| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Tr/dropper.gen - Herunterfahren nicht mehr möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2016, 18:57
| #1 |
 |  Tr/dropper.gen - Herunterfahren nicht mehr möglich Guten Abend. Seit vorgestern bekomme ich von Avira ständig Meldungen über Attacken, Funde und Dateien, die in die Quarantäne verschoben wurden.  Ich habe bis jetzt lediglich versucht die in die Quarantäne verschobenen Dateien von Avira dauerhaft löschen zu lassen, aber sie tauchen immer wieder auf. Der Laptop und das System haben bis jetzt keine merkbaren Beeinträchtigungen, abgesehen von der Tatsache, dass er sich nicht mehr normal herunterfahren lässt. Nur durch langes Drücken des Ein-/Ausschaltknopfes ist es möglich das Gerät abzuschalten. Vielen Dank vorab für eure Bemühungen Avira Quarantäne Log: Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Patrick\AppData\Local\Temp\7287348tmp000.zip
Status: Infiziert
Quarantäne-Objekt: 3b13e7f0.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.76
Virendefinitionsdatei: 8.12.138.172
Gefunden: Adware/BrowSecX.EL.2
Datum/Uhrzeit: 30.11.2016, 18:45
Typ: Datei
Quelle: C:\Windows\Temp\linkset.exe
Status: Infiziert
Quarantäne-Objekt: 445c3f8c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 30.11.2016, 17:17
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nse4C16.tmp
Status: Infiziert
Quarantäne-Objekt: 5cf369af.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: unknown
Virendefinitionsdatei: unknown
Gefunden: ADWARE/AD.ConvertAd.e8b1
Datum/Uhrzeit: 30.11.2016, 17:14
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nse4C16.tmp
Status: Infiziert
Quarantäne-Objekt: 4d267ee1.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: Adware/AD.ConvertAd.e8b19a (Cloud)
Datum/Uhrzeit: 30.11.2016, 17:11
Typ: Datei
Quelle: C:\WINDOWS\TEMP\netstream.exe
Status: Infiziert
Quarantäne-Objekt: 111607a2.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: TR/Crypt.ZPACK.Gen8 (Cloud)
Datum/Uhrzeit: 30.11.2016, 17:11
Typ: Datei
Quelle: C:\WINDOWS\TEMP\mcsdls.exe
Status: Infiziert
Quarantäne-Objekt: 119e188f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: TR/AD.Kovter.Y (Cloud)
Datum/Uhrzeit: 30.11.2016, 17:10
Typ: Datei
Quelle: C:\WINDOWS\TEMP\csienh9s.exe
Status: Infiziert
Quarantäne-Objekt: 1fde5a74.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: TR/Crypt.ZPACK.Gen4 (Cloud)
Datum/Uhrzeit: 30.11.2016, 17:10
Typ: Datei
Quelle: C:\WINDOWS\TEMP\spc32.exe
Status: Infiziert
Quarantäne-Objekt: 4dae611e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: TR/AD.Boaxxe.fcd57a (Cloud)
Datum/Uhrzeit: 30.11.2016, 17:10
Typ: Datei
Quelle: C:\Windows\Temp\linkset.exe
Status: Infiziert
Quarantäne-Objekt: 1f564583.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.152
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 30.11.2016, 17:07
Typ: Datei
Quelle: C:\Windows\Temp\linkset.exe
Status: Infiziert
Quarantäne-Objekt: 774f7531.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 29.11.2016, 23:13
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nsz4625.tmp
Status: Infiziert
Quarantäne-Objekt: 5c1e6972.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: unknown
Virendefinitionsdatei: unknown
Gefunden: ADWARE/AD.ConvertAd.2a94
Datum/Uhrzeit: 29.11.2016, 23:10
Typ: Datei
Quelle: C:\WINDOWS\TEMP\mcsdls.exe
Status: Infiziert
Quarantäne-Objekt: 43d37079.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/AD.Kovter.Y (Cloud)
Datum/Uhrzeit: 29.11.2016, 23:08
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nsz4625.tmp
Status: Infiziert
Quarantäne-Objekt: 07dc3a78.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: Adware/AD.ConvertAd.2a9499 (Cloud)
Datum/Uhrzeit: 29.11.2016, 23:08
Typ: Datei
Quelle: C:\WINDOWS\TEMP\netstream.exe
Status: Infiziert
Quarantäne-Objekt: 081039fa.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/Crypt.ZPACK.Gen8 (Cloud)
Datum/Uhrzeit: 29.11.2016, 23:08
Typ: Datei
Quelle: C:\WINDOWS\TEMP\csienh9s.exe
Status: Infiziert
Quarantäne-Objekt: 77277616.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/AD.Nitedrem.00a82d (Cloud)
Datum/Uhrzeit: 29.11.2016, 23:07
Typ: Datei
Quelle: C:\Windows\Temp\linkset.exe
Status: Infiziert
Quarantäne-Objekt: 788376ad.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 29.11.2016, 23:07
Typ: Datei
Quelle: C:\Windows\Temp\spc32.exe
Status: Infiziert
Quarantäne-Objekt: 08403c95.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/AD.NsisPureInject.rtlcq
Datum/Uhrzeit: 29.11.2016, 23:06
Typ: Datei
Quelle: C:\Windows\Temp\spc32.exe
Status: Infiziert
Quarantäne-Objekt: 08783add.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.72
Virendefinitionsdatei: 8.12.138.140
Gefunden: TR/AD.NsisPureInject.rtlcq
Datum/Uhrzeit: 29.11.2016, 23:06
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nsp9C9E.tmp\blowfish.dll
Status: Verdächtig
Quarantäne-Objekt: 1b684ad6.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: unknown
Virendefinitionsdatei: unknown
Gefunden: Verdächtige Datei
Datum/Uhrzeit: 28.11.2016, 23:10
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nsp9C9E.tmp\inetc.dll
Status: Verdächtig
Quarantäne-Objekt: 493d1020.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: unknown
Virendefinitionsdatei: unknown
Gefunden: Verdächtige Datei
Datum/Uhrzeit: 28.11.2016, 23:10
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nsm9004.tmp
Status: Infiziert
Quarantäne-Objekt: 51a23f52.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: unknown
Virendefinitionsdatei: unknown
Gefunden: ADWARE/AD.ConvertAd.2656
Datum/Uhrzeit: 28.11.2016, 23:10
Typ: Datei
Quelle: C:\WINDOWS\TEMP\nsm9004.tmp
Status: Infiziert
Quarantäne-Objekt: 1a1e23ae.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.68
Virendefinitionsdatei: 8.12.138.78
Gefunden: Adware/AD.ConvertAd.265637 (Cloud)
Datum/Uhrzeit: 28.11.2016, 23:07
Typ: Datei
Quelle: C:\Windows\Temp\linkset.exe
Status: Infiziert
Quarantäne-Objekt: 394d1763.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.68
Virendefinitionsdatei: 8.12.138.78
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 28.11.2016, 23:07
Typ: Datei
Quelle: C:\Windows\Temp\linkset.exe
Status: Infiziert
Quarantäne-Objekt: 399514c6.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.42.68
Virendefinitionsdatei: 8.12.138.78
Gefunden: TR/Dropper.Gen
Datum/Uhrzeit: 28.11.2016, 23:06
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
durchgeführt von Patrick (Administrator) auf DESKTOP-I54T4B7 (30-11-2016 18:45:16)
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2015-12-22] (Dritek System Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-05] ()
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [safe_urls768] => "C:\Users\Patrick\AppData\Roaming\Browser-Security\s768.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Patrick\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ce2c89b3-0cea-4292-b4ba-fd6c0e758f97}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_27¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDtC0AtDyCtCtCyEtAtCzzzyyDzy0BtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyD0AzytAtA0BtD0EtGyE0CyByDtGtAtDyByDtGtAyC0DtAtGtD0BtDzztDyEtCyB0D0BtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtA0EyEtC0CtAtGtCtB0EtDtGyE0A0A0EtGzztA0CtCtGtDzy0DtA0A0D0ByC0CyDtC0F2QtN0A0LzuyE%26cr%3D1695189712%26a%3Dwcg_fremkfs_16_27%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDtC0AtDyCtCtCyEtAtCzzzyyDzy0BtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyD0AzytAtA0BtD0EtGyE0CyByDtGtAtDyByDtGtAyC0DtAtGtD0BtDzztDyEtCyB0D0BtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtA0EyEtC0CtAtGtCtB0EtDtGyE0A0A0EtGzztA0CtCtGtDzy0DtA0A0D0ByC0CyDtC0F2QtN0A0LzuyE%26cr%3D1695189712%26a%3Dwcg_fremkfs_16_27%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDtC0AtDyCtCtCyEtAtCzzzyyDzy0BtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyD0AzytAtA0BtD0EtGyE0CyByDtGtAtDyByDtGtAyC0DtAtGtD0BtDzztDyEtCyB0D0BtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtA0EyEtC0CtAtGtCtB0EtDtGyE0A0A0EtGzztA0CtCtGtDzy0DtA0A0D0ByC0CyDtC0F2QtN0A0LzuyE%26cr%3D1695189712%26a%3Dwcg_fremkfs_16_27%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 5fqwv91p.default
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default [2016-11-30]
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\user.js [2016-08-28]
FF NewTab: Mozilla\Firefox\Profiles\5fqwv91p.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5fqwv91p.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5fqwv91p.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\5fqwv91p.default -> about:newtab
FF Keyword.URL: Mozilla\Firefox\Profiles\5fqwv91p.default -> user_pref("keyword.URL", true);
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Extension: (Alldebrid extension) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\alldebrid@alldebrid.com.xpi [2016-11-07]
FF Extension: (Classic Theme Restorer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-21]
FF Extension: (Classic Reload-Stop-Go Button) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\crsg@ArisT2_Noia4dev.xpi [2016-06-18]
FF Extension: (StatusbarEx) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\doudehou@gmail.com [2016-04-27]
FF Extension: (Kein Name) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\firefox@browser-security.de.xpi [2016-09-21] [ist nicht signiert]
FF Extension: (ExHentai Easy 2) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-12]
FF Extension: (Video WithOut Flash) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\vwof@drev.com.xpi [2016-01-13]
FF Extension: (Download Status Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27]
FF Extension: (NoScript) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29]
FF Extension: (Web Developer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-18]
FF Extension: (Greasemonkey) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-19]
FF Extension: (SearchPreview) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2016-10-23]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\searchplugins\yahoo! powered.xml [2016-07-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2015-12-22] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-12-22] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @hola.org/FlashPlayer -> C:\Users\Patrick\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-01-26] ()
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @hola.org/vlc -> C:\Users\Patrick\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-01-26] (Hola)
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
Chrome:
=======
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default [2016-11-28]
CHR Extension: (Google Präsentationen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google-Suche) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Core) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-13]
CHR Extension: (SearchPreview) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2016-10-29]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-07-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Unblock Youku) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-11-18]
CHR Extension: (Google Mail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349512 2016-11-15] (Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2015-12-22] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [885752 2016-11-09] (YANDEX LLC)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-10-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-10-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-12] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-07] (Disc Soft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R2 kbdssvc; C:\WINDOWS\System32\drivers\kbdssvc.sys [112408 2014-10-31] (CFCA)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9debaf626fb26761\nvlddmkm.sys [14174256 2016-11-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2015-12-22] (Dritek System Inc.)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-11-30 18:45 - 2016-11-30 18:45 - 00026349 _____ C:\Users\Patrick\Desktop\FRST.txt
2016-11-30 18:44 - 2016-11-30 18:45 - 00000000 ____D C:\FRST
2016-11-30 18:33 - 2016-11-30 18:33 - 02411520 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2016-11-29 19:35 - 2016-11-29 19:35 - 00066714 _____ C:\Users\Patrick\Desktop\SRE4234352.pdf
2016-11-29 06:10 - 2016-11-29 06:10 - 00000222 _____ C:\Users\Patrick\Desktop\Death Road to Canada.url
2016-11-28 20:20 - 2016-10-19 21:13 - 00453382 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-202029.backup
2016-11-27 15:18 - 2016-11-27 15:18 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.madgarden
2016-11-27 14:40 - 2016-11-27 14:40 - 00000220 _____ C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NVIDIA
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Local\Uber Entertainment
2016-11-26 17:06 - 2016-11-26 17:06 - 00003484 _____ C:\WINDOWS\System32\Tasks\IntelMemoryDiagnostic
2016-11-26 01:53 - 2016-11-26 01:53 - 00000000 ____D C:\Users\Patrick\.prefs
2016-11-26 01:52 - 2016-11-26 01:52 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Oracle
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-24 20:49 - 2016-11-24 20:49 - 00000000 ____D C:\Users\Patrick\Neuer Ordner
2016-11-24 18:24 - 2016-11-24 18:24 - 00002162 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\Program Files (x86)\SDA
2016-11-24 18:23 - 2016-11-24 18:23 - 00000000 ____D C:\Users\Patrick\AppData\Local\Downloaded Installations
2016-11-23 23:18 - 2016-11-23 23:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\PWU_ep2
2016-11-23 21:47 - 2016-11-23 21:47 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\rockbox.org
2016-11-23 20:38 - 2016-11-23 20:38 - 00463404 _____ C:\WINDOWS\Minidump\112316-5875-01.dmp
2016-11-23 20:32 - 2016-11-23 20:33 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2016-11-23 20:32 - 2016-11-23 20:32 - 00000000 ____D C:\Users\Patrick\AppData\Local\DriverToolkit
2016-11-23 20:17 - 2016-11-23 20:38 - 714201435 _____ C:\WINDOWS\MEMORY.DMP
2016-11-23 20:17 - 2016-11-23 20:38 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-23 20:17 - 2016-11-23 20:17 - 00588292 _____ C:\WINDOWS\Minidump\112316-6265-01.dmp
2016-11-21 22:57 - 2016-11-21 22:57 - 00003324 _____ C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
2016-11-21 22:51 - 2016-11-21 22:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\αï¼ï¼*ODEL
2016-11-21 22:51 - 2016-11-19 08:15 - 00617472 ____N (nobukichi) C:\WINDOWS\eiunin21.exe
2016-11-20 03:11 - 2016-11-20 03:11 - 00000000 ____D C:\Users\Patrick\Documents\Ð¡Ð¾Ñ…Ñ€Ð°Ð½ÐµÐ½Ð¸Ñ Ð¸Ð³Ñ€ Quest Navigator
2016-11-19 03:15 - 2016-11-19 03:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-19 03:15 - 2016-11-17 02:03 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-19 03:15 - 2016-11-16 10:52 - 07529957 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-19 03:15 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-19 03:15 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-19 03:14 - 2016-11-17 01:58 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-19 03:13 - 2016-11-18 00:09 - 00048688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-11-19 03:13 - 2016-11-17 03:06 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 28203576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 09158432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08761376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01038904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-11-19 03:02 - 2005-01-22 01:53 - 00055296 _____ C:\WINDOWS\system32\huffyuv.dll
2016-11-18 22:48 - 2016-11-18 22:48 - 00001067 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-11-18 14:42 - 2016-11-18 14:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-18 14:42 - 2016-10-25 21:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-18 14:42 - 2016-10-25 21:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-16 06:45 - 2016-11-30 17:04 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Mozilla
2016-11-13 23:20 - 2016-11-13 23:20 - 00000000 ____D C:\ProgramData\Adventure Game Studio
2016-11-10 06:45 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 06:45 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 06:45 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 06:45 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 06:45 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 06:45 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 06:45 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 06:45 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 06:44 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 06:44 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 06:44 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 06:44 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 06:44 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 06:44 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 06:44 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 06:44 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 06:44 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 06:44 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 06:44 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 06:44 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 06:44 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:44 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 06:44 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 06:44 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 06:44 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 06:44 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 06:43 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 06:43 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 06:43 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 06:43 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 06:43 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 06:43 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 06:43 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 06:43 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 06:43 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 06:43 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 06:43 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 06:43 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 06:43 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 06:43 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 06:43 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 06:43 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 06:36 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 06:36 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 06:36 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 06:36 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 06:36 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 06:36 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 06:36 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 06:36 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 06:36 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 06:36 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 06:36 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 06:36 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 06:35 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 06:35 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 06:35 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 06:35 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 06:35 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 06:35 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 06:35 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 06:35 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 06:35 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 06:35 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 06:35 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 06:35 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 06:35 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 06:35 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 06:35 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 06:35 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 06:35 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 06:34 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 06:34 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 06:34 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 06:34 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:34 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 06:34 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 06:34 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 06:34 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 06:34 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 06:34 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 06:34 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 06:34 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 06:58 - 2016-11-09 06:58 - 00329467 _____ C:\Users\Patrick\Kfz_12181232_06112016173912_1.pdf
2016-11-06 23:21 - 2016-11-06 23:21 - 00000000 _____ C:\m23apdfj.tmp.X
2016-11-06 23:21 - 2014-06-26 14:52 - 00140208 _____ C:\WINDOWS\SysWOW64\bgsresit.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00137648 _____ C:\WINDOWS\SysWOW64\bgsrespt.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00136624 _____ C:\WINDOWS\SysWOW64\bgsrespl.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00133040 _____ C:\WINDOWS\SysWOW64\bgsresda.dll
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\aksllmtp.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksfridge.sys
2016-11-06 23:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksdf.sys
2016-11-06 23:19 - 2016-11-06 23:19 - 00000000 ____D C:\ProgramData\3D Systems
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Local\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\ProgramData\DassaultSystemes
2016-11-06 17:39 - 2014-06-30 13:42 - 07642544 _____ (BroadGun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsview.exe
2016-11-06 17:39 - 2014-06-26 14:52 - 00142768 _____ C:\WINDOWS\SysWOW64\bgsreses.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00141232 _____ C:\WINDOWS\SysWOW64\bgsresfr.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00136112 _____ C:\WINDOWS\SysWOW64\bgsresde.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00134576 _____ C:\WINDOWS\SysWOW64\bgsresen.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00474032 _____ (Broadgun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsofice.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00269232 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgstb.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00204720 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgsmsnd.exe
2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ C:\WINDOWS\system32\bgspm64.dll
2016-11-06 17:39 - 2013-03-17 13:35 - 00439864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2016-11-06 17:39 - 2013-03-17 13:12 - 00646952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OC30.DLL
2016-11-06 17:39 - 2009-03-20 09:03 - 00516832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bgscapi.dll
2016-11-06 17:24 - 2016-11-06 17:26 - 00000000 ____D C:\Users\Patrick\TK
2016-11-06 17:24 - 2016-11-06 17:24 - 00000000 ____D C:\Users\Patrick\DA Direkt
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Glassix
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Crashpad
2016-11-05 00:26 - 2016-11-05 00:26 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\TeamNimbus
2016-11-01 22:25 - 2016-11-01 22:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\com.coursevector.minerva
2016-11-01 22:25 - 2016-11-01 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Course Vector
2016-11-01 22:25 - 2016-11-01 22:25 - 00000000 ____D C:\Program Files (x86)\Course Vector
2016-11-01 11:25 - 2016-11-01 11:25 - 08828992 _____ (Sogou.com Inc.) C:\WINDOWS\system32\SogouPY.ime
2016-11-01 11:25 - 2016-11-01 11:25 - 05212224 _____ (Sogou.com Inc.) C:\WINDOWS\SysWOW64\SogouPY.ime
2016-11-01 11:25 - 2016-11-01 11:25 - 01904704 _____ (Sogou.com Inc.) C:\WINDOWS\system32\SogouTSF.ime
2016-11-01 11:25 - 2016-11-01 11:25 - 01181248 _____ (Sogou.com Inc.) C:\WINDOWS\SysWOW64\SogouTSF.ime
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-11-30 18:26 - 2016-09-24 16:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-30 17:07 - 2016-09-24 17:19 - 00243302 _____ C:\WINDOWS\system32\prfh0804.dat
2016-11-30 17:07 - 2016-09-24 17:19 - 00159856 _____ C:\WINDOWS\system32\prfc0804.dat
2016-11-30 17:07 - 2016-07-16 23:51 - 00915030 _____ C:\WINDOWS\system32\perfh007.dat
2016-11-30 17:07 - 2016-07-16 23:51 - 00211044 _____ C:\WINDOWS\system32\perfc007.dat
2016-11-30 17:07 - 2015-12-22 21:42 - 02675908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-30 17:05 - 2016-08-21 15:32 - 00000436 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2016-11-30 17:03 - 2016-09-24 17:13 - 00000514 _____ C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job
2016-11-30 17:03 - 2016-09-24 17:13 - 00000452 _____ C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job
2016-11-30 17:03 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-30 17:03 - 2015-12-22 21:42 - 00000000 __SHD C:\Users\Patrick\IntelGraphicsProfiles
2016-11-30 17:01 - 2016-09-24 16:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-30 07:26 - 2016-09-24 16:27 - 00000000 ____D C:\Users\Patrick
2016-11-30 07:26 - 2015-12-23 10:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-29 18:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-29 18:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-29 06:30 - 2015-12-23 00:36 - 00000000 ____D C:\Games
2016-11-28 21:35 - 2015-12-22 23:34 - 00000000 ____D C:\Users\Patrick\Documents\Tencent Files
2016-11-28 02:04 - 2015-12-23 11:29 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Azureus
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00000000 ____D C:\Program Files\Vuze
2016-11-26 09:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-26 02:34 - 2016-07-16 23:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\JDownloader v2.0
2016-11-26 01:38 - 2016-01-30 17:53 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\RenPy
2016-11-24 21:42 - 2015-12-22 23:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashDumps
2016-11-24 21:18 - 2016-01-19 22:14 - 00001534 _____ C:\ProgramData\ss.ini
2016-11-24 21:02 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-24 20:50 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\Rechnungen
2016-11-23 20:17 - 2016-01-10 15:00 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\SogouPy
2016-11-23 17:26 - 2015-12-22 21:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-23 17:26 - 2015-12-22 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-22 17:47 - 2016-03-19 19:06 - 00000000 ____D C:\Users\Patrick\AppData\Local\MEGAsync
2016-11-22 17:18 - 2016-09-24 17:13 - 00003694 _____ C:\WINDOWS\System32\Tasks\Systemaktualisierung von Yandex Browser
2016-11-19 03:15 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-19 03:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-19 03:03 - 2016-09-17 12:44 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-19 03:03 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-11-19 03:02 - 2016-09-24 16:35 - 00002784 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-11-19 03:02 - 2016-09-24 16:30 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-11-19 02:58 - 2016-09-24 16:35 - 00004086 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-19 02:58 - 2015-12-22 22:30 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2016-11-18 22:48 - 2016-02-16 19:53 - 00000000 ____D C:\Users\Patrick\AppData\Local\HiSuite
2016-11-18 14:42 - 2016-10-06 23:00 - 00001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-18 14:42 - 2016-09-24 16:48 - 00004006 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003978 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003942 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003916 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003754 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003712 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-17 23:53 - 2015-12-22 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-14 22:55 - 2015-12-22 22:34 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 19:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 19:27 - 2015-12-22 21:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 19:26 - 2016-09-24 16:25 - 00425904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 07:14 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 23:02 - 2015-12-22 22:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-09 23:00 - 2016-10-19 06:16 - 00000000 ____D C:\Program Files (x86)\Cimatron
2016-11-09 22:50 - 2016-01-11 00:18 - 00000000 ____D C:\Program Files\SogouInput
2016-11-09 22:45 - 2016-08-28 16:12 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc
2016-11-08 22:14 - 2015-12-23 02:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-08 22:11 - 2015-12-23 02:16 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-07 18:47 - 2016-09-24 16:35 - 00003558 _____ C:\WINDOWS\System32\Tasks\SogouImeMgr
2016-11-06 23:44 - 2016-10-19 06:16 - 00000215 _____ C:\WINDOWS\CimLicManager.INI
2016-11-06 23:39 - 2015-12-22 22:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\Google
2016-11-06 23:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-06 17:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-06 17:37 - 2016-10-19 06:10 - 00000000 ____D C:\Program Files\Cimatron
2016-11-06 17:22 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\HUK24
2016-11-04 17:27 - 2015-12-22 23:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 07:25 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\Kontoauszüge
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-13 14:41 - 2015-08-13 14:47 - 0047462 ___SH () C:\Users\Patrick\AppData\Roaming\d3dx10.exe
2016-05-10 19:35 - 2016-05-10 19:40 - 0000009 _____ () C:\Users\Patrick\AppData\Roaming\update.dat
2016-05-10 19:36 - 2016-05-10 19:36 - 0000004 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
2015-12-31 01:56 - 2016-01-04 00:01 - 0007605 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2016-09-24 16:26 - 2016-09-24 16:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-19 22:14 - 2016-11-24 21:18 - 0001534 _____ () C:\ProgramData\ss.ini
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Patrick\cc_20161001_142046.reg
Einige Dateien in TEMP:
====================
C:\Users\Jia\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-11-25 20:55
==================== Ende von FRST.txt ============================
Geändert von Machalla666 (30.11.2016 um 19:52 Uhr) |
|
30.11.2016, 18:58
| #2 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Addition.txt
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 30-11-2016
durchgeführt von Patrick (30-11-2016 18:45:52)
Gestartet von C:\Users\Patrick\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-24 15:36:30)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3097098544-2319845998-2187571786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3097098544-2319845998-2187571786-503 - Limited - Disabled)
Gast (S-1-5-21-3097098544-2319845998-2187571786-501 - Limited - Disabled)
Patrick (S-1-5-21-3097098544-2319845998-2187571786-1001 - Administrator - Enabled) => C:\Users\Patrick
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Cavern Kings (HKLM-x32\...\Steam App 321830) (Version: - Vine)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Course Vector .minerva (HKLM-x32\...\com.coursevector.minerva) (Version: 3.5.0 - UNKNOWN)
Course Vector .minerva (x32 Version: 3.5.0 - UNKNOWN) Hidden
CrossCode (HKLM\...\Steam App 368340) (Version: - Radical Fish Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Death Road to Canada (HKLM\...\Steam App 252610) (Version: - Rocketcat Games)
Deathstate (HKLM-x32\...\Steam App 402120) (Version: - Workinman Interactive, LLC.)
DLC Quest (HKLM\...\Steam App 230050) (Version: - Going Loud Studios)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dungeon Souls (HKLM-x32\...\Steam App 383230) (Version: - Mike Studios)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FreeCAD 0.15 - A free open source CAD system (HKLM\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
Ghost 1.0 (HKLM\...\Steam App 463270) (Version: - @unepic_fran)
Good Robot (HKLM\...\Steam App 358830) (Version: - Pyrodactyl)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hammerwatch (HKLM\...\Steam App 239070) (Version: - Crackshell)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version: - Heart Machine)
Hyperdimension Neptunia Re;Birth1 (HKLM\...\Steam App 282900) (Version: - Idea Factory, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Iron Fisticle (HKLM-x32\...\Steam App 306700) (Version: - Confused Pelican)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jets'n'Guns Gold (HKLM\...\Steam App 262260) (Version: - Rake in Grass)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KH Ultra Trainer (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\4f344c4511ef18b2) (Version: 0.1.0.74 - KongHack)
Leap of Fate (HKLM\...\Steam App 363420) (Version: - Clever-Plays)
Legends of Pixelia (HKLM\...\Steam App 371530) (Version: - SimaGames)
LINE (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\LINE) (Version: 4.10.2.1257 - LINE Corporation)
Magicians & Looters (HKLM\...\Steam App 284180) (Version: - Morgopolis Studios)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Mercenary Kings (HKLM\...\Steam App 218820) (Version: - Tribute Games Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Rechner-Plus (HKLM-x32\...\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}) (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
NFOPad 1.7 (HKLM-x32\...\NFOPad) (Version: 1.7 - True Human Design)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PAC-MAN Championship Edition DX+ (HKLM\...\Steam App 236450) (Version: - Mine Loader Software Co., Ltd.)
Paranautical Activity: Deluxe Atonement Edition (HKLM\...\Steam App 250580) (Version: - Digerati Distribution)
Phantom Breaker: Battle Grounds (HKLM\...\Steam App 329490) (Version: - MAGES.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Princess.Loot.Pixel.Again (HKLM\...\Steam App 414290) (Version: - EfimovMax)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Roguelands (HKLM\...\Steam App 364420) (Version: - SmashGames)
Saints Row IV (HKLM\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Unity Web Player (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Void Raiders (HKLM\...\Steam App 445600) (Version: - Tryzna83)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Witch & Hero(é*”女ã¨å‹‡è€…) (HKLM\...\Steam App 434130) (Version: - FK Digital)
Yandex (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\YandexBrowser) (Version: 16.10.1.1114 - YANDEX)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version: - Milkstone Studios)
ã‚·ãƒ*クãƒ*家出ギャル 泊ã‚ã¦ãã‚ŒãŸã‚‰ãªã‚“ã§ã‚‚ã™ã‚‹ã‚ˆ (HKLM-x32\...\エルフを飼ã†ã‚ªãƒ¼ã‚¯ã€ŒãŠã‚ã‡ã«ã‚ƒã‚ªãƒ©ã®ä»”ã‚’ãŸãã‚“ã¨ç”£ã‚“ã§ã‚‚らã†ã*よã€) (Version: 1.0.0 - αï¼ï¼*ODEL)
æœç‹—拼音输入法 8.1æ*£å¼ç‰ˆ (HKLM-x32\...\Sogou Input) (Version: 8.1.0.8588 - Sogou.com)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{F654F1BF-54D9-4A2E-B703-889091D3CB2D}\InprocServer32 -> c:\cimatron e13\program\cimpreviewhandler.dll => Keine Datei
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0CF6A2CF-4CE5-4A2B-8FA9-4E54567A63ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {1F709E53-7E3C-4717-92B2-BE8C89A936F0} - System32\Tasks\SogouImeMgr => C:\Program Files\SogouInput\SogouExe\SogouExe.exe [2016-11-01] (Sogou.com Inc.)
Task: {285F40BD-A904-40FA-951B-ABB14BB69D51} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Patrick\AppData\Roaming\d3dx10.exe [2015-08-13] () <==== ACHTUNG
Task: {33AB4AFF-944D-474A-AE6F-66B7CF4F8590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {342309AA-8AD2-46DB-A6EA-5D51C5CE2E77} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-11-10] ()
Task: {3CFDDE66-A51F-4118-A971-B2784A2C099E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {55687776-EE70-4178-BD30-F45518292757} - System32\Tasks\Update for Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {5FEFC0D8-B25C-42C7-B193-C7EC237931F7} - System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7} => pcalua.exe -a C:\WINDOWS\eiunin21.exe -c "D:\Games\ShiroKuro Iede Gyaru Tomete\Game\Setup.DAT"
Task: {62755CD6-6F88-4E68-92CC-12876715E12E} - System32\Tasks\Aktualisierung von Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {7B8ADF7F-61F3-481A-83D1-8974A93B80FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {88FCB513-78C2-494C-97B8-1C2E1CA04A1B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8FB13BC2-5CED-434B-ABFC-E8CA8B7A9D4A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {907420C3-5A7F-4040-91F9-F0F26291B9FC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {9EE9C5DF-42DC-48AD-88CD-94D1A7A7CECB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {A78E230A-4226-4614-841C-F6F78BEB70E9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {A9FD5CD3-9A97-4881-A0BB-7480C51A19E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-08] (Microsoft Corporation)
Task: {BA657DC5-B244-4FF5-BD25-8005343FB1DD} - System32\Tasks\Systemaktualisierung von Yandex Browser => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [2016-11-09] (YANDEX LLC)
Task: {C056C44B-8F15-4448-92C2-56E043A73A80} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {D1DCFEBF-0295-4E80-94CF-F369B3C71B4B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DECEDBFC-2CA1-4EC6-B86D-83093585DC17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {EF0AAD5A-2E96-411C-87E4-C07B504C01A8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {F0AE3619-7E9F-47D2-B095-38C29BBC4059} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ () C:\WINDOWS\System32\bgspm64.dll
2016-08-26 10:08 - 2016-08-26 10:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-09-24 16:48 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00959168 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 15:13 - 2016-11-22 17:47 - 00592384 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-24 17:22 - 2016-09-24 17:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 06:35 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 06:35 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-09-30 15:58 - 2014-05-19 18:10 - 03386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2016-11-17 17:54 - 2016-11-17 17:54 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 17:54 - 2016-11-17 17:54 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 17:54 - 2016-11-17 17:54 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-01-03 22:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-03 22:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-03 22:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 22:08 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-24 16:48 - 2016-10-25 20:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-24 16:48 - 2016-10-25 21:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-30 15:58 - 2014-05-19 18:10 - 00028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll
2016-11-22 17:18 - 2016-11-09 06:57 - 01806840 _____ () C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\16.10.1.1114\libglesv2.dll
2016-11-22 17:18 - 2016-11-09 06:58 - 00094712 _____ () C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\16.10.1.1114\libegl.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00679624 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-05-01 15:15 - 2016-11-22 17:47 - 00564736 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll
2015-12-22 22:31 - 2015-12-22 22:31 - 02109000 _____ () C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\mono\Stable3.x.x\mono-1-vc.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7916 mehr Seiten.
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxp://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxps://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hxb.com.cn -> hxxps://dbank.hxb.com.cn
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7917 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-10-30 08:24 - 2016-11-28 20:20 - 00453482 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15559 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\Pictures\fire-and-ice-dragon.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "safe_urls768"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CimatronE12.0_x64"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{3764DFD5-D417-45BC-90EB-D1310FCD24EF}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{7381C9DF-2994-420A-936D-26C12C32B21B}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{31375AFE-B469-4D14-9EEB-59902F581197}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{FAFFFCA4-97CB-461B-8446-3014E8140DF7}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{0A714477-C01F-46CF-9572-729D2CDE5F82}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{CB119EB7-91C7-4F18-8552-76550D760525}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{D99C49B5-19C6-4FF8-B402-B71DE35D53C3}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{BF7BC0FD-0B8B-486B-81C3-B78A6461F5B8}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{ECC4B7A7-C3D2-488F-AF32-5FDAA6F14A5F}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{CE89D393-83CA-4ADE-B55E-A5E6E654C0E5}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{5CB1B11D-828A-48DD-A485-4C46C23E100C}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(é*”女ã¨å‹‡è€…)\witchandhero.exe
FirewallRules: [{6B36CFB6-0E38-459A-8270-E8FA8BA7791F}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(é*”女ã¨å‹‡è€…)\witchandhero.exe
FirewallRules: [{D72E2045-C71C-439D-933C-81AB4CEA7436}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{5E430C19-EC7A-447E-BB1E-8356D31244D5}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{471B154F-9907-4E2E-AF7F-F39B056C0EF9}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{6EE0233A-1022-4D51-9A06-064B0DA60368}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{18F2A80B-8F84-4F20-88A7-2457F51A80A7}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{44D74E01-714E-4680-A1B3-BEF85F2DD33F}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{08E5FE0A-8B11-4B74-A9D7-B29E23B2FC52}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{85A8FD2F-DD8B-493B-AE96-254566510C00}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [UDP Query User{29E3EEAD-2962-4CAC-A152-00CA7C21188F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [TCP Query User{B27B8D37-B155-4C7A-9047-23216E25A07F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [{2CAA031F-EB05-48E0-965D-5537212A10F5}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{D972B89E-FEE6-4681-9A5E-9AA8C101C4A0}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{9AC3B67F-9362-4A04-8FDB-6AE5E92703F7}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{F8B6C5CE-8322-498D-8C32-AA0C5F2E13DA}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{235DD586-F3B8-45EE-957B-F6603EB1AB2F}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{718C3044-F348-4F71-82E5-0C9F35DBEA8E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{20FE32C5-D219-4078-A8F6-82F8AC0ED03E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{BFB4F770-4B63-42CC-A179-20AF6BDAF310}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{B055C440-C4A6-4B6E-984F-FE64611637AF}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [{F1C2D9E1-F78C-4258-B7C8-B42A2F73C73F}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [UDP Query User{DEA51591-39A9-416D-9210-5BCF02DAD2AE}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [TCP Query User{A6523082-5CA8-4EB2-8CE0-87C5AF05722C}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [{46E4056F-38C3-43D2-9873-0F5CB6657BF5}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{EBE7F259-D304-44EE-BAA9-978AA436B65B}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{84A087DB-1030-43E6-890A-F3B223671A2F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{6F780622-0622-4A0F-9FC6-AE324B1C070F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{FA096091-49D3-4609-B2E4-22181FCB60C3}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{DD808A59-21DA-4D23-B121-C84B6E6627E6}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{BE3B029E-9D26-40AE-BFB4-EEBF356BA885}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{616D7593-4379-4910-BC48-4B8F5C9C15C8}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{05123FE3-F069-4B52-9593-4990020FE03E}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{2448D1F8-D212-403E-BCD8-A658EB6999A0}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{534F5062-92B5-4421-99A3-1565B99AC49D}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{D920F5B3-9429-468B-8A68-FD7F9B729D79}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{8F6367D0-CE2C-41EB-A9BA-4F1DAEFFBF45}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DBD9FB03-B8F1-42AF-9A7A-D7F8FB0CC69E}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{AF9589E2-158D-4C95-BFC9-65BBDD91A19E}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{D5FDCF37-4154-4093-9117-8BD419465C73}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{EC2ABB68-B46C-425A-83F7-CDA9F68FB7FF}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{D500DC79-5ADA-412D-B382-9601912F2550}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{251828C1-0ECC-440D-803A-75DB68A1B8C5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{7AF92E39-A085-4E65-BFA6-EBEA938287B1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{31833F03-49C6-46F5-8DB6-93FAD4067DEF}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{64A06AB9-50A5-4013-AFB4-60B42114BC16}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{3C2711C5-9087-49A9-BE22-DCB24B3882E6}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0E57CF92-59D7-4676-ACD5-D550E0D60D7C}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{23D7BBAB-6A17-48FA-991E-14C6A19B3E6D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{AC851ED3-7362-456E-AE70-1D5CEFE7C89D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{95963643-843A-4C3F-8990-57834844732B}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [TCP Query User{ABB12612-9084-4064-9CC6-6BF1C99BFAA6}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [{D6C353DC-6121-487D-966E-479BEE4C83C3}] => C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{92B2A13C-CECB-422E-8932-B5B8B67F8948}] => C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{C01D116D-EFC4-4CE6-8AEC-E832D50650C1}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{873C240A-601E-4C96-A4DD-7CECC158AED4}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{FE2110F3-E125-46AF-985A-696EC1C64382}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{AF85E0AE-2101-4EF1-8103-A5D494C5BA85}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{BD71D367-6727-4A6C-8214-0E1B4CDD0370}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{EF176D09-0714-4693-B01A-2F882FA6383E}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{09F993A2-1C2A-417F-8E24-6A766640D8CD}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{1399F122-9A16-4B47-BDF9-8FFF9B2AC1F6}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{29922ED6-8987-4CD1-B01F-69A16DAABA3B}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6F033B50-F83E-4C8E-8FB8-8124CE0A9B51}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6DCB7751-498F-4F8F-AA4D-5470F22CF767}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{1815A6A8-AB69-405B-A4F0-FE2E0DF40E5F}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{60AC0683-DF68-4FCB-AB90-9B04AEFFBDCC}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{E30B989C-7D43-4738-BB72-D755DD0C0035}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{6F921651-3A24-4904-B3F8-43F2E513FAD3}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{988081A4-F5C0-4042-8CEC-F4659DF3F10E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBAC9118-80CB-497F-A151-7752BAEDDA40}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75ABB2FF-A053-4650-A535-8817F3BE8850}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7CCBD6F6-8101-4382-9511-88A9B3673ADF}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{C6943B46-F017-4E8C-9B3B-10655C08EA16}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{70128B16-2126-4D5C-AB34-598B205A837F}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{B78BCA76-ADDD-4E79-A1D5-A0E62B84EC11}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{FAED5051-98F2-4FB7-B3CC-0DC1859D2AB2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{650F7EAC-66E2-4705-811A-4786F8186D3F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8DF8682-9EC4-461B-A83C-7137D354D3D7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EF61B266-6E00-457B-98D9-2882EE3E1E4D}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E3A67D95-B6EF-455E-B3FB-5BAD99F65F70}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9967287-87A3-41DD-8E42-DD2461004836}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86CE6FBC-9E00-484C-834A-A85F1A89840F}] => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{7EA154DD-3142-47C5-92B9-86651E5C7CB4}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{D9133A72-07FB-4436-99F4-D7C4E86DF477}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{72774E9B-97BF-4D9E-A3F3-31745482D0C5}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{0F24359D-B5D1-4E4B-A2A3-8311694C6701}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{01775F07-2831-4DD4-B754-C8A0385E099B}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{5B86419F-A53E-40B9-B14F-168B089683DA}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{7FDB2EB3-9F97-4E66-A7E1-9EDA750A5556}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{5C7661D4-9409-48A3-A224-10BFDE64CA64}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{54CB7C35-71E8-4144-B31C-7CB892EDF390}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{4292ABB5-3849-466E-8968-7B8C885792D3}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{DC6F0713-9B09-4658-9A58-DA3475F25AA6}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{D7C6184B-D3E0-4930-B7E3-66EBE0FA5A1D}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{3129E8F9-898F-4D3B-B6F0-8C8BB4878F38}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{09855C59-7B31-433B-9F51-1E0F50729A08}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{7E578D3A-18A5-421E-978D-1B311DF77447}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{18857925-C99F-4497-91ED-34E71F1A9B8B}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{D4B2A7D4-91F7-41AE-B759-70B4372F5502}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{460F737E-9EC0-4BC7-8F56-40340E87EC0C}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{44531322-CDE2-4E6F-84F8-E93757A14AE3}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{2D760737-7C7F-48B2-9F32-094B47DBD9D4}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{F798BCDB-4C1B-4A75-9A1A-B754D246EF44}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{A1C84D1F-E207-428F-9A11-7C3D5887517B}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{3D4A535D-7BD8-4EEB-9DBB-B495FDF1FB76}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{EA243917-0ED1-4AC3-892E-E75E69E85ADD}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{33F72E10-AFF6-4BCA-8C05-FDDFA7F7F7C3}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{68CB1F80-BA9C-482D-BB2D-677FFBFEF16A}] => C:\Program Files\Cimatron\CimatronE\Program\CimatronE.exe
FirewallRules: [{A171EC02-48FD-4221-AB23-6005EE5637B4}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteBoxManager.exe
FirewallRules: [{65380630-63BE-4835-A178-BCADECC758AA}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{B5CFDA5D-8776-4383-8F5F-B76FA77C5ADF}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{6907F5CD-3E9A-4E9A-AF7D-659F15399D49}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{3CECCF84-A0F4-4A26-8EE4-2A1C7244B235}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{612445B6-6A40-49B6-AE58-804F7BF90422}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{EACCBFE3-C8CD-41C5-A91F-AD18D3CBF08E}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteWorker.exe
FirewallRules: [{3F7B93DA-04CF-47CE-BE6A-1FAB0995F92B}] => C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{096A419B-62BA-441A-BC77-FAB03072256A}] => C:\Cimatron E13\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{8680F965-A9EC-4271-93B4-505F6466C0FF}] => C:\Cimatron E13\Program\CimatronE.exe
FirewallRules: [{DDCA80CC-D6CE-4D39-BD18-C101BBA5076A}] => C:\Cimatron E13\Program\CimRemoteBoxManager.exe
FirewallRules: [{9935DE82-D3C7-455A-8148-E4A2BD21DCBC}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{990A8079-F4EB-4509-BCBF-E059611C3FC7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{185A022C-9E6A-4647-B71A-6B9817AA1CBF}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{575809EB-3973-4A72-8D33-7DC5F16342B7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{B6A4366A-DA4F-43E4-8555-F125769D7C8B}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{7F74F2FC-B42F-4D71-B201-0195D17FD6E5}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{985C7414-DC1D-4E82-94E3-CC2605D736AB}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{54195CC1-AD9D-4998-8172-921D05D97089}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{566CF440-5F41-42BC-86E1-2C64124490AD}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{81E0ED6C-D16A-43EE-B7F5-99A91E6C597D}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{7A016A10-0A8B-4273-A89D-7AEB693826F3}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{B8A5162A-D06B-4D53-BE24-312DBF4B8203}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{EDE1A8F3-1D58-4D6F-8967-04297A1197AB}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{BC483936-A171-4A92-9AA9-3C52D2BEF9F8}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{CF4146B2-62E6-48E4-8478-F24375111FC5}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{4FB6FE8F-7145-4338-ABFE-E412FFEF8412}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{56A8A485-3B98-480F-BFAE-6DF7A0212840}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{03DBD3CA-1AD9-40FA-8F02-939EAECDB990}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{5A23DF0C-FE19-46C9-9D70-171735056747}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{A25A85F0-2797-4A9B-9340-5769313C4323}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{BEEA45A0-3546-4241-AAF9-ED51EB1A1644}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{2C9200BD-1504-4379-981E-A01B1FB2B1C0}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{5BFCE98B-5E70-4DB8-B281-F4259913B610}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{6860966F-7701-4302-88B3-FF5B39DF7EC2}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{B751DED2-5796-45A5-AFB5-6AA8CF25308A}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{A402CC30-5D3C-41DD-A0A4-9F862F947A64}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B3976A15-41DD-4BCB-9BFA-02A8CA5D0E93}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B9AE4A8A-2213-49B2-85F3-5819E5D8E9DD}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{06FB5740-E816-43A3-BD23-3B737FCD031E}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B31C6B22-6986-41C8-8625-18EFA04F06B6}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{372BA32F-C576-4485-8B0C-2B21686E362E}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{6D3DCEDE-22AC-4DAA-8B7E-3EAE40BB8E73}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{BBA09CFE-8FFC-4E12-8F79-17581FF99D51}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{4A38FEC6-47EA-4DBA-85DB-F3165E2755A4}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{E0125ADA-5CAA-4A26-B106-DE3EAD794F4A}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{25366F8D-4DB8-4544-9C5C-3A1F5C4AA82B}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{2E709EE1-79E0-4A30-AD23-30A0594C0EC0}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DEC9358B-ED88-48DF-965E-238A03FAB10A}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{8E722A9E-3D82-41C9-A6BC-042ECA42C3D5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{393DA665-55A1-4B7F-9044-BB0AD113F3D8}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{C4A26A66-A7EC-417F-A8E9-CCBB78D38B91}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DD1A2841-49AB-414A-9FB6-3A7205E015A5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{65995093-15F6-444F-B8EE-C2B97DF5C04F}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{DF61DDC9-3D41-4E72-853B-BDAA2F2BC223}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{C45AD099-CB85-460B-803E-E4A51392C38B}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{647D2FEC-9540-4098-8901-49CB0CC72BA7}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{1F608F1A-4F10-46B5-B6FA-E299724EC679}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{97289FA1-85A7-4225-806A-A5E034E602E0}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{CE57EF4C-239D-4A77-A9CF-673A3F733419}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{A1BA72F8-F488-4AB8-B8EE-CE1E1DA04261}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{49452CC4-C124-40D7-866B-BDA3D10CA632}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{58AD4E86-91F1-4263-A4C6-AD79F7FD9918}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4DE9B0A0-7B7F-41DD-B115-71532D9EDB63}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{F6D306F3-0054-4B9C-B691-00FC88976995}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{6F765953-4976-4714-804A-811BAFA6E151}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F2E9BBF5-2EC3-4983-B606-1F61508156B7}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{686D3529-E62B-4E90-A104-7B60BBC05F23}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D7E4966C-BAE8-468F-94CC-55E2BAEA1D50}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DA1BAD8-2869-47BA-B670-7859687B0ACC}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{3CC78B1C-2CC4-4BCD-BF1E-E90514237A9C}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
28-11-2016 17:33:57 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/30/2016 05:03:25 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (11/29/2016 07:44:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/28/2016 05:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (11/28/2016 11:59:27 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (11/28/2016 11:59:15 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (11/28/2016 11:56:48 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (11/28/2016 11:56:10 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (11/28/2016 11:55:49 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Error: (11/28/2016 11:55:11 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.
Systemfehler:
=============
Error: (11/30/2016 05:03:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (11/30/2016 05:01:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎11.‎2016 um 07:07:48 unerwartet heruntergefahren.
Error: (11/30/2016 06:13:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (11/29/2016 06:54:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
Error: (11/29/2016 06:53:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (11/29/2016 06:52:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎11.‎2016 um 06:51:26 unerwartet heruntergefahren.
Error: (11/29/2016 07:13:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (11/29/2016 05:56:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (11/28/2016 05:01:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (11/28/2016 04:54:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
CodeIntegrity:
===================================
Date: 2016-10-11 15:44:29.852
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 8007.27 MB
Verfügbarer physikalischer RAM: 4846.8 MB
Summe virtueller Speicher: 9287.27 MB
Verfügbarer virtueller Speicher: 5863.68 MB
==================== Laufwerke ================================
Drive c: (SSD) (Fixed) (Total:231.52 GB) (Free:84.92 GB) NTFS
Drive d: (HDD) (Fixed) (Total:465.76 GB) (Free:143.6 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 08CA1AAA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
01.12.2016, 16:14
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Tr/dropper.gen - Herunterfahren nicht mehr möglich+++ WICHTIGER HINWEIS +++ Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache. Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung! Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben. Gelesen und verstanden?
__________________ |
|
01.12.2016, 18:39
| #4 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Gelesen und verstanden. Nur noch eine Frage: Da ich ja mein System nicht verändern und Software weder installieren noch deinstallieren darf, soll ich erstmal die Vollständige Systemüberprüfung durch Avira und Updates, wie z.B. von Nvidea, aussetzen ? |
|
02.12.2016, 09:20
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/dropper.gen - Herunterfahren nicht mehr möglich Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.12.2016, 19:30
| #6 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Ok, Avira ist deinstalliert. |
|
02.12.2016, 19:57
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/dropper.gen - Herunterfahren nicht mehr möglich 1. Schritt: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.12.2016, 20:58
| #8 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Malwarebytes keine Funde Logfile: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2016.12.02.10
rootkit: v2016.11.20.01
Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
Patrick :: DESKTOP-I54T4B7 [administrator]
02.12.2016 20:39:42
mbar-log-2016-12-02 (20-39-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 352739
Time elapsed: 7 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Logfile Teil1: Code:
ATTFilter 20:48:35.0198 0x060c TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
20:48:35.0198 0x060c UEFI system
20:48:52.0817 0x060c ============================================================
20:48:52.0817 0x060c Current date / time: 2016/12/02 20:48:52.0817
20:48:52.0817 0x060c SystemInfo:
20:48:52.0817 0x060c
20:48:52.0817 0x060c OS Version: 10.0.14393 ServicePack: 0.0
20:48:52.0817 0x060c Product type: Workstation
20:48:52.0817 0x060c ComputerName: DESKTOP-I54T4B7
20:48:52.0817 0x060c UserName: Patrick
20:48:52.0817 0x060c Windows directory: C:\WINDOWS
20:48:52.0817 0x060c System windows directory: C:\WINDOWS
20:48:52.0817 0x060c Running under WOW64
20:48:52.0817 0x060c Processor architecture: Intel x64
20:48:52.0817 0x060c Number of processors: 8
20:48:52.0817 0x060c Page size: 0x1000
20:48:52.0817 0x060c Boot type: Normal boot
20:48:52.0818 0x060c CodeIntegrityOptions = 0x00000001
20:48:52.0818 0x060c ============================================================
20:48:52.0842 0x060c KLMD registered as C:\WINDOWS\system32\drivers\71052118.sys
20:48:52.0842 0x060c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.447, osProperties = 0x19
20:48:52.0874 0x060c System UUID: {BF06FE79-495B-5F1C-47E0-4EF59F6BFE62}
20:48:53.0088 0x060c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:54.0812 0x060c Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:54.0819 0x060c ============================================================
20:48:54.0819 0x060c \Device\Harddisk0\DR0:
20:48:54.0820 0x060c GPT partitions:
20:48:54.0820 0x060c \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {207FAE11-A209-45E1-921F-FA9DF18AD91B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
20:48:54.0820 0x060c \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {4705516B-5E69-44AB-833A-A0C78ACD69FC}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x31800
20:48:54.0820 0x060c \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AD35254C-E9C6-47F9-967E-C0B25087C0D6}, Name: Microsoft reserved partition, StartLBA 0x113000, BlocksNum 0x8000
20:48:54.0820 0x060c \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4963CF99-E017-418C-811F-EE78D4C52D56}, Name: Basic data partition, StartLBA 0x11B000, BlocksNum 0x1CF09060
20:48:54.0820 0x060c \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {82E614D8-AF80-463C-9438-E32A0C778068}, Name: , StartLBA 0x1D024800, BlocksNum 0x1A0800
20:48:54.0820 0x060c MBR partitions:
20:48:54.0820 0x060c \Device\Harddisk1\DR1:
20:48:54.0825 0x060c MBR partitions:
20:48:54.0825 0x060c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384441
20:48:54.0825 0x060c ============================================================
20:48:54.0826 0x060c C: <-> \Device\Harddisk0\DR0\Partition4
20:48:54.0827 0x060c D: <-> \Device\Harddisk1\DR1\Partition1
20:48:54.0827 0x060c ============================================================
20:48:54.0827 0x060c Initialize success
20:48:54.0827 0x060c ============================================================
20:49:42.0950 0x1db8 ============================================================
20:49:42.0950 0x1db8 Scan started
20:49:42.0950 0x1db8 Mode: Manual; SigCheck; TDLFS;
20:49:42.0950 0x1db8 ============================================================
20:49:42.0950 0x1db8 KSN ping started
20:49:43.0038 0x1db8 KSN ping finished: true
20:49:45.0331 0x1db8 ================ Scan system memory ========================
20:49:45.0331 0x1db8 System memory - ok
20:49:45.0332 0x1db8 ================ Scan services =============================
20:49:45.0369 0x1db8 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
20:49:45.0412 0x1db8 1394ohci - ok
20:49:45.0420 0x1db8 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
20:49:45.0432 0x1db8 3ware - ok
20:49:45.0449 0x1db8 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
20:49:45.0476 0x1db8 ACPI - ok
20:49:45.0480 0x1db8 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
20:49:45.0492 0x1db8 AcpiDev - ok
20:49:45.0497 0x1db8 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
20:49:45.0510 0x1db8 acpiex - ok
20:49:45.0513 0x1db8 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
20:49:45.0526 0x1db8 acpipagr - ok
20:49:45.0529 0x1db8 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
20:49:45.0542 0x1db8 AcpiPmi - ok
20:49:45.0545 0x1db8 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
20:49:45.0556 0x1db8 acpitime - ok
20:49:45.0562 0x1db8 [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:45.0570 0x1db8 AdobeARMservice - ok
20:49:45.0595 0x1db8 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:49:45.0630 0x1db8 ADP80XX - ok
20:49:45.0646 0x1db8 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
20:49:45.0669 0x1db8 AFD - ok
20:49:45.0678 0x1db8 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:49:45.0698 0x1db8 ahcache - ok
20:49:45.0702 0x1db8 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
20:49:45.0716 0x1db8 AJRouter - ok
20:49:45.0721 0x1db8 [ 59069329A89025B01708F3DAF9929C58, 57C8D300823E54EE7D77B7A30452519B459D32FF7BCA340ED33FF181BE093F04 ] aksdf C:\WINDOWS\system32\drivers\aksdf.sys
20:49:45.0728 0x1db8 aksdf - ok
20:49:45.0734 0x1db8 [ 0EF3D7B35431030FFC85F7EF45A64E0C, 720E1F0841571E316BB224E8BC125C56BCDC6195DB9BE1F71EDDB7DCBC638FA9 ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
20:49:45.0742 0x1db8 aksfridge - ok
20:49:45.0747 0x1db8 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
20:49:45.0762 0x1db8 ALG - ok
20:49:45.0768 0x1db8 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
20:49:45.0784 0x1db8 AmdK8 - ok
20:49:45.0790 0x1db8 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
20:49:45.0804 0x1db8 AmdPPM - ok
20:49:45.0809 0x1db8 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
20:49:45.0820 0x1db8 amdsata - ok
20:49:45.0827 0x1db8 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
20:49:45.0843 0x1db8 amdsbs - ok
20:49:45.0847 0x1db8 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
20:49:45.0856 0x1db8 amdxata - ok
20:49:45.0860 0x1db8 [ 39B6FAE7DFE1B70034F253AB0BB96E2F, 477D9788BB1717F966E8E4F776CE52425BB76288A99FF34AE7A24D4221EA5D05 ] ampa C:\Windows\system32\ampa.sys
20:49:45.0870 0x1db8 ampa - detected UnsignedFile.Multi.Generic ( 1 )
20:49:45.0944 0x1db8 Detect skipped due to KSN trusted
20:49:45.0944 0x1db8 ampa - ok
20:49:45.0950 0x1db8 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
20:49:45.0963 0x1db8 AppID - ok
20:49:45.0968 0x1db8 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
20:49:45.0988 0x1db8 AppIDSvc - ok
20:49:45.0994 0x1db8 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
20:49:46.0010 0x1db8 Appinfo - ok
20:49:46.0014 0x1db8 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
20:49:46.0035 0x1db8 applockerfltr - ok
20:49:46.0048 0x1db8 [ 21DC11DA29484AE026E536F2EA7E79E5, 6E17B679494CB293DE13DFA18F79A9DFAFEEBAAE41943F95B5E1AE0720A5CA26 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
20:49:46.0078 0x1db8 AppReadiness - ok
20:49:46.0120 0x1db8 [ F9F4CFCB3845EABF81A654001C80854C, 2CB7BED0A838585903056E41D46C2604B5EECA3B6C673497A22BFFCAE7986C5F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
20:49:46.0200 0x1db8 AppXSvc - ok
20:49:46.0207 0x1db8 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
20:49:46.0219 0x1db8 arcsas - ok
20:49:46.0229 0x1db8 [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:49:46.0241 0x1db8 aspnet_state - ok
20:49:46.0244 0x1db8 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
20:49:46.0259 0x1db8 AsyncMac - ok
20:49:46.0263 0x1db8 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
20:49:46.0272 0x1db8 atapi - ok
20:49:46.0277 0x1db8 [ 8302D313DCC5536FE6BFB85165D9BB1E, CD9101D9CFE34F0D6CF5A6AD5C997CC5D32CCF5135B78604D0C3CD7252117C2D ] AthBTPort C:\WINDOWS\system32\DRIVERS\btath_flt.sys
20:49:46.0284 0x1db8 AthBTPort - ok
20:49:46.0294 0x1db8 [ B68BC92DC0F6484E5862BA1B09EE720C, E15BF19CBF83EC33A3DF9371CCEA9EA9765B17C41B13D4B28635111171D43835 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:49:46.0309 0x1db8 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:49:46.0384 0x1db8 Detect skipped due to KSN trusted
20:49:46.0384 0x1db8 AtherosSvc - ok
20:49:46.0458 0x1db8 [ 835E2C1A3D32492E2B90BD4FE5527CB6, DE129E570C85EE8AAE8084B40F4E32766B4B789A2EED81E46311712B0826053D ] athr C:\WINDOWS\System32\drivers\athw8x.sys
20:49:46.0597 0x1db8 athr - ok
20:49:46.0610 0x1db8 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:49:46.0632 0x1db8 AudioEndpointBuilder - ok
20:49:46.0652 0x1db8 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
20:49:46.0691 0x1db8 Audiosrv - ok
20:49:46.0697 0x1db8 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
20:49:46.0713 0x1db8 AxInstSV - ok
20:49:46.0726 0x1db8 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
20:49:46.0747 0x1db8 b06bdrv - ok
20:49:46.0752 0x1db8 [ C0D49B86B9A3C081FD96E5EDEB7373FA, F9C70993A0F92CD5A798DE3C6150845C1965A1AF43C59001285F3BBEC0681A6F ] b57xdbd C:\WINDOWS\System32\drivers\b57xdbd.sys
20:49:46.0759 0x1db8 b57xdbd - ok
20:49:46.0763 0x1db8 [ B2B4C0169F3D2BB1106B61C04EE6145B, FD58739228479F525AB748C293C6112A94792584773C6A17E1D1478611B606C0 ] b57xdmp C:\WINDOWS\System32\drivers\b57xdmp.sys
20:49:46.0768 0x1db8 b57xdmp - ok
20:49:46.0773 0x1db8 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:49:46.0787 0x1db8 BasicDisplay - ok
20:49:46.0791 0x1db8 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
20:49:46.0802 0x1db8 BasicRender - ok
20:49:46.0807 0x1db8 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
20:49:46.0818 0x1db8 bcmfn - ok
20:49:46.0821 0x1db8 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
20:49:46.0832 0x1db8 bcmfn2 - ok
20:49:46.0842 0x1db8 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
20:49:46.0865 0x1db8 BDESVC - ok
20:49:46.0868 0x1db8 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:49:46.0880 0x1db8 Beep - ok
20:49:46.0898 0x1db8 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
20:49:46.0934 0x1db8 BFE - ok
20:49:46.0958 0x1db8 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
20:49:47.0004 0x1db8 BITS - ok
20:49:47.0009 0x1db8 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
20:49:47.0024 0x1db8 bowser - ok
20:49:47.0041 0x1db8 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:49:47.0077 0x1db8 BrokerInfrastructure - ok
20:49:47.0083 0x1db8 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
20:49:47.0099 0x1db8 Browser - ok
20:49:47.0103 0x1db8 [ F4598EF1BE59937A578F3F68724552A7, 67F2B580462A925583F272BBF664BF2042D2E2B18B1CB21B994B12A9B6288779 ] bScsiMSa C:\WINDOWS\System32\drivers\bScsiMSa.sys
20:49:47.0110 0x1db8 bScsiMSa - ok
20:49:47.0115 0x1db8 [ FE95727BE64F084EA291ECFCDBE5279F, 462A79100BC776F3D506A1742773FDA53E1E3F33D1172DD8E9287E136AF6B16B ] bScsiSDa C:\WINDOWS\System32\drivers\bScsiSDa.sys
20:49:47.0121 0x1db8 bScsiSDa - ok
20:49:47.0131 0x1db8 [ 3B178B27E4514638497273C97B08B2A4, 7D7391DE399A414B6EDCD4E992D8B9C6D52FFF0ED7404F4D88E490315A3BDFD6 ] BTATH_A2DP C:\WINDOWS\system32\drivers\btath_a2dp.sys
20:49:47.0143 0x1db8 BTATH_A2DP - ok
20:49:47.0148 0x1db8 [ FB5EEA3DB72E30D645DC40D0951B1A1B, B4F1FA323D8F259A22193FD67B07E512EBE70C3C483BD15F087EA08C53021F7A ] btath_avdt C:\WINDOWS\system32\drivers\btath_avdt.sys
20:49:47.0155 0x1db8 btath_avdt - ok
20:49:47.0159 0x1db8 [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS C:\WINDOWS\System32\drivers\btath_bus.sys
20:49:47.0165 0x1db8 BTATH_BUS - ok
20:49:47.0171 0x1db8 [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP C:\WINDOWS\System32\drivers\btath_hcrp.sys
20:49:47.0181 0x1db8 BTATH_HCRP - ok
20:49:47.0185 0x1db8 [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
20:49:47.0192 0x1db8 BTATH_LWFLT - ok
20:49:47.0197 0x1db8 [ 859A116D748FBA603AF94C251DC5CF97, D64061721BE01F86386C4B0168B166C6AD076630B2229036E1D368D877389D46 ] BTATH_RCP C:\WINDOWS\System32\drivers\btath_rcp.sys
20:49:47.0205 0x1db8 BTATH_RCP - ok
20:49:47.0220 0x1db8 [ C8BF11D79B29BB23A461B65B58BA8593, 35AFAD5ED40304976287E6C982085DF7A91FF48F0320DAC32370FA039AA03C69 ] BtFilter C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:49:47.0244 0x1db8 BtFilter - ok
20:49:47.0248 0x1db8 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:49:47.0260 0x1db8 BthAvrcpTg - ok
20:49:47.0265 0x1db8 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
20:49:47.0277 0x1db8 BthHFEnum - ok
20:49:47.0281 0x1db8 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
20:49:47.0292 0x1db8 bthhfhid - ok
20:49:47.0301 0x1db8 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
20:49:47.0321 0x1db8 BthHFSrv - ok
20:49:47.0326 0x1db8 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
20:49:47.0339 0x1db8 BTHMODEM - ok
20:49:47.0359 0x1db8 [ E6D5762958A839B119C041256149AAD6, 8FB489F6771C392347E333935E00024309A19F1D3143F365A039A9D2DE0A639C ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
20:49:47.0401 0x1db8 BTHPORT - ok
20:49:47.0408 0x1db8 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
20:49:47.0424 0x1db8 bthserv - ok
20:49:47.0428 0x1db8 [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
20:49:47.0441 0x1db8 BTHUSB - ok
20:49:47.0446 0x1db8 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:49:47.0458 0x1db8 buttonconverter - ok
20:49:47.0464 0x1db8 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
20:49:47.0480 0x1db8 CapImg - ok
20:49:47.0485 0x1db8 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:49:47.0501 0x1db8 cdfs - ok
20:49:47.0512 0x1db8 [ B737F6FB33A6F79BCBC293A5B32C1C4E, B2EAF621052A4CBEE78208ECF1AC9286BD1EB431019372254E442319308112F8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
20:49:47.0536 0x1db8 CDPSvc - ok
20:49:47.0546 0x1db8 [ 2531EF3423A9FE1692005A41907E3BE3, 4E7D3E216937305B73CBCC5031F513CEC38F4FEFE3F2291DED5F37641221CCA0 ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
20:49:47.0566 0x1db8 CDPUserSvc - ok
20:49:47.0576 0x1db8 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
20:49:47.0590 0x1db8 cdrom - ok
20:49:47.0597 0x1db8 [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
20:49:47.0615 0x1db8 CertPropSvc - ok
20:49:47.0624 0x1db8 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
20:49:47.0641 0x1db8 cht4iscsi - ok
20:49:47.0681 0x1db8 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
20:49:47.0739 0x1db8 cht4vbd - ok
20:49:47.0745 0x1db8 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
20:49:47.0757 0x1db8 circlass - ok
20:49:47.0766 0x1db8 [ 39591D8510CEC3BA6ED4330EE689B791, E827DEA20AB338308D6E4EEFEF551088088B77CD10BF08C8BE568090E04172E2 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
20:49:47.0783 0x1db8 CLFS - ok
20:49:47.0808 0x1db8 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
20:49:47.0834 0x1db8 ClipSVC - ok
20:49:47.0840 0x1db8 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
20:49:47.0853 0x1db8 clreg - ok
20:49:47.0862 0x1db8 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
20:49:47.0873 0x1db8 CmBatt - ok
20:49:47.0888 0x1db8 [ 3E502EB1701CF54CF237B6250FBE38EA, E63F6F45D3990ACBCA96003F67C83697BA5B74B89F972C5E9CC45F90D05519FF ] CNG C:\WINDOWS\system32\Drivers\cng.sys
20:49:47.0912 0x1db8 CNG - ok
20:49:47.0916 0x1db8 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:49:47.0926 0x1db8 cnghwassist - ok
20:49:47.0940 0x1db8 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:49:47.0951 0x1db8 CompositeBus - ok
20:49:47.0955 0x1db8 COMSysApp - ok
20:49:47.0959 0x1db8 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
20:49:47.0969 0x1db8 condrv - ok
20:49:47.0986 0x1db8 [ 03DCC01047713690E312B013C60881AE, B98174222DDFDA2A31BAC4795D99FA07D1D03107ABDB27BF5069FAFBBF00D278 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:49:48.0013 0x1db8 CoreMessagingRegistrar - ok
20:49:48.0030 0x1db8 [ A28D6FA203CE094BDE7ED8CEC6079E42, 5DCA8BA21F5FD0D9F00620E7592949ABCF3BA202CF7AF3D84F93DF7C13E2D4C9 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:49:48.0046 0x1db8 cphs - ok
20:49:48.0052 0x1db8 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
20:49:48.0068 0x1db8 CryptSvc - ok
20:49:48.0072 0x1db8 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
20:49:48.0082 0x1db8 dam - ok
20:49:48.0086 0x1db8 [ 8AE2B187551B9B4BBFF9D65E5BEBA598, 9C3C6D45B5CB456B6798E41ACC5C50C4D433C4523C34ED0C13D98C6F6A5288E8 ] dc1-controller C:\WINDOWS\System32\drivers\dc1-controller.sys
20:49:48.0100 0x1db8 dc1-controller - ok
20:49:48.0121 0x1db8 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:49:48.0159 0x1db8 DcomLaunch - ok
20:49:48.0166 0x1db8 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
20:49:48.0187 0x1db8 DcpSvc - ok
20:49:48.0199 0x1db8 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
20:49:48.0229 0x1db8 defragsvc - ok
20:49:48.0241 0x1db8 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:49:48.0266 0x1db8 DeviceAssociationService - ok
20:49:48.0271 0x1db8 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
20:49:48.0291 0x1db8 DeviceInstall - ok
20:49:48.0295 0x1db8 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
20:49:48.0308 0x1db8 DevQueryBroker - ok
20:49:48.0314 0x1db8 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
20:49:48.0330 0x1db8 Dfsc - ok
20:49:48.0335 0x1db8 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:49:48.0343 0x1db8 dg_ssudbus - ok
20:49:48.0353 0x1db8 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
20:49:48.0377 0x1db8 Dhcp - ok
20:49:48.0382 0x1db8 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:49:48.0397 0x1db8 diagnosticshub.standardcollector.service - ok
20:49:48.0436 0x1db8 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
20:49:48.0508 0x1db8 DiagTrack - ok
20:49:48.0539 0x1db8 [ B8BE3CE91E2E47AF54BAC4B2D2AAA4DD, AF64EE4F8B6CB49A9CADC6D0F3DECB2973F3A187DC9B57C2FF43FA68A5CBBA18 ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
20:49:48.0582 0x1db8 Disc Soft Lite Bus Service - ok
20:49:48.0588 0x1db8 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
20:49:48.0599 0x1db8 disk - ok
20:49:48.0611 0x1db8 [ 44A5CAF4E736BCD4360015BB3B841179, 8CD74620C3E163FF998CA8C09A999FED5C9EFDC88D07493192A57032D18CA973 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:49:48.0637 0x1db8 DmEnrollmentSvc - ok
20:49:48.0642 0x1db8 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
20:49:48.0654 0x1db8 dmvsc - ok
20:49:48.0658 0x1db8 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:49:48.0683 0x1db8 dmwappushservice - ok
20:49:48.0691 0x1db8 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:49:48.0710 0x1db8 Dnscache - ok
20:49:48.0720 0x1db8 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
20:49:48.0740 0x1db8 dot3svc - ok
20:49:48.0746 0x1db8 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
20:49:48.0763 0x1db8 DPS - ok
20:49:48.0767 0x1db8 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:49:48.0776 0x1db8 drmkaud - ok
20:49:48.0783 0x1db8 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
20:49:48.0806 0x1db8 DsmSvc - ok
20:49:48.0812 0x1db8 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
20:49:48.0829 0x1db8 DsSvc - ok
20:49:48.0833 0x1db8 [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus C:\WINDOWS\System32\drivers\dtlitescsibus.sys
20:49:48.0840 0x1db8 dtlitescsibus - ok
20:49:48.0844 0x1db8 [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus C:\WINDOWS\System32\drivers\dtliteusbbus.sys
20:49:48.0851 0x1db8 dtliteusbbus - ok
20:49:48.0892 0x1db8 [ 125C83C44EEE61E2ED5893F23AEF0FC9, D6599AFFA1A554124AEF6862C69027F9FF9B343362091439866641A1CFB0E76A ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:49:48.0950 0x1db8 DXGKrnl - ok
20:49:48.0958 0x1db8 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:49:48.0977 0x1db8 EapHost - ok
20:49:49.0042 0x1db8 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
20:49:49.0129 0x1db8 ebdrv - ok
20:49:49.0136 0x1db8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
20:49:49.0146 0x1db8 EFS - ok
20:49:49.0151 0x1db8 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
20:49:49.0161 0x1db8 EhStorClass - ok
20:49:49.0166 0x1db8 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:49:49.0178 0x1db8 EhStorTcgDrv - ok
20:49:49.0183 0x1db8 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
20:49:49.0201 0x1db8 embeddedmode - ok
20:49:49.0209 0x1db8 [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:49:49.0233 0x1db8 EntAppSvc - ok
20:49:49.0237 0x1db8 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
20:49:49.0249 0x1db8 ErrDev - ok
20:49:49.0263 0x1db8 [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
20:49:49.0279 0x1db8 ETD - ok
20:49:49.0286 0x1db8 [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService C:\Program Files\Elantech\ETDService.exe
20:49:49.0294 0x1db8 ETDService - ok
20:49:49.0307 0x1db8 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
20:49:49.0332 0x1db8 EventSystem - ok
20:49:49.0341 0x1db8 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
20:49:49.0362 0x1db8 exfat - ok
20:49:49.0372 0x1db8 [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
20:49:49.0387 0x1db8 fastfat - ok
20:49:49.0402 0x1db8 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
20:49:49.0433 0x1db8 Fax - ok
20:49:49.0437 0x1db8 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
20:49:49.0449 0x1db8 fdc - ok
20:49:49.0452 0x1db8 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
20:49:49.0470 0x1db8 fdPHost - ok
20:49:49.0473 0x1db8 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
20:49:49.0488 0x1db8 FDResPub - ok
20:49:49.0493 0x1db8 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
20:49:49.0509 0x1db8 fhsvc - ok
20:49:49.0514 0x1db8 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
20:49:49.0527 0x1db8 FileCrypt - ok
20:49:49.0532 0x1db8 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
20:49:49.0542 0x1db8 FileInfo - ok
20:49:49.0546 0x1db8 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
20:49:49.0560 0x1db8 Filetrace - ok
20:49:49.0564 0x1db8 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
20:49:49.0576 0x1db8 flpydisk - ok
20:49:49.0586 0x1db8 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:49:49.0603 0x1db8 FltMgr - ok
20:49:49.0639 0x1db8 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
20:49:49.0707 0x1db8 FontCache - ok
20:49:49.0715 0x1db8 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:49.0722 0x1db8 FontCache3.0.0.0 - ok
20:49:49.0741 0x1db8 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
20:49:49.0777 0x1db8 FrameServer - ok
20:49:49.0781 0x1db8 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
20:49:49.0791 0x1db8 FsDepends - ok
20:49:49.0795 0x1db8 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:49:49.0803 0x1db8 Fs_Rec - ok
20:49:49.0817 0x1db8 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:49:49.0841 0x1db8 fvevol - ok
20:49:49.0845 0x1db8 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
20:49:49.0857 0x1db8 gencounter - ok
20:49:49.0860 0x1db8 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
20:49:49.0872 0x1db8 genericusbfn - ok
20:49:49.0878 0x1db8 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:49:49.0890 0x1db8 GPIOClx0101 - ok
20:49:49.0915 0x1db8 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
20:49:49.0962 0x1db8 gpsvc - ok
20:49:49.0967 0x1db8 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:49:49.0978 0x1db8 GpuEnergyDrv - ok
20:49:49.0984 0x1db8 [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:49.0992 0x1db8 gupdate - ok
20:49:49.0997 0x1db8 [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:50.0004 0x1db8 gupdatem - ok
20:49:50.0013 0x1db8 [ 445BA8C1553D4F3BDE84E80213BC17B5, 2D39961E9A55902907FC13405235D840F67412BB07F9E3F5D677F4893AA00B8D ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
20:49:50.0025 0x1db8 hardlock - ok
20:49:50.0028 0x1db8 hasplms - ok
20:49:50.0032 0x1db8 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
20:49:50.0046 0x1db8 HDAudBus - ok
20:49:50.0050 0x1db8 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
20:49:50.0060 0x1db8 HidBatt - ok
20:49:50.0065 0x1db8 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
20:49:50.0078 0x1db8 HidBth - ok
20:49:50.0083 0x1db8 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
20:49:50.0095 0x1db8 hidi2c - ok
20:49:50.0099 0x1db8 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:49:50.0109 0x1db8 hidinterrupt - ok
20:49:50.0112 0x1db8 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
20:49:50.0124 0x1db8 HidIr - ok
20:49:50.0128 0x1db8 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
20:49:50.0140 0x1db8 hidserv - ok
20:49:50.0144 0x1db8 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
20:49:50.0157 0x1db8 HidUsb - ok
20:49:50.0164 0x1db8 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:49:50.0184 0x1db8 HomeGroupListener - ok
20:49:50.0195 0x1db8 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:49:50.0221 0x1db8 HomeGroupProvider - ok
20:49:50.0226 0x1db8 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
20:49:50.0235 0x1db8 HpSAMD - ok
20:49:50.0258 0x1db8 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
20:49:50.0293 0x1db8 HTTP - ok
20:49:50.0300 0x1db8 [ E548929868BDFD3FC13B46D99605B764, 737C8A1210442533735F10BD80AFBB3E890D0CC9068F2406CA5C577C7C58B97C ] HuaweiHiSuiteService64.exe C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
20:49:50.0912 0x1db8 HuaweiHiSuiteService64.exe - detected UnsignedFile.Multi.Generic ( 1 )
20:49:50.0984 0x1db8 Detect skipped due to KSN trusted
20:49:50.0984 0x1db8 HuaweiHiSuiteService64.exe - ok
20:49:50.0989 0x1db8 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
20:49:51.0003 0x1db8 HvHost - ok
20:49:51.0008 0x1db8 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
20:49:51.0018 0x1db8 hvservice - ok
20:49:51.0023 0x1db8 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
20:49:51.0032 0x1db8 hwpolicy - ok
20:49:51.0037 0x1db8 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
20:49:51.0048 0x1db8 hyperkbd - ok
20:49:51.0053 0x1db8 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
20:49:51.0068 0x1db8 i8042prt - ok
20:49:51.0072 0x1db8 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
20:49:51.0084 0x1db8 iagpio - ok
20:49:51.0088 0x1db8 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
20:49:51.0100 0x1db8 iai2c - ok
20:49:51.0105 0x1db8 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:49:51.0117 0x1db8 iaLPSS2i_GPIO2 - ok
20:49:51.0125 0x1db8 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:49:51.0135 0x1db8 iaLPSS2i_I2C - ok
20:49:51.0139 0x1db8 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:49:51.0146 0x1db8 iaLPSSi_GPIO - ok
20:49:51.0152 0x1db8 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:49:51.0166 0x1db8 iaLPSSi_I2C - ok
20:49:51.0181 0x1db8 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
20:49:51.0206 0x1db8 iaStorAV - ok
20:49:51.0217 0x1db8 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
20:49:51.0234 0x1db8 iaStorV - ok
20:49:51.0247 0x1db8 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
20:49:51.0267 0x1db8 ibbus - ok
|
|
02.12.2016, 20:59
| #9 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Kaspersky Logfile Teil 2: Code:
ATTFilter 20:49:51.0274 0x1db8 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
20:49:51.0293 0x1db8 icssvc - ok
20:49:51.0361 0x1db8 [ 9CE4D3A79D3180AC5A141E2F7E7137F4, 1D717D2156B78632895281779D2646AB066619EA1DB293A9505BF7C174F53271 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:49:51.0445 0x1db8 igfx - ok
20:49:51.0458 0x1db8 [ 6A9C613D0F5F9676D128F39B63ACE45B, 027B9568C740E336C7CBBE952309E2719E8FFA14E7DFC2B85B49E0C0CE7D2149 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:49:51.0471 0x1db8 igfxCUIService1.0.0.0 - ok
20:49:51.0491 0x1db8 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
20:49:51.0531 0x1db8 IKEEXT - ok
20:49:51.0535 0x1db8 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:49:51.0547 0x1db8 IndirectKmd - ok
20:49:51.0552 0x1db8 [ B1F193AB8FB72E9FC34B3A39314ED872, 408E98D9C8ABB928090DD9E5D1BB227EFBC997BF168437BAEF0461EB0D1DAE3D ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
20:49:51.0560 0x1db8 intaud_WaveExtensible - ok
20:49:51.0625 0x1db8 [ 0CDE7928C4B99C25AAED3B4E84E78168, 5B5444574551D2637A3827F26D248573AECE1B12DFA175C13B10B2A777AD2513 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:49:51.0704 0x1db8 IntcAzAudAddService - ok
20:49:51.0719 0x1db8 [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:49:51.0735 0x1db8 IntcDAud - ok
20:49:51.0738 0x1db8 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
20:49:51.0747 0x1db8 intelide - ok
20:49:51.0751 0x1db8 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
20:49:51.0761 0x1db8 intelpep - ok
20:49:51.0767 0x1db8 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
20:49:51.0781 0x1db8 intelppm - ok
20:49:51.0785 0x1db8 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
20:49:51.0795 0x1db8 iorate - ok
20:49:51.0800 0x1db8 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:49:51.0814 0x1db8 IpFilterDriver - ok
20:49:51.0833 0x1db8 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
20:49:51.0873 0x1db8 iphlpsvc - ok
20:49:51.0879 0x1db8 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:49:51.0889 0x1db8 IPMIDRV - ok
20:49:51.0896 0x1db8 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
20:49:51.0912 0x1db8 IPNAT - ok
20:49:51.0918 0x1db8 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
20:49:51.0933 0x1db8 irda - ok
20:49:51.0936 0x1db8 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
20:49:51.0947 0x1db8 IRENUM - ok
20:49:51.0951 0x1db8 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
20:49:51.0964 0x1db8 irmon - ok
20:49:51.0967 0x1db8 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
20:49:51.0976 0x1db8 isapnp - ok
20:49:51.0985 0x1db8 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
20:49:51.0999 0x1db8 iScsiPrt - ok
20:49:52.0004 0x1db8 [ 48B904D31F2369D7B0122617038D3F5B, 8A43CB37667929CCCC37B6E79E82509BBCA6C8884B44059DC87BCA7C21BE7FE1 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
20:49:52.0011 0x1db8 iwdbus - ok
20:49:52.0022 0x1db8 [ 8438B8A45E16258064C19FBEC4EE069F, 9128F825403B26A39BC769A53555DF1FD2B82882AF1384135D0329FCF2BBAC6D ] k57nd60a C:\WINDOWS\System32\drivers\k57nd60a.sys
20:49:52.0046 0x1db8 k57nd60a - ok
20:49:52.0050 0x1db8 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
20:49:52.0060 0x1db8 kbdclass - ok
20:49:52.0064 0x1db8 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
20:49:52.0075 0x1db8 kbdhid - ok
20:49:52.0080 0x1db8 [ 4A7E3B9EF969F67A10C8EFD1BF967AAB, 48682F85883372A3555D7E701419F42F8BE2FEE125B2BEC9884E63B7B21B6F20 ] kbdssvc C:\WINDOWS\system32\drivers\kbdssvc.sys
20:49:52.0088 0x1db8 kbdssvc - ok
20:49:52.0091 0x1db8 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
20:49:52.0104 0x1db8 kdnic - ok
20:49:52.0107 0x1db8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
20:49:52.0117 0x1db8 KeyIso - ok
20:49:52.0122 0x1db8 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
20:49:52.0134 0x1db8 KSecDD - ok
20:49:52.0140 0x1db8 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:49:52.0152 0x1db8 KSecPkg - ok
20:49:52.0156 0x1db8 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
20:49:52.0172 0x1db8 ksthunk - ok
20:49:52.0181 0x1db8 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
20:49:52.0205 0x1db8 KtmRm - ok
20:49:52.0213 0x1db8 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
20:49:52.0236 0x1db8 LanmanServer - ok
20:49:52.0244 0x1db8 [ B581907FD94F1FF148BF695331F67612, 05D1FFA456557A291566D788B8DE2485552E361EC3C0F63EA1A710BE940A5398 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:49:52.0265 0x1db8 LanmanWorkstation - ok
20:49:52.0270 0x1db8 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
20:49:52.0283 0x1db8 lfsvc - ok
20:49:52.0287 0x1db8 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
20:49:52.0299 0x1db8 LicenseManager - ok
20:49:52.0303 0x1db8 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
20:49:52.0316 0x1db8 lltdio - ok
20:49:52.0323 0x1db8 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
20:49:52.0343 0x1db8 lltdsvc - ok
20:49:52.0346 0x1db8 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
20:49:52.0359 0x1db8 lmhosts - ok
20:49:52.0366 0x1db8 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
20:49:52.0377 0x1db8 LSI_SAS - ok
20:49:52.0381 0x1db8 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:49:52.0392 0x1db8 LSI_SAS2i - ok
20:49:52.0397 0x1db8 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:49:52.0408 0x1db8 LSI_SAS3i - ok
20:49:52.0413 0x1db8 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
20:49:52.0423 0x1db8 LSI_SSS - ok
20:49:52.0438 0x1db8 [ 06276381A0797FD417E7068C1210FA06, 204144E9792216F952CED869ECB6B26FB466BF730B8A73FA4799B1EBC1A630AB ] LSM C:\WINDOWS\System32\lsm.dll
20:49:52.0472 0x1db8 LSM - ok
20:49:52.0477 0x1db8 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
20:49:52.0494 0x1db8 luafv - ok
20:49:52.0498 0x1db8 [ ED5B42D75F3DEE93040B3930DA9F3009, E919DA20E46FE1C81CB76090B799DD858DD4771DB0EBDE4545DB4681A0AFFE8E ] MapsBroker C:\WINDOWS\System32\moshost.dll
20:49:52.0513 0x1db8 MapsBroker - ok
20:49:52.0517 0x1db8 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
20:49:52.0527 0x1db8 megasas - ok
20:49:52.0531 0x1db8 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:49:52.0541 0x1db8 megasas2i - ok
20:49:52.0555 0x1db8 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
20:49:52.0577 0x1db8 megasr - ok
20:49:52.0584 0x1db8 [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:49:52.0595 0x1db8 MEIx64 - ok
20:49:52.0599 0x1db8 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:49:52.0612 0x1db8 MessagingService - ok
20:49:52.0634 0x1db8 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:49:52.0662 0x1db8 mlx4_bus - ok
20:49:52.0667 0x1db8 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
20:49:52.0680 0x1db8 MMCSS - ok
20:49:52.0683 0x1db8 [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem C:\WINDOWS\system32\drivers\modem.sys
20:49:52.0696 0x1db8 Modem - ok
20:49:52.0700 0x1db8 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
20:49:52.0711 0x1db8 monitor - ok
20:49:52.0715 0x1db8 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
20:49:52.0725 0x1db8 mouclass - ok
20:49:52.0729 0x1db8 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
20:49:52.0741 0x1db8 mouhid - ok
20:49:52.0746 0x1db8 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
20:49:52.0757 0x1db8 mountmgr - ok
20:49:52.0762 0x1db8 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
20:49:52.0775 0x1db8 mpsdrv - ok
20:49:52.0795 0x1db8 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
20:49:52.0833 0x1db8 MpsSvc - ok
20:49:52.0841 0x1db8 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
20:49:52.0856 0x1db8 MRxDAV - ok
20:49:52.0868 0x1db8 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:49:52.0886 0x1db8 mrxsmb - ok
20:49:52.0895 0x1db8 [ 200E4A385F5F370D8866BAE25B0D9D32, 114AD45000A0C74EAE26C3075BBFEF80B9386C69D58CE4436CAFCF13613EAEFA ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:49:52.0914 0x1db8 mrxsmb10 - ok
20:49:52.0921 0x1db8 [ F7C22604CD8AFB9AF1C1E3CE39A5A09F, 3F7B39336F8A72525C667D45C9300CA6D017BDE17A6E23EF794BA59D2F3C78F3 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:49:52.0935 0x1db8 mrxsmb20 - ok
20:49:52.0940 0x1db8 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
20:49:52.0955 0x1db8 MsBridge - ok
20:49:52.0961 0x1db8 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:49:52.0976 0x1db8 MSDTC - ok
20:49:52.0982 0x1db8 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:49:52.0994 0x1db8 Msfs - ok
20:49:52.0999 0x1db8 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:49:53.0009 0x1db8 msgpiowin32 - ok
20:49:53.0012 0x1db8 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:49:53.0024 0x1db8 mshidkmdf - ok
20:49:53.0027 0x1db8 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
20:49:53.0038 0x1db8 mshidumdf - ok
20:49:53.0041 0x1db8 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
20:49:53.0050 0x1db8 msisadrv - ok
20:49:53.0056 0x1db8 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
20:49:53.0072 0x1db8 MSiSCSI - ok
20:49:53.0075 0x1db8 msiserver - ok
20:49:53.0078 0x1db8 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:49:53.0094 0x1db8 MSKSSRV - ok
20:49:53.0099 0x1db8 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
20:49:53.0112 0x1db8 MsLldp - ok
20:49:53.0116 0x1db8 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:49:53.0131 0x1db8 MSPCLOCK - ok
20:49:53.0134 0x1db8 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:49:53.0150 0x1db8 MSPQM - ok
20:49:53.0160 0x1db8 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
20:49:53.0176 0x1db8 MsRPC - ok
20:49:53.0182 0x1db8 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
20:49:53.0191 0x1db8 mssmbios - ok
20:49:53.0194 0x1db8 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:49:53.0210 0x1db8 MSTEE - ok
20:49:53.0213 0x1db8 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
20:49:53.0225 0x1db8 MTConfig - ok
20:49:53.0230 0x1db8 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
20:49:53.0241 0x1db8 Mup - ok
20:49:53.0246 0x1db8 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
20:49:53.0256 0x1db8 mvumis - ok
20:49:53.0270 0x1db8 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:49:53.0298 0x1db8 NativeWifiP - ok
20:49:53.0305 0x1db8 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
20:49:53.0322 0x1db8 NcaSvc - ok
20:49:53.0331 0x1db8 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
20:49:53.0353 0x1db8 NcbService - ok
20:49:53.0358 0x1db8 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
20:49:53.0382 0x1db8 NcdAutoSetup - ok
20:49:53.0387 0x1db8 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
20:49:53.0398 0x1db8 ndfltr - ok
20:49:53.0422 0x1db8 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
20:49:53.0458 0x1db8 NDIS - ok
20:49:53.0464 0x1db8 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
20:49:53.0476 0x1db8 NdisCap - ok
20:49:53.0481 0x1db8 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:49:53.0499 0x1db8 NdisImPlatform - ok
20:49:53.0503 0x1db8 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:49:53.0519 0x1db8 NdisTapi - ok
20:49:53.0524 0x1db8 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
20:49:53.0536 0x1db8 Ndisuio - ok
20:49:53.0540 0x1db8 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:49:53.0551 0x1db8 NdisVirtualBus - ok
20:49:53.0558 0x1db8 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
20:49:53.0578 0x1db8 NdisWan - ok
20:49:53.0585 0x1db8 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:49:53.0605 0x1db8 ndiswanlegacy - ok
20:49:53.0609 0x1db8 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:49:53.0626 0x1db8 ndproxy - ok
20:49:53.0631 0x1db8 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
20:49:53.0652 0x1db8 Ndu - ok
20:49:53.0657 0x1db8 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:49:53.0671 0x1db8 NetAdapterCx - ok
20:49:53.0675 0x1db8 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
20:49:53.0685 0x1db8 NetBIOS - ok
20:49:53.0694 0x1db8 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:49:53.0713 0x1db8 NetBT - ok
20:49:53.0719 0x1db8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:49:53.0729 0x1db8 Netlogon - ok
20:49:53.0736 0x1db8 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
20:49:53.0756 0x1db8 Netman - ok
20:49:53.0768 0x1db8 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
20:49:53.0796 0x1db8 netprofm - ok
20:49:53.0804 0x1db8 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
20:49:53.0825 0x1db8 NetSetupSvc - ok
20:49:53.0832 0x1db8 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:49:53.0844 0x1db8 NetTcpPortSharing - ok
20:49:53.0854 0x1db8 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
20:49:53.0875 0x1db8 NgcCtnrSvc - ok
20:49:53.0895 0x1db8 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
20:49:53.0937 0x1db8 NgcSvc - ok
20:49:53.0948 0x1db8 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
20:49:53.0970 0x1db8 NlaSvc - ok
20:49:53.0975 0x1db8 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:49:53.0987 0x1db8 Npfs - ok
20:49:53.0991 0x1db8 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
20:49:54.0003 0x1db8 npsvctrig - ok
20:49:54.0007 0x1db8 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
20:49:54.0020 0x1db8 nsi - ok
20:49:54.0024 0x1db8 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
20:49:54.0035 0x1db8 nsiproxy - ok
20:49:54.0079 0x1db8 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
20:49:54.0134 0x1db8 NTFS - ok
20:49:54.0140 0x1db8 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:49:54.0150 0x1db8 Null - ok
20:49:54.0161 0x1db8 [ A6ED2E5E268D83B77D15348591CB8AE5, 12E2FE967AA46422393E82F112DA0153A2BC86F8B5034187FEF6D37FE51D6562 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
20:49:54.0175 0x1db8 NvContainerLocalSystem - ok
20:49:54.0186 0x1db8 [ A6ED2E5E268D83B77D15348591CB8AE5, 12E2FE967AA46422393E82F112DA0153A2BC86F8B5034187FEF6D37FE51D6562 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
20:49:54.0199 0x1db8 NvContainerNetworkService - ok
20:49:54.0224 0x1db8 [ 6AEBC7136C17478CBC9A772F1E60EB9E, D059A9134A6C7117B70302FF853485614E1E632C6F002F3D11C111C450B2F647 ] NVIDIA Wireless Controller Service C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
20:49:54.0250 0x1db8 NVIDIA Wireless Controller Service - ok
20:49:54.0498 0x1db8 [ 70BC7D732B4AA50EC77D262A89E63E08, 781507DB55582F8BD367020DA844DA6A5D75005E416A2E843255E0F4CA8F896D ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9debaf626fb26761\nvlddmkm.sys
20:49:54.0787 0x1db8 nvlddmkm - ok
20:49:54.0804 0x1db8 [ C9769A28BB4B7576850DCE6746753CB3, 003D0A654B31EB7537CBBAA87FB9666760FFD2DF18DA5047D56D1D8DE444A8DB ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
20:49:54.0811 0x1db8 nvpciflt - ok
20:49:54.0816 0x1db8 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
20:49:54.0828 0x1db8 nvraid - ok
20:49:54.0834 0x1db8 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
20:49:54.0846 0x1db8 nvstor - ok
20:49:54.0849 0x1db8 [ 06C7DAD44F4B95AA02BE2107486274BC, DBCC2E29F1BEAEFEC5BBD767F71C30FBAA3425E4E88A5C6BAF626661C350CF11 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:49:54.0855 0x1db8 NvStreamKms - ok
20:49:54.0859 0x1db8 [ 9F3F8D255C2D1ED457487CF1FAD56399, 9C75677937D1930AB422EFD653D47034E83E02A10BF713C19CC1B8239CD1AC9C ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
20:49:54.0865 0x1db8 nvvad_WaveExtensible - ok
20:49:54.0877 0x1db8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:49:54.0892 0x1db8 odserv - ok
20:49:54.0902 0x1db8 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
20:49:54.0925 0x1db8 OneSyncSvc - ok
20:49:54.0931 0x1db8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:54.0940 0x1db8 ose - ok
20:49:54.0949 0x1db8 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
20:49:54.0972 0x1db8 p2pimsvc - ok
20:49:54.0983 0x1db8 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
20:49:55.0006 0x1db8 p2psvc - ok
20:49:55.0011 0x1db8 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
20:49:55.0025 0x1db8 Parport - ok
20:49:55.0030 0x1db8 [ 9DB326B54C03EF2892E7551D8B354036, 64CD77E8A4425E80CFB61DEE33C1A677A4044C6FC0614D74B20BDDD7C5D5334D ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
20:49:55.0042 0x1db8 partmgr - ok
20:49:55.0054 0x1db8 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
20:49:55.0075 0x1db8 PcaSvc - ok
20:49:55.0084 0x1db8 [ 101CC1FD8D48ED1EF71F0840158D0E6D, A944D70DE230E3FBD8B371EF3BED1FCD12AAFD56945A8F5C44994AF13283FCCD ] pci C:\WINDOWS\system32\drivers\pci.sys
20:49:55.0099 0x1db8 pci - ok
20:49:55.0103 0x1db8 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
20:49:55.0111 0x1db8 pciide - ok
20:49:55.0116 0x1db8 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
20:49:55.0131 0x1db8 pcmcia - ok
20:49:55.0141 0x1db8 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
20:49:55.0150 0x1db8 pcw - ok
20:49:55.0155 0x1db8 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
20:49:55.0166 0x1db8 pdc - ok
20:49:55.0183 0x1db8 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
20:49:55.0220 0x1db8 PEAUTH - ok
20:49:55.0225 0x1db8 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
20:49:55.0235 0x1db8 percsas2i - ok
20:49:55.0239 0x1db8 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
20:49:55.0249 0x1db8 percsas3i - ok
20:49:55.0264 0x1db8 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
20:49:55.0278 0x1db8 PerfHost - ok
20:49:55.0298 0x1db8 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
20:49:55.0336 0x1db8 PhoneSvc - ok
20:49:55.0344 0x1db8 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:49:55.0363 0x1db8 PimIndexMaintenanceSvc - ok
20:49:55.0393 0x1db8 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
20:49:55.0448 0x1db8 pla - ok
20:49:55.0454 0x1db8 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
20:49:55.0473 0x1db8 PlugPlay - ok
20:49:55.0477 0x1db8 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
20:49:55.0489 0x1db8 PNRPAutoReg - ok
20:49:55.0498 0x1db8 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
20:49:55.0518 0x1db8 PNRPsvc - ok
20:49:55.0528 0x1db8 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
20:49:55.0552 0x1db8 PolicyAgent - ok
20:49:55.0559 0x1db8 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
20:49:55.0576 0x1db8 Power - ok
20:49:55.0580 0x1db8 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
20:49:55.0598 0x1db8 PptpMiniport - ok
20:49:55.0662 0x1db8 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:49:55.0772 0x1db8 PrintNotify - ok
20:49:55.0780 0x1db8 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
20:49:55.0794 0x1db8 Processor - ok
20:49:55.0805 0x1db8 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
20:49:55.0828 0x1db8 ProfSvc - ok
20:49:55.0832 0x1db8 [ 138DBAE80F390B22297ACD861BDA996E, F0799F40266A11058710AD8ED5D8797A350DCB2A55D3DEF179C1D8C87AFB5208 ] Ps2Kb2Hid C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys
20:49:55.0837 0x1db8 Ps2Kb2Hid - ok
20:49:55.0843 0x1db8 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
20:49:55.0854 0x1db8 Psched - ok
20:49:55.0862 0x1db8 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
20:49:55.0882 0x1db8 QWAVE - ok
20:49:55.0886 0x1db8 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
20:49:55.0897 0x1db8 QWAVEdrv - ok
20:49:55.0901 0x1db8 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:49:55.0911 0x1db8 RasAcd - ok
20:49:55.0916 0x1db8 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
20:49:55.0934 0x1db8 RasAgileVpn - ok
20:49:55.0939 0x1db8 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:49:55.0954 0x1db8 RasAuto - ok
20:49:55.0959 0x1db8 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
20:49:55.0978 0x1db8 Rasl2tp - ok
20:49:55.0992 0x1db8 [ 3C0A10FFC3CB95D249CA64D62BC912EF, 8A75398EF3FF4BBE822031B3D1C63BFC75ABE11AB35BC0451DFF3B1D56477D97 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:49:56.0025 0x1db8 RasMan - ok
20:49:56.0030 0x1db8 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:49:56.0044 0x1db8 RasPppoe - ok
20:49:56.0048 0x1db8 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
20:49:56.0066 0x1db8 RasSstp - ok
20:49:56.0076 0x1db8 [ EDAF0E161BE98CCC4FC9671481600745, 50DB73C341086E346F6EF57E40A7C3A8F6279E5EBB53A67F9B71B7877EB75734 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:49:56.0094 0x1db8 rdbss - ok
20:49:56.0099 0x1db8 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
20:49:56.0111 0x1db8 rdpbus - ok
20:49:56.0117 0x1db8 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
20:49:56.0132 0x1db8 RDPDR - ok
20:49:56.0139 0x1db8 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:49:56.0147 0x1db8 RdpVideoMiniport - ok
20:49:56.0155 0x1db8 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
20:49:56.0169 0x1db8 rdyboost - ok
20:49:56.0189 0x1db8 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
20:49:56.0216 0x1db8 ReFSv1 - ok
20:49:56.0229 0x1db8 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:49:56.0255 0x1db8 RemoteAccess - ok
20:49:56.0261 0x1db8 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:49:56.0281 0x1db8 RemoteRegistry - ok
20:49:56.0295 0x1db8 [ FA62C4E1D753B489832DD0A7033665EE, BB0B59ABC79CEFA949632179239D711944C29E93EBCE60E629DE75AF2C3268B2 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
20:49:56.0327 0x1db8 RetailDemo - ok
20:49:56.0331 0x1db8 [ F61333867216EDE1A09A7C55FEDCB6A8, 991FC810FB281F4E91B7D22A7C5AF5D11419ACE05BBB3F664812391069A336F0 ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
20:49:56.0337 0x1db8 RfButtonDriverService - ok
20:49:56.0342 0x1db8 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
20:49:56.0358 0x1db8 RmSvc - ok
20:49:56.0363 0x1db8 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
20:49:56.0376 0x1db8 RpcEptMapper - ok
20:49:56.0380 0x1db8 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
20:49:56.0391 0x1db8 RpcLocator - ok
20:49:56.0410 0x1db8 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:49:56.0447 0x1db8 RpcSs - ok
20:49:56.0452 0x1db8 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
20:49:56.0465 0x1db8 rspndr - ok
20:49:56.0471 0x1db8 [ 421497E425AFB40502013F362E4FA230, 20E2372BEE4BFB21138CA574C9806EC399DDA9D3439F3C391E34ABB2E518106D ] rzudd C:\WINDOWS\System32\drivers\rzudd.sys
20:49:56.0481 0x1db8 rzudd - ok
20:49:56.0485 0x1db8 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
20:49:56.0495 0x1db8 s3cap - ok
20:49:56.0499 0x1db8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
20:49:56.0509 0x1db8 SamSs - ok
20:49:56.0514 0x1db8 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
20:49:56.0525 0x1db8 sbp2port - ok
20:49:56.0532 0x1db8 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
20:49:56.0553 0x1db8 SCardSvr - ok
20:49:56.0559 0x1db8 [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
20:49:56.0579 0x1db8 ScDeviceEnum - ok
20:49:56.0583 0x1db8 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:49:56.0596 0x1db8 scfilter - ok
20:49:56.0615 0x1db8 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:49:56.0658 0x1db8 Schedule - ok
20:49:56.0663 0x1db8 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
20:49:56.0674 0x1db8 scmbus - ok
20:49:56.0679 0x1db8 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:49:56.0693 0x1db8 scmdisk0101 - ok
20:49:56.0700 0x1db8 [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
20:49:56.0716 0x1db8 SCPolicySvc - ok
20:49:56.0720 0x1db8 [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus C:\WINDOWS\System32\drivers\ScpVBus.sys
20:49:56.0727 0x1db8 ScpVBus - ok
20:49:56.0734 0x1db8 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
20:49:56.0749 0x1db8 sdbus - ok
20:49:56.0755 0x1db8 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
20:49:56.0771 0x1db8 SDRSVC - ok
20:49:56.0806 0x1db8 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:49:56.0840 0x1db8 SDScannerService - ok
20:49:56.0847 0x1db8 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
20:49:56.0858 0x1db8 sdstor - ok
20:49:56.0930 0x1db8 [ 94653C9CFDC15B30EEECD94BA7219654, 59F54AC9BC79C1BFBEA84992181C58AF434A3DDDF473C9BE942D3462875A8375 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:49:57.0017 0x1db8 SDUpdateService - ok
20:49:57.0027 0x1db8 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:49:57.0034 0x1db8 SDWSCService - ok
20:49:57.0039 0x1db8 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
20:49:57.0052 0x1db8 seclogon - ok
20:49:57.0057 0x1db8 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
20:49:57.0071 0x1db8 SENS - ok
20:49:57.0098 0x1db8 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:49:57.0149 0x1db8 SensorDataService - ok
20:49:57.0161 0x1db8 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
20:49:57.0186 0x1db8 SensorService - ok
20:49:57.0192 0x1db8 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
20:49:57.0210 0x1db8 SensrSvc - ok
20:49:57.0214 0x1db8 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
20:49:57.0224 0x1db8 SerCx - ok
20:49:57.0230 0x1db8 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
20:49:57.0242 0x1db8 SerCx2 - ok
20:49:57.0245 0x1db8 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
20:49:57.0256 0x1db8 Serenum - ok
20:49:57.0261 0x1db8 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
20:49:57.0273 0x1db8 Serial - ok
20:49:57.0276 0x1db8 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
20:49:57.0287 0x1db8 sermouse - ok
20:49:57.0301 0x1db8 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
20:49:57.0324 0x1db8 SessionEnv - ok
20:49:57.0328 0x1db8 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
20:49:57.0339 0x1db8 sfloppy - ok
20:49:57.0352 0x1db8 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:49:57.0379 0x1db8 SharedAccess - ok
20:49:57.0394 0x1db8 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:49:57.0428 0x1db8 ShellHWDetection - ok
20:49:57.0435 0x1db8 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:49:57.0452 0x1db8 shpamsvc - ok
20:49:57.0456 0x1db8 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:49:57.0466 0x1db8 SiSRaid2 - ok
20:49:57.0470 0x1db8 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
20:49:57.0481 0x1db8 SiSRaid4 - ok
20:49:57.0485 0x1db8 [ DDE8F578FE01F11CC316591AFD411372, 849E0B8A309D0CD0991B81EA0268EC1C882DEE39AFD575CA54655B9B8040E459 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:49:57.0491 0x1db8 SmbDrvI - ok
20:49:57.0495 0x1db8 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
20:49:57.0508 0x1db8 smphost - ok
20:49:57.0522 0x1db8 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
20:49:57.0554 0x1db8 SmsRouter - ok
20:49:57.0560 0x1db8 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
20:49:57.0573 0x1db8 SNMPTRAP - ok
20:49:57.0585 0x1db8 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
20:49:57.0607 0x1db8 spaceport - ok
20:49:57.0611 0x1db8 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
20:49:57.0622 0x1db8 SpbCx - ok
20:49:57.0639 0x1db8 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
20:49:57.0675 0x1db8 Spooler - ok
20:49:57.0771 0x1db8 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
20:49:57.0910 0x1db8 sppsvc - ok
20:49:57.0926 0x1db8 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:49:57.0948 0x1db8 srv - ok
20:49:57.0964 0x1db8 [ 1312896CAE6AF0D4557DB7B37283C116, 9E3701DBBF0F45368A217549A7DFDA2543C4AB3AC9CCF65A73E1FE27CC4A278E ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
20:49:57.0996 0x1db8 srv2 - ok
20:49:58.0004 0x1db8 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:49:58.0022 0x1db8 srvnet - ok
20:49:58.0029 0x1db8 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:49:58.0048 0x1db8 SSDPSRV - ok
20:49:58.0055 0x1db8 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
20:49:58.0074 0x1db8 SstpSvc - ok
20:49:58.0080 0x1db8 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:49:58.0090 0x1db8 ssudmdm - ok
20:49:58.0162 0x1db8 [ FD881B87C853EB2F0B8B7B5CC71D6FE3, 780038C203C9277C366794302D90BC0AE75568863F1FB7044197BA20D798E4BA ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:49:58.0298 0x1db8 StateRepository - ok
20:49:58.0330 0x1db8 [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:49:58.0366 0x1db8 Steam Client Service - ok
20:49:58.0371 0x1db8 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
20:49:58.0380 0x1db8 stexstor - ok
20:49:58.0396 0x1db8 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
20:49:58.0428 0x1db8 stisvc - ok
20:49:58.0434 0x1db8 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
20:49:58.0445 0x1db8 storahci - ok
20:49:58.0449 0x1db8 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
20:49:58.0459 0x1db8 storflt - ok
20:49:58.0464 0x1db8 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
20:49:58.0474 0x1db8 stornvme - ok
20:49:58.0478 0x1db8 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
20:49:58.0493 0x1db8 storqosflt - ok
20:49:58.0503 0x1db8 [ 6C982BC7E4DB161530A0D831718D7113, B0FAEACC91023031E53A161ECEFCF62764C96B8705E9089B4A7B4F7A2F3B6BAA ] StorSvc C:\WINDOWS\system32\storsvc.dll
20:49:58.0528 0x1db8 StorSvc - ok
20:49:58.0532 0x1db8 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
20:49:58.0542 0x1db8 storufs - ok
20:49:58.0546 0x1db8 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
20:49:58.0555 0x1db8 storvsc - ok
20:49:58.0559 0x1db8 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
20:49:58.0573 0x1db8 svsvc - ok
20:49:58.0576 0x1db8 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
20:49:58.0584 0x1db8 swenum - ok
20:49:58.0596 0x1db8 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
20:49:58.0624 0x1db8 swprv - ok
20:49:58.0629 0x1db8 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:49:58.0641 0x1db8 Synth3dVsc - ok
20:49:58.0661 0x1db8 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
20:49:58.0705 0x1db8 SysMain - ok
20:49:58.0716 0x1db8 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:49:58.0739 0x1db8 SystemEventsBroker - ok
20:49:58.0745 0x1db8 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:49:58.0762 0x1db8 TabletInputService - ok
20:49:58.0770 0x1db8 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:49:58.0792 0x1db8 TapiSrv - ok
20:49:58.0839 0x1db8 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
20:49:58.0905 0x1db8 Tcpip - ok
20:49:58.0953 0x1db8 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
20:49:59.0014 0x1db8 Tcpip6 - ok
20:49:59.0022 0x1db8 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
20:49:59.0034 0x1db8 tcpipreg - ok
20:49:59.0041 0x1db8 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
20:49:59.0052 0x1db8 tdx - ok
20:49:59.0055 0x1db8 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
20:49:59.0065 0x1db8 terminpt - ok
20:49:59.0085 0x1db8 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
20:49:59.0125 0x1db8 TermService - ok
20:49:59.0130 0x1db8 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
20:49:59.0149 0x1db8 Themes - ok
20:49:59.0158 0x1db8 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:49:59.0181 0x1db8 TieringEngineService - ok
20:49:59.0194 0x1db8 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:49:59.0224 0x1db8 tiledatamodelsvc - ok
20:49:59.0232 0x1db8 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
20:49:59.0248 0x1db8 TimeBrokerSvc - ok
20:49:59.0255 0x1db8 [ 3D04046C468AD2868A093925B5E2AA0A, 44696259BEF49AC200DEE146DE0E4375B0CD09F9356CCFA22BD7AD8B53E48658 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
20:49:59.0268 0x1db8 TPM - ok
20:49:59.0274 0x1db8 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
20:49:59.0289 0x1db8 TrkWks - ok
20:49:59.0293 0x1db8 [ AF343840E793BE63A9C646760BE8F2CD, 483FE55873A01DB7ACEC99B6823DAACC9EA7C67D36C6F12698113B31A7D5B8BE ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:49:59.0309 0x1db8 TrustedInstaller - ok
20:49:59.0314 0x1db8 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:49:59.0327 0x1db8 tsusbflt - ok
20:49:59.0331 0x1db8 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:49:59.0342 0x1db8 TsUsbGD - ok
20:49:59.0348 0x1db8 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
20:49:59.0363 0x1db8 tunnel - ok
20:49:59.0368 0x1db8 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
20:49:59.0383 0x1db8 tzautoupdate - ok
20:49:59.0388 0x1db8 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
20:49:59.0398 0x1db8 UASPStor - ok
20:49:59.0403 0x1db8 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
20:49:59.0417 0x1db8 UcmCx0101 - ok
20:49:59.0422 0x1db8 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:49:59.0435 0x1db8 UcmTcpciCx0101 - ok
20:49:59.0440 0x1db8 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:49:59.0451 0x1db8 UcmUcsi - ok
20:49:59.0458 0x1db8 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
20:49:59.0470 0x1db8 Ucx01000 - ok
20:49:59.0475 0x1db8 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
20:49:59.0487 0x1db8 UdeCx - ok
20:49:59.0495 0x1db8 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
20:49:59.0519 0x1db8 udfs - ok
20:49:59.0523 0x1db8 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
20:49:59.0532 0x1db8 UEFI - ok
20:49:59.0539 0x1db8 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
20:49:59.0554 0x1db8 Ufx01000 - ok
20:49:59.0559 0x1db8 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:49:59.0570 0x1db8 UfxChipidea - ok
20:49:59.0576 0x1db8 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:49:59.0588 0x1db8 ufxsynopsys - ok
20:49:59.0595 0x1db8 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
20:49:59.0609 0x1db8 UI0Detect - ok
20:49:59.0613 0x1db8 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
20:49:59.0626 0x1db8 umbus - ok
20:49:59.0629 0x1db8 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
20:49:59.0639 0x1db8 UmPass - ok
20:49:59.0647 0x1db8 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
20:49:59.0666 0x1db8 UmRdpService - ok
20:49:59.0690 0x1db8 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
20:49:59.0737 0x1db8 UnistoreSvc - ok
20:49:59.0751 0x1db8 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:49:59.0780 0x1db8 upnphost - ok
20:49:59.0784 0x1db8 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
20:49:59.0793 0x1db8 UrsChipidea - ok
20:49:59.0797 0x1db8 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
20:49:59.0807 0x1db8 UrsCx01000 - ok
20:49:59.0811 0x1db8 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
20:49:59.0819 0x1db8 UrsSynopsys - ok
20:49:59.0825 0x1db8 [ 93F169DE94DBAC5DAF4755AFF10193DD, 381E6751EB97426B9BF30929E4B82A665D1ED985DA60BE18D3C17CF2BB41F848 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:49:59.0839 0x1db8 usbaudio - ok
20:49:59.0845 0x1db8 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
20:49:59.0858 0x1db8 usbccgp - ok
20:49:59.0863 0x1db8 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
20:49:59.0877 0x1db8 usbcir - ok
20:49:59.0881 0x1db8 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
20:49:59.0892 0x1db8 usbehci - ok
20:49:59.0904 0x1db8 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
20:49:59.0925 0x1db8 usbhub - ok
20:49:59.0938 0x1db8 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
20:49:59.0959 0x1db8 USBHUB3 - ok
20:49:59.0963 0x1db8 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
20:49:59.0974 0x1db8 usbohci - ok
20:49:59.0978 0x1db8 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
20:49:59.0989 0x1db8 usbprint - ok
20:49:59.0994 0x1db8 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
20:50:00.0006 0x1db8 usbser - ok
20:50:00.0011 0x1db8 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:50:00.0023 0x1db8 USBSTOR - ok
20:50:00.0026 0x1db8 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
20:50:00.0037 0x1db8 usbuhci - ok
20:50:00.0045 0x1db8 [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
20:50:00.0062 0x1db8 usbvideo - ok
20:50:00.0072 0x1db8 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:50:00.0089 0x1db8 USBXHCI - ok
20:50:00.0119 0x1db8 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
20:50:00.0176 0x1db8 UserDataSvc - ok
20:50:00.0199 0x1db8 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
20:50:00.0243 0x1db8 UserManager - ok
20:50:00.0257 0x1db8 [ C75B1B48BCAADEB0275C1EBE2EAE742D, 19875B87BDB23E5B60D6D3173FDF7A7634E81E43501529A56FFCCEE21B7E3B71 ] UsoSvc C:\WINDOWS\system32\usocore.dll
20:50:00.0286 0x1db8 UsoSvc - ok
20:50:00.0290 0x1db8 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
20:50:00.0300 0x1db8 VaultSvc - ok
20:50:00.0304 0x1db8 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
20:50:00.0314 0x1db8 vdrvroot - ok
20:50:00.0329 0x1db8 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
20:50:00.0364 0x1db8 vds - ok
20:50:00.0371 0x1db8 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
20:50:00.0384 0x1db8 VerifierExt - ok
20:50:00.0401 0x1db8 [ 46ADD0CD4473AAEF1C68266A803F704D, D521E46891253884CF8285E864FAE63F2E8E0974AD8D2EB4D910E8A35350844F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
20:50:00.0427 0x1db8 vhdmp - ok
20:50:00.0431 0x1db8 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
20:50:00.0442 0x1db8 vhf - ok
20:50:00.0447 0x1db8 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
20:50:00.0458 0x1db8 vmbus - ok
20:50:00.0462 0x1db8 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
20:50:00.0472 0x1db8 VMBusHID - ok
20:50:00.0475 0x1db8 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
20:50:00.0486 0x1db8 vmgid - ok
20:50:00.0494 0x1db8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:50:00.0515 0x1db8 vmicguestinterface - ok
20:50:00.0522 0x1db8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
20:50:00.0541 0x1db8 vmicheartbeat - ok
20:50:00.0548 0x1db8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:50:00.0568 0x1db8 vmickvpexchange - ok
20:50:00.0578 0x1db8 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
20:50:00.0599 0x1db8 vmicrdv - ok
20:50:00.0608 0x1db8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
20:50:00.0627 0x1db8 vmicshutdown - ok
20:50:00.0635 0x1db8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
20:50:00.0655 0x1db8 vmictimesync - ok
20:50:00.0663 0x1db8 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
20:50:00.0681 0x1db8 vmicvmsession - ok
20:50:00.0691 0x1db8 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
20:50:00.0710 0x1db8 vmicvss - ok
20:50:00.0715 0x1db8 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
20:50:00.0725 0x1db8 volmgr - ok
20:50:00.0734 0x1db8 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
20:50:00.0751 0x1db8 volmgrx - ok
20:50:00.0761 0x1db8 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
20:50:00.0779 0x1db8 volsnap - ok
20:50:00.0782 0x1db8 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
20:50:00.0791 0x1db8 volume - ok
20:50:00.0796 0x1db8 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
20:50:00.0805 0x1db8 vpci - ok
20:50:00.0811 0x1db8 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
20:50:00.0824 0x1db8 vsmraid - ok
20:50:00.0853 0x1db8 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
20:50:00.0911 0x1db8 VSS - ok
20:50:00.0921 0x1db8 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
20:50:00.0936 0x1db8 VSTXRAID - ok
20:50:00.0940 0x1db8 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
20:50:00.0951 0x1db8 vwifibus - ok
20:50:00.0955 0x1db8 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
20:50:00.0968 0x1db8 vwififlt - ok
20:50:00.0972 0x1db8 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
20:50:00.0983 0x1db8 vwifimp - ok
20:50:00.0995 0x1db8 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
20:50:01.0022 0x1db8 W32Time - ok
20:50:01.0027 0x1db8 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
20:50:01.0039 0x1db8 WacomPen - ok
20:50:01.0049 0x1db8 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
20:50:01.0074 0x1db8 WalletService - ok
20:50:01.0079 0x1db8 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:50:01.0097 0x1db8 wanarp - ok
20:50:01.0101 0x1db8 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:50:01.0117 0x1db8 wanarpv6 - ok
20:50:01.0148 0x1db8 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
20:50:01.0207 0x1db8 wbengine - ok
20:50:01.0227 0x1db8 [ 7C4FAE7A8D55C897E5AE681B245A005F, 7E1E6299579BF02E89C5B828A1C19A43FF4E1F43D46D058F8DC0A8E6421C86A7 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
20:50:01.0264 0x1db8 WbioSrvc - ok
20:50:01.0270 0x1db8 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
20:50:01.0281 0x1db8 wcifs - ok
20:50:01.0298 0x1db8 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
20:50:01.0336 0x1db8 Wcmsvc - ok
20:50:01.0349 0x1db8 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
20:50:01.0375 0x1db8 wcncsvc - ok
20:50:01.0379 0x1db8 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
20:50:01.0392 0x1db8 wcnfs - ok
20:50:01.0396 0x1db8 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
20:50:01.0406 0x1db8 WdBoot - ok
20:50:01.0425 0x1db8 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
20:50:01.0450 0x1db8 Wdf01000 - ok
20:50:01.0459 0x1db8 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
20:50:01.0474 0x1db8 WdFilter - ok
20:50:01.0479 0x1db8 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
20:50:01.0496 0x1db8 WdiServiceHost - ok
20:50:01.0500 0x1db8 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
20:50:01.0516 0x1db8 WdiSystemHost - ok
20:50:01.0532 0x1db8 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:50:01.0564 0x1db8 wdiwifi - ok
20:50:01.0570 0x1db8 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:50:01.0581 0x1db8 WdNisDrv - ok
20:50:01.0583 0x1db8 WdNisSvc - ok
20:50:01.0591 0x1db8 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:50:01.0612 0x1db8 WebClient - ok
20:50:01.0619 0x1db8 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
20:50:01.0641 0x1db8 Wecsvc - ok
20:50:01.0645 0x1db8 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
20:50:01.0659 0x1db8 WEPHOSTSVC - ok
20:50:01.0664 0x1db8 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
20:50:01.0684 0x1db8 wercplsupport - ok
20:50:01.0692 0x1db8 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
20:50:01.0712 0x1db8 WerSvc - ok
20:50:01.0720 0x1db8 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
20:50:01.0732 0x1db8 WFPLWFS - ok
20:50:01.0736 0x1db8 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
20:50:01.0751 0x1db8 WiaRpc - ok
20:50:01.0755 0x1db8 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
20:50:01.0764 0x1db8 WIMMount - ok
20:50:01.0766 0x1db8 WinDefend - ok
20:50:01.0775 0x1db8 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:50:01.0785 0x1db8 WindowsTrustedRT - ok
20:50:01.0789 0x1db8 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:50:01.0797 0x1db8 WindowsTrustedRTProxy - ok
20:50:01.0815 0x1db8 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:50:01.0852 0x1db8 WinHttpAutoProxySvc - ok
20:50:01.0857 0x1db8 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
20:50:01.0865 0x1db8 WinMad - ok
20:50:01.0875 0x1db8 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:50:01.0894 0x1db8 Winmgmt - ok
20:50:01.0944 0x1db8 [ A26570B4A21AD6F4D597148D3C22274E, 594BD3B9B9B4027E5A7025CAB715378FB565FC5E00A0315A2EC3A6EFBC9CC72E ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:50:02.0039 0x1db8 WinRM - ok
20:50:02.0048 0x1db8 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
20:50:02.0061 0x1db8 WINUSB - ok
20:50:02.0065 0x1db8 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
20:50:02.0075 0x1db8 WinVerbs - ok
20:50:02.0090 0x1db8 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
20:50:02.0121 0x1db8 wisvc - ok
20:50:02.0165 0x1db8 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
20:50:02.0247 0x1db8 WlanSvc - ok
20:50:02.0290 0x1db8 [ 8CBA7957D7F7B48C0D396E40AA2FBCDA, 15B0B46B0C6B90350948BA4780C0AADC16FD1754F56D14F5F5C23560190EFAFF ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
20:50:02.0364 0x1db8 wlidsvc - ok
20:50:02.0370 0x1db8 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
20:50:02.0380 0x1db8 WmiAcpi - ok
20:50:02.0388 0x1db8 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:50:02.0405 0x1db8 wmiApSrv - ok
20:50:02.0407 0x1db8 WMPNetworkSvc - ok
20:50:02.0414 0x1db8 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
20:50:02.0427 0x1db8 Wof - ok
20:50:02.0464 0x1db8 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
20:50:02.0532 0x1db8 workfolderssvc - ok
20:50:02.0539 0x1db8 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
20:50:02.0554 0x1db8 WPDBusEnum - ok
20:50:02.0558 0x1db8 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:50:02.0567 0x1db8 WpdUpFltr - ok
20:50:02.0575 0x1db8 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
20:50:02.0595 0x1db8 WpnService - ok
20:50:02.0599 0x1db8 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
20:50:02.0613 0x1db8 WpnUserService - ok
20:50:02.0618 0x1db8 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:50:02.0630 0x1db8 ws2ifsl - ok
20:50:02.0636 0x1db8 [ FF190115CBA067F58C981F0A9F43ABDF, C90353C748C02DB38B561C250682E12C82985A6F7ED7D497AF5DE10EC243FCBA ] wscsvc C:\WINDOWS\System32\wscsvc.dll
20:50:02.0654 0x1db8 wscsvc - ok
20:50:02.0658 0x1db8 [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
20:50:02.0669 0x1db8 WSDPrintDevice - ok
20:50:02.0672 0x1db8 [ 46E4A69825A7554A5DB784A55F8AD203, 7F347054FCDD5DEF93083D420E56EBE5EEBBAE2BD2FED9B2E75E85149DE52780 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
20:50:02.0684 0x1db8 WSDScan - ok
20:50:02.0687 0x1db8 WSearch - ok
20:50:02.0733 0x1db8 [ 6BA66FE47BFAF223AEE6C98F28EB4D8E, 3B380329594DAD5BB50301F5A8A912BF6121788F395133C70C893879F68450FB ] wuauserv C:\WINDOWS\system32\wuaueng.dll
20:50:02.0817 0x1db8 wuauserv - ok
20:50:02.0823 0x1db8 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
20:50:02.0837 0x1db8 WudfPf - ok
20:50:02.0844 0x1db8 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys
20:50:02.0861 0x1db8 WUDFRd - ok
20:50:02.0866 0x1db8 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
20:50:02.0882 0x1db8 wudfsvc - ok
20:50:02.0888 0x1db8 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:50:02.0905 0x1db8 WUDFWpdFs - ok
20:50:02.0911 0x1db8 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:50:02.0927 0x1db8 WUDFWpdMtp - ok
20:50:02.0953 0x1db8 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
20:50:03.0006 0x1db8 WwanSvc - ok
20:50:03.0029 0x1db8 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
20:50:03.0071 0x1db8 XblAuthManager - ok
20:50:03.0096 0x1db8 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
20:50:03.0143 0x1db8 XblGameSave - ok
20:50:03.0152 0x1db8 [ C1E85B4FB08B4CCF16841B165910148B, AB33A6630BFC0E230BA464F721DD4ABB7DF79DF2D81C9C7366CC0BA2251F09F3 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
20:50:03.0171 0x1db8 xboxgip - ok
20:50:03.0194 0x1db8 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
20:50:03.0242 0x1db8 XboxNetApiSvc - ok
20:50:03.0247 0x1db8 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
20:50:03.0258 0x1db8 xinputhid - ok
20:50:03.0278 0x1db8 [ 40AE3438F06701318CCD097349B31260, A62E49826E2F579DBD3A7B552AFB1C21E81D19338848CFDF4C7449C3D9715C03 ] YandexBrowserService C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
20:50:03.0300 0x1db8 YandexBrowserService - ok
20:50:03.0302 0x1db8 ================ Scan global ===============================
20:50:03.0306 0x1db8 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:50:03.0313 0x1db8 [ C509CCD23B086DFC9EAF86E280043672, BF431DC1C618BAF0CB67976C5A8BCCDC3F3CB266F83C614D605BA559BA8EDFD8 ] C:\WINDOWS\system32\winsrv.dll
20:50:03.0319 0x1db8 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:50:03.0332 0x1db8 [ 133390D061D94917125DC666DA67ECD0, 69D6FFF3E0A0C4D77A62B4D71E1E3A8D10D93C46782A1B05F0EC4B8919C384B9 ] C:\WINDOWS\system32\services.exe
20:50:03.0340 0x1db8 [ Global ] - ok
20:50:03.0340 0x1db8 ================ Scan MBR ==================================
20:50:03.0342 0x1db8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:50:03.0370 0x1db8 \Device\Harddisk0\DR0 - ok
20:50:03.0372 0x1db8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:50:03.0778 0x1db8 \Device\Harddisk1\DR1 - ok
20:50:03.0778 0x1db8 ================ Scan VBR ==================================
20:50:03.0780 0x1db8 [ 2C278ED842E33AF532CB71340FD13987 ] \Device\Harddisk0\DR0\Partition1
20:50:03.0782 0x1db8 \Device\Harddisk0\DR0\Partition1 - ok
20:50:03.0784 0x1db8 [ 942D9219F5A696F2ACF4C41FF2CC8C43 ] \Device\Harddisk0\DR0\Partition2
20:50:03.0784 0x1db8 \Device\Harddisk0\DR0\Partition2 - ok
20:50:03.0787 0x1db8 [ D6E5E2BCFD1E5FD86D738587E76DBF61 ] \Device\Harddisk0\DR0\Partition3
20:50:03.0787 0x1db8 \Device\Harddisk0\DR0\Partition3 - ok
20:50:03.0790 0x1db8 [ B83A03F4AE0AB30DBAC41DF089ABE29A ] \Device\Harddisk0\DR0\Partition4
20:50:03.0791 0x1db8 \Device\Harddisk0\DR0\Partition4 - ok
20:50:03.0793 0x1db8 [ 4EB29602BCF95A1FD446486D980C2219 ] \Device\Harddisk0\DR0\Partition5
20:50:03.0794 0x1db8 \Device\Harddisk0\DR0\Partition5 - ok
20:50:03.0796 0x1db8 [ 30AF3AC5AB06325AD651CE963D6CA4CA ] \Device\Harddisk1\DR1\Partition1
20:50:03.0797 0x1db8 \Device\Harddisk1\DR1\Partition1 - ok
20:50:03.0798 0x1db8 ================ Scan generic autorun ======================
20:50:03.0799 0x1db8 ETDCtrl - ok
20:50:04.0028 0x1db8 [ 047D94A22B47AF83DDE4E32BB4E06D0A, CB9257995C67A1A44D6D316C36D3AAEF639BFD51A26C699D70FD047C45440CA5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:50:04.0266 0x1db8 RtHDVCpl - ok
20:50:04.0302 0x1db8 [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:50:04.0329 0x1db8 RtHDVBg_Dolby - ok
20:50:04.0334 0x1db8 [ FF7CB5344094510654C240486B4B1B3F, 2A50A3BC366D5293C61FEDC5639C0EB2BB3176933599B6C1533F06F9B6C5D2DF ] C:\Program Files (x86)\RadioController\RfBtnHelper.exe
20:50:04.0340 0x1db8 RadioController - ok
20:50:04.0412 0x1db8 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:50:04.0488 0x1db8 SDTray - ok
20:50:04.0497 0x1db8 [ 44E614FCBD7C4606D6E1FA24E2A8B26C, A6EE595A701A7351CFDE11F7376677766121762B101082F64F60C9EE1A8831B9 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:50:04.0508 0x1db8 PDFPrint - ok
20:50:04.0512 0x1db8 [ D762FE9B3C105E77F93FEA02D41AF980, 279D52B42C7E3E2B97E3C79A13DDB7EC99E963E4667440D3BDBEFC61CC012AE3 ] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
20:50:04.0520 0x1db8 ProductUpdater - detected UnsignedFile.Multi.Generic ( 1 )
20:50:04.0647 0x1db8 ProductUpdater ( UnsignedFile.Multi.Generic ) - warning
20:50:04.0838 0x1db8 [ 3EB50B29BDED831C71CE3C47F32471E8, 5D0F6AF72968FD01BE8E85068436F7E977911C0F4C9AFE4D49680E2FF9380099 ] C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe
20:50:04.0945 0x1db8 OGMgmmouseRun - detected UnsignedFile.Multi.Generic ( 1 )
20:50:05.0016 0x1db8 OGMgmmouseRun ( UnsignedFile.Multi.Generic ) - warning
20:50:05.0261 0x1db8 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:50:05.0438 0x1db8 OneDriveSetup - ok
20:50:05.0593 0x1db8 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:50:05.0753 0x1db8 OneDriveSetup - ok
20:50:05.0775 0x1db8 [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:50:05.0794 0x1db8 OneDrive - ok
20:50:05.0847 0x1db8 [ D2CE6EA0E9F641D7153462D40C6B4193, 3AAE5239F951E29497D759326BDC23E19644B763DC5661CA4E4980418195C37D ] C:\Program Files (x86)\Steam\steam.exe
20:50:05.0912 0x1db8 Steam - ok
20:50:06.0063 0x1db8 [ 8AA4A3119B2DF4FFAAD39A98F4764E47, 412192A2261ED0BD82EE2418DF94A8B3BC41D2D40F5AB8DA0F99FB9F0525910E ] C:\Program Files\CCleaner\CCleaner64.exe
20:50:06.0240 0x1db8 CCleaner Monitoring - ok
20:50:06.0268 0x1db8 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
20:50:06.0305 0x1db8 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
20:50:06.0407 0x1db8 Detect skipped due to KSN trusted
20:50:06.0407 0x1db8 SpybotPostWindows10UpgradeReInstall - ok
20:50:06.0410 0x1db8 [ BB38581A13B7265CF4E62741955E7457, 103C028F6ED13FDF916B0B15138BDFE66CAC0D667D735D853FC8E45341FE8A3A ] C:\WINDOWS\system32\ctfmon.exe
20:50:06.0423 0x1db8 ctfmon - ok
20:50:06.0424 0x1db8 safe_urls768 - ok
20:50:06.0505 0x1db8 [ 0AB0068EB7C30DC4BA6FE0C0910FEE5D, FBE1E5004BB4389DA5E7F1E659195199C81859A509937F7F3B9F190F569975CC ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
20:50:06.0613 0x1db8 DAEMON Tools Lite Automount - ok
20:50:06.0619 0x1db8 Waiting for KSN requests completion. In queue: 271
20:50:07.0671 0x1db8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x62100 ( disabled : updated )
20:50:07.0674 0x1db8 Win FW state via NFP2: enabled ( trusted )
20:50:07.0755 0x1db8
============================================================
20:50:07.0755 0x1db8 Scan finished
20:50:07.0755 0x1db8 ============================================================
20:50:07.0761 0x1370 Detected object count: 2
20:50:07.0761 0x1370 Actual detected object count: 2
20:50:54.0784 0x1370 ProductUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:54.0784 0x1370 ProductUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:50:54.0785 0x1370 OGMgmmouseRun ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:54.0785 0x1370 OGMgmmouseRun ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:39.0955 0x0f40 Deinitialize success
|
|
02.12.2016, 22:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/dropper.gen - Herunterfahren nicht mehr möglich Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.12.2016, 23:19
| #11 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v6.030 - Bericht erstellt am 02/12/2016 um 23:12:31
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Dienst Gefunden: Ronzap
Dienst Gefunden: backlh
Dienst Gefunden: Nettrans
***** [ Ordner ] *****
Ordner Gefunden: C:\Program Files (x86)\825B4291-1480630064-E311-AD5B-201A06114318
Ordner Gefunden: C:\Users\Patrick\AppData\Local\DriverToolkit
Ordner Gefunden: C:\Users\Patrick\AppData\Local\Hola
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\chportu
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\Hola
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\ProxyGate
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\Tencent
Ordner Gefunden: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\FreeRIP
Ordner Gefunden: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\Tencent
Ordner Gefunden: C:\ProgramData\Ronzap
Ordner Gefunden: C:\ProgramData\Ronzaps
Ordner Gefunden: C:\ProgramData\Logic Handler
Ordner Gefunden: C:\ProgramData\Tencent
Ordner Gefunden: C:\ProgramData\NetworkPacketManitor
Ordner Gefunden: C:\Users\Public\Documents\Tencent
Ordner Gefunden: C:\Program Files (x86)\DriverToolkit
Ordner Gefunden: C:\Program Files (x86)\FreeRIP
Ordner Gefunden: C:\Program Files (x86)\Tencent
Ordner Gefunden: C:\Program Files (x86)\Common Files\Tencent
Ordner Gefunden: C:\Program Files (x86)\Common Files\freemake shared
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\NUIns
***** [ Dateien ] *****
Datei Gefunden: C:\WINDOWS\SysWoW64\findit.xml
Datei Gefunden: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\extensions\firefox@browser-security.de.xpi
Datei Gefunden: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\searchplugins\yahoo! powered.xml
Datei Gefunden: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nhgknfkfipiflalfpihaicjijikenfoj_0.localstorage
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Keine schädlichen Aufgaben gefunden.
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Classes\Tencent
Schlüssel Gefunden: HKCU\Software\Classes\Tencent
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\metnsd
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Tencent
Schlüssel Gefunden: [x64] HKCU\Software\Classes\Tencent
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\metnsd
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Tencent
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\DriverToolkit
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Hola
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\csastats
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Schlüssel Gefunden: HKCU\Software\DriverToolkit
Schlüssel Gefunden: HKCU\Software\Hola
Schlüssel Gefunden: HKCU\Software\csastats
Schlüssel Gefunden: HKLM\SOFTWARE\mtRonzap
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
Schlüssel Gefunden: [x64] HKCU\Software\DriverToolkit
Schlüssel Gefunden: [x64] HKCU\Software\Hola
Schlüssel Gefunden: [x64] HKCU\Software\csastats
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Kan-Lam.dll
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\ZimCom.dll
Wert Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
Wert Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
Wert Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
Wert Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
Wert Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [safe_urls768]
Wert Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
Wert Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
Schlüssel Gefunden: HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
Schlüssel Gefunden: HKCU\Software\MozillaPlugins\@hola.org/vlc
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Schlüssel Gefunden: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Schlüssel Gefunden: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Wert Gefunden: HKCU\Environment [SNF]
Wert Gefunden: HKCU\Environment [SNP]
Schlüssel Gefunden: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
Schlüssel Gefunden: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Schlüssel Gefunden: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Schlüssel Gefunden: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
Schlüssel Gefunden: HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6653 Bytes] - [02/12/2016 23:12:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6726 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Patrick (Administrator) on 02.12.2016 at 23:16:11,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 9
Successfully deleted: C:\ProgramData\sogouinput (Folder)
Successfully deleted: C:\Users\Patrick\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Patrick\AppData\Local\wandoujia (Folder)
Successfully deleted: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} (Folder)
Successfully deleted: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\user.js (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\SogouImeMgr (Task)
Successfully deleted: C:\Program Files (x86)\wandoujia (Folder)
Successfully deleted: C:\Program Files\sogouinput (Folder)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-D3A84695.pf (File)
Registry: 9
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2016 at 23:17:32,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
02.12.2016, 23:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/dropper.gen - Herunterfahren nicht mehr möglich Ähhh...die Funde mit adwCleaner auch entfernen. Logfile dazu posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.12.2016, 23:32
| #13 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Sorry, habe nicht gesehen, dass es bei den Berichten einen Tab für alle Logfiles nur für die Suchläufe und einen für die Löschvorgänge gibt. Code:
ATTFilter # AdwCleaner v6.030 - Bericht erstellt am 02/12/2016 um 23:13:52
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Löschen
# Unterstützung : hxxps://www.malwarebytes.com/support
***** [ Dienste ] *****
[-] Dienst gelöscht: Ronzap
[-] Dienst gelöscht: backlh
[-] Dienst gelöscht: Nettrans
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Program Files (x86)\825B4291-1480630064-E311-AD5B-201A06114318
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\DriverToolkit
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\Hola
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\chportu
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\Hola
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\ProxyGate
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\Tencent
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\FreeRIP
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\Tencent
[-] Ordner gelöscht: C:\ProgramData\Ronzap
[-] Ordner gelöscht: C:\ProgramData\Ronzaps
[-] Ordner gelöscht: C:\ProgramData\Logic Handler
[-] Ordner gelöscht: C:\ProgramData\Tencent
[-] Ordner gelöscht: C:\ProgramData\NetworkPacketManitor
[-] Ordner gelöscht: C:\Users\Public\Documents\Tencent
[-] Ordner gelöscht: C:\Program Files (x86)\DriverToolkit
[-] Ordner gelöscht: C:\Program Files (x86)\FreeRIP
[-] Ordner gelöscht: C:\Program Files (x86)\Tencent
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\Tencent
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\freemake shared
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\NUIns
***** [ Dateien ] *****
[-] Datei gelöscht: C:\WINDOWS\SysWoW64\findit.xml
[-] Datei gelöscht: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\extensions\firefox@browser-security.de.xpi
[-] Datei gelöscht: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\searchplugins\yahoo! powered.xml
[-] Datei gelöscht: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nhgknfkfipiflalfpihaicjijikenfoj_0.localstorage
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Classes\Tencent
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Classes\Tencent
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\metnsd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Tencent
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Tencent
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\metnsd
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Tencent
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\DriverToolkit
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Hola
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\csastats
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\DriverToolkit
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Hola
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\csastats
[-] Schlüssel gelöscht: HKLM\SOFTWARE\mtRonzap
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\DriverToolkit
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Hola
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\csastats
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Daten wiederhergestellt: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [safe_urls768]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
[-] Schlüssel gelöscht: HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
[-] Schlüssel gelöscht: HKCU\Software\MozillaPlugins\@hola.org/vlc
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Schlüssel gelöscht: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Wert gelöscht: HKCU\Environment [SNF]
[-] Wert gelöscht: HKCU\Environment [SNP]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
[#] Schlüssel mit Neustart gelöscht: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7041 Bytes] - [02/12/2016 23:13:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6849 Bytes] - [02/12/2016 23:12:31]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7261 Bytes] ##########
|
|
02.12.2016, 23:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/dropper.gen - Herunterfahren nicht mehr möglich Und noch mal bitte zur KOntrolle 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.12.2016, 23:45
| #15 |
| | Tr/dropper.gen - Herunterfahren nicht mehr möglich Neues AdwCleaner Log: Code:
ATTFilter # AdwCleaner v6.030 - Bericht erstellt am 02/12/2016 um 23:41:24
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Löschen
# Unterstützung : hxxps://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Daten wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
***** [ Browser ] *****
[-] Firefox Einstellungen bereinigt: "browser.newtab.url" - "C:\\ProgramData\\Ronzaps\\ff.NT"
[-] Firefox Einstellungen bereinigt: "browser.search.defaultenginename" - "Yahoo! Powered"
[-] Firefox Einstellungen bereinigt: "browser.search.selectedEngine" - "Yahoo! Powered"
[-] Firefox Einstellungen bereinigt: "browser.startup.homepage" - "C:\\ProgramData\\Ronzaps\\ff.HP"
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7384 Bytes] - [02/12/2016 23:13:52]
C:\AdwCleaner\AdwCleaner[C2].txt - [3043 Bytes] - [02/12/2016 23:41:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6849 Bytes] - [02/12/2016 23:12:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3817 Bytes] - [02/12/2016 23:40:53]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3336 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Patrick (Administrator) on 02.12.2016 at 23:42:42,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2016 at 23:44:01,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
| Themen zu Tr/dropper.gen - Herunterfahren nicht mehr möglich |
| appdata, attacke, avira, browser-security, code, dateien, dauerhaft, funde, gen, guten, herunterfahren, laptop, log, löschen, meldungen, nicht mehr, node.js, quarantäne, sache, system, temp, tmp, tr/dropper.gen, users, verschoben, versucht, windowsapps, works, yandex |
Linear-Darstellung
