E9203DD2A201AEF206C1A4177FD564DDFC8E7468DC268BD99389626A2C6593D3 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
20:57:14.0284 0x195c RTL8168 - ok
20:57:14.0444 0x195c [ 261D4841C2D7DE6CF1D5F5350FB4753A, A8892C48858F2EF5FF30B9171A2BFC338A63E807E42C33A9E27630AE2DF0DEAF ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys
20:57:14.0602 0x195c RTWlanE - ok
20:57:14.0664 0x195c [ 2F128896F653F8510FA70BB2D076D07E, 189C69C24A60377838B4F5BFA4474ABD1A833CE3DCC334FB93BFF49B96293DE2 ] RzKLService C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
20:57:14.0680 0x195c RzKLService - ok
20:57:14.0707 0x195c [ 30A186D6A2A2853EEFAD7011E212E41B, 367B8FCCF29470C9237FC1F0EAEB59AE51E33778BC9914A2730AC7DDBC84942B ] rzpmgrk C:\Windows\system32\drivers\rzpmgrk.sys
20:57:14.0722 0x195c rzpmgrk - ok
20:57:14.0753 0x195c [ B4598C05D5440250633E25933FFF42B0, A66D2FB7EF7350EA74D4290C57FB62BC59C6EA93F759D4CA93C3FEBCA7AEB512 ] rzpnk C:\Windows\system32\drivers\rzpnk.sys
20:57:14.0770 0x195c rzpnk - ok
20:57:14.0803 0x195c [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
20:57:14.0827 0x195c s3cap - ok
20:57:14.0856 0x195c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
20:57:14.0874 0x195c SamSs - ok
20:57:14.0896 0x195c [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:57:14.0917 0x195c sbp2port - ok
20:57:14.0949 0x195c [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:57:14.0977 0x195c SCardSvr - ok
20:57:15.0014 0x195c [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
20:57:15.0049 0x195c ScDeviceEnum - ok
20:57:15.0083 0x195c [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:57:15.0103 0x195c scfilter - ok
20:57:15.0174 0x195c [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll
20:57:15.0304 0x195c Schedule - ok
20:57:15.0343 0x195c [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:57:15.0366 0x195c SCPolicySvc - ok
20:57:15.0486 0x195c [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
20:57:15.0513 0x195c sdbus - ok
20:57:15.0532 0x195c [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
20:57:15.0551 0x195c sdstor - ok
20:57:15.0568 0x195c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:57:15.0609 0x195c secdrv - ok
20:57:15.0638 0x195c [ 6627154693B6C2B8A59727F5B38728E8, F08251EE3436400295F120D48F3763E6F11BBF4132D674AD3E8112B6B3538455 ] seclogon C:\Windows\system32\seclogon.dll
20:57:15.0673 0x195c seclogon - ok
20:57:15.0705 0x195c [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
20:57:15.0727 0x195c SENS - ok
20:57:15.0766 0x195c [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:57:15.0813 0x195c SensrSvc - ok
20:57:15.0832 0x195c [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
20:57:15.0861 0x195c SerCx - ok
20:57:15.0890 0x195c [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
20:57:15.0915 0x195c SerCx2 - ok
20:57:15.0939 0x195c [ 1F0135949A6AD6025F363F80FE268251, DB2D503863143F2251E589F7B0B3E9FBF997D7333D54C55856590B5080B5513D ] Serenum C:\Windows\System32\drivers\serenum.sys
20:57:15.0986 0x195c Serenum - ok
20:57:16.0026 0x195c [ 81633C87B42B63BA484A6177179AC750, A22BA40E9EC74E88D8098CBDC954E1D63B832FCB789E3C7B731DE5DA39BEE2CA ] Serial C:\Windows\System32\drivers\serial.sys
20:57:16.0044 0x195c Serial - ok
20:57:16.0074 0x195c [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys
20:57:16.0106 0x195c sermouse - ok
20:57:16.0155 0x195c [ 389458EA0B5FAEBA325FAC47B9ED589E, F7F37A1F1E912069F65E4629FF733F080AE675DF6FE255AF48F5E23EB47D0622 ] SessionEnv C:\Windows\system32\sessenv.dll
20:57:16.0230 0x195c SessionEnv - ok
20:57:16.0252 0x195c [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
20:57:16.0268 0x195c sfloppy - ok
20:57:16.0303 0x195c [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:57:16.0345 0x195c SharedAccess - ok
20:57:16.0407 0x195c [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:57:16.0481 0x195c ShellHWDetection - ok
20:57:16.0513 0x195c [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:57:16.0528 0x195c SiSRaid2 - ok
20:57:16.0548 0x195c [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:57:16.0564 0x195c SiSRaid4 - ok
20:57:16.0636 0x195c [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:57:16.0662 0x195c SkypeUpdate - ok
20:57:16.0705 0x195c [ 326909AB6E2C3269C7CCAE0EEB941072, C87FC4E2BB265252B7B27A08C1883B397E161299CCDF5346F6A594DFFB69254F ] SmbDrv C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys
20:57:16.0717 0x195c SmbDrv - ok
20:57:16.0748 0x195c [ 1F7AF7DC78C8137332ABBBBAA7D83D7C, 8DB0A2E6B7DF29E418D9B6E8A369C6409295E61CDE52BB76979864C1CF05ADF6 ] SmbDrvI C:\Windows\System32\drivers\Smb_driver_Intel.sys
20:57:16.0759 0x195c SmbDrvI - ok
20:57:16.0779 0x195c [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
20:57:16.0893 0x195c smphost - ok
20:57:16.0930 0x195c [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:57:16.0962 0x195c SNMPTRAP - ok
20:57:17.0005 0x195c [ B312191DCBECE3C07DF9A99DE433B126, D9D9028331C703CE9B9EC75772D29BB04FE43B3A7895F8CBB3AC701CA0548F8D ] spaceport C:\Windows\system32\drivers\spaceport.sys
20:57:17.0038 0x195c spaceport - ok
20:57:17.0057 0x195c [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
20:57:17.0074 0x195c SpbCx - ok
20:57:17.0137 0x195c [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
20:57:17.0256 0x195c Spooler - ok
20:57:17.0587 0x195c [ F264662C057A54AA2DE41B3C7551712F, 2C123C6ACD967CDF1AD2855187CF3D8357B16A4FD9C2F18AE54CFA384165FA11 ] sppsvc C:\Windows\system32\sppsvc.exe
20:57:17.0881 0x195c sppsvc - ok
20:57:17.0940 0x195c [ 36B082C7A764A34FB1DC72D975870B61, 572CB632D9FDC1183F7BF8BFCBC51765C647945E0C13D1C91ADE3D0E76DF83BC ] srv C:\Windows\system32\DRIVERS\srv.sys
20:57:17.0990 0x195c srv - ok
20:57:18.0044 0x195c [ F5849909D4B29B4E3D4445F943E5C7E3, 3FCA1423753716FE1AFDD27EE1E13C4D779A3C976185B5C998EF1A9A39BFC186 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:57:18.0124 0x195c srv2 - ok
20:57:18.0157 0x195c [ FABC49666708EA562549E78E6FBF3191, BE1FEBFC259308B39C727915C41A67CD50720A6E2A68D148F4F2F926AED43B02 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:57:18.0191 0x195c srvnet - ok
20:57:18.0233 0x195c [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:57:18.0285 0x195c SSDPSRV - ok
20:57:18.0325 0x195c [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:57:18.0348 0x195c SstpSvc - ok
20:57:18.0443 0x195c [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:57:18.0500 0x195c Steam Client Service - ok
20:57:18.0538 0x195c [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:57:18.0553 0x195c stexstor - ok
20:57:18.0600 0x195c [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
20:57:18.0705 0x195c stisvc - ok
20:57:18.0728 0x195c [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
20:57:18.0746 0x195c storahci - ok
20:57:18.0778 0x195c [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:57:18.0792 0x195c storflt - ok
20:57:18.0821 0x195c [ 0EDD1F4D470C775740625B06A60C9DD5, 94964D0A793B1C984E87095249EE383A5E669D05BA6BF9F655587887E6CE3C19 ] stornvme C:\Windows\system32\drivers\stornvme.sys
20:57:18.0836 0x195c stornvme - ok
20:57:18.0869 0x195c [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
20:57:18.0907 0x195c StorSvc - ok
20:57:18.0929 0x195c [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:57:18.0944 0x195c storvsc - ok
20:57:18.0981 0x195c [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
20:57:19.0005 0x195c svsvc - ok
20:57:19.0035 0x195c [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
20:57:19.0050 0x195c swenum - ok
20:57:19.0106 0x195c [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
20:57:19.0165 0x195c swprv - ok
20:57:19.0208 0x195c [ DDA4B552BA383E7F412F943494C2304B, 61A39C2F5AFA17701CAC3D6981F199EE134263B2E0F3FDE1FDB05F4A6FD0A17A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:57:19.0237 0x195c SynTP - ok
20:57:19.0326 0x195c [ F3D82C9C54F220F1B4F72D3C1B52F29F, EE748878E0822C1085BD9DCD760814DBB1EAA4A475B7D6921A4722FE48EB6F4B ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
20:57:19.0354 0x195c SynTPEnhService - ok
20:57:19.0427 0x195c [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\Windows\system32\sysmain.dll
20:57:19.0546 0x195c SysMain - ok
20:57:19.0579 0x195c [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
20:57:19.0633 0x195c SystemEventsBroker - ok
20:57:19.0663 0x195c [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:57:19.0718 0x195c TabletInputService - ok
20:57:19.0756 0x195c [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
20:57:19.0814 0x195c TapiSrv - ok
20:57:19.0867 0x195c [ 45ED5F298D63C466A1FB9C88ADD93C35, D1BCF740C20A0B33E64519D7D66C188DE747AB0FC8AFE4B1D3BA0C0685D36627 ] tbaseprovisioning C:\Windows\SysWOW64\tbaseprovisioning.exe
20:57:19.0924 0x195c tbaseprovisioning - ok
20:57:20.0048 0x195c [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:57:20.0194 0x195c Tcpip - ok
20:57:20.0276 0x195c [ 1C8560E3A37A9D4F25B7769C3E3D4163, 3246F3CD6C9EA2BD874822D594A0FAC68A9DE0612C0893B50B8A3D5F1E9B0B33 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:57:20.0383 0x195c TCPIP6 - ok
20:57:20.0421 0x195c [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:57:20.0437 0x195c tcpipreg - ok
20:57:20.0479 0x195c [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:57:20.0514 0x195c tdx - ok
20:57:20.0536 0x195c [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
20:57:20.0551 0x195c terminpt - ok
20:57:20.0624 0x195c [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
20:57:20.0758 0x195c TermService - ok
20:57:20.0795 0x195c [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
20:57:20.0827 0x195c Themes - ok
20:57:20.0865 0x195c [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
20:57:20.0882 0x195c THREADORDER - ok
20:57:20.0924 0x195c [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
20:57:20.0960 0x195c TimeBroker - ok
20:57:21.0046 0x195c [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\Windows\system32\drivers\tpm.sys
20:57:21.0068 0x195c TPM - ok
20:57:21.0118 0x195c [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
20:57:21.0146 0x195c TrkWks - ok
20:57:21.0193 0x195c [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:57:21.0228 0x195c TrustedInstaller - ok
20:57:21.0255 0x195c [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:57:21.0320 0x195c TsUsbFlt - ok
20:57:21.0357 0x195c [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
20:57:21.0404 0x195c TsUsbGD - ok
20:57:21.0441 0x195c [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:57:21.0470 0x195c tunnel - ok
20:57:21.0500 0x195c [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:57:21.0515 0x195c uagp35 - ok
20:57:21.0531 0x195c [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
20:57:21.0547 0x195c UASPStor - ok
20:57:21.0589 0x195c [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
20:57:21.0610 0x195c UCX01000 - ok
20:57:21.0640 0x195c [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:57:21.0687 0x195c udfs - ok
20:57:21.0706 0x195c [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
20:57:21.0720 0x195c UEFI - ok
20:57:21.0759 0x195c [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:57:21.0799 0x195c UI0Detect - ok
20:57:21.0821 0x195c [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:57:21.0837 0x195c uliagpkx - ok
20:57:21.0855 0x195c [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
20:57:21.0872 0x195c umbus - ok
20:57:21.0896 0x195c [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
20:57:21.0922 0x195c UmPass - ok
20:57:21.0962 0x195c [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
20:57:22.0030 0x195c UmRdpService - ok
20:57:22.0079 0x195c [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
20:57:22.0120 0x195c upnphost - ok
20:57:22.0151 0x195c [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:57:22.0171 0x195c usbaudio - ok
20:57:22.0211 0x195c [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
20:57:22.0231 0x195c usbccgp - ok
20:57:22.0262 0x195c [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
20:57:22.0292 0x195c usbcir - ok
20:57:22.0323 0x195c [ C996CBEF922B5653A01E3F50DDCE2F86, 231EB5A36E7EE242197E796D3B4AB12F945D2C8570587BC8D57D45530A0C59B4 ] usbehci C:\Windows\System32\drivers\usbehci.sys
20:57:22.0340 0x195c usbehci - ok
20:57:22.0383 0x195c [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\Windows\System32\drivers\usbhub.sys
20:57:22.0419 0x195c usbhub - ok
20:57:22.0469 0x195c [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
20:57:22.0509 0x195c USBHUB3 - ok
20:57:22.0534 0x195c [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\Windows\System32\drivers\usbohci.sys
20:57:22.0622 0x195c usbohci - ok
20:57:22.0639 0x195c [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
20:57:22.0689 0x195c usbprint - ok
20:57:22.0720 0x195c [ 9D168BFA334D47BE404367EB58D4E130, 23279CBE6ACBD074E7B268BA2EDA14E2255C41F8117173B2BBE653D8259ECFA2 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
20:57:22.0742 0x195c USBSTOR - ok
20:57:22.0767 0x195c [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
20:57:22.0793 0x195c usbuhci - ok
20:57:22.0837 0x195c [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:57:22.0861 0x195c usbvideo - ok
20:57:22.0911 0x195c [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
20:57:22.0949 0x195c USBXHCI - ok
20:57:22.0981 0x195c [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
20:57:22.0998 0x195c VaultSvc - ok
20:57:23.0033 0x195c [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:57:23.0049 0x195c vdrvroot - ok
20:57:23.0126 0x195c [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
20:57:23.0231 0x195c vds - ok
20:57:23.0268 0x195c [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
20:57:23.0289 0x195c VerifierExt - ok
20:57:23.0341 0x195c [ 8ABB4BABF59F092DF0B43778D8FD1884, 94C2100CE86448543A8DD586AD4A128AB9EB37959238D70F33EF59202270AC6C ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
20:57:23.0377 0x195c vhdmp - ok
20:57:23.0391 0x195c [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
20:57:23.0405 0x195c viaide - ok
20:57:23.0435 0x195c [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:57:23.0452 0x195c vmbus - ok
20:57:23.0487 0x195c [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
20:57:23.0516 0x195c VMBusHID - ok
20:57:23.0561 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
20:57:23.0630 0x195c vmicguestinterface - ok
20:57:23.0655 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
20:57:23.0690 0x195c vmicheartbeat - ok
20:57:23.0710 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
20:57:23.0744 0x195c vmickvpexchange - ok
20:57:23.0765 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
20:57:23.0798 0x195c vmicrdv - ok
20:57:23.0821 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
20:57:23.0858 0x195c vmicshutdown - ok
20:57:23.0881 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
20:57:23.0916 0x195c vmictimesync - ok
20:57:23.0940 0x195c [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
20:57:23.0977 0x195c vmicvss - ok
20:57:24.0008 0x195c [ 436E1A724E7E683F6B612D3D58F04241, 939B5EF0090DF3759295F88402FD0EA33F499DDA9F89E5D0E90D1F9AED65D491 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:57:24.0026 0x195c volmgr - ok
20:57:24.0056 0x195c [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:57:24.0087 0x195c volmgrx - ok
20:57:24.0136 0x195c [ 17F7B0F2298D97F4B6C7A69511033D3D, 5BDFC225F31553786726808FB7952940FC05CA72B3977D684056F42AFAA59565 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:57:24.0175 0x195c volsnap - ok
20:57:24.0209 0x195c [ DAC438FB5FF85A9E72806E2341D5D732, B1D1EFCA8C588A6BF53CEC941CC59702C366F15C7D5943431736EC857E57C0A2 ] vpci C:\Windows\System32\drivers\vpci.sys
20:57:24.0226 0x195c vpci - ok
20:57:24.0243 0x195c [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:57:24.0264 0x195c vsmraid - ok
20:57:24.0345 0x195c [ D0CBA7B3531CCF2ADB985856D5F92434, 7FCBBCAF1AA85DCE8D75FB38DC4848AE12E8DD913CEBBC37BCD3D0123F0A3CAB ] VSS C:\Windows\system32\vssvc.exe
20:57:24.0486 0x195c VSS - ok
20:57:24.0541 0x195c [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
20:57:24.0566 0x195c VSTXRAID - ok
20:57:24.0604 0x195c [ 71066FF95C487327E44C8AF1B72EBE8B, EA2729126B452CAE0C80D07501779D804B08E47F1217B61D53277B40869FEC25 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:57:24.0685 0x195c vwifibus - ok
20:57:24.0714 0x195c [ 29AB43937FFDA0B0FB56984226E698C6, 6A1A559964FE5D594E54988C46149969E6FFD5A8D5A6862E14648B608794CC29 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:24.0743 0x195c vwififlt - ok
20:57:24.0767 0x195c [ 8B8624A93E3F88CB923AEB05B6313227, 2856B63CD376BF2B1A9129581E7B9207588D4EAFD29A2C8D98F176FEAFDE26A9 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:57:24.0783 0x195c vwifimp - ok
20:57:24.0826 0x195c [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
20:57:24.0897 0x195c W32Time - ok
20:57:24.0947 0x195c [ 8E553C859C83784DEC08B10AFC3EAC92, 41D8DBA1500DBD3AC9783169ACF545805EF05069F12866238992A30794369254 ] w3logsvc C:\Windows\system32\inetsrv\w3logsvc.dll
20:57:24.0965 0x195c w3logsvc - ok
20:57:24.0977 0x195c [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
20:57:25.0011 0x195c WacomPen - ok
20:57:25.0060 0x195c [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:57:25.0141 0x195c WAS - ok
20:57:25.0233 0x195c [ 841345442390953CBC8801B95D3D0540, FD4F9FD2C4C60A1A580177FFF2E9035009AC6A38E78D4236B0ED4773E3B263EE ] wbengine C:\Windows\system32\wbengine.exe
20:57:25.0407 0x195c wbengine - ok
20:57:25.0458 0x195c [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:57:25.0548 0x195c WbioSrvc - ok
20:57:25.0594 0x195c [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
20:57:25.0636 0x195c Wcmsvc - ok
20:57:25.0687 0x195c [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:57:25.0720 0x195c wcncsvc - ok
20:57:25.0758 0x195c [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:25.0839 0x195c WcsPlugInService - ok
20:57:25.0859 0x195c [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
20:57:25.0876 0x195c WdBoot - ok
20:57:25.0941 0x195c [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:57:25.0983 0x195c Wdf01000 - ok
20:57:26.0015 0x195c [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
20:57:26.0041 0x195c WdFilter - ok
20:57:26.0080 0x195c [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:57:26.0117 0x195c WdiServiceHost - ok
20:57:26.0125 0x195c [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:57:26.0148 0x195c WdiSystemHost - ok
20:57:26.0166 0x195c [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
20:57:26.0186 0x195c WdNisDrv - ok
20:57:26.0214 0x195c WdNisSvc - ok
20:57:26.0253 0x195c [ A70CAF5EA36CBA5FCA24244306D4D5C6, 76C3E20B62B89D9699A1E817377FAD70B144B877BCC5C850A5B64CC68184D8DA ] WebClient C:\Windows\System32\webclnt.dll
20:57:26.0335 0x195c WebClient - ok
20:57:26.0372 0x195c [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:57:26.0404 0x195c Wecsvc - ok
20:57:26.0439 0x195c [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
20:57:26.0465 0x195c WEPHOSTSVC - ok
20:57:26.0492 0x195c [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:57:26.0564 0x195c wercplsupport - ok
20:57:26.0598 0x195c [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
20:57:26.0623 0x195c WerSvc - ok
20:57:26.0659 0x195c [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
20:57:26.0678 0x195c WFPLWFS - ok
20:57:26.0711 0x195c [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
20:57:26.0732 0x195c WiaRpc - ok
20:57:26.0758 0x195c [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:57:26.0773 0x195c WIMMount - ok
20:57:26.0778 0x195c WinDefend - ok
20:57:26.0846 0x195c [ 0E70990EC2E5D2331AA5E88DB0CFB826, 79DFF565C3FCBC691E8FEB669CEC00E340FD2A2AFA4488D23A7CC63A2A98A5C1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
20:57:26.0925 0x195c WinHttpAutoProxySvc - ok
20:57:26.0978 0x195c [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:57:27.0057 0x195c Winmgmt - ok
20:57:27.0174 0x195c [ 427873F889F2F508BE8BE982219CE578, CA8DCFB774BF0F747295A7A0CB46A6177DE12AD6BD58266182206C41A3C9001E ] WinRM C:\Windows\system32\WsmSvc.dll
20:57:27.0355 0x195c WinRM - ok
20:57:27.0395 0x195c [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
20:57:27.0406 0x195c WirelessButtonDriver - ok
20:57:27.0496 0x195c [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
20:57:27.0610 0x195c WlanSvc - ok
20:57:27.0678 0x195c [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
20:57:27.0767 0x195c wlidsvc - ok
20:57:27.0804 0x195c [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
20:57:27.0832 0x195c WmiAcpi - ok
20:57:27.0876 0x195c [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:27.0898 0x195c wmiApSrv - ok
20:57:27.0922 0x195c WMPNetworkSvc - ok
20:57:27.0954 0x195c [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
20:57:27.0973 0x195c Wof - ok
20:57:28.0059 0x195c [ EDFA5CEDBE174FAAA4A09A6B297AEA42, 5998FE15462E4AD9C7B1444E5E2C17BD470DA3A5D474A0A118E02E47DADC678A ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
20:57:28.0193 0x195c workfolderssvc - ok
20:57:28.0240 0x195c [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
20:57:28.0259 0x195c wpcfltr - ok
20:57:28.0296 0x195c [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:28.0342 0x195c WPCSvc - ok
20:57:28.0375 0x195c [ DBDCE2378F65F0A07D4644AC103037E7, 99714F0CD31297C9831BAF04768F467F6E0BF710C859CEDCA83069226BF1A68A ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:28.0428 0x195c WPDBusEnum - ok
20:57:28.0456 0x195c [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
20:57:28.0470 0x195c WpdUpFltr - ok
20:57:28.0489 0x195c [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:28.0524 0x195c ws2ifsl - ok
20:57:28.0561 0x195c [ 501D5EFAB9711039479AE48401386D2B, C8C1184DE93E9D2C4E8A60E4E9980745C4E5470E5DA9B59165D18705330ADEFE ] wscsvc C:\Windows\System32\wscsvc.dll
20:57:28.0614 0x195c wscsvc - ok
20:57:28.0642 0x195c [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
20:57:28.0672 0x195c WSDPrintDevice - ok
20:57:28.0704 0x195c [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
20:57:28.0756 0x195c WSDScan - ok
20:57:28.0763 0x195c WSearch - ok
20:57:28.0963 0x195c [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
20:57:29.0128 0x195c WSService - ok
20:57:29.0326 0x195c [ F3F60C88A6BBC8D0C68FE5B1C91181AF, AF9A4D282CD4BB1127BC3F48AB89DC294408D96F7906553C636F37D1503CFA48 ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:29.0526 0x195c wuauserv - ok
20:57:29.0569 0x195c [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:29.0596 0x195c WudfPf - ok
20:57:29.0629 0x195c [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
20:57:29.0651 0x195c WUDFRd - ok
20:57:29.0666 0x195c [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:29.0688 0x195c WUDFSensorLP - ok
20:57:29.0720 0x195c [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:29.0759 0x195c wudfsvc - ok
20:57:29.0773 0x195c [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
20:57:29.0797 0x195c WUDFWpdFs - ok
20:57:29.0841 0x195c [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:57:29.0884 0x195c WwanSvc - ok
20:57:29.0910 0x195c ================ Scan global ===============================
20:57:29.0961 0x195c [ 3500AF0BA2EF095BF313EEB75D2366C6, C755E57B02BFA82151A182DF964349859575570EA5C3FBA81F747B8D2134A4D0 ] C:\Windows\system32\basesrv.dll
20:57:30.0001 0x195c [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
20:57:30.0031 0x195c [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
20:57:30.0067 0x195c [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
20:57:30.0080 0x195c [ Global ] - ok
20:57:30.0080 0x195c ================ Scan MBR ==================================
20:57:30.0098 0x195c [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:57:30.0207 0x195c \Device\Harddisk0\DR0 - ok
20:57:30.0208 0x195c ================ Scan VBR ==================================
20:57:30.0213 0x195c [ 09C1B9DBAC8C394000E50A2842541EF2 ] \Device\Harddisk0\DR0\Partition1
20:57:30.0215 0x195c \Device\Harddisk0\DR0\Partition1 - ok
20:57:30.0242 0x195c [ 9D2B257C3C1675000E45123C169EC5B5 ] \Device\Harddisk0\DR0\Partition2
20:57:30.0244 0x195c \Device\Harddisk0\DR0\Partition2 - ok
20:57:30.0259 0x195c [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
20:57:30.0259 0x195c \Device\Harddisk0\DR0\Partition3 - ok
20:57:30.0266 0x195c [ 162967D0D21CA95068BAECD1D3EDB600 ] \Device\Harddisk0\DR0\Partition4
20:57:30.0269 0x195c \Device\Harddisk0\DR0\Partition4 - ok
20:57:30.0303 0x195c [ DE6237F014A1A04820685FC1064DA4BC ] \Device\Harddisk0\DR0\Partition5
20:57:30.0306 0x195c \Device\Harddisk0\DR0\Partition5 - ok
20:57:30.0307 0x195c ================ Scan generic autorun ======================
20:57:30.0631 0x195c [ 074B2C777090821E020B404AF5BF97AD, 26DF9B3A153B2BCB6ED4DBB66CC9429790854095439119A618B05ECEBFB31F12 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
20:57:30.0864 0x195c RTHDVCPL - ok
20:57:31.0113 0x195c [ DE9938F17D9B173B1CA83E218F03CCC0, BC007746535036743640A17E4AB495114F1370A7522BA6391309266C0B7789A2 ] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
20:57:31.0245 0x195c SimplePass - ok
20:57:31.0271 0x195c [ 9159063E3EF84A832DB5251447BACE9C, EE1DD20A5176816F484DD6945674750F43EC37B13355815FD20459097028EAA5 ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
20:57:31.0292 0x195c OPBHOBroker - ok
20:57:31.0310 0x195c [ AC382EA1AA21E592C808E46D95E6533D, B2941B6AAB48C245B47E94C74F0A1149A66428586ED3747C74C45BBFDA03741E ] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
20:57:31.0332 0x195c OPBHOBrokerDesktop - ok
20:57:31.0334 0x195c SynTPEnh - ok
20:57:31.0426 0x195c [ 1B07EDF93526BC524A4FE70CD2ECB131, 09D272E97BD14281168415307033E4893EC983F3D6BCAD6C36450AEC334F34F7 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:57:31.0462 0x195c StartCCC - ok
20:57:31.0510 0x195c [ FD8635F0976F6538C43CD306AF4A3BE5, 6108A2B39DEF7947317F2BEC881153939A1122391AEEE85356C3915AF2FFE9AC ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
20:57:31.0524 0x195c AccelerometerSysTrayApplet - ok
20:57:31.0575 0x195c [ 09754C6F49A08D94CBB828E125F179FD, A3DE2F2B2245FF198D517AB60174C386F28F456A528D0EAF2124B1C97C2D324C ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
20:57:31.0599 0x195c HPMessageService - ok
20:57:31.0663 0x195c [ 5B40616649F4E9BA178E3809BBF3F5E9, B1206CC3B76C056FB06EDFF9535C4A74ABD6FC0C18CBACC9FC2737FEB3E46F96 ] C:\PROGRA~2\DOWNSP~1\bar\1.bin\AppIntegrator64.exe
20:57:31.0681 0x195c DownSpeedTest AppIntegrator 64-bit - ok
20:57:31.0686 0x195c DiskPower - ok
20:57:31.0750 0x195c [ 5153C06FC9D4D094D1A785545928B134, 0037C935722663F9EF028F841DE222FC6418E9D60939AB60C965807E67A458DC ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:57:31.0779 0x195c SunJavaUpdateSched - ok
20:57:31.0958 0x195c [ D2CE6EA0E9F641D7153462D40C6B4193, 3AAE5239F951E29497D759326BDC23E19644B763DC5661CA4E4980418195C37D ] C:\Program Files (x86)\Steam\steam.exe
20:57:32.0050 0x195c Steam - ok
20:57:32.0106 0x195c Skype - ok
20:57:32.0216 0x195c Discord - ok
20:57:32.0310 0x195c [ 1C86704AA82D7AB48B489E9B8B6481B9, 0C11A77BF900FA23BC934A0C54AFC6A46A6B6C521C33585614A7660F8EDB300C ] C:\Users\Niklas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
20:57:32.0363 0x195c Spotify Web Helper - ok
20:57:32.0639 0x195c [ 9BC607E9527BEC3346DAA61443362502, D075DF179D28010A2AF6FA94F7BDD34C8E54AFD4700F5A1CB86FB0B787E0863E ] C:\Users\Niklas\AppData\Roaming\Spotify\Spotify.exe
20:57:32.0853 0x195c Spotify - ok
20:57:32.0870 0x195c Waiting for KSN requests completion. In queue: 173
20:57:33.0889 0x195c AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
20:57:33.0893 0x195c Win FW state via NFP2: enabled ( trusted )
20:57:34.0038 0x195c ============================================================
20:57:34.0038 0x195c Scan finished
20:57:34.0038 0x195c ============================================================
20:57:34.0051 0x1b70 Detected object count: 0
20:57:34.0051 0x1b70 Actual detected object count: 0
Übrigens: Welches kostenlose und welches kostenpflichtige Antivirenprogramm würden Sie mir, jemanden der viel mit dem Internet zu tun hat, empfehlen? |
|
10.12.2016, 21:14
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung von Trojaner: Crypt6.MAX Anleitung bitte richtig lesen, v.a. was zu tun wenn MBAR fündig wurde.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.12.2016, 22:01
| #10 |
| | Entfernung von Trojaner: Crypt6.MAX Was habe ich falsch gemacht ? Ich verstehe nicht... |
|
11.12.2016, 14:20
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Entfernung von Trojaner: Crypt6.MAX Hättest du richtig gelesen, wüsstest du es  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Entfernung von Trojaner: Crypt6.MAX |
| antivirus, behauptet, buddy, crypt, crypto-trojaner, eingefangen, entferne, entfernen, entfernung, free, gefangen, gen, gesperrt, herunterladen, hilfe, hilfe bei beseitigung, meinem, nichts, ordner, problem, programm, punkt, rechner, schädlich, troja, trojaner, version |
Linear-Darstellung
