| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.03.2017, 18:26
| #1 |
 |  PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Hi, unter Win7 ist mir folgendes passiert... - keine AV - Firewall Windows mit Glasswire - Malewarebytes ist aktuell und drüber gelaufen Log vorhanden - CCleaner auch durchlaufen gelassen - Registry per Hand nach AppTrailer und NSBlock gesucht und entfernt Audiodatenaustausch über Filedropper sowie Fileupload. Bei einem der beiden gab es beim Download unten die Cockiemeldung wie auf allen Seiten, drückt man da vorher dem Download rauf kommt man auf eine andere Seite, welche die Audiodatei in eine EXE packt - dies ist nur eine Vermutung - so dass eine EXE geladen wird mit dem Namen der Audiofile. Öffnet man diese erfolgt eine Install-Routine, jedoch kann man eine WAV nicht installieren, und somit wurde das von mir unterbrochen. 2 Tage später fiel mir ein Icon in der Taskbar und eine Process-Explorer Eintrag auf. Icon: "NSBlock" Eintrag: 5 mal "Online-Guardian V2.0.9" In der Firewall ebenso Online Guardian und auch "downloadprotect" und "apptrailers.exe" Malewarebytes fand insgesamt 2000 Fehler. Nach demm ich zusätzlich beim SCAN im Process-Explorer die Process-Tree´s von "Online-Guardian" und "app-trailer.exe" gekillt habe. Später kommt hinzu aus der Firewall: - "adb0.exe" - "ic-0.1c7b1aa03a5b14.exe" - "ic-0.720b2d344740ec.exe" - "online application updater.exe" - "traffic exchange updater.exe" --> welche je zu den genannten Begriffen passen. Maleware-Bytes startet 1x neu, bastelt an der Connectivity herum und startet ein zweites mal neu. Jetzt kann ich zwar ins Internet aber Blizzard´s-Starcraft will nicht connecten. Bin per WLAN im Netz. Ich hatte vor meine Passwörter zu erneuern sowie diese in KeePass zu sichern. Allerdings ist das jetzt etwas blöd.  Daher jetzt der Schritt ins Board. Hat die Maleware Schaden an der Internet-Connection verursacht? Habe ich noch was auf dem Rechner? Was braucht ihr an Logs? Danke Grüße -AH, ihr müsst das wohl verschieben :/ Edit: Heute nach einem Reboot: Langes Login mit "Willkommen" und Ladekreis ca. 30 Sekunden. Danach Blackscreen mit Mouse in der Mitte ca. 15 Sekunden, dann Desktop mit falschen Kontrast/ Gammawerten, WLAN Stick nicht aktiviert., also kein Internet und keine Accesspoints aus der Umgebung. Windwos Systemwiederherstellung auf den 23.03.2017. Alles wieder gut. Die Fragen vor dem EDIT gelten trotzdem. Danke Grüße Geändert von construct (28.03.2017 um 19:12 Uhr) Grund: Edit, Systemwiederherstellung. |
|
28.03.2017, 21:25
| #2 |
| /// TB-Ausbilder   | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
29.03.2017, 08:03
| #3 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? FRST:
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (29-03-2017 07:31:50)
Gestartet von ?:\Folder\Downloads
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Realtek) C:\Windows\SwUSB.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\process-explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(wyDay) C:\Program Files\CyberGhost 6\wyUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
FireFox:
========
FF DefaultProfile: e54leqok.default
FF DefaultProfile: xc458lqu.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24reqok.default [2017-03-29]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default [2017-03-29]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\foxyproxy@eric.h.jung [2017-03-28]
FF Extension: (Kein Name) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\extensions\https-everywhere@eff.org.xpi [nicht gefunden]
FF Extension: (Kein Name) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [nicht gefunden]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2016-03-04] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-27 18:40 - 2017-03-28 20:04 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-25 18:10 - 2017-03-28 08:29 - 00000000 ____D C:\ProgramData\Microleaves <==
2017-03-25 18:07 - 2017-03-25 18:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Microleaves <==
2017-03-25 18:06 - 2017-03-28 20:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files\{572656F2-7906-4D07-BDBD-0CC44146CD48} <== ?
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files (x86)\{A1306F56-8B03-428B-84AD-2F932D81774C} <== ?
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:54 - 2017-03-28 21:05 - 00000022 _____ C:\Windows\S.dirmngr
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-20 20:59 - 2017-03-20 20:59 - 00106786 ____N C:\Users\user\Documents\Mitgliedsantrag-V2.0-v.-08.03.2017.pdf
2017-03-19 06:01 - 2017-03-19 06:01 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-15 01:35 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 01:35 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 01:35 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 01:35 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 01:35 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 01:35 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 01:35 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 01:35 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 01:35 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 01:35 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 01:35 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 01:35 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 01:35 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 01:35 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 01:35 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 01:35 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 01:35 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 01:35 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 01:35 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 01:35 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 01:35 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 01:35 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 01:35 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 01:35 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 01:35 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 01:35 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 01:35 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 01:35 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 01:35 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 01:35 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 01:35 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 01:35 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 01:35 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 01:35 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 01:35 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 01:35 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 01:35 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 01:35 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 01:35 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 01:35 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 01:35 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 01:35 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 01:35 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 01:35 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 01:35 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 01:35 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 01:35 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 01:35 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 01:35 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 01:35 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 01:35 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 01:35 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 01:35 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 01:35 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 01:35 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 01:35 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 01:35 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 01:35 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 01:35 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 01:35 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 01:35 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 01:35 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 01:35 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 01:35 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 01:35 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 01:35 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 01:35 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 01:35 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 01:35 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 01:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 01:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 07:11 - 2017-03-12 07:11 - 00325806 ____N C:\Users\user\Desktop\rendersound.wav
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-29 07:31 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-03-29 04:45 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-29 04:45 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-28 21:12 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-03-28 21:12 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-03-28 21:12 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-28 21:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-28 21:05 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-03-28 21:05 - 2015-10-23 20:28 - 00000000 ____D C:\Users\user
2017-03-28 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 20:23 - 2016-10-30 16:51 - 00925386 _____ C:\Windows\ntbtlog.txt
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-28 20:05 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\PersBackup5
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 19:07 - 2016-11-21 12:54 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-03-28 08:13 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-19 06:01 - 2017-03-19 06:01 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc
Einige Dateien in TEMP:
====================
2017-01-03 18:26 - 2017-03-28 21:05 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
2017-03-20 08:41 - 2017-03-20 08:41 - 0637440 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-24 16:52
==================== Ende von FRST.txt ============================
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (29-03-2017 07:32:02)
Gestartet von ?:\Folder\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.4.4 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.4 - Plogue Art et Technologie, Inc)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
ConfrontaPDF (HKLM-x32\...\ConfrontaPDF) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CPUID ROG CPU-Z 1.75 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.75 - CPUID, Inc.)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version: - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version: - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-User001100-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => \Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => \AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => \Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a V:\Folder\Downloads\jxpiinstall.exe -d X:\Folder\Downloads
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a R:\Folder\Production\grizzly-v1.1b-se1.160.exe -d T:\My-Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a Ü:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d T:\My-Folder\Downloads
Task: {606DF2D9-0BC4-41F6-AA98-54D020707610} - System32\Tasks\Opera scheduled Autoupdate 1454056698 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-10-24 00:23 - 2017-03-28 21:05 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: f.lux => "flux.exe" /noshow
MSCONFIG\startupreg: FreeAC => FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN -"RadeonSettings.exe" atlogon
MSCONFIG\startupreg: Steam -silent
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C3A6188C-8842-4337-8196-6554C4770664}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE7D3F1-ED42-47BF-96C3-4A1F15CE7A12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2DA271D6-F2A9-4367-BCDC-2CB0F40E254B}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [UDP Query User{D23A57CF-BEF7-4C7F-ABBB-FD70367F66BC}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [{493D06BA-205E-4192-AAA4-4CDC43C3BAD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{39577B13-C2BF-42F6-8DD1-626ABA61A103}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A19DBD2B-2346-45F9-AC47-B6290D634603}] => (Block) c:\program files (x86)\teamviewer\teamviewer_service.exe
FirewallRules: [{EC50B221-6994-49F6-87EA-B58302480FAF}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{92BA41E0-BDF1-4F98-9890-AA84AC8139E8}] => (Block) c:\windows\explorer.exe
FirewallRules: [TCP Query User{596502F1-B727-4D89-8B89-C18804B4CC8C}C:\program files\oracle\virtualbox\virtualbox.exe] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{045D30C3-D3D2-4989-B17B-A77E1D1E92F6}] => (Block) c:\windows\explorer.exe
FirewallRules: [{C46567DF-BAF2-42CB-9BC4-4EF77F9EC6A0}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{68E770B0-2D19-4ACF-B321-CAC68B5781A9}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4C90B2D8-113C-449B-B827-DC969F3150A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E39CF006-6FAE-4E84-9FC8-7981EF9FF660}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{657BC9BB-6239-4FC9-AB10-A306A0E5A6FD}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{B20877F0-7C4B-458F-BF59-A595E168446E}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{DABF5E7A-C07C-4E73-88CD-7CAE58449412}] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [{88433252-BE13-4CD9-A2A1-2AD1B6059648}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{1CCEBFB9-AC2E-4310-9A49-5C2F2B5E7DBA}] => (Allow) D:\Portal\SteamApps\common\Endless Sky\EndlessSky.exe
FirewallRules: [{E0697F28-0AE5-4434-A117-6D44DC7490AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7DB09F01-E0F3-4D3F-B686-C57EB2F894AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0911A94-E92A-4167-93D0-4696CAA2E23E}] => (Allow) D:\Portal\Steam.exe
FirewallRules: [{CC9679C3-9CB5-4D4B-8D34-D4D8CE628CE6}] => (Allow) D:\Portal\bin\steamwebhelper.exe
FirewallRules: [{017548E2-9991-43C7-9990-D60AEC41A61E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0DFC248-C299-43B7-BB3C-D908320963D7}] => (Block) c:\windows\system32\msiexec.exe
FirewallRules: [{9EED2BA0-29BE-45C7-A115-13A90DB3FA19}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{14A92DD3-04A0-4496-BA4D-B8306FB47243}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{A3AE046F-4844-4DEA-B9B2-51B437A4A518}] => (Block) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{486B1671-98F0-4AD5-AF00-5FAF79EB535C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEF6512F-B1D4-4FB7-A979-BA1A60F4ABBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{FA87F2CE-9CFD-42BD-9192-E3F338006BCA}C:\program files (x86)\jack\jackd.exe] => (Block) C:\program files (x86)\jack\jackd.exe
FirewallRules: [TCP Query User{ED7F5783-3085-4C19-899F-6C9AE4418E83}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{5A4E8E57-8DEE-4A9C-BD14-B8731AD1A4BD}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{014FDA46-CF4B-4D8B-B49D-8C2BAADE0BDD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{1CFAC638-F0F2-4789-AFB2-6404BF3E88DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E8A96067-F7D3-4658-99A9-0AD56A7B7A5D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{3587A4AB-3920-4A36-A6F6-463FAF3E91EA}D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{A4134721-0B5B-4D0D-AF7D-F3AB80EB6BF3}D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{F39A3CBE-679E-483A-A82C-C86D5E3DEEAB}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [UDP Query User{ADBC0FD8-795F-42D9-8229-C4B48A494A89}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [{8DE85F2C-7FCE-4626-BD2A-98682153A2DD}] => (Block) D:\battle.net\starcraft\starcraft ii\versions\base46154\sc2_x64.exe
FirewallRules: [{6DDEA35B-6D8D-4332-801B-B7B685C1F99F}] => (Block) c:\windows\system32\gwx\gwxux.exe
FirewallRules: [{C2FE1182-8FD1-4167-9D52-BBDB32C28056}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{CD1EC1E3-B016-4B55-A2C9-B3779BC427F1}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{840AF8CE-2DDE-47F8-8B04-4885E0D611F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6AFF3A2A-E89E-4E56-AA70-FA0D2C9A7C2D}] => (Allow) C:\Program Files\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{BFCF23D5-F0EC-4750-99AE-7179067C7218}] => (Allow) C:\Program Files\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{8F24DA1F-1CBF-4793-90FD-EF9950CDDFB9}] => (Allow) C:\Program Files\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{57ADCFCA-1460-45CD-8834-325C1DA31F04}] => (Allow) C:\Program Files\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{3AED76FB-9BC3-4A88-8D39-47CC5052AF4F}] => (Allow) C:\Program Files\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{6AAF9014-E299-4B18-90B9-80EF2D6A9BE4}] => (Allow) C:\Program Files\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{74A142BB-B2EE-42E4-8A8F-FE6718D6AD81}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{3BCAF9D9-DC8B-4F12-9EC8-0616D8113074}C:\program files\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\davinci resolve\dpdecoder.exe
FirewallRules: [UDP Query User{9D9A4E60-9A57-41EC-AA33-FA768960F3C6}C:\program files\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\davinci resolve\dpdecoder.exe
FirewallRules: [{B23381AC-00E9-4188-9239-5FB60ADAB2BE}] => (Allow) LPort=21
FirewallRules: [{9C30ED18-2E49-43ED-9FB8-1B3D810764B6}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{25A05D70-09FC-4707-9527-A8FCB9737A00}C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe
FirewallRules: [{16E488C9-B953-43E8-B4B2-B590BAB6CA69}] => (Block) c:\windows\syswow64\macromed\flash\flashplayerplugin_23_0_0_207.exe
FirewallRules: [{0ADCDFD8-F706-42ED-BEA7-92358C8007B2}] => (Block) c:\windows\explorer.exe
FirewallRules: [{550B6BE4-CE38-4B16-944D-630437AF62D6}] => (Block) t:\my-folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{F6692C00-2803-4D2F-87ED-232A82AD37C8}] => (Block) t:\my-folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{4842CFC0-CE91-4B43-9F55-C1AE06256A56}] => (Block) c:\users\user\appdata\local\adobe\c4d73211-ecab-46f7-874b-e2da4fc0aa7d\3b64c024-d7c1-42cd-84ab-f8a1a3c6ec06\57073c20-0a7a-4ca6-933b-4dc45ae951ee
FirewallRules: [{F5265B4B-7E5A-4D8F-B050-09A46DA77F9E}] => (Block) c:\program files\cyberghost 6\cyberghost.exe
FirewallRules: [{F16767DF-9A4F-41BC-A7BC-52AFAC445B0E}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{7D006F94-DD72-4AAD-A6F3-860B57DF5E03}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe
==================== Wiederherstellungspunkte =========================
22-03-2017 09:41:23 Installed TightVNC
22-03-2017 09:52:42 Installed Intel(R) Network Connections.
22-03-2017 19:20:16 Installed PuTTY release 0.68 (64-bit)
23-03-2017 15:17:18 Installed Bitwig Studio
25-03-2017 02:18:25 Windows Update
28-03-2017 09:16:50 Windows-Sicherung
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/28/2017 09:07:53 PM) (Source: CyberGhost 6 Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht beendet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei CyberGhost.VPNServices.OpenVpn.DisconnectFromVpnServer(Boolean sendDisconnectEvent) in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.VPNServices\OpenVPN.cs:Zeile 348.
bei Service.ServiceController.OnStop() in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.Service\ServiceController.cs:Zeile 170.
bei System.ServiceProcess.ServiceBase.DeferredStop()
Error: (03/28/2017 09:06:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/28/2017 09:05:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/28/2017 08:41:19 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.
Error: (03/28/2017 08:31:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/28/2017 08:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 11:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Name des fehlerhaften Moduls: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000002e628
ID des fehlerhaften Prozesses: 0x19d4
Startzeit der fehlerhaften Anwendung: 0x01d2a5aea0b595a0
Pfad der fehlerhaften Anwendung: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Berichtskennung: de9771c1-11a1-11e7-bb9a-40167ea5eebf
Error: (03/25/2017 11:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Name des fehlerhaften Moduls: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000002e628
ID des fehlerhaften Prozesses: 0xe04
Startzeit der fehlerhaften Anwendung: 0x01d2a5adf086e837
Pfad der fehlerhaften Anwendung: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Berichtskennung: 2f5b8c56-11a1-11e7-bb9a-40167ea5eebf
Error: (03/25/2017 02:35:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Battle.net.exe, Version 1.8.0.8554 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8a8
Startzeit: 01d2a4e4e07a8955
Endzeit: 22
Anwendungspfad: C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe
Berichts-ID: 81e0478e-1157-11e7-bb9a-60e32713d0cb
Error: (03/24/2017 10:36:59 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.
Systemfehler:
=============
Error: (03/28/2017 09:05:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/28/2017 09:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem Fehler beendet: Beim Datenbankaufruf ist ein nicht behebbarer Fehler aufgetreten.
.
Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
Error: (03/28/2017 08:03:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 13315.45 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 28811.54 MB
==================== Laufwerke ================================
Drive 1: (C:) (Fixed) (Total:238.47 GB) (Free:98.05 GB) NTFS
Drive 2: (x) (Fixed) (Total:232.88 GB) (Free:146.13 GB) NTFS
Drive 3: (x) (Fixed) (Total:465.76 GB) (Free:237.62 GB) NTFS
Drive 4: (x) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive 5: (x) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive 6: (x) (Fixed) (Total:931.51 GB) (Free:637.26 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)
Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Geändert von construct (29.03.2017 um 08:09 Uhr) |
|
29.03.2017, 08:06
| #4 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? TDSSKill: #1/2 Code:
ATTFilter 08:31:29.0742 0x1054 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
08:31:34.0438 0x1054 ============================================================
08:31:34.0438 0x1054 Current date / time: 2017/03/29 08:31:34.0438
08:31:34.0438 0x1054 SystemInfo:
08:31:34.0438 0x1054
08:31:34.0438 0x1054 OS Version: 6.1.7601 ServicePack: 1.0
08:31:34.0438 0x1054 Product type: Workstation
08:31:34.0438 0x1054 ComputerName: ???
08:31:34.0438 0x1054 UserName: ???
08:31:34.0438 0x1054 Windows directory: C:\Windows
08:31:34.0438 0x1054 System windows directory: C:\Windows
08:31:34.0438 0x1054 Running under WOW64
08:31:34.0438 0x1054 Processor architecture: Intel x64
08:31:34.0438 0x1054 Number of processors: 5
08:31:34.0438 0x1054 Page size: 0x1000
08:31:34.0438 0x1054 Boot type: Normal boot
08:31:34.0438 0x1054 CodeIntegrityOptions = 0x00000001
08:31:34.0438 0x1054 ============================================================
08:31:34.0641 0x1054 KLMD registered as C:\Windows\system32\drivers\32266118.sys
08:31:34.0641 0x1054 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23677, osProperties = 0x1
08:31:34.0672 0x1054 System UUID: {2B1FF162-E8A8-F17D-EAAE-D6C27730F928}
08:31:38.0416 0x1054 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:38.0416 0x1054 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:42.0558 0x1054 Drive \Device\Harddisk3\DR3 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:47.0613 0x1054 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:47.0613 0x1054 Drive \Device\Harddisk2\DR2 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:47.0613 0x1054 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0B00000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:31:52.0792 0x1054 ============================================================
08:31:52.0792 0x1054 \Device\Harddisk0\DR0:
08:31:52.0808 0x1054 MBR partitions:
08:31:52.0808 0x1054 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4269
08:31:52.0808 0x1054 \Device\Harddisk1\DR1:
08:31:52.0808 0x1054 MBR partitions:
08:31:52.0808 0x1054 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
08:31:52.0808 0x1054 \Device\Harddisk3\DR3:
08:31:52.0808 0x1054 MBR partitions:
08:31:52.0808 0x1054 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
08:31:52.0808 0x1054 \Device\Harddisk4\DR4:
08:31:52.0855 0x1054 MBR partitions:
08:31:52.0855 0x1054 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
08:31:52.0855 0x1054 \Device\Harddisk2\DR2:
08:31:52.0855 0x1054 MBR partitions:
08:31:52.0855 0x1054 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
08:31:52.0855 0x1054 \Device\Harddisk6\DR6:
08:31:52.0855 0x1054 GPT partitions:
08:31:52.0855 0x1054 \Device\Harddisk6\DR6\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3357F6D4-5E69-412F-A106-7383080A9D1C}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
08:31:52.0855 0x1054 \Device\Harddisk6\DR6\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {915211A4-1AFA-491C-A468-1EDD370BB039}, Name: Ohne Titel, StartLBA 0x64800, BlocksNum 0x746A0800
08:31:52.0855 0x1054 MBR partitions:
08:31:52.0855 0x1054 \Device\Harddisk6\DR6\Partition3: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x746A0800
08:31:52.0855 0x1054 ============================================================
08:31:52.0855 0x1054 z: <-> \Device\Harddisk2\DR2\Partition1
08:31:52.0870 0x1054 t: <-> \Device\Harddisk0\DR0\Partition1
08:31:52.0886 0x1054 r: <-> \Device\Harddisk4\DR4\Partition1
08:31:52.0901 0x1054 e: <-> \Device\Harddisk6\DR6\Partition3
08:31:52.0933 0x1054 w: <-> \Device\Harddisk1\DR1\Partition1
08:31:52.0964 0x1054 q: <-> \Device\Harddisk3\DR3\Partition1
08:31:52.0964 0x1054 ============================================================
08:31:52.0964 0x1054 Initialize success
08:31:52.0964 0x1054 ============================================================
08:32:17.0877 0x1204 ============================================================
08:32:17.0877 0x1204 Scan started
08:32:17.0877 0x1204 Mode: Manual;
08:32:17.0877 0x1204 ============================================================
08:32:17.0877 0x1204 KSN ping started
08:33:32.0695 0x1204 KSN ping finished: true
08:33:34.0021 0x1204 ================ Scan system memory ========================
08:33:34.0021 0x1204 System memory - ok
08:33:34.0021 0x1204 ================ Scan services =============================
08:33:34.0052 0x1204 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:33:34.0052 0x1204 1394ohci - ok
08:33:34.0052 0x1204 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:33:34.0068 0x1204 ACPI - ok
08:33:34.0068 0x1204 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:33:34.0068 0x1204 AcpiPmi - ok
08:33:34.0068 0x1204 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:33:34.0068 0x1204 Adobe LM Service - ok
08:33:34.0083 0x1204 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:33:34.0083 0x1204 adp94xx - ok
08:33:34.0083 0x1204 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:33:34.0099 0x1204 adpahci - ok
08:33:34.0099 0x1204 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:33:34.0099 0x1204 adpu320 - ok
08:33:34.0099 0x1204 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:33:34.0099 0x1204 AeLookupSvc - ok
08:33:34.0114 0x1204 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
08:33:34.0114 0x1204 AFD - ok
08:33:34.0114 0x1204 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
08:33:34.0114 0x1204 agp440 - ok
08:33:34.0114 0x1204 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:33:34.0130 0x1204 ALG - ok
08:33:34.0130 0x1204 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
08:33:34.0130 0x1204 aliide - ok
08:33:34.0130 0x1204 [ C2C6576BD76BDBD5D29555440C0F147B, EB92CCF0670493B63D073976F5026C0F5954733CBC20812118F13716503C249B ] amdacpksd C:\Windows\system32\drivers\amdacpksd.sys
08:33:34.0130 0x1204 amdacpksd - ok
08:33:34.0130 0x1204 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
08:33:34.0130 0x1204 amdide - ok
08:33:34.0146 0x1204 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:33:34.0146 0x1204 AmdK8 - ok
08:33:34.0146 0x1204 amdkmdag - ok
08:33:34.0146 0x1204 [ 6489E58445DC4E53EE1446EC0CB04842, 13449C7B0BBDC1F2D0B5C9A0299BED47475D2D249BD5E24F68F9E06C4DC601BF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:33:34.0161 0x1204 amdkmdap - ok
08:33:34.0161 0x1204 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:33:34.0161 0x1204 AmdPPM - ok
08:33:34.0161 0x1204 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:33:34.0161 0x1204 amdsata - ok
08:33:34.0161 0x1204 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:33:34.0177 0x1204 amdsbs - ok
08:33:34.0177 0x1204 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:33:34.0177 0x1204 amdxata - ok
08:33:34.0177 0x1204 [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID C:\Windows\system32\drivers\appid.sys
08:33:34.0177 0x1204 AppID - ok
08:33:34.0177 0x1204 [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:33:34.0177 0x1204 AppIDSvc - ok
08:33:34.0177 0x1204 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll
08:33:34.0177 0x1204 Appinfo - ok
08:33:34.0177 0x1204 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
08:33:34.0177 0x1204 arc - ok
08:33:34.0192 0x1204 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:33:34.0192 0x1204 arcsas - ok
08:33:34.0208 0x1204 [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
08:33:34.0208 0x1204 asComSvc - ok
08:33:34.0224 0x1204 [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
08:33:34.0239 0x1204 asHmComSvc - ok
08:33:34.0239 0x1204 [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
08:33:34.0239 0x1204 AsIO - ok
08:33:34.0255 0x1204 [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:33:34.0255 0x1204 aspnet_state - ok
08:33:34.0255 0x1204 [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
08:33:34.0255 0x1204 AsUpIO - ok
08:33:34.0255 0x1204 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:33:34.0255 0x1204 AsyncMac - ok
08:33:34.0255 0x1204 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
08:33:34.0255 0x1204 atapi - ok
08:33:34.0270 0x1204 [ F9DB31BC5CD3700D37DB136BA56E5E9D, 9AB7421975500EE7FE583CCF86914F94E697606A9199DC4F27D5609554C5D3F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:33:34.0270 0x1204 AtiHDAudioService - ok
08:33:34.0270 0x1204 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:33:34.0286 0x1204 AudioEndpointBuilder - ok
08:33:34.0286 0x1204 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:33:34.0302 0x1204 AudioSrv - ok
08:33:34.0302 0x1204 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:33:34.0302 0x1204 AxInstSV - ok
08:33:34.0317 0x1204 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:33:34.0317 0x1204 b06bdrv - ok
08:33:34.0333 0x1204 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:33:34.0333 0x1204 b57nd60a - ok
08:33:34.0333 0x1204 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:33:34.0333 0x1204 BDESVC - ok
08:33:34.0333 0x1204 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:33:34.0333 0x1204 Beep - ok
08:33:34.0348 0x1204 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
08:33:34.0348 0x1204 BFE - ok
08:33:34.0364 0x1204 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
08:33:34.0380 0x1204 BITS - ok
08:33:34.0380 0x1204 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:33:34.0380 0x1204 blbdrive - ok
08:33:34.0395 0x1204 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:33:34.0395 0x1204 Bonjour Service - ok
08:33:34.0395 0x1204 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:33:34.0395 0x1204 bowser - ok
08:33:34.0395 0x1204 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:33:34.0395 0x1204 BrFiltLo - ok
08:33:34.0395 0x1204 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:33:34.0395 0x1204 BrFiltUp - ok
08:33:34.0411 0x1204 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
08:33:34.0411 0x1204 Browser - ok
08:33:34.0411 0x1204 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:33:34.0411 0x1204 Brserid - ok
08:33:34.0426 0x1204 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:33:34.0426 0x1204 BrSerWdm - ok
08:33:34.0426 0x1204 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:33:34.0426 0x1204 BrUsbMdm - ok
08:33:34.0426 0x1204 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:33:34.0426 0x1204 BrUsbSer - ok
08:33:34.0426 0x1204 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:33:34.0426 0x1204 BTHMODEM - ok
08:33:34.0426 0x1204 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:33:34.0426 0x1204 bthserv - ok
08:33:34.0442 0x1204 [ 95C2FEB994798596F0E2CB2BB2C7F45A, 78A39A6EF8E29620F22970AF4AE37404FC33D308BF83F8CDF16F0A79C5561AAF ] cbdisk3 C:\Windows\system32\drivers\cbdisk3.sys
08:33:34.0442 0x1204 cbdisk3 - ok
08:33:34.0442 0x1204 [ 6C1506E58A2A0F1FC6756D322C576C5F, FBAE9597A594956AD6677DB0FB7FC2483DA6450E66BEB9B2D2D4F2C1373B7AA8 ] cbfs4 C:\Windows\system32\drivers\cbfs4.sys
08:33:34.0442 0x1204 cbfs4 - ok
08:33:34.0458 0x1204 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:33:34.0458 0x1204 cdfs - ok
08:33:34.0458 0x1204 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:33:34.0458 0x1204 cdrom - ok
08:33:34.0458 0x1204 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
08:33:34.0458 0x1204 CertPropSvc - ok
08:33:34.0458 0x1204 [ 2B2559146B072EB183DA1AB57E38E886, CAAE41158C3D5EA55834085C9161DB1EFF173CDF2FD0340B5289F541C294C5CC ] CG6Service C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
08:33:34.0473 0x1204 CG6Service - ok
08:33:34.0473 0x1204 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
08:33:34.0473 0x1204 circlass - ok
08:33:34.0473 0x1204 [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS C:\Windows\system32\CLFS.sys
08:33:34.0473 0x1204 CLFS - ok
08:33:34.0489 0x1204 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:33:34.0489 0x1204 clr_optimization_v2.0.50727_32 - ok
08:33:34.0489 0x1204 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:33:34.0489 0x1204 clr_optimization_v2.0.50727_64 - ok
08:33:34.0489 0x1204 [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:33:34.0489 0x1204 clr_optimization_v4.0.30319_32 - ok
08:33:34.0504 0x1204 [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:33:34.0504 0x1204 clr_optimization_v4.0.30319_64 - ok
08:33:34.0504 0x1204 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:33:34.0504 0x1204 CmBatt - ok
08:33:34.0504 0x1204 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:33:34.0504 0x1204 cmdide - ok
08:33:34.0504 0x1204 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG C:\Windows\system32\Drivers\cng.sys
08:33:34.0520 0x1204 CNG - ok
08:33:34.0520 0x1204 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:33:34.0520 0x1204 Compbatt - ok
08:33:34.0520 0x1204 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:33:34.0520 0x1204 CompositeBus - ok
08:33:34.0520 0x1204 COMSysApp - ok
08:33:34.0536 0x1204 [ E20D73654A05670BD21F7876A3A0F747, A1708A4291641D8D17A6A4A7CE80A2B26046D3C35D5F718B008F0D3B290953DC ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:33:34.0536 0x1204 cphs - ok
08:33:34.0536 0x1204 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:33:34.0536 0x1204 crcdisk - ok
08:33:34.0551 0x1204 [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:33:34.0551 0x1204 CryptSvc - ok
08:33:34.0551 0x1204 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
08:33:34.0567 0x1204 DcomLaunch - ok
08:33:34.0567 0x1204 [ 5DE1DB1FD27B0486292C881E1D94437E, D2D824CE9F7B57A3659B2249531DBA85C114E65D4EEBA3A159607B2104FF704B ] debutfilter C:\Windows\system32\DRIVERS\debutfilterx64.sys
08:33:34.0567 0x1204 debutfilter - ok
08:33:34.0567 0x1204 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:33:34.0582 0x1204 defragsvc - ok
08:33:34.0582 0x1204 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:33:34.0582 0x1204 DfsC - ok
08:33:34.0582 0x1204 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:33:34.0582 0x1204 Dhcp - ok
08:33:34.0614 0x1204 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
08:33:34.0629 0x1204 DiagTrack - ok
08:33:34.0629 0x1204 [ F81460DB0644F0E825109F2E0E9F5D06, 21F26663CE22412BC9E6F4CD0F7FC536ED8844DE7C2C104616ACADBF4F47A839 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
08:33:34.0629 0x1204 DirMngr - ok
08:33:34.0629 0x1204 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:33:34.0629 0x1204 discache - ok
08:33:34.0645 0x1204 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
08:33:34.0645 0x1204 Disk - ok
08:33:34.0645 0x1204 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:33:34.0645 0x1204 Dnscache - ok
08:33:34.0645 0x1204 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
08:33:34.0660 0x1204 dot3svc - ok
08:33:34.0660 0x1204 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
08:33:34.0660 0x1204 DPS - ok
08:33:34.0660 0x1204 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:33:34.0660 0x1204 drmkaud - ok
08:33:34.0676 0x1204 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:33:34.0692 0x1204 DXGKrnl - ok
08:33:34.0692 0x1204 [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
08:33:34.0707 0x1204 e1dexpress - ok
08:33:34.0707 0x1204 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:33:34.0707 0x1204 EapHost - ok
08:33:34.0754 0x1204 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:33:34.0785 0x1204 ebdrv - ok
08:33:34.0785 0x1204 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS C:\Windows\System32\lsass.exe
08:33:34.0801 0x1204 EFS - ok
08:33:34.0801 0x1204 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:33:34.0801 0x1204 elxstor - ok
08:33:34.0816 0x1204 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:33:34.0816 0x1204 ErrDev - ok
08:33:34.0816 0x1204 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:33:34.0816 0x1204 EventSystem - ok
08:33:34.0832 0x1204 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:33:34.0832 0x1204 exfat - ok
08:33:34.0832 0x1204 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:33:34.0832 0x1204 fastfat - ok
08:33:34.0832 0x1204 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
08:33:34.0832 0x1204 fdc - ok
08:33:34.0848 0x1204 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:33:34.0848 0x1204 fdPHost - ok
08:33:34.0848 0x1204 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:33:34.0848 0x1204 FDResPub - ok
08:33:34.0848 0x1204 [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio C:\Windows\system32\DRIVERS\ffusb2audio.sys
08:33:34.0848 0x1204 ffusb2audio - ok
08:33:34.0848 0x1204 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:33:34.0848 0x1204 FileInfo - ok
08:33:34.0848 0x1204 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:33:34.0848 0x1204 Filetrace - ok
08:33:34.0863 0x1204 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:33:34.0863 0x1204 flpydisk - ok
08:33:34.0863 0x1204 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:33:34.0863 0x1204 FltMgr - ok
08:33:34.0879 0x1204 [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache C:\Windows\system32\FntCache.dll
08:33:34.0894 0x1204 FontCache - ok
08:33:34.0894 0x1204 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:33:34.0894 0x1204 FontCache3.0.0.0 - ok
08:33:34.0910 0x1204 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:33:34.0910 0x1204 FsDepends - ok
08:33:34.0910 0x1204 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:33:34.0910 0x1204 Fs_Rec - ok
08:33:34.0910 0x1204 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:33:34.0910 0x1204 fvevol - ok
08:33:34.0910 0x1204 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:33:34.0910 0x1204 gagp30kx - ok
08:33:34.0972 0x1204 [ 25BBECC7C72D4A1A021FA34534C1C822, F03164CB1624B2E4F6CCDF78562620DD81A3A985D5A6CFF7298B781D924F2F19 ] GlassWire C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
08:33:35.0019 0x1204 GlassWire - ok
08:33:35.0035 0x1204 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
08:33:35.0050 0x1204 gpsvc - ok
08:33:35.0050 0x1204 [ 3CF2C2F026B06D3F6B9A402DD50D5C9B, EEC63C73D54BC6F9AA53F6A248A041E3A0F1CE39386DA6243B42D1C14A322B2B ] gwdrv C:\Windows\system32\DRIVERS\gwdrv.sys
08:33:35.0050 0x1204 gwdrv - ok
08:33:35.0050 0x1204 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:33:35.0050 0x1204 hcw85cir - ok
08:33:35.0066 0x1204 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:33:35.0066 0x1204 HdAudAddService - ok
08:33:35.0066 0x1204 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:33:35.0066 0x1204 HDAudBus - ok
08:33:35.0082 0x1204 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:33:35.0082 0x1204 HidBatt - ok
08:33:35.0082 0x1204 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:33:35.0082 0x1204 HidBth - ok
08:33:35.0082 0x1204 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
08:33:35.0082 0x1204 HidIr - ok
08:33:35.0082 0x1204 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
08:33:35.0082 0x1204 hidserv - ok
08:33:35.0082 0x1204 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:33:35.0082 0x1204 HidUsb - ok
08:33:35.0082 0x1204 [ BBCC44D677183BEFED776C1ED6B138D1, A219E3C834550FA70E3D3986BFB31C40249B8A43F13BA023B21341C08249A65C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe <== Blender
08:33:35.0082 0x1204 HiPatchService - ok
08:33:35.0097 0x1204 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:33:35.0097 0x1204 hkmsvc - ok
08:33:35.0097 0x1204 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:33:35.0097 0x1204 HomeGroupListener - ok
08:33:35.0097 0x1204 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:33:35.0113 0x1204 HomeGroupProvider - ok
08:33:35.0113 0x1204 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:33:35.0113 0x1204 HpSAMD - ok
08:33:35.0128 0x1204 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:33:35.0128 0x1204 HTTP - ok
08:33:35.0128 0x1204 [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO64A.SYS
08:33:35.0128 0x1204 HWiNFO32 - ok
08:33:35.0128 0x1204 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:33:35.0128 0x1204 hwpolicy - ok
08:33:35.0144 0x1204 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:33:35.0144 0x1204 i8042prt - ok
08:33:35.0144 0x1204 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:33:35.0160 0x1204 iaStorV - ok
08:33:35.0160 0x1204 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:33:35.0175 0x1204 idsvc - ok
08:33:35.0175 0x1204 IEEtwCollectorService - ok
08:33:35.0238 0x1204 [ 4AA0CEDCA2DCCD38B6F0AA56BC7B80BB, B4D88292CD95DB1DC9BE7A721D3886889D9761F48BCA5ABA8EB8492B53FCC007 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:33:35.0300 0x1204 igfx - ok
08:33:35.0300 0x1204 [ 486F05A5B011EA206AD5F6BB9A032A6B, 77A9113C6A8C0C096CA2B4A4A70C33A75C3DF14B36BCD10605DC34F39EBABA76 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
08:33:35.0316 0x1204 igfxCUIService1.0.0.0 - ok
08:33:35.0316 0x1204 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:33:35.0316 0x1204 iirsp - ok
08:33:35.0331 0x1204 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
08:33:35.0331 0x1204 IKEEXT - ok
08:33:35.0347 0x1204 [ 9D01DDF5EA8494BBCBB73FF385E35D35, C575DC65275BEA8558A855C7DC6CFA84BD7F48D24BB0C522084E89DDC5CB02A7 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:33:35.0347 0x1204 IntcDAud - ok
08:33:35.0362 0x1204 [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:33:35.0378 0x1204 Intel(R) Capability Licensing Service Interface - ok
08:33:35.0378 0x1204 [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
08:33:35.0394 0x1204 Intel(R) Capability Licensing Service TCP IP Interface - ok
08:33:35.0394 0x1204 [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
08:33:35.0394 0x1204 Intel(R) PROSet Monitoring Service - ok
08:33:35.0409 0x1204 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
08:33:35.0409 0x1204 intelide - ok
08:33:35.0409 0x1204 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:33:35.0409 0x1204 intelppm - ok
08:33:35.0409 0x1204 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:33:35.0409 0x1204 IPBusEnum - ok
08:33:35.0409 0x1204 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:33:35.0409 0x1204 IpFilterDriver - ok
08:33:35.0425 0x1204 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:33:35.0425 0x1204 iphlpsvc - ok
08:33:35.0425 0x1204 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:33:35.0440 0x1204 IPMIDRV - ok
08:33:35.0440 0x1204 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:33:35.0440 0x1204 IPNAT - ok
08:33:35.0440 0x1204 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:33:35.0440 0x1204 IRENUM - ok
08:33:35.0440 0x1204 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:33:35.0440 0x1204 isapnp - ok
08:33:35.0440 0x1204 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:33:35.0456 0x1204 iScsiPrt - ok
08:33:35.0456 0x1204 [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
08:33:35.0456 0x1204 jhi_service - ok
08:33:35.0456 0x1204 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:33:35.0456 0x1204 kbdclass - ok
08:33:35.0456 0x1204 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:33:35.0456 0x1204 kbdhid - ok
08:33:35.0456 0x1204 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso C:\Windows\system32\lsass.exe
08:33:35.0472 0x1204 KeyIso - ok
08:33:35.0472 0x1204 [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:33:35.0472 0x1204 KSecDD - ok
08:33:35.0472 0x1204 [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:33:35.0472 0x1204 KSecPkg - ok
08:33:35.0472 0x1204 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:33:35.0472 0x1204 ksthunk - ok
08:33:35.0487 0x1204 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:33:35.0487 0x1204 KtmRm - ok
08:33:35.0487 0x1204 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:33:35.0503 0x1204 LanmanServer - ok
08:33:35.0503 0x1204 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:33:35.0503 0x1204 LanmanWorkstation - ok
08:33:35.0503 0x1204 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:33:35.0503 0x1204 lltdio - ok
08:33:35.0503 0x1204 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:33:35.0518 0x1204 lltdsvc - ok
08:33:35.0518 0x1204 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:33:35.0518 0x1204 lmhosts - ok
08:33:35.0518 0x1204 [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:33:35.0534 0x1204 LMS - ok
08:33:35.0534 0x1204 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:33:35.0534 0x1204 LSI_FC - ok
08:33:35.0534 0x1204 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:33:35.0534 0x1204 LSI_SAS - ok
08:33:35.0534 0x1204 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:33:35.0534 0x1204 LSI_SAS2 - ok
08:33:35.0550 0x1204 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:33:35.0550 0x1204 LSI_SCSI - ok
08:33:35.0550 0x1204 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:33:35.0550 0x1204 luafv - ok
08:33:35.0550 0x1204 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
08:33:35.0550 0x1204 megasas - ok
08:33:35.0550 0x1204 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:33:35.0565 0x1204 MegaSR - ok
08:33:35.0565 0x1204 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:33:35.0565 0x1204 MEIx64 - ok
08:33:35.0565 0x1204 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:33:35.0565 0x1204 MMCSS - ok
08:33:35.0565 0x1204 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:33:35.0565 0x1204 Modem - ok
08:33:35.0565 0x1204 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:33:35.0565 0x1204 monitor - ok
08:33:35.0565 0x1204 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:33:35.0581 0x1204 mouclass - ok
08:33:35.0581 0x1204 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:33:35.0581 0x1204 mouhid - ok
08:33:35.0581 0x1204 [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:33:35.0581 0x1204 mountmgr - ok
08:33:35.0581 0x1204 [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:33:35.0581 0x1204 MozillaMaintenance - ok
08:33:35.0596 0x1204 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
08:33:35.0596 0x1204 mpio - ok
08:33:35.0596 0x1204 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:33:35.0596 0x1204 mpsdrv - ok
08:33:35.0612 0x1204 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:33:35.0612 0x1204 MpsSvc - ok
08:33:35.0628 0x1204 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:33:35.0628 0x1204 MRxDAV - ok
08:33:35.0628 0x1204 [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:33:35.0628 0x1204 mrxsmb - ok
08:33:35.0628 0x1204 [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:33:35.0643 0x1204 mrxsmb10 - ok
08:33:35.0643 0x1204 [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:33:35.0643 0x1204 mrxsmb20 - ok
08:33:35.0643 0x1204 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
08:33:35.0643 0x1204 msahci - ok
08:33:35.0643 0x1204 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:33:35.0643 0x1204 MSCamSvc - ok
08:33:35.0659 0x1204 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:33:35.0659 0x1204 msdsm - ok
08:33:35.0659 0x1204 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:33:35.0659 0x1204 MSDTC - ok
08:33:35.0659 0x1204 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:33:35.0659 0x1204 Msfs - ok
08:33:35.0674 0x1204 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:33:35.0674 0x1204 mshidkmdf - ok
08:33:35.0674 0x1204 [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
08:33:35.0674 0x1204 MSHUSBVideo - ok
08:33:35.0674 0x1204 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:33:35.0674 0x1204 msisadrv - ok
08:33:35.0674 0x1204 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:33:35.0674 0x1204 MSiSCSI - ok
08:33:35.0674 0x1204 msiserver - ok
08:33:35.0674 0x1204 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:33:35.0674 0x1204 MSKSSRV - ok
08:33:35.0674 0x1204 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:33:35.0690 0x1204 MSPCLOCK - ok
08:33:35.0690 0x1204 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:33:35.0690 0x1204 MSPQM - ok
08:33:35.0690 0x1204 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:33:35.0690 0x1204 MsRPC - ok
08:33:35.0690 0x1204 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:33:35.0706 0x1204 mssmbios - ok
08:33:35.0706 0x1204 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:33:35.0706 0x1204 MSTEE - ok
08:33:35.0706 0x1204 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:33:35.0706 0x1204 MTConfig - ok
08:33:35.0706 0x1204 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:33:35.0706 0x1204 Mup - ok
08:33:35.0706 0x1204 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
08:33:35.0721 0x1204 napagent - ok
08:33:35.0721 0x1204 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:33:35.0721 0x1204 NativeWifiP - ok
08:33:35.0737 0x1204 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:33:35.0752 0x1204 NDIS - ok
08:33:35.0752 0x1204 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:33:35.0752 0x1204 NdisCap - ok
08:33:35.0752 0x1204 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:33:35.0752 0x1204 NdisTapi - ok
08:33:35.0768 0x1204 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:33:35.0768 0x1204 Ndisuio - ok
08:33:35.0768 0x1204 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:33:35.0768 0x1204 NdisWan - ok
08:33:35.0768 0x1204 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:33:35.0768 0x1204 NDProxy - ok
08:33:35.0768 0x1204 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:33:35.0768 0x1204 NetBIOS - ok
08:33:35.0784 0x1204 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:33:35.0784 0x1204 NetBT - ok
08:33:35.0784 0x1204 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon C:\Windows\system32\lsass.exe
08:33:35.0784 0x1204 Netlogon - ok
08:33:35.0784 0x1204 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:33:35.0799 0x1204 Netman - ok
08:33:35.0799 0x1204 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0799 0x1204 NetMsmqActivator - ok
08:33:35.0799 0x1204 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0799 0x1204 NetPipeActivator - ok
08:33:35.0815 0x1204 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:33:35.0815 0x1204 netprofm - ok
08:33:35.0830 0x1204 [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
08:33:35.0846 0x1204 netr28ux - ok
08:33:35.0846 0x1204 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0846 0x1204 NetTcpActivator - ok
08:33:35.0846 0x1204 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0846 0x1204 NetTcpPortSharing - ok
08:33:35.0862 0x1204 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:33:35.0862 0x1204 nfrd960 - ok
08:33:36.0049 0x1204 [ 51863664507D84D42DCDA30EE6F284FB, 655DFB2E019E3E5EEF69C90B796F40D74986951BA4A6EA7CDDAE73DAE420FCE9 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
08:33:36.0205 0x1204 NIHardwareService - ok
08:33:36.0361 0x1204 [ F3B089833C4D3B7238C687F2B92FFB95, 2E593CB336ADBB0911AB0150B92E6E9B2A215666F9987BCD7F48A445DB3E2164 ] NIHostIntegrationAgent C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
08:33:36.0486 0x1204 NIHostIntegrationAgent - ok
08:33:36.0501 0x1204 [ EEECC4C67144A39BA5B9B6E351932606, C3CB9042D00559893EA37969898840D3D437703E6B13BCF21253AB40F6071446 ] NIWinCDEmu C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
08:33:36.0501 0x1204 NIWinCDEmu - ok
08:33:36.0501 0x1204 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
08:33:36.0517 0x1204 NlaSvc - ok
08:33:36.0517 0x1204 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF C:\Windows\system32\drivers\npf.sys
08:33:36.0517 0x1204 NPF - ok
08:33:36.0517 0x1204 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:33:36.0517 0x1204 Npfs - ok
08:33:36.0517 0x1204 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:33:36.0517 0x1204 nsi - ok
08:33:36.0517 0x1204 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:33:36.0517 0x1204 nsiproxy - ok
08:33:36.0548 0x1204 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:33:36.0564 0x1204 Ntfs - ok
08:33:36.0564 0x1204 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:33:36.0564 0x1204 Null - ok
08:33:36.0579 0x1204 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:33:36.0579 0x1204 nvraid - ok
08:33:36.0579 0x1204 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:33:36.0579 0x1204 nvstor - ok
08:33:36.0579 0x1204 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:33:36.0579 0x1204 nv_agp - ok
08:33:36.0579 0x1204 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:33:36.0595 0x1204 ohci1394 - ok
08:33:36.0657 0x1204 [ AEE92DF50D5ADF81FC5709ABF7DFF8A5, 655C2FC05FFF3095D4EBC5A88638D1FF9228FE54154431CBC4F2A34197869A90 ] OSFMount T:\FTK\OSForensics\OSFMount64\OSFMount.sys
08:33:36.0673 0x1204 OSFMount - ok
08:33:36.0688 0x1204 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:33:36.0688 0x1204 p2pimsvc - ok
08:33:36.0688 0x1204 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:33:36.0704 0x1204 p2psvc - ok
08:33:36.0954 0x1204 [ C8DB2CA854F8D544B634AE73AB3BC344, 50D242599FA45FA4790DC3672C9EFF1ACA5B79FBBC323E750DD079A7C1CD5A38 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
08:33:37.0172 0x1204 PaceLicenseDServices - ok
08:33:37.0188 0x1204 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
08:33:37.0188 0x1204 Parport - ok
08:33:37.0203 0x1204 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:33:37.0203 0x1204 partmgr - ok
08:33:37.0203 0x1204 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll
08:33:37.0203 0x1204 PcaSvc - ok
08:33:37.0203 0x1204 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
08:33:37.0203 0x1204 pci - ok
08:33:37.0219 0x1204 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
08:33:37.0219 0x1204 pciide - ok
08:33:37.0219 0x1204 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:33:37.0219 0x1204 pcmcia - ok
08:33:37.0219 0x1204 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:33:37.0219 0x1204 pcw - ok
08:33:37.0234 0x1204 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:33:37.0234 0x1204 PEAUTH - ok
08:33:37.0250 0x1204 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:33:37.0250 0x1204 PerfHost - ok
08:33:37.0266 0x1204 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
08:33:37.0281 0x1204 pla - ok
08:33:37.0297 0x1204 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:33:37.0297 0x1204 PlugPlay - ok
08:33:37.0312 0x1204 [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
08:33:37.0312 0x1204 PMBDeviceInfoProvider - ok
08:33:37.0312 0x1204 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:33:37.0312 0x1204 PNRPAutoReg - ok
08:33:37.0328 0x1204 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:33:37.0328 0x1204 PNRPsvc - ok
08:33:37.0328 0x1204 [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:33:37.0328 0x1204 Point64 - ok
08:33:37.0344 0x1204 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:33:37.0344 0x1204 PolicyAgent - ok
08:33:37.0344 0x1204 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:33:37.0359 0x1204 Power - ok
08:33:37.0359 0x1204 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:33:37.0359 0x1204 PptpMiniport - ok
08:33:37.0359 0x1204 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
08:33:37.0359 0x1204 Processor - ok
08:33:37.0359 0x1204 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
08:33:37.0375 0x1204 ProfSvc - ok
08:33:37.0375 0x1204 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:33:37.0375 0x1204 ProtectedStorage - ok
08:33:37.0375 0x1204 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:33:37.0375 0x1204 Psched - ok
08:33:37.0390 0x1204 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:33:37.0422 0x1204 ql2300 - ok
08:33:37.0422 0x1204 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:33:37.0422 0x1204 ql40xx - ok
08:33:37.0422 0x1204 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:33:37.0422 0x1204 QWAVE - ok
08:33:37.0437 0x1204 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:33:37.0437 0x1204 QWAVEdrv - ok
08:33:37.0437 0x1204 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:33:37.0437 0x1204 RasAcd - ok
08:33:37.0437 0x1204 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:33:37.0437 0x1204 RasAgileVpn - ok
08:33:37.0437 0x1204 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:33:37.0437 0x1204 RasAuto - ok
08:33:37.0437 0x1204 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:33:37.0453 0x1204 Rasl2tp - ok
08:33:37.0453 0x1204 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
08:33:37.0453 0x1204 RasMan - ok
08:33:37.0453 0x1204 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:33:37.0453 0x1204 RasPppoe - ok
08:33:37.0468 0x1204 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:33:37.0468 0x1204 RasSstp - ok
08:33:37.0468 0x1204 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:33:37.0468 0x1204 rdbss - ok
08:33:37.0468 0x1204 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:33:37.0468 0x1204 rdpbus - ok
08:33:37.0484 0x1204 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:33:37.0484 0x1204 RDPCDD - ok
08:33:37.0484 0x1204 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:33:37.0484 0x1204 RDPENCDD - ok
08:33:37.0484 0x1204 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:33:37.0484 0x1204 RDPREFMP - ok
08:33:37.0484 0x1204 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:33:37.0484 0x1204 RDPWD - ok
08:33:37.0500 0x1204 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:33:37.0500 0x1204 rdyboost - ok
08:33:37.0500 0x1204 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:33:37.0500 0x1204 RemoteAccess - ok
08:33:37.0500 0x1204 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:33:37.0500 0x1204 RemoteRegistry - ok
08:33:37.0515 0x1204 [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
08:33:37.0515 0x1204 rpcapd - ok
08:33:37.0515 0x1204 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:33:37.0515 0x1204 RpcEptMapper - ok
08:33:37.0515 0x1204 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:33:37.0515 0x1204 RpcLocator - ok
08:33:37.0531 0x1204 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
08:33:37.0531 0x1204 RpcSs - ok
08:33:37.0531 0x1204 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:33:37.0531 0x1204 rspndr - ok
08:33:37.0531 0x1204 [ 24061B0958874C1CB2A5A8E9D25482D4, F84F8173242B95F9F3C4FEA99B5555B33F9CE37CA8188B643871D261CB081496 ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
08:33:37.0531 0x1204 RTCore64 - ok
08:33:37.0578 0x1204 [ CB1D6D163F1FA16571F4E01B12BD3A77, 9D3125DD74B3C4924F39805B62069F9B4B78D6EA5BB769D7DAC7D0AD3FC7D5BC ] RtlWlanu C:\Windows\system32\DRIVERS\rtwlanu.sys
08:33:37.0609 0x1204 RtlWlanu - ok
08:33:37.0609 0x1204 [ E5DCAF3BA52C18B8C267B8525393750E, 874B78270C60FE426C3B35C0B5FD00EA35D88C081BB94E03F9B71E4479FE46A7 ] RunSwUSB C:\Windows\runSW.exe
08:33:37.0609 0x1204 RunSwUSB - ok
08:33:37.0624 0x1204 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] SamSs C:\Windows\system32\lsass.exe
08:33:37.0624 0x1204 SamSs - ok
08:33:37.0624 0x1204 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:33:37.0624 0x1204 sbp2port - ok
08:33:37.0624 0x1204 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:33:37.0624 0x1204 SCardSvr - ok
08:33:37.0624 0x1204 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:33:37.0624 0x1204 scfilter - ok
08:33:37.0640 0x1204 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
08:33:37.0656 0x1204 Schedule - ok
08:33:37.0656 0x1204 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:33:37.0671 0x1204 SCPolicySvc - ok
08:33:37.0671 0x1204 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:33:37.0671 0x1204 SDRSVC - ok
08:33:37.0671 0x1204 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:33:37.0671 0x1204 secdrv - ok
08:33:37.0671 0x1204 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
08:33:37.0671 0x1204 seclogon - ok
08:33:37.0671 0x1204 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
08:33:37.0687 0x1204 SENS - ok
08:33:37.0687 0x1204 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:33:37.0687 0x1204 SensrSvc - ok
08:33:37.0687 0x1204 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:33:37.0687 0x1204 Serenum - ok
08:33:37.0687 0x1204 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
08:33:37.0687 0x1204 Serial - ok
08:33:37.0687 0x1204 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:33:37.0687 0x1204 sermouse - ok
08:33:37.0702 0x1204 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
08:33:37.0702 0x1204 SessionEnv - ok
08:33:37.0702 0x1204 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:33:37.0702 0x1204 sffdisk - ok
08:33:37.0702 0x1204 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:33:37.0702 0x1204 sffp_mmc - ok
08:33:37.0702 0x1204 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:33:37.0702 0x1204 sffp_sd - ok
08:33:37.0702 0x1204 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:33:37.0702 0x1204 sfloppy - ok
08:33:37.0718 0x1204 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:33:37.0718 0x1204 SharedAccess - ok
08:33:37.0718 0x1204 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:33:37.0734 0x1204 ShellHWDetection - ok
08:33:37.0734 0x1204 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:33:37.0734 0x1204 SiSRaid2 - ok
08:33:37.0734 0x1204 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:33:37.0734 0x1204 SiSRaid4 - ok
08:33:37.0734 0x1204 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:33:37.0734 0x1204 Smb - ok
08:33:37.0749 0x1204 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:33:37.0749 0x1204 SNMPTRAP - ok
08:33:37.0749 0x1204 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\SysWOW64\speedfan.sys
08:33:37.0749 0x1204 speedfan - ok
08:33:37.0749 0x1204 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:33:37.0749 0x1204 spldr - ok
08:33:37.0765 0x1204 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
08:33:37.0765 0x1204 Spooler - ok
08:33:37.0812 0x1204 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
08:33:37.0858 0x1204 sppsvc - ok
08:33:37.0858 0x1204 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:33:37.0858 0x1204 sppuinotify - ok
08:33:37.0858 0x1204 [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:33:37.0874 0x1204 srv - ok
08:33:37.0874 0x1204 [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:33:37.0890 0x1204 srv2 - ok
08:33:37.0890 0x1204 [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:33:37.0890 0x1204 srvnet - ok
08:33:37.0890 0x1204 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:33:37.0890 0x1204 SSDPSRV - ok
08:33:37.0905 0x1204 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:33:37.0905 0x1204 SstpSvc - ok
08:33:37.0921 0x1204 [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:33:37.0936 0x1204 Steam Client Service - ok
08:33:37.0936 0x1204 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:33:37.0936 0x1204 stexstor - ok
08:33:37.0952 0x1204 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
08:33:37.0952 0x1204 stisvc - ok
08:33:37.0968 0x1204 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:33:37.0968 0x1204 swenum - ok
08:33:37.0968 0x1204 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:33:37.0983 0x1204 swprv - ok
08:33:37.0999 0x1204 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
08:33:38.0014 0x1204 SysMain - ok
08:33:38.0030 0x1204 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:33:38.0030 0x1204 TabletInputService - ok
08:33:38.0030 0x1204 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
08:33:38.0030 0x1204 tap0901 - ok
08:33:38.0030 0x1204 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:33:38.0046 0x1204 TapiSrv - ok
08:33:38.0061 0x1204 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:33:38.0092 0x1204 Tcpip - ok
08:33:38.0108 0x1204 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:33:38.0139 0x1204 TCPIP6 - ok
08:33:38.0139 0x1204 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:33:38.0139 0x1204 tcpipreg - ok
08:33:38.0139 0x1204 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:33:38.0139 0x1204 TDPIPE - ok
08:33:38.0139 0x1204 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:33:38.0139 0x1204 TDTCP - ok
08:33:38.0155 0x1204 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:33:38.0155 0x1204 tdx - ok
08:33:38.0295 0x1204 [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
08:33:38.0404 0x1204 TeamViewer - ok
08:33:38.0420 0x1204 [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
08:33:38.0420 0x1204 teamviewervpn - ok
08:33:38.0420 0x1204 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:33:38.0420 0x1204 TermDD - ok
08:33:38.0436 0x1204 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
08:33:38.0436 0x1204 TermService - ok
08:33:38.0451 0x1204 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:33:38.0451 0x1204 Themes - ok
08:33:38.0451 0x1204 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:33:38.0451 0x1204 THREADORDER - ok
08:33:38.0451 0x1204 [ D154DD00C8F12D94C9CC94027356B6E4, 501026564147DC43D0764521816B8D20576DA8F5D9DB0D2D8D3A16AA48A534A3 ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
08:33:38.0451 0x1204 Tpkd - ok
08:33:38.0467 0x1204 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:33:38.0467 0x1204 TrkWks - ok
08:33:38.0467 0x1204 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:33:38.0467 0x1204 TrustedInstaller - ok
08:33:38.0467 0x1204 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:33:38.0467 0x1204 tssecsrv - ok
08:33:38.0467 0x1204 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:33:38.0467 0x1204 TsUsbFlt - ok
08:33:38.0482 0x1204 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:33:38.0482 0x1204 TsUsbGD - ok
08:33:38.0482 0x1204 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:33:38.0482 0x1204 tunnel - ok
08:33:38.0482 0x1204 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:33:38.0482 0x1204 uagp35 - ok
08:33:38.0498 0x1204 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:33:38.0498 0x1204 udfs - ok
08:33:38.0498 0x1204 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:33:38.0498 0x1204 UI0Detect - ok
08:33:38.0498 0x1204 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:33:38.0498 0x1204 uliagpkx - ok
08:33:38.0498 0x1204 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:33:38.0498 0x1204 umbus - ok
08:33:38.0514 0x1204 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:33:38.0514 0x1204 UmPass - ok
08:33:38.0514 0x1204 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:33:38.0514 0x1204 upnphost - ok
08:33:38.0514 0x1204 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:33:38.0529 0x1204 usbaudio - ok
08:33:38.0529 0x1204 [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:33:38.0529 0x1204 usbccgp - ok
08:33:38.0529 0x1204 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:33:38.0529 0x1204 usbcir - ok
08:33:38.0529 0x1204 [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:33:38.0529 0x1204 usbehci - ok
08:33:38.0545 0x1204 [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub C:\Windows\system32\drivers\usbhub.sys
08:33:38.0545 0x1204 usbhub - ok
08:33:38.0545 0x1204 [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:33:38.0545 0x1204 usbohci - ok
08:33:38.0545 0x1204 [ E657C5CEA6B8EF318FEA1BCF971EE32D, B97314C2E82E2D942BE22D59DA8703EBF6631EF82ED34EDCD210CC37E206DE37 ] USBPcap C:\Windows\system32\DRIVERS\USBPcap.sys
08:33:38.0545 0x1204 USBPcap - ok
08:33:38.0545 0x1204 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:33:38.0545 0x1204 usbprint - ok
08:33:38.0560 0x1204 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:33:38.0560 0x1204 USBSTOR - ok
08:33:38.0560 0x1204 [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:33:38.0560 0x1204 usbuhci - ok
08:33:38.0560 0x1204 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:33:38.0560 0x1204 usbvideo - ok
08:33:38.0560 0x1204 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:33:38.0560 0x1204 UxSms - ok
08:33:38.0576 0x1204 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] VaultSvc C:\Windows\system32\lsass.exe
08:33:38.0576 0x1204 VaultSvc - ok
08:33:38.0576 0x1204 [ B9762134953EF28EC04286AA4B35863E, 032C3CCA358E3AEA18FEAD374223544C69287B7380892BB266573D9BEB571B4E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
08:33:38.0592 0x1204 VBoxDrv - ok
08:33:38.0592 0x1204 [ 6DFE5B5F1E614E2088139D4A0C11AB15, 4347577D3E913EED1A094026B6898875B0DA7C5D57182DF77762EDDC3C0AF63F ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
08:33:38.0592 0x1204 VBoxNetAdp - ok
08:33:38.0607 0x1204 [ E4DCFB40B687F565CD8261EB558586BD, 7B961F069850653DDB9EA68A67A5129845B6F735EB99F6591E109AEF425B84F9 ] VBoxNetLwf C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
08:33:38.0607 0x1204 VBoxNetLwf - ok
08:33:38.0607 0x1204 [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
08:33:38.0607 0x1204 VBoxUSB - ok
08:33:38.0607 0x1204 [ 312FB8707B51E327DFFBD7DD08BE9E2E, 02E0A4FCA3560B993209C6F2BF4C4056162FE8F6B9560C142E8263DCFBE7BE90 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
08:33:38.0623 0x1204 VBoxUSBMon - ok
08:33:38.0623 0x1204 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:33:38.0623 0x1204 vdrvroot - ok
08:33:38.0623 0x1204 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
08:33:38.0638 0x1204 vds - ok
08:33:38.0638 0x1204 [ C0BB7F0C789AC778549DCC20B18A8DC0, 6C985B008488EB9766C4CE6709C37AF6ECCEDA7A69EB45627B1871D891D925DF ] veracrypt C:\Windows\system32\drivers\veracrypt.sys
08:33:38.0638 0x1204 veracrypt - ok
08:33:38.0638 0x1204 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:33:38.0638 0x1204 vga - ok
08:33:38.0638 0x1204 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:33:38.0638 0x1204 VgaSave - ok
08:33:38.0654 0x1204 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:33:38.0654 0x1204 vhdmp - ok
08:33:38.0654 0x1204 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
08:33:38.0654 0x1204 viaide - ok
08:33:38.0654 0x1204 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:33:38.0654 0x1204 volmgr - ok
08:33:38.0670 0x1204 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:33:38.0670 0x1204 volmgrx - ok
08:33:38.0670 0x1204 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:33:38.0670 0x1204 volsnap - ok
08:33:38.0685 0x1204 [ 0804B6E024B4A3116E8BF39B65933329, B6A816FAD170E16D03D0F1293B937B600D393331011A8DF66CC3D1EE6569922C ] vpnpbus C:\Windows\system32\DRIVERS\vpnpbus.sys
08:33:38.0685 0x1204 vpnpbus - ok
08:33:38.0685 0x1204 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:33:38.0685 0x1204 vsmraid - ok
08:33:38.0701 0x1204 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
08:33:38.0732 0x1204 VSS - ok
08:33:38.0732 0x1204 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:33:38.0732 0x1204 vwifibus - ok
08:33:38.0732 0x1204 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:33:38.0732 0x1204 vwififlt - ok
08:33:38.0732 0x1204 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:33:38.0732 0x1204 vwifimp - ok
08:33:38.0748 0x1204 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:33:38.0748 0x1204 W32Time - ok
08:33:38.0748 0x1204 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:33:38.0748 0x1204 WacomPen - ok
08:33:38.0748 0x1204 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:33:38.0748 0x1204 WANARP - ok
08:33:38.0748 0x1204 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:33:38.0763 0x1204 Wanarpv6 - ok
08:33:38.0779 0x1204 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
08:33:38.0794 0x1204 wbengine - ok
08:33:38.0794 0x1204 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:33:38.0810 0x1204 WbioSrvc - ok
08:33:38.0810 0x1204 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:33:38.0810 0x1204 wcncsvc - ok
08:33:38.0810 0x1204 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:33:38.0826 0x1204 WcsPlugInService - ok
08:33:38.0826 0x1204 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
08:33:38.0826 0x1204 Wd - ok
08:33:38.0826 0x1204 [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
08:33:38.0826 0x1204 WDC_SAM - ok
08:33:38.0841 0x1204 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:33:38.0841 0x1204 Wdf01000 - ok
08:33:38.0841 0x1204 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:33:38.0841 0x1204 WdiServiceHost - ok
08:33:38.0857 0x1204 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:33:38.0857 0x1204 WdiSystemHost - ok
08:33:38.0857 0x1204 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
08:33:38.0857 0x1204 WebClient - ok
08:33:38.0872 0x1204 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:33:38.0872 0x1204 Wecsvc - ok
08:33:38.0872 0x1204 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:33:38.0872 0x1204 wercplsupport - ok
08:33:38.0872 0x1204 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:33:38.0872 0x1204 WerSvc - ok
08:33:38.0872 0x1204 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:33:38.0888 0x1204 WfpLwf - ok
08:33:38.0888 0x1204 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:33:38.0888 0x1204 WIMMount - ok
08:33:38.0888 0x1204 WinDefend - ok
08:33:38.0888 0x1204 WinHttpAutoProxySvc - ok
08:33:38.0888 0x1204 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:33:38.0888 0x1204 Winmgmt - ok
08:33:38.0919 0x1204 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
08:33:38.0950 0x1204 WinRM - ok
08:33:38.0950 0x1204 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:33:38.0950 0x1204 WinUsb - ok
08:33:38.0966 0x1204 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:33:38.0982 0x1204 Wlansvc - ok
08:33:38.0982 0x1204 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:33:38.0982 0x1204 WmiAcpi - ok
08:33:38.0982 0x1204 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:33:38.0982 0x1204 wmiApSrv - ok
08:33:38.0982 0x1204 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:33:38.0982 0x1204 WPCSvc - ok
08:33:38.0997 0x1204 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:33:38.0997 0x1204 WPDBusEnum - ok
08:33:38.0997 0x1204 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:33:38.0997 0x1204 ws2ifsl - ok
08:33:38.0997 0x1204 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
08:33:38.0997 0x1204 wscsvc - ok
08:33:38.0997 0x1204 WSearch - ok
08:33:39.0044 0x1204 [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv C:\Windows\system32\wuaueng.dll
08:33:39.0060 0x1204 wuauserv - ok
08:33:39.0075 0x1204 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:33:39.0075 0x1204 WudfPf - ok
08:33:39.0075 0x1204 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:33:39.0075 0x1204 WUDFRd - ok
08:33:39.0075 0x1204 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:33:39.0091 0x1204 wudfsvc - ok
08:33:39.0091 0x1204 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:33:39.0091 0x1204 WwanSvc - ok
08:33:39.0091 0x1204 ================ Scan global ===============================
08:33:39.0106 0x1204 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
08:33:39.0106 0x1204 [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:33:39.0106 0x1204 [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:33:39.0122 0x1204 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:33:39.0122 0x1204 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
08:33:39.0122 0x1204 [ Global ] - ok
|
|
29.03.2017, 08:07
| #5 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? #2/2 Code:
ATTFilter 08:33:39.0122 0x1204 ================ Scan MBR ==================================
08:33:39.0138 0x1204 [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk0\DR0
08:33:39.0200 0x1204 \Device\Harddisk0\DR0 - ok
08:33:39.0231 0x1204 [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk1\DR1
08:33:39.0231 0x1204 \Device\Harddisk1\DR1 - ok
08:33:39.0231 0x1204 [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk3\DR3
08:33:39.0418 0x1204 \Device\Harddisk3\DR3 - ok
08:33:39.0465 0x1204 [ 5FB38429D5D77768867C76DCBDB351 ] \Device\Harddisk4\DR4
08:33:39.0465 0x1204 \Device\Harddisk4\DR4 - ok
08:33:39.0465 0x1204 [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk2\DR2
08:33:39.0465 0x1204 \Device\Harddisk2\DR2 - ok
08:33:39.0465 0x1204 [ 5FB38429D5D77768867C76DCBDB351 ] \Device\Harddisk6\DR6
08:33:39.0481 0x1204 \Device\Harddisk6\DR6 - ok
08:33:39.0481 0x1204 ================ Scan VBR ==================================
08:33:39.0481 0x1204 [ 74332BDD85CCD319ACAC8835903D3F ] \Device\Harddisk0\DR0\Partition1
08:33:39.0481 0x1204 \Device\Harddisk0\DR0\Partition1 - ok
08:33:39.0481 0x1204 [ E6418B4AB1CA8DAC3AFA50FAF4D751 ] \Device\Harddisk1\DR1\Partition1
08:33:39.0481 0x1204 \Device\Harddisk1\DR1\Partition1 - ok
08:33:39.0481 0x1204 [ 284DD4A4C34F1A4011505DCAEAE5F1 ] \Device\Harddisk3\DR3\Partition1
08:33:39.0481 0x1204 \Device\Harddisk3\DR3\Partition1 - ok
08:33:39.0481 0x1204 [ 5452882DF8BC2948CEFE9BADBA7E1E ] \Device\Harddisk4\DR4\Partition1
08:33:39.0481 0x1204 \Device\Harddisk4\DR4\Partition1 - ok
08:33:39.0481 0x1204 [ 968005344DE1B36D36991B76FAD2D247 ] \Device\Harddisk2\DR2\Partition1
08:33:39.0496 0x1204 \Device\Harddisk2\DR2\Partition1 - ok
08:33:39.0496 0x1204 [ 7D307B81C9F87F79DB5EEF5803D40BC8 ] \Device\Harddisk6\DR6\Partition1
08:33:39.0496 0x1204 \Device\Harddisk6\DR6\Partition1 - ok
08:33:39.0496 0x1204 [ 2E2A8533E883D1A42F990AA85BA383 ] \Device\Harddisk6\DR6\Partition2
08:33:39.0496 0x1204 \Device\Harddisk6\DR6\Partition2 - ok
08:33:39.0496 0x1204 [ 2E2A853883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition3
08:33:39.0496 0x1204 \Device\Harddisk6\DR6\Partition3 - ok
08:33:39.0496 0x1204 ================ Scan generic autorun ======================
08:33:39.0528 0x1204 [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
08:33:39.0559 0x1204 IntelliPoint - ok
08:33:39.0559 0x1204 [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
08:33:39.0559 0x1204 amd_dc_opt - ok
08:33:39.0559 0x1204 Sidebar - ok
08:33:39.0574 0x1204 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:33:39.0574 0x1204 mctadmin - ok
08:33:39.0574 0x1204 Sidebar - ok
08:33:39.0574 0x1204 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:33:39.0574 0x1204 mctadmin - ok
08:33:39.0606 0x1204 [ B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
08:33:39.0621 0x1204 Process Hacker 2 - ok
08:33:39.0730 0x1204 [ 52F5D651B8E39F258C1C34272FEB1AB2, C13AD8762A4474D8246DE7BC023244BD74456D45348F74F77373CC61C238A0F3 ] C:\Program Files\CCleaner\CCleaner64.exe
08:33:39.0824 0x1204 CCleaner Monitoring - ok
08:33:39.0902 0x1204 [ D03053F72A74801A32F41EFD088FA30E, 3F6E9AD19139F9A5881DB475EC3FD817C1F8CA1622B97E8864A7C59A7F7A2DA2 ] C:\Program Files (x86)\GlassWire\glasswire.exe
08:33:39.0964 0x1204 GlassWire - ok
08:33:39.0980 0x1204 Waiting for KSN requests completion. In queue: 97
08:33:40.0994 0x1204 Win FW state via NFP2: enabled ( trusted )
08:33:41.0150 0x1204 ============================================================
08:33:41.0150 0x1204 Scan finished
08:33:41.0150 0x1204 ============================================================
08:33:41.0150 0x0a0c Detected object count: 0
08:33:41.0150 0x0a0c Actual detected object count: 0
08:34:55.0233 0x0a00 ============================================================
08:34:55.0233 0x0a00 Scan started
08:34:55.0233 0x0a00 Mode: Manual; SigCheck; TDLFS;
08:34:55.0233 0x0a00 ============================================================
08:34:55.0233 0x0a00 KSN ping started
08:34:55.0345 0x0a00 KSN ping finished: true
08:34:56.0650 0x0a00 ================ Scan system memory ========================
08:34:56.0650 0x0a00 System memory - ok
08:34:56.0650 0x0a00 ================ Scan services =============================
08:34:56.0667 0x0a00 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:34:56.0685 0x0a00 1394ohci - ok
08:34:56.0691 0x0a00 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:34:56.0700 0x0a00 ACPI - ok
08:34:56.0702 0x0a00 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:34:56.0709 0x0a00 AcpiPmi - ok
08:34:56.0713 0x0a00 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:34:56.0715 0x0a00 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
08:34:56.0715 0x0a00 Detect skipped due to KSN trusted
08:34:56.0715 0x0a00 Adobe LM Service - ok
08:34:56.0723 0x0a00 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:34:56.0734 0x0a00 adp94xx - ok
08:34:56.0741 0x0a00 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:34:56.0749 0x0a00 adpahci - ok
08:34:56.0754 0x0a00 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:34:56.0760 0x0a00 adpu320 - ok
08:34:56.0764 0x0a00 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:34:56.0769 0x0a00 AeLookupSvc - ok
08:34:56.0778 0x0a00 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
08:34:56.0788 0x0a00 AFD - ok
08:34:56.0791 0x0a00 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
08:34:56.0796 0x0a00 agp440 - ok
08:34:56.0799 0x0a00 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
08:34:56.0805 0x0a00 ALG - ok
08:34:56.0807 0x0a00 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
08:34:56.0811 0x0a00 aliide - ok
08:34:56.0816 0x0a00 [ C2C6576BD76BDBD5D29555440C0F147B, EB92CCF0670493B63D073976F5026C0F5954733CBC20812118F13716503C249B ] amdacpksd C:\Windows\system32\drivers\amdacpksd.sys
08:34:56.0829 0x0a00 amdacpksd - ok
08:34:56.0831 0x0a00 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
08:34:56.0835 0x0a00 amdide - ok
08:34:56.0838 0x0a00 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:34:56.0843 0x0a00 AmdK8 - ok
08:34:56.0845 0x0a00 amdkmdag - ok
08:34:56.0853 0x0a00 [ 6489E58445DC4E53EE1446EC0CB04842, 13449C7B0BBDC1F2D0B5C9A0299BED47475D2D249BD5E24F68F9E06C4DC601BF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:34:56.0868 0x0a00 amdkmdap - ok
08:34:56.0871 0x0a00 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:34:56.0876 0x0a00 AmdPPM - ok
08:34:56.0879 0x0a00 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:34:56.0885 0x0a00 amdsata - ok
08:34:56.0889 0x0a00 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:34:56.0895 0x0a00 amdsbs - ok
08:34:56.0898 0x0a00 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:34:56.0902 0x0a00 amdxata - ok
08:34:56.0904 0x0a00 [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID C:\Windows\system32\drivers\appid.sys
08:34:56.0910 0x0a00 AppID - ok
08:34:56.0912 0x0a00 [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:34:56.0917 0x0a00 AppIDSvc - ok
08:34:56.0919 0x0a00 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll
08:34:56.0925 0x0a00 Appinfo - ok
08:34:56.0927 0x0a00 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
08:34:56.0933 0x0a00 arc - ok
08:34:56.0936 0x0a00 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:34:56.0941 0x0a00 arcsas - ok
08:34:56.0956 0x0a00 [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
08:34:56.0972 0x0a00 asComSvc - ok
08:34:56.0987 0x0a00 [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
08:34:57.0003 0x0a00 asHmComSvc - ok
08:34:57.0012 0x0a00 [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
08:34:57.0016 0x0a00 AsIO - ok
08:34:57.0022 0x0a00 [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:34:57.0028 0x0a00 aspnet_state - ok
08:34:57.0030 0x0a00 [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
08:34:57.0033 0x0a00 AsUpIO - ok
08:34:57.0035 0x0a00 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:34:57.0052 0x0a00 AsyncMac - ok
08:34:57.0055 0x0a00 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
08:34:57.0059 0x0a00 atapi - ok
08:34:57.0063 0x0a00 [ F9DB31BC5CD3700D37DB136BA56E5E9D, 9AB7421975500EE7FE583CCF86914F94E697606A9199DC4F27D5609554C5D3F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:34:57.0068 0x0a00 AtiHDAudioService - ok
08:34:57.0079 0x0a00 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:34:57.0093 0x0a00 AudioEndpointBuilder - ok
08:34:57.0104 0x0a00 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:34:57.0117 0x0a00 AudioSrv - ok
08:34:57.0121 0x0a00 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:34:57.0130 0x0a00 AxInstSV - ok
08:34:57.0138 0x0a00 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:34:57.0149 0x0a00 b06bdrv - ok
08:34:57.0155 0x0a00 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:34:57.0163 0x0a00 b57nd60a - ok
08:34:57.0167 0x0a00 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
08:34:57.0173 0x0a00 BDESVC - ok
08:34:57.0175 0x0a00 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
08:34:57.0191 0x0a00 Beep - ok
08:34:57.0203 0x0a00 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
08:34:57.0217 0x0a00 BFE - ok
08:34:57.0230 0x0a00 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
08:34:57.0258 0x0a00 BITS - ok
08:34:57.0262 0x0a00 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:34:57.0267 0x0a00 blbdrive - ok
08:34:57.0275 0x0a00 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:34:57.0284 0x0a00 Bonjour Service - ok
08:34:57.0288 0x0a00 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:34:57.0294 0x0a00 bowser - ok
08:34:57.0296 0x0a00 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:34:57.0301 0x0a00 BrFiltLo - ok
08:34:57.0303 0x0a00 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:34:57.0309 0x0a00 BrFiltUp - ok
08:34:57.0313 0x0a00 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
08:34:57.0319 0x0a00 Browser - ok
08:34:57.0325 0x0a00 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:34:57.0333 0x0a00 Brserid - ok
08:34:57.0336 0x0a00 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:34:57.0342 0x0a00 BrSerWdm - ok
08:34:57.0344 0x0a00 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:34:57.0350 0x0a00 BrUsbMdm - ok
08:34:57.0352 0x0a00 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:34:57.0356 0x0a00 BrUsbSer - ok
08:34:57.0359 0x0a00 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:34:57.0365 0x0a00 BTHMODEM - ok
08:34:57.0369 0x0a00 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
08:34:57.0386 0x0a00 bthserv - ok
08:34:57.0391 0x0a00 [ 95C2FEB994798596F0E2CB2BB2C7F45A, 78A39A6EF8E29620F22970AF4AE37404FC33D308BF83F8CDF16F0A79C5561AAF ] cbdisk3 C:\Windows\system32\drivers\cbdisk3.sys
08:34:57.0398 0x0a00 cbdisk3 - ok
08:34:57.0405 0x0a00 [ 6C1506E58A2A0F1FC6756D322C576C5F, FBAE9597A594956AD6677DB0FB7FC2483DA6450E66BEB9B2D2D4F2C1373B7AA8 ] cbfs4 C:\Windows\system32\drivers\cbfs4.sys
08:34:57.0413 0x0a00 cbfs4 - ok
08:34:57.0417 0x0a00 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:34:57.0435 0x0a00 cdfs - ok
08:34:57.0439 0x0a00 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:34:57.0445 0x0a00 cdrom - ok
08:34:57.0448 0x0a00 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
08:34:57.0465 0x0a00 CertPropSvc - ok
08:34:57.0469 0x0a00 [ 2B2559146B072EB183DA1AB57E38E886, CAAE41158C3D5EA55834085C9161DB1EFF173CDF2FD0340B5289F541C294C5CC ] CG6Service C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
08:34:57.0475 0x0a00 CG6Service - ok
08:34:57.0478 0x0a00 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
08:34:57.0484 0x0a00 circlass - ok
08:34:57.0490 0x0a00 [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS C:\Windows\system32\CLFS.sys
08:34:57.0500 0x0a00 CLFS - ok
08:34:57.0504 0x0a00 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:57.0509 0x0a00 clr_optimization_v2.0.50727_32 - ok
08:34:57.0512 0x0a00 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:57.0517 0x0a00 clr_optimization_v2.0.50727_64 - ok
08:34:57.0522 0x0a00 [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:57.0528 0x0a00 clr_optimization_v4.0.30319_32 - ok
08:34:57.0534 0x0a00 [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:57.0540 0x0a00 clr_optimization_v4.0.30319_64 - ok
08:34:57.0542 0x0a00 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:34:57.0547 0x0a00 CmBatt - ok
08:34:57.0549 0x0a00 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:34:57.0553 0x0a00 cmdide - ok
08:34:57.0561 0x0a00 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG C:\Windows\system32\Drivers\cng.sys
08:34:57.0574 0x0a00 CNG - ok
08:34:57.0576 0x0a00 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:34:57.0581 0x0a00 Compbatt - ok
08:34:57.0583 0x0a00 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:34:57.0589 0x0a00 CompositeBus - ok
08:34:57.0591 0x0a00 COMSysApp - ok
08:34:57.0603 0x0a00 [ E20D73654A05670BD21F7876A3A0F747, A1708A4291641D8D17A6A4A7CE80A2B26046D3C35D5F718B008F0D3B290953DC ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:34:57.0612 0x0a00 cphs - ok
08:34:57.0614 0x0a00 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:34:57.0618 0x0a00 crcdisk - ok
08:34:57.0623 0x0a00 [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:34:57.0631 0x0a00 CryptSvc - ok
08:34:57.0641 0x0a00 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
08:34:57.0653 0x0a00 DcomLaunch - ok
08:34:57.0655 0x0a00 [ 5DE1DB1FD27B0486292C881E1D94437E, D2D824CE9F7B57A3659B2249531DBA85C114E65D4EEBA3A159607B2104FF704B ] debutfilter C:\Windows\system32\DRIVERS\debutfilterx64.sys
08:34:57.0659 0x0a00 debutfilter - ok
08:34:57.0665 0x0a00 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
08:34:57.0686 0x0a00 defragsvc - ok
08:34:57.0689 0x0a00 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:34:57.0696 0x0a00 DfsC - ok
08:34:57.0702 0x0a00 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:34:57.0712 0x0a00 Dhcp - ok
08:34:57.0737 0x0a00 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
08:34:57.0760 0x0a00 DiagTrack - ok
08:34:57.0767 0x0a00 [ F81460DB0644F0E825109F2E0E9F5D06, 21F26663CE22412BC9E6F4CD0F7FC536ED8844DE7C2C104616ACADBF4F47A839 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
08:34:57.0772 0x0a00 DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
08:34:57.0772 0x0a00 Detect skipped due to KSN trusted
08:34:57.0772 0x0a00 DirMngr - ok
08:34:57.0774 0x0a00 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
08:34:57.0792 0x0a00 discache - ok
08:34:57.0795 0x0a00 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
08:34:57.0800 0x0a00 Disk - ok
08:34:57.0805 0x0a00 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:34:57.0812 0x0a00 Dnscache - ok
08:34:57.0818 0x0a00 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
08:34:57.0837 0x0a00 dot3svc - ok
08:34:57.0841 0x0a00 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
08:34:57.0860 0x0a00 DPS - ok
08:34:57.0862 0x0a00 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:34:57.0866 0x0a00 drmkaud - ok
08:34:57.0881 0x0a00 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:34:57.0898 0x0a00 DXGKrnl - ok
08:34:57.0908 0x0a00 [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
08:34:57.0918 0x0a00 e1dexpress - ok
08:34:57.0921 0x0a00 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
08:34:57.0940 0x0a00 EapHost - ok
08:34:57.0985 0x0a00 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:34:58.0033 0x0a00 ebdrv - ok
08:34:58.0039 0x0a00 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS C:\Windows\System32\lsass.exe
08:34:58.0045 0x0a00 EFS - ok
08:34:58.0054 0x0a00 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:34:58.0065 0x0a00 elxstor - ok
08:34:58.0067 0x0a00 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:34:58.0072 0x0a00 ErrDev - ok
08:34:58.0081 0x0a00 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
08:34:58.0103 0x0a00 EventSystem - ok
08:34:58.0108 0x0a00 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
08:34:58.0127 0x0a00 exfat - ok
08:34:58.0132 0x0a00 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:34:58.0151 0x0a00 fastfat - ok
08:34:58.0153 0x0a00 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
08:34:58.0158 0x0a00 fdc - ok
08:34:58.0160 0x0a00 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
08:34:58.0177 0x0a00 fdPHost - ok
08:34:58.0179 0x0a00 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
08:34:58.0197 0x0a00 FDResPub - ok
08:34:58.0200 0x0a00 [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio C:\Windows\system32\DRIVERS\ffusb2audio.sys
08:34:58.0206 0x0a00 ffusb2audio - ok
08:34:58.0208 0x0a00 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:34:58.0213 0x0a00 FileInfo - ok
08:34:58.0215 0x0a00 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:34:58.0232 0x0a00 Filetrace - ok
08:34:58.0234 0x0a00 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:34:58.0239 0x0a00 flpydisk - ok
08:34:58.0245 0x0a00 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:34:58.0252 0x0a00 FltMgr - ok
08:34:58.0270 0x0a00 [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache C:\Windows\system32\FntCache.dll
08:34:58.0290 0x0a00 FontCache - ok
08:34:58.0294 0x0a00 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:34:58.0298 0x0a00 FontCache3.0.0.0 - ok
08:34:58.0300 0x0a00 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:34:58.0305 0x0a00 FsDepends - ok
08:34:58.0307 0x0a00 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:34:58.0312 0x0a00 Fs_Rec - ok
08:34:58.0316 0x0a00 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:34:58.0325 0x0a00 fvevol - ok
08:34:58.0328 0x0a00 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:34:58.0333 0x0a00 gagp30kx - ok
08:34:58.0396 0x0a00 [ 25BBECC7C72D4A1A021FA34534C1C822, F03164CB1624B2E4F6CCDF78562620DD81A3A985D5A6CFF7298B781D924F2F19 ] GlassWire C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
08:34:58.0479 0x0a00 GlassWire - ok
08:34:58.0497 0x0a00 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
08:34:58.0512 0x0a00 gpsvc - ok
08:34:58.0515 0x0a00 [ 3CF2C2F026B06D3F6B9A402DD50D5C9B, EEC63C73D54BC6F9AA53F6A248A041E3A0F1CE39386DA6243B42D1C14A322B2B ] gwdrv C:\Windows\system32\DRIVERS\gwdrv.sys
08:34:58.0519 0x0a00 gwdrv - ok
08:34:58.0521 0x0a00 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:34:58.0525 0x0a00 hcw85cir - ok
08:34:58.0532 0x0a00 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:34:58.0542 0x0a00 HdAudAddService - ok
08:34:58.0546 0x0a00 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:34:58.0553 0x0a00 HDAudBus - ok
08:34:58.0555 0x0a00 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:34:58.0560 0x0a00 HidBatt - ok
08:34:58.0563 0x0a00 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:34:58.0570 0x0a00 HidBth - ok
08:34:58.0572 0x0a00 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
08:34:58.0579 0x0a00 HidIr - ok
08:34:58.0581 0x0a00 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
08:34:58.0598 0x0a00 hidserv - ok
08:34:58.0601 0x0a00 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:34:58.0605 0x0a00 HidUsb - ok
08:34:58.0607 0x0a00 [ BBCC44D677183BEFED776C1ED6B138D1, A219E3C834550FA70E3D3986BFB31C40249B8A43F13BA023B21341C08249A65C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
08:34:58.0609 0x0a00 HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
08:34:58.0648 0x0a00 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
08:34:58.0753 0x0a00 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:34:58.0771 0x0a00 hkmsvc - ok
08:34:58.0776 0x0a00 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:34:58.0784 0x0a00 HomeGroupListener - ok
08:34:58.0789 0x0a00 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:34:58.0796 0x0a00 HomeGroupProvider - ok
08:34:58.0799 0x0a00 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:34:58.0804 0x0a00 HpSAMD - ok
08:34:58.0816 0x0a00 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:34:58.0831 0x0a00 HTTP - ok
08:34:58.0833 0x0a00 [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO64A.SYS
08:34:58.0837 0x0a00 HWiNFO32 - ok
08:34:58.0839 0x0a00 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:34:58.0843 0x0a00 hwpolicy - ok
08:34:58.0846 0x0a00 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:34:58.0852 0x0a00 i8042prt - ok
08:34:58.0860 0x0a00 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:34:58.0870 0x0a00 iaStorV - ok
08:34:58.0883 0x0a00 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:34:58.0899 0x0a00 idsvc - ok
08:34:58.0901 0x0a00 IEEtwCollectorService - ok
08:34:58.0967 0x0a00 [ 4AA0CEDCA2DCCD38B6F0AA56BC7B80BB, B4D88292CD95DB1DC9BE7A721D3886889D9761F48BCA5ABA8EB8492B53FCC007 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:34:59.0060 0x0a00 igfx - ok
08:34:59.0072 0x0a00 [ 486F05A5B011EA206AD5F6BB9A032A6B, 77A9113C6A8C0C096CA2B4A4A70C33A75C3DF14B36BCD10605DC34F39EBABA76 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
08:34:59.0081 0x0a00 igfxCUIService1.0.0.0 - ok
08:34:59.0084 0x0a00 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:34:59.0088 0x0a00 iirsp - ok
08:34:59.0101 0x0a00 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
08:34:59.0118 0x0a00 IKEEXT - ok
08:34:59.0127 0x0a00 [ 9D01DDF5EA8494BBCBB73FF385E35D35, C575DC65275BEA8558A855C7DC6CFA84BD7F48D24BB0C522084E89DDC5CB02A7 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:34:59.0140 0x0a00 IntcDAud - ok
08:34:59.0153 0x0a00 [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:34:59.0164 0x0a00 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
08:34:59.0164 0x0a00 Detect skipped due to KSN trusted
08:34:59.0164 0x0a00 Intel(R) Capability Licensing Service Interface - ok
08:34:59.0176 0x0a00 [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
08:34:59.0191 0x0a00 Intel(R) Capability Licensing Service TCP IP Interface - ok
08:34:59.0196 0x0a00 [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
08:34:59.0202 0x0a00 Intel(R) PROSet Monitoring Service - ok
08:34:59.0204 0x0a00 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
08:34:59.0208 0x0a00 intelide - ok
08:34:59.0211 0x0a00 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:34:59.0216 0x0a00 intelppm - ok
08:34:59.0219 0x0a00 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:34:59.0238 0x0a00 IPBusEnum - ok
08:34:59.0240 0x0a00 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:34:59.0257 0x0a00 IpFilterDriver - ok
08:34:59.0267 0x0a00 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:34:59.0279 0x0a00 iphlpsvc - ok
08:34:59.0282 0x0a00 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:34:59.0288 0x0a00 IPMIDRV - ok
08:34:59.0291 0x0a00 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:34:59.0309 0x0a00 IPNAT - ok
08:34:59.0311 0x0a00 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:34:59.0318 0x0a00 IRENUM - ok
08:34:59.0320 0x0a00 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:34:59.0324 0x0a00 isapnp - ok
08:34:59.0330 0x0a00 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:34:59.0337 0x0a00 iScsiPrt - ok
08:34:59.0342 0x0a00 [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
08:34:59.0347 0x0a00 jhi_service - ok
08:34:59.0350 0x0a00 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:34:59.0354 0x0a00 kbdclass - ok
08:34:59.0356 0x0a00 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:34:59.0361 0x0a00 kbdhid - ok
08:34:59.0363 0x0a00 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso C:\Windows\system32\lsass.exe
08:34:59.0368 0x0a00 KeyIso - ok
08:34:59.0371 0x0a00 [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:34:59.0376 0x0a00 KSecDD - ok
08:34:59.0380 0x0a00 [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:34:59.0386 0x0a00 KSecPkg - ok
08:34:59.0388 0x0a00 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:34:59.0405 0x0a00 ksthunk - ok
08:34:59.0411 0x0a00 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
08:34:59.0434 0x0a00 KtmRm - ok
08:34:59.0439 0x0a00 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:34:59.0459 0x0a00 LanmanServer - ok
08:34:59.0462 0x0a00 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:34:59.0480 0x0a00 LanmanWorkstation - ok
08:34:59.0484 0x0a00 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:34:59.0501 0x0a00 lltdio - ok
08:34:59.0507 0x0a00 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:34:59.0529 0x0a00 lltdsvc - ok
08:34:59.0531 0x0a00 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:34:59.0548 0x0a00 lmhosts - ok
08:34:59.0555 0x0a00 [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:34:59.0563 0x0a00 LMS - ok
08:34:59.0568 0x0a00 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:34:59.0573 0x0a00 LSI_FC - ok
08:34:59.0576 0x0a00 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:34:59.0581 0x0a00 LSI_SAS - ok
08:34:59.0584 0x0a00 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:34:59.0589 0x0a00 LSI_SAS2 - ok
08:34:59.0592 0x0a00 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:34:59.0597 0x0a00 LSI_SCSI - ok
08:34:59.0600 0x0a00 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
08:34:59.0619 0x0a00 luafv - ok
08:34:59.0621 0x0a00 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
08:34:59.0625 0x0a00 megasas - ok
08:34:59.0631 0x0a00 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:34:59.0639 0x0a00 MegaSR - ok
08:34:59.0642 0x0a00 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:34:59.0647 0x0a00 MEIx64 - ok
08:34:59.0649 0x0a00 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
08:34:59.0667 0x0a00 MMCSS - ok
08:34:59.0670 0x0a00 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
08:34:59.0687 0x0a00 Modem - ok
08:34:59.0689 0x0a00 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:34:59.0695 0x0a00 monitor - ok
08:34:59.0697 0x0a00 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:34:59.0702 0x0a00 mouclass - ok
08:34:59.0704 0x0a00 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:34:59.0709 0x0a00 mouhid - ok
08:34:59.0712 0x0a00 [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:34:59.0717 0x0a00 mountmgr - ok
08:34:59.0721 0x0a00 [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:34:59.0727 0x0a00 MozillaMaintenance - ok
08:34:59.0731 0x0a00 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
08:34:59.0737 0x0a00 mpio - ok
08:34:59.0740 0x0a00 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:34:59.0757 0x0a00 mpsdrv - ok
08:34:59.0770 0x0a00 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:34:59.0798 0x0a00 MpsSvc - ok
08:34:59.0802 0x0a00 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:34:59.0808 0x0a00 MRxDAV - ok
08:34:59.0812 0x0a00 [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:34:59.0819 0x0a00 mrxsmb - ok
08:34:59.0825 0x0a00 [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:34:59.0833 0x0a00 mrxsmb10 - ok
08:34:59.0837 0x0a00 [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:34:59.0843 0x0a00 mrxsmb20 - ok
08:34:59.0846 0x0a00 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
08:34:59.0850 0x0a00 msahci - ok
08:34:59.0854 0x0a00 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:34:59.0860 0x0a00 MSCamSvc - ok
08:34:59.0863 0x0a00 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:34:59.0869 0x0a00 msdsm - ok
08:34:59.0873 0x0a00 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
08:34:59.0880 0x0a00 MSDTC - ok
08:34:59.0883 0x0a00 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:34:59.0900 0x0a00 Msfs - ok
08:34:59.0902 0x0a00 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:34:59.0919 0x0a00 mshidkmdf - ok
08:34:59.0921 0x0a00 [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
08:34:59.0925 0x0a00 MSHUSBVideo - ok
08:34:59.0926 0x0a00 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:34:59.0931 0x0a00 msisadrv - ok
08:34:59.0935 0x0a00 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:34:59.0953 0x0a00 MSiSCSI - ok
08:34:59.0955 0x0a00 msiserver - ok
08:34:59.0957 0x0a00 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:34:59.0974 0x0a00 MSKSSRV - ok
08:34:59.0976 0x0a00 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:34:59.0993 0x0a00 MSPCLOCK - ok
08:34:59.0995 0x0a00 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:35:00.0011 0x0a00 MSPQM - ok
08:35:00.0018 0x0a00 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:35:00.0027 0x0a00 MsRPC - ok
08:35:00.0030 0x0a00 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:35:00.0035 0x0a00 mssmbios - ok
08:35:00.0036 0x0a00 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:35:00.0053 0x0a00 MSTEE - ok
08:35:00.0055 0x0a00 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:35:00.0060 0x0a00 MTConfig - ok
08:35:00.0062 0x0a00 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
08:35:00.0067 0x0a00 Mup - ok
08:35:00.0076 0x0a00 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
08:35:00.0098 0x0a00 napagent - ok
08:35:00.0105 0x0a00 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:35:00.0116 0x0a00 NativeWifiP - ok
08:35:00.0131 0x0a00 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:35:00.0148 0x0a00 NDIS - ok
08:35:00.0151 0x0a00 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:35:00.0168 0x0a00 NdisCap - ok
08:35:00.0170 0x0a00 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:35:00.0187 0x0a00 NdisTapi - ok
08:35:00.0190 0x0a00 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:35:00.0206 0x0a00 Ndisuio - ok
08:35:00.0211 0x0a00 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:35:00.0229 0x0a00 NdisWan - ok
08:35:00.0231 0x0a00 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:35:00.0248 0x0a00 NDProxy - ok
08:35:00.0251 0x0a00 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:35:00.0268 0x0a00 NetBIOS - ok
08:35:00.0273 0x0a00 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:35:00.0281 0x0a00 NetBT - ok
08:35:00.0283 0x0a00 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon C:\Windows\system32\lsass.exe
08:35:00.0288 0x0a00 Netlogon - ok
08:35:00.0294 0x0a00 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
08:35:00.0316 0x0a00 Netman - ok
08:35:00.0322 0x0a00 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0329 0x0a00 NetMsmqActivator - ok
08:35:00.0332 0x0a00 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0338 0x0a00 NetPipeActivator - ok
08:35:00.0346 0x0a00 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
08:35:00.0370 0x0a00 netprofm - ok
08:35:00.0384 0x0a00 [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
08:35:00.0401 0x0a00 netr28ux - ok
08:35:00.0405 0x0a00 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0412 0x0a00 NetTcpActivator - ok
08:35:00.0415 0x0a00 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0421 0x0a00 NetTcpPortSharing - ok
08:35:00.0423 0x0a00 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:35:00.0428 0x0a00 nfrd960 - ok
08:35:00.0614 0x0a00 [ 51863664507D84D42DCDA30EE6F284FB, 655DFB2E019E3E5EEF69C90B796F40D74986951BA4A6EA7CDDAE73DAE420FCE9 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
08:35:00.0808 0x0a00 NIHardwareService - ok
08:35:00.0972 0x0a00 [ F3B089833C4D3B7238C687F2B92FFB95, 2E593CB336ADBB0911AB0150B92E6E9B2A215666F9987BCD7F48A445DB3E2164 ] NIHostIntegrationAgent C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
08:35:01.0128 0x0a00 NIHostIntegrationAgent - ok
08:35:01.0142 0x0a00 [ EEECC4C67144A39BA5B9B6E351932606, C3CB9042D00559893EA37969898840D3D437703E6B13BCF21253AB40F6071446 ] NIWinCDEmu C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
08:35:01.0147 0x0a00 NIWinCDEmu - ok
08:35:01.0153 0x0a00 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
08:35:01.0162 0x0a00 NlaSvc - ok
08:35:01.0165 0x0a00 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF C:\Windows\system32\drivers\npf.sys
08:35:01.0169 0x0a00 NPF - ok
08:35:01.0171 0x0a00 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:35:01.0188 0x0a00 Npfs - ok
08:35:01.0190 0x0a00 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
08:35:01.0208 0x0a00 nsi - ok
08:35:01.0210 0x0a00 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:35:01.0227 0x0a00 nsiproxy - ok
08:35:01.0252 0x0a00 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:35:01.0278 0x0a00 Ntfs - ok
08:35:01.0281 0x0a00 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
08:35:01.0299 0x0a00 Null - ok
08:35:01.0302 0x0a00 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:35:01.0308 0x0a00 nvraid - ok
08:35:01.0312 0x0a00 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:35:01.0318 0x0a00 nvstor - ok
08:35:01.0322 0x0a00 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:35:01.0327 0x0a00 nv_agp - ok
08:35:01.0330 0x0a00 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:35:01.0335 0x0a00 ohci1394 - ok
08:35:01.0430 0x0a00 OSFMount - ok
08:35:01.0439 0x0a00 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:35:01.0448 0x0a00 p2pimsvc - ok
08:35:01.0457 0x0a00 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
08:35:01.0467 0x0a00 p2psvc - ok
08:35:01.0723 0x0a00 [ C8DB2CA854F8D544B634AE73AB3BC344, 50D242599FA45FA4790DC3672C9EFF1ACA5B79FBBC323E750DD079A7C1CD5A38 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
08:35:01.0998 0x0a00 PaceLicenseDServices - ok
08:35:02.0020 0x0a00 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
08:35:02.0026 0x0a00 Parport - ok
08:35:02.0029 0x0a00 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:35:02.0034 0x0a00 partmgr - ok
08:35:02.0038 0x0a00 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll
08:35:02.0046 0x0a00 PcaSvc - ok
08:35:02.0050 0x0a00 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
08:35:02.0057 0x0a00 pci - ok
08:35:02.0058 0x0a00 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
08:35:02.0063 0x0a00 pciide - ok
08:35:02.0067 0x0a00 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:35:02.0074 0x0a00 pcmcia - ok
08:35:02.0077 0x0a00 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
08:35:02.0081 0x0a00 pcw - ok
08:35:02.0092 0x0a00 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:35:02.0105 0x0a00 PEAUTH - ok
08:35:02.0115 0x0a00 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:35:02.0120 0x0a00 PerfHost - ok
08:35:02.0143 0x0a00 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
08:35:02.0178 0x0a00 pla - ok
08:35:02.0186 0x0a00 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:35:02.0197 0x0a00 PlugPlay - ok
08:35:02.0207 0x0a00 [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
08:35:02.0218 0x0a00 PMBDeviceInfoProvider - ok
08:35:02.0220 0x0a00 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:35:02.0226 0x0a00 PNRPAutoReg - ok
08:35:02.0232 0x0a00 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:35:02.0241 0x0a00 PNRPsvc - ok
08:35:02.0244 0x0a00 [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:35:02.0248 0x0a00 Point64 - ok
08:35:02.0256 0x0a00 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:35:02.0268 0x0a00 PolicyAgent - ok
08:35:02.0273 0x0a00 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
08:35:02.0292 0x0a00 Power - ok
08:35:02.0295 0x0a00 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:35:02.0313 0x0a00 PptpMiniport - ok
08:35:02.0316 0x0a00 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
08:35:02.0321 0x0a00 Processor - ok
08:35:02.0326 0x0a00 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
08:35:02.0333 0x0a00 ProfSvc - ok
08:35:02.0335 0x0a00 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:35:02.0340 0x0a00 ProtectedStorage - ok
08:35:02.0343 0x0a00 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:35:02.0361 0x0a00 Psched - ok
08:35:02.0383 0x0a00 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:35:02.0408 0x0a00 ql2300 - ok
08:35:02.0412 0x0a00 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:35:02.0418 0x0a00 ql40xx - ok
08:35:02.0423 0x0a00 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
08:35:02.0434 0x0a00 QWAVE - ok
08:35:02.0437 0x0a00 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:35:02.0444 0x0a00 QWAVEdrv - ok
08:35:02.0446 0x0a00 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:35:02.0463 0x0a00 RasAcd - ok
08:35:02.0466 0x0a00 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:35:02.0483 0x0a00 RasAgileVpn - ok
08:35:02.0486 0x0a00 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
08:35:02.0504 0x0a00 RasAuto - ok
08:35:02.0508 0x0a00 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:35:02.0526 0x0a00 Rasl2tp - ok
08:35:02.0532 0x0a00 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
08:35:02.0553 0x0a00 RasMan - ok
08:35:02.0557 0x0a00 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:35:02.0575 0x0a00 RasPppoe - ok
08:35:02.0577 0x0a00 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:35:02.0595 0x0a00 RasSstp - ok
08:35:02.0601 0x0a00 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:35:02.0621 0x0a00 rdbss - ok
08:35:02.0623 0x0a00 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:35:02.0630 0x0a00 rdpbus - ok
08:35:02.0632 0x0a00 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:35:02.0648 0x0a00 RDPCDD - ok
08:35:02.0651 0x0a00 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:35:02.0668 0x0a00 RDPENCDD - ok
08:35:02.0670 0x0a00 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:35:02.0687 0x0a00 RDPREFMP - ok
08:35:02.0692 0x0a00 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:35:02.0699 0x0a00 RDPWD - ok
08:35:02.0703 0x0a00 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:35:02.0710 0x0a00 rdyboost - ok
08:35:02.0713 0x0a00 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:35:02.0732 0x0a00 RemoteAccess - ok
08:35:02.0742 0x0a00 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:35:02.0761 0x0a00 RemoteRegistry - ok
08:35:02.0764 0x0a00 [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
08:35:02.0769 0x0a00 rpcapd - ok
08:35:02.0772 0x0a00 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:35:02.0790 0x0a00 RpcEptMapper - ok
08:35:02.0792 0x0a00 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
08:35:02.0797 0x0a00 RpcLocator - ok
08:35:02.0806 0x0a00 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
08:35:02.0818 0x0a00 RpcSs - ok
08:35:02.0821 0x0a00 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:35:02.0839 0x0a00 rspndr - ok
08:35:02.0841 0x0a00 [ 24061B0958874C1CB2A5A8E9D25482D4, F84F8173242B95F9F3C4FEA99B5555B33F9CE37CA8188B643871D261CB081496 ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
08:35:02.0844 0x0a00 RTCore64 - ok
08:35:02.0885 0x0a00 [ CB1D6D163F1FA16571F4E01B12BD3A77, 9D3125DD74B3C4924F39805B62069F9B4B78D6EA5BB769D7DAC7D0AD3FC7D5BC ] RtlWlanu C:\Windows\system32\DRIVERS\rtwlanu.sys
08:35:02.0928 0x0a00 RtlWlanu - ok
08:35:02.0934 0x0a00 [ E5DCAF3BA52C18B8C267B8525393750E, 874B78270C60FE426C3B35C0B5FD00EA35D88C081BB94E03F9B71E4479FE46A7 ] RunSwUSB C:\Windows\runSW.exe
08:35:02.0938 0x0a00 RunSwUSB - ok
08:35:02.0940 0x0a00 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] SamSs C:\Windows\system32\lsass.exe
08:35:02.0945 0x0a00 SamSs - ok
08:35:02.0948 0x0a00 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:35:02.0953 0x0a00 sbp2port - ok
08:35:02.0957 0x0a00 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:35:02.0977 0x0a00 SCardSvr - ok
08:35:02.0979 0x0a00 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:35:02.0996 0x0a00 scfilter - ok
08:35:03.0012 0x0a00 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
08:35:03.0032 0x0a00 Schedule - ok
08:35:03.0036 0x0a00 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:35:03.0053 0x0a00 SCPolicySvc - ok
08:35:03.0057 0x0a00 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:35:03.0064 0x0a00 SDRSVC - ok
08:35:03.0066 0x0a00 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:35:03.0071 0x0a00 secdrv - ok
08:35:03.0073 0x0a00 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
08:35:03.0078 0x0a00 seclogon - ok
08:35:03.0081 0x0a00 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
08:35:03.0099 0x0a00 SENS - ok
08:35:03.0101 0x0a00 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:35:03.0106 0x0a00 SensrSvc - ok
08:35:03.0108 0x0a00 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:35:03.0113 0x0a00 Serenum - ok
08:35:03.0116 0x0a00 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
08:35:03.0121 0x0a00 Serial - ok
08:35:03.0124 0x0a00 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:35:03.0128 0x0a00 sermouse - ok
08:35:03.0134 0x0a00 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
08:35:03.0152 0x0a00 SessionEnv - ok
08:35:03.0154 0x0a00 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:35:03.0160 0x0a00 sffdisk - ok
08:35:03.0162 0x0a00 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:35:03.0168 0x0a00 sffp_mmc - ok
08:35:03.0169 0x0a00 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:35:03.0175 0x0a00 sffp_sd - ok
08:35:03.0177 0x0a00 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:35:03.0182 0x0a00 sfloppy - ok
08:35:03.0188 0x0a00 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:35:03.0210 0x0a00 SharedAccess - ok
08:35:03.0217 0x0a00 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:35:03.0239 0x0a00 ShellHWDetection - ok
08:35:03.0242 0x0a00 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:35:03.0246 0x0a00 SiSRaid2 - ok
08:35:03.0249 0x0a00 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:35:03.0254 0x0a00 SiSRaid4 - ok
08:35:03.0257 0x0a00 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:35:03.0275 0x0a00 Smb - ok
08:35:03.0278 0x0a00 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:35:03.0284 0x0a00 SNMPTRAP - ok
08:35:03.0286 0x0a00 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\SysWOW64\speedfan.sys
08:35:03.0291 0x0a00 speedfan - ok
08:35:03.0293 0x0a00 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
08:35:03.0297 0x0a00 spldr - ok
08:35:03.0306 0x0a00 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
08:35:03.0330 0x0a00 Spooler - ok
08:35:03.0379 0x0a00 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
08:35:03.0442 0x0a00 sppsvc - ok
08:35:03.0447 0x0a00 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:35:03.0465 0x0a00 sppuinotify - ok
08:35:03.0474 0x0a00 [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:35:03.0484 0x0a00 srv - ok
08:35:03.0492 0x0a00 [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:35:03.0502 0x0a00 srv2 - ok
08:35:03.0506 0x0a00 [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:35:03.0513 0x0a00 srvnet - ok
08:35:03.0518 0x0a00 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:35:03.0538 0x0a00 SSDPSRV - ok
08:35:03.0541 0x0a00 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:35:03.0560 0x0a00 SstpSvc - ok
08:35:03.0581 0x0a00 [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:35:03.0605 0x0a00 Steam Client Service - ok
08:35:03.0608 0x0a00 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:35:03.0612 0x0a00 stexstor - ok
08:35:03.0622 0x0a00 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
08:35:03.0638 0x0a00 stisvc - ok
08:35:03.0640 0x0a00 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:35:03.0644 0x0a00 swenum - ok
08:35:03.0653 0x0a00 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
08:35:03.0677 0x0a00 swprv - ok
08:35:03.0703 0x0a00 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
08:35:03.0732 0x0a00 SysMain - ok
08:35:03.0736 0x0a00 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:35:03.0745 0x0a00 TabletInputService - ok
08:35:03.0747 0x0a00 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
08:35:03.0752 0x0a00 tap0901 - ok
08:35:03.0758 0x0a00 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
08:35:03.0779 0x0a00 TapiSrv - ok
08:35:03.0806 0x0a00 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:35:03.0836 0x0a00 Tcpip - ok
08:35:03.0864 0x0a00 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:35:03.0893 0x0a00 TCPIP6 - ok
08:35:03.0897 0x0a00 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:35:03.0902 0x0a00 tcpipreg - ok
08:35:03.0905 0x0a00 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:35:03.0909 0x0a00 TDPIPE - ok
08:35:03.0911 0x0a00 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:35:03.0916 0x0a00 TDTCP - ok
08:35:03.0919 0x0a00 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:35:03.0925 0x0a00 tdx - ok
08:35:04.0067 0x0a00 [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
08:35:04.0209 0x0a00 TeamViewer - ok
08:35:04.0220 0x0a00 [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
08:35:04.0223 0x0a00 teamviewervpn - ok
08:35:04.0226 0x0a00 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:35:04.0230 0x0a00 TermDD - ok
08:35:04.0242 0x0a00 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
08:35:04.0256 0x0a00 TermService - ok
08:35:04.0259 0x0a00 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
08:35:04.0268 0x0a00 Themes - ok
08:35:04.0270 0x0a00 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
08:35:04.0288 0x0a00 THREADORDER - ok
08:35:04.0291 0x0a00 [ D154DD00C8F12D94C9CC94027356B6E4, 501026564147DC43D0764521816B8D20576DA8F5D9DB0D2D8D3A16AA48A534A3 ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
08:35:04.0296 0x0a00 Tpkd - ok
08:35:04.0300 0x0a00 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
08:35:04.0319 0x0a00 TrkWks - ok
08:35:04.0323 0x0a00 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:35:04.0342 0x0a00 TrustedInstaller - ok
08:35:04.0345 0x0a00 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:35:04.0350 0x0a00 tssecsrv - ok
08:35:04.0352 0x0a00 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:35:04.0357 0x0a00 TsUsbFlt - ok
08:35:04.0359 0x0a00 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:35:04.0363 0x0a00 TsUsbGD - ok
08:35:04.0366 0x0a00 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:35:04.0384 0x0a00 tunnel - ok
08:35:04.0386 0x0a00 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:35:04.0391 0x0a00 uagp35 - ok
08:35:04.0397 0x0a00 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:35:04.0418 0x0a00 udfs - ok
08:35:04.0422 0x0a00 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:35:04.0428 0x0a00 UI0Detect - ok
08:35:04.0430 0x0a00 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:35:04.0435 0x0a00 uliagpkx - ok
08:35:04.0437 0x0a00 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:35:04.0443 0x0a00 umbus - ok
08:35:04.0444 0x0a00 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:35:04.0449 0x0a00 UmPass - ok
08:35:04.0455 0x0a00 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
08:35:04.0477 0x0a00 upnphost - ok
08:35:04.0481 0x0a00 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:35:04.0486 0x0a00 usbaudio - ok
08:35:04.0489 0x0a00 [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:35:04.0495 0x0a00 usbccgp - ok
08:35:04.0498 0x0a00 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:35:04.0504 0x0a00 usbcir - ok
08:35:04.0506 0x0a00 [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:35:04.0511 0x0a00 usbehci - ok
08:35:04.0517 0x0a00 [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub C:\Windows\system32\drivers\usbhub.sys
08:35:04.0526 0x0a00 usbhub - ok
08:35:04.0528 0x0a00 [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:35:04.0533 0x0a00 usbohci - ok
08:35:04.0535 0x0a00 [ E657C5CEA6B8EF318FEA1BCF971EE32D, B97314C2E82E2D942BE22D59DA8703EBF6631EF82ED34EDCD210CC37E206DE37 ] USBPcap C:\Windows\system32\DRIVERS\USBPcap.sys
08:35:04.0539 0x0a00 USBPcap - ok
08:35:04.0541 0x0a00 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:35:04.0547 0x0a00 usbprint - ok
08:35:04.0550 0x0a00 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:35:04.0556 0x0a00 USBSTOR - ok
08:35:04.0558 0x0a00 [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:35:04.0562 0x0a00 usbuhci - ok
08:35:04.0566 0x0a00 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:35:04.0573 0x0a00 usbvideo - ok
08:35:04.0575 0x0a00 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
08:35:04.0593 0x0a00 UxSms - ok
08:35:04.0595 0x0a00 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] VaultSvc C:\Windows\system32\lsass.exe
08:35:04.0600 0x0a00 VaultSvc - ok
08:35:04.0614 0x0a00 [ B9762134953EF28EC04286AA4B35863E, 032C3CCA358E3AEA18FEAD374223544C69287B7380892BB266573D9BEB571B4E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
08:35:04.0632 0x0a00 VBoxDrv - ok
08:35:04.0636 0x0a00 [ 6DFE5B5F1E614E2088139D4A0C11AB15, 4347577D3E913EED1A094026B6898875B0DA7C5D57182DF77762EDDC3C0AF63F ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
08:35:04.0642 0x0a00 VBoxNetAdp - ok
08:35:04.0647 0x0a00 [ E4DCFB40B687F565CD8261EB558586BD, 7B961F069850653DDB9EA68A67A5129845B6F735EB99F6591E109AEF425B84F9 ] VBoxNetLwf C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
08:35:04.0654 0x0a00 VBoxNetLwf - ok
08:35:04.0657 0x0a00 [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
08:35:04.0664 0x0a00 VBoxUSB - ok
08:35:04.0667 0x0a00 [ 312FB8707B51E327DFFBD7DD08BE9E2E, 02E0A4FCA3560B993209C6F2BF4C4056162FE8F6B9560C142E8263DCFBE7BE90 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
08:35:04.0674 0x0a00 VBoxUSBMon - ok
08:35:04.0676 0x0a00 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:35:04.0681 0x0a00 vdrvroot - ok
08:35:04.0690 0x0a00 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
08:35:04.0714 0x0a00 vds - ok
08:35:04.0718 0x0a00 [ C0BB7F0C789AC778549DCC20B18A8DC0, 6C985B008488EB9766C4CE6709C37AF6ECCEDA7A69EB45627B1871D891D925DF ] veracrypt C:\Windows\system32\drivers\veracrypt.sys
08:35:04.0724 0x0a00 veracrypt - ok
08:35:04.0726 0x0a00 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:35:04.0733 0x0a00 vga - ok
08:35:04.0735 0x0a00 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:35:04.0752 0x0a00 VgaSave - ok
08:35:04.0756 0x0a00 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:35:04.0763 0x0a00 vhdmp - ok
08:35:04.0765 0x0a00 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
08:35:04.0769 0x0a00 viaide - ok
08:35:04.0772 0x0a00 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:35:04.0777 0x0a00 volmgr - ok
08:35:04.0783 0x0a00 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:35:04.0792 0x0a00 volmgrx - ok
08:35:04.0798 0x0a00 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:35:04.0806 0x0a00 volsnap - ok
08:35:04.0808 0x0a00 [ 0804B6E024B4A3116E8BF39B65933329, B6A816FAD170E16D03D0F1293B937B600D393331011A8DF66CC3D1EE6569922C ] vpnpbus C:\Windows\system32\DRIVERS\vpnpbus.sys
08:35:04.0812 0x0a00 vpnpbus - ok
08:35:04.0816 0x0a00 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:35:04.0822 0x0a00 vsmraid - ok
08:35:04.0845 0x0a00 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
08:35:04.0883 0x0a00 VSS - ok
08:35:04.0886 0x0a00 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:35:04.0892 0x0a00 vwifibus - ok
08:35:04.0894 0x0a00 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:35:04.0902 0x0a00 vwififlt - ok
08:35:04.0904 0x0a00 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:35:04.0911 0x0a00 vwifimp - ok
08:35:04.0918 0x0a00 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
08:35:04.0941 0x0a00 W32Time - ok
08:35:04.0944 0x0a00 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:35:04.0949 0x0a00 WacomPen - ok
08:35:04.0952 0x0a00 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:35:04.0969 0x0a00 WANARP - ok
08:35:04.0971 0x0a00 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:35:04.0988 0x0a00 Wanarpv6 - ok
08:35:05.0010 0x0a00 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
08:35:05.0035 0x0a00 wbengine - ok
08:35:05.0040 0x0a00 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:35:05.0051 0x0a00 WbioSrvc - ok
08:35:05.0058 0x0a00 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:35:05.0071 0x0a00 wcncsvc - ok
08:35:05.0074 0x0a00 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:35:05.0080 0x0a00 WcsPlugInService - ok
08:35:05.0082 0x0a00 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
08:35:05.0086 0x0a00 Wd - ok
08:35:05.0088 0x0a00 [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
08:35:05.0095 0x0a00 WDC_SAM - ok
08:35:05.0107 0x0a00 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:35:05.0123 0x0a00 Wdf01000 - ok
08:35:05.0126 0x0a00 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:35:05.0132 0x0a00 WdiServiceHost - ok
08:35:05.0135 0x0a00 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:35:05.0141 0x0a00 WdiSystemHost - ok
08:35:05.0146 0x0a00 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
08:35:05.0155 0x0a00 WebClient - ok
08:35:05.0160 0x0a00 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:35:05.0180 0x0a00 Wecsvc - ok
08:35:05.0183 0x0a00 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:35:05.0202 0x0a00 wercplsupport - ok
08:35:05.0204 0x0a00 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
08:35:05.0222 0x0a00 WerSvc - ok
08:35:05.0224 0x0a00 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:35:05.0241 0x0a00 WfpLwf - ok
08:35:05.0243 0x0a00 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:35:05.0247 0x0a00 WIMMount - ok
08:35:05.0249 0x0a00 WinDefend - ok
08:35:05.0251 0x0a00 WinHttpAutoProxySvc - ok
08:35:05.0258 0x0a00 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:35:05.0278 0x0a00 Winmgmt - ok
08:35:05.0306 0x0a00 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
08:35:05.0338 0x0a00 WinRM - ok
08:35:05.0344 0x0a00 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:35:05.0350 0x0a00 WinUsb - ok
08:35:05.0364 0x0a00 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:35:05.0384 0x0a00 Wlansvc - ok
08:35:05.0386 0x0a00 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:35:05.0391 0x0a00 WmiAcpi - ok
08:35:05.0396 0x0a00 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:35:05.0403 0x0a00 wmiApSrv - ok
08:35:05.0405 0x0a00 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:35:05.0410 0x0a00 WPCSvc - ok
08:35:05.0414 0x0a00 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:35:05.0421 0x0a00 WPDBusEnum - ok
08:35:05.0423 0x0a00 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:35:05.0440 0x0a00 ws2ifsl - ok
08:35:05.0443 0x0a00 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
08:35:05.0452 0x0a00 wscsvc - ok
08:35:05.0454 0x0a00 WSearch - ok
08:35:05.0490 0x0a00 [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv C:\Windows\system32\wuaueng.dll
08:35:05.0530 0x0a00 wuauserv - ok
08:35:05.0537 0x0a00 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:35:05.0543 0x0a00 WudfPf - ok
08:35:05.0547 0x0a00 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:35:05.0554 0x0a00 WUDFRd - ok
08:35:05.0557 0x0a00 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:35:05.0563 0x0a00 wudfsvc - ok
08:35:05.0568 0x0a00 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:35:05.0576 0x0a00 WwanSvc - ok
08:35:05.0582 0x0a00 ================ Scan global ===============================
08:35:05.0584 0x0a00 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
08:35:05.0589 0x0a00 [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:35:05.0596 0x0a00 [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:35:05.0601 0x0a00 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:35:05.0607 0x0a00 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
08:35:05.0611 0x0a00 [ Global ] - ok
08:35:05.0612 0x0a00 ================ Scan MBR ==================================
08:35:05.0616 0x0a00 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:35:05.0729 0x0a00 \Device\Harddisk0\DR0 - ok
08:35:05.0730 0x0a00 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
08:35:05.0782 0x0a00 \Device\Harddisk1\DR1 - ok
08:35:05.0783 0x0a00 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
08:35:05.0933 0x0a00 \Device\Harddisk3\DR3 - ok
08:35:06.0218 0x0a00 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
08:35:06.0331 0x0a00 \Device\Harddisk4\DR4 - ok
08:35:06.0332 0x0a00 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
08:35:06.0342 0x0a00 \Device\Harddisk2\DR2 - ok
08:35:06.0344 0x0a00 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
08:35:06.0742 0x0a00 \Device\Harddisk6\DR6 - ok
08:35:06.0742 0x0a00 ================ Scan VBR ==================================
08:35:06.0743 0x0a00 [ 74332BDD85CCD3192CACAC8835903D3F ] \Device\Harddisk0\DR0\Partition1
08:35:06.0744 0x0a00 \Device\Harddisk0\DR0\Partition1 - ok
08:35:06.0745 0x0a00 [ E6418B4AB1CA8DAC363AFA50FAF4D751 ] \Device\Harddisk1\DR1\Partition1
08:35:06.0746 0x0a00 \Device\Harddisk1\DR1\Partition1 - ok
08:35:06.0747 0x0a00 [ 284DD4A4C34F1A45A011505DCAEAE5F1 ] \Device\Harddisk3\DR3\Partition1
08:35:06.0748 0x0a00 \Device\Harddisk3\DR3\Partition1 - ok
08:35:06.0792 0x0a00 [ 5452882DF8BC294F58CEFE9BADBA7E1E ] \Device\Harddisk4\DR4\Partition1
08:35:06.0794 0x0a00 \Device\Harddisk4\DR4\Partition1 - ok
08:35:06.0795 0x0a00 [ 968005344DE1B36D36991B76FAD2D247 ] \Device\Harddisk2\DR2\Partition1
08:35:06.0796 0x0a00 \Device\Harddisk2\DR2\Partition1 - ok
08:35:06.0798 0x0a00 [ 7D307B81C9F87F79DB5EEF5803D40BC8 ] \Device\Harddisk6\DR6\Partition1
08:35:06.0799 0x0a00 \Device\Harddisk6\DR6\Partition1 - ok
08:35:06.0800 0x0a00 [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition2
08:35:06.0802 0x0a00 \Device\Harddisk6\DR6\Partition2 - ok
08:35:06.0804 0x0a00 [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition3
08:35:06.0807 0x0a00 \Device\Harddisk6\DR6\Partition3 - ok
08:35:06.0807 0x0a00 ================ Scan generic autorun ======================
08:35:06.0839 0x0a00 [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
08:35:06.0873 0x0a00 IntelliPoint - ok
08:35:06.0876 0x0a00 [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
08:35:06.0879 0x0a00 amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
08:35:06.0879 0x0a00 Detect skipped due to KSN trusted
08:35:06.0879 0x0a00 amd_dc_opt - ok
08:35:06.0880 0x0a00 Sidebar - ok
08:35:06.0883 0x0a00 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:35:06.0892 0x0a00 mctadmin - ok
08:35:06.0892 0x0a00 Sidebar - ok
08:35:06.0895 0x0a00 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:35:06.0904 0x0a00 mctadmin - ok
08:35:06.0928 0x0a00 [ B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
08:35:06.0955 0x0a00 Process Hacker 2 - ok
08:35:07.0069 0x0a00 [ 52F5D651B8E39F258C1C34272FEB1AB2, C13AD8762A4474D8246DE7BC023244BD74456D45348F74F77373CC61C238A0F3 ] C:\Program Files\CCleaner\CCleaner64.exe
08:35:07.0185 0x0a00 CCleaner Monitoring - ok
08:35:07.0270 0x0a00 [ D03053F72A74801A32F41EFD088FA30E, 3F6E9AD19139F9A5881DB475EC3FD817C1F8CA1622B97E8864A7C59A7F7A2DA2 ] C:\Program Files (x86)\GlassWire\glasswire.exe
08:35:07.0376 0x0a00 GlassWire - ok
08:35:07.0382 0x0a00 Win FW state via NFP2: enabled ( trusted )
08:35:07.0491 0x0a00 ============================================================
08:35:07.0491 0x0a00 Scan finished
08:35:07.0491 0x0a00 ============================================================
08:35:07.0493 0x1214 Detected object count: 1
08:35:07.0493 0x1214 Actual detected object count: 1
08:36:27.0984 0x1214 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:27.0984 0x1214 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.03.2017, 20:26
| #6 |
| /// TB-Ausbilder | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Hinweis 6. beachten und alles nochmal bitte. |
|
30.03.2017, 08:16
| #7 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? OH  FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (30-03-2017 08:40:27)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Realtek) C:\Windows\SwUSB.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\process-explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(wyDay) C:\Program Files\CyberGhost 6\wyUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Everything\Everything.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d85f-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d8dc-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {ff3dbed7-a9d6-11e5-9bce-85ca1d8cd514} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [script_fcbd] => D:\Anno2205\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\fcbd.bat [332 2016-12-06] ()
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
FireFox:
========
FF DefaultProfile: e24deqok.default
FF DefaultProfile: xcyvelqu.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default [2017-03-30]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\foxyproxy@eric.h.jung [2017-03-28]
FF Extension: (EPUBReader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-03-28]
FF Extension: (FireFTP) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2016-03-04] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2016-01-26] (IDRIX)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-30 08:40 - 2017-03-30 08:40 - 00014336 _____ C:\Users\user\Desktop\FRST.txt
2017-03-29 08:31 - 2017-03-29 09:18 - 00410602 _____ C:\TDSSKiller.3.1.0.12_29.03.2017_08.31.29_log.txt
2017-03-29 07:56 - 2017-03-29 08:12 - 00004462 _____ C:\Users\user\Documents\old-firewall-rules.txt
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-25 18:10 - 2017-03-28 08:29 - 00000000 ____D C:\ProgramData\Microleaves
2017-03-25 18:07 - 2017-03-25 18:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Microleaves
2017-03-25 18:06 - 2017-03-28 20:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files\{572656F2-7906-4D07-BDBD-0CC44146CD48}
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files (x86)\{A1306F56-8B03-428B-84AD-2F932D81774C}
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:54 - 2017-03-28 21:05 - 00000022 _____ C:\Windows\S.dirmngr
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-21 08:50 - 2017-03-29 07:30 - 04747704 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-03-19 06:01 - 2017-03-19 06:01 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-15 01:35 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 01:35 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 01:35 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 01:35 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 01:35 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 01:35 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 01:35 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 01:35 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 01:35 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 01:35 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 01:35 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 01:35 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 01:35 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 01:35 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 01:35 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 01:35 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 01:35 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 01:35 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 01:35 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 01:35 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 01:35 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 01:35 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 01:35 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 01:35 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 01:35 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 01:35 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 01:35 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 01:35 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 01:35 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 01:35 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 01:35 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 01:35 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 01:35 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 01:35 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 01:35 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 01:35 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 01:35 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 01:35 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 01:35 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 01:35 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 01:35 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 01:35 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 01:35 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 01:35 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 01:35 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 01:35 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 01:35 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 01:35 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 01:35 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 01:35 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 01:35 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 01:35 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 01:35 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 01:35 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 01:35 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 01:35 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 01:35 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 01:35 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 01:35 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 01:35 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 01:35 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 01:35 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 01:35 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 01:35 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 01:35 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 01:35 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 01:35 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 01:35 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 01:35 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 01:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 01:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 07:11 - 2017-03-12 07:11 - 00325806 ____N C:\Users\user\Desktop\rendersound.wav
2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\user\AppData\Roaming\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-03-30 08:40 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-03-30 08:39 - 2015-11-09 08:20 - 00000000 ____D C:\Program Files\Everything
2017-03-30 08:37 - 2016-11-21 12:54 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-30 04:26 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 04:26 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 10:58 - 2016-10-30 16:51 - 00925720 _____ C:\Windows\ntbtlog.txt
2017-03-29 10:20 - 2015-10-26 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-03-29 07:29 - 2016-09-18 03:13 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-03-28 21:12 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-03-28 21:12 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-03-28 21:12 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-28 21:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-28 21:05 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-03-28 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 20:05 - 2016-12-18 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-28 20:05 - 2016-12-15 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Local\atom
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2016-08-10 08:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Wise Data Recovery
2017-03-28 20:05 - 2016-08-05 01:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2017-03-28 20:05 - 2016-03-04 08:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-03-28 20:05 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-28 20:05 - 2016-01-26 08:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-03-28 20:05 - 2016-01-26 08:29 - 00000000 ____D C:\Program Files\VeraCrypt
2017-03-28 20:05 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\PersBackup5
2017-03-28 20:05 - 2015-11-22 06:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:47 - 2016-11-01 02:43 - 00000000 ____D C:\ProgramData\firebird
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-03-28 08:13 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-25 19:49 - 2016-12-04 04:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Ample Sound
2017-03-24 10:05 - 2016-01-26 08:42 - 00000000 ____D C:\Users\user\AppData\Roaming\VeraCrypt
2017-03-23 15:33 - 2015-10-31 20:07 - 00000255 ____N C:\Users\user\Documents\SongenModularErrorLog.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-23 10:56 - 2015-10-31 12:43 - 00000000 ____D C:\Users\user\.VirtualBox
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-21 08:56 - 2016-01-03 23:20 - 00001854 _____ C:\Users\user\Desktop\CCleaner.lnk
2017-03-21 08:41 - 2016-02-13 22:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-20 21:26 - 2015-10-23 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-20 12:03 - 2015-11-01 08:27 - 00000000 ____D C:\Users\user\AppData\Roaming\inkscape
2017-03-20 11:29 - 2015-12-19 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 08:56 - 2016-02-07 20:49 - 00012009 ____N C:\Users\user\Documents\Serien-View-Status.odt
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2016-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-13 03:54 - 2016-01-24 13:07 - 00000000 ____D C:\Users\user\Documents\Shopping-Money
2017-03-12 23:53 - 2016-12-07 18:21 - 00000000 ____D C:\Users\user\Documents\Wohnung
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 01:54 - 2016-12-03 09:11 - 00000000 ____D C:\Users\user\Desktop\PICTURES VARIOUS
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:49 - 2016-01-10 03:27 - 00000000 ____D C:\Users\user\AppData\Local\TechSmith
2017-03-07 23:46 - 2016-01-10 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-03-07 23:46 - 2016-01-10 03:26 - 00000000 ____D C:\Program Files (x86)\TechSmith
2017-03-07 23:34 - 2015-11-22 12:45 - 00000000 ____D C:\Program Files\Sugar Bytes
2017-03-07 23:34 - 2015-11-17 07:11 - 00000000 ____D C:\Users\user\Documents\Sugar Bytes
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-19 06:01 - 2017-03-19 06:01 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc
Einige Dateien in TEMP:
====================
2017-01-03 18:26 - 2017-03-28 21:05 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
2017-03-29 10:20 - 2017-03-29 10:20 - 0672256 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-amd64-sqlitejdbc.dll
2017-03-20 08:41 - 2017-03-20 08:41 - 0637440 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-24 16:52
==================== Ende von FRST.txt ============================
Additon: FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (30-03-2017 08:40:44)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AccessData FTK Imager (HKLM-x32\...\{B71206B0-EA24-496A-93F7-03B975A6DDDA}) (Version: 3.2.0.0 - AccessData)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.4.4 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.4 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Atom (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\atom) (Version: 1.12.5 - GitHub Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BumBer Deluxe 1.0 (HKLM-x32\...\BumBer_0) (Version: 1.0 - beatassist.eu)
CamAlert II (HKLM-x32\...\CamAlert_is1) (Version: - hxxp://www.coderonline.de/)
CamSpy V.5.1.2 (HKLM-x32\...\CamSpy_is1) (Version: - (c.) André Münsterberg)
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
ConfrontaPDF (HKLM-x32\...\ConfrontaPDF) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CPUID ROG CPU-Z 1.75 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.75 - CPUID, Inc.)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CrypTool 1.4.30 (HKLM-x32\...\CrypTool) (Version: 1.4.30 - )
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 2.17 - NCH Software)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
f.lux (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Flux) (Version: - )
FluxCenter-32-bit (HKLM-x32\...\{694A585C-15F2-4B79-BC19-AF8D290E0E58}) (Version: 1.1.15.43404 - Flux:: sound and picture development)
Focusrite Scarlett Plug-in Suite 1.1 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.79 - SecureMix LLC)
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Image Crawler (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\dbf3e072e2bbc3c8) (Version: 1.1.0.4 - Danny Kunz)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
JetBrains PyCharm Community Edition 2016.3 (HKLM-x32\...\PyCharm Community Edition 2016.3) (Version: 163.8233.8 - JetBrains s.r.o.)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Oracle VM VirtualBox 5.1.4 (HKLM\...\{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}) (Version: 5.1.4 - Oracle Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version: - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version: - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Page Saver 2.10 (HKLM-x32\...\{76BC9438-A16F-43E1-8596-95FA23768E6C}_is1) (Version: - JADsoftware)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinHex (HKLM-x32\...\WinHex) (Version: - )
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Data Recovery 3.84 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.84 - WiseCleaner.com, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-PC-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-11-09 08:20 - 2014-08-06 03:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2015-10-24 00:23 - 2017-03-28 21:05 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\ortp.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 55758824 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libcef.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libEGL.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libGLESv2.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libglesv2.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C3A6188C-8842-4337-8196-6554C4770664}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE7D3F1-ED42-47BF-96C3-4A1F15CE7A12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{493D06BA-205E-4192-AAA4-4CDC43C3BAD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{39577B13-C2BF-42F6-8DD1-626ABA61A103}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A19DBD2B-2346-45F9-AC47-B6290D634603}] => (Block) c:\program files (x86)\teamviewer\teamviewer_service.exe
FirewallRules: [{3F69C447-E05B-4240-B286-710F3FEC3B4F}] => (Block) d:\customize\rainmeter\rainmeter.exe
FirewallRules: [{EC50B221-6994-49F6-87EA-B58302480FAF}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{4300CCD0-0470-4C9E-8708-C8BC2FBBDB86}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{92BA41E0-BDF1-4F98-9890-AA84AC8139E8}] => (Block) c:\windows\explorer.exe
FirewallRules: [TCP Query User{596502F1-B727-4D89-8B89-C18804B4CC8C}C:\program files\oracle\virtualbox\virtualbox.exe] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{045D30C3-D3D2-4989-B17B-A77E1D1E92F6}] => (Block) c:\windows\explorer.exe
FirewallRules: [{C46567DF-BAF2-42CB-9BC4-4EF77F9EC6A0}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{CC5F943F-B8F3-4D45-86C5-C24F9A9DDA65}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{68E770B0-2D19-4ACF-B321-CAC68B5781A9}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4C90B2D8-113C-449B-B827-DC969F3150A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00595824-C993-4CAA-AEE2-0874EE366B59}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{657BC9BB-6239-4FC9-AB10-A306A0E5A6FD}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{88433252-BE13-4CD9-A2A1-2AD1B6059648}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{CC9679C3-9CB5-4D4B-8D34-D4D8CE628CE6}] => (Allow) D:\Portal\bin\steamwebhelper.exe
FirewallRules: [{AA89BA58-B189-49AB-A110-46598B1FA524}] => (Allow) D:\Portal\bin\steamwebhelper.exe
FirewallRules: [{E0697F28-0AE5-4434-A117-6D44DC7490AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exee
FirewallRules: [TCP Query User{F39A3CBE-679E-483A-A82C-C86D5E3DEEAB}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [UDP Query User{ADBC0FD8-795F-42D9-8229-C4B48A494A89}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [{7DB09F01-E0F3-4D3F-B686-C57EB2F894AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE6D1BA3-FFF8-479D-8E20-3E7B67DF27B2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{017548E2-9991-43C7-9990-D60AEC41A61E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BFD4F44F-066F-4439-A8EF-89010BE33F88}] => (Allow) D:\DEUS-EX\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{678BBC95-1B69-4ABE-8730-C1F1824D6B32}] => (Allow) D:\DEUS-EX\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E059F920-0E69-4379-82DF-31A93DD7EF01}] => (Block) c:\program files\cpuid\hwmonitor\hwmonitor.exe
FirewallRules: [{5E1A1DF9-F0E9-4492-91D8-BCD98FA5D357}] => (Block) c:\program files\cpuid\hwmonitor\hwmonitor.exe
FirewallRules: [{3B67F209-1CCA-439C-8978-C86F7D55A4AF}] => (Block) t:\my-folder\production\plugins\sforzando\sforzando x64.exe
FirewallRules: [{9409E26C-BAC3-4228-9E1C-ECF1141C5016}] => (Block) t:\my-folder\production\plugins\sforzando\sforzando x64.exe
FirewallRules: [{D0DFC248-C299-43B7-BB3C-D908320963D7}] => (Block) c:\windows\system32\msiexec.exe
FirewallRules: [{BE5403EE-1D66-4E97-90F1-D2C31F937471}] => (Block) c:\windows\system32\msiexec.exe
FirewallRules: [{392B8BED-16E1-4D3E-883F-7E3A158BFD1E}] => (Block) c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe
FirewallRules: [{C7BFF11C-74AC-4D99-A770-40411FEB8198}] => (Block) c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe
FirewallRules: [{5AE84138-ADFF-4E0A-BA0E-FCF294F37731}] => (Block) c:\program files (x86)\adobe\adobe photoshop cs2\photoshop.exe
FirewallRules: [{39C15C43-C741-41A2-9B91-9120C6763173}] => (Block) c:\program files (x86)\adobe\adobe photoshop cs2\photoshop.exe
FirewallRules: [TCP Query User{FDF2A2A1-7E99-408C-B3B4-085228CD89E0}D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{9A941200-FB57-4FEF-9EA8-648E2E0E3F02}D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{9EED2BA0-29BE-45C7-A115-13A90DB3FA19}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{14A92DD3-04A0-4496-BA4D-B8306FB47243}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{A3AE046F-4844-4DEA-B9B2-51B437A4A518}] => (Block) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{486B1671-98F0-4AD5-AF00-5FAF79EB535C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEF6512F-B1D4-4FB7-A979-BA1A60F4ABBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D81AE651-6E5C-428E-855A-174C44BDA4B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{ED7F5783-3085-4C19-899F-6C9AE4418E83}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{5A4E8E57-8DEE-4A9C-BD14-B8731AD1A4BD}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{3511FB65-7CF3-4F8C-A979-413943939BD6}] => (Allow) D:\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{CEB8DC44-42CB-4CF5-985A-88FAE92172AF}] => (Allow) D:\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{014FDA46-CF4B-4D8B-B49D-8C2BAADE0BDD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{01679B92-96DA-4CCE-9F09-9D5A0E58E6AF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{95C31838-61D3-488C-891E-8B66E624450B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1CFAC638-F0F2-4789-AFB2-6404BF3E88DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E8A96067-F7D3-4658-99A9-0AD56A7B7A5D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{616B969C-CCF0-4659-865A-7D5189784773}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6DDEA35B-6D8D-4332-801B-B7B685C1F99F}] => (Block) c:\windows\system32\gwx\gwxux.exe
FirewallRules: [{934A41EE-42E8-416E-8C0C-0788A85B2EBD}] => (Block) c:\windows\system32\gwx\gwxux.exe
FirewallRules: [{840AF8CE-2DDE-47F8-8B04-4885E0D611F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6AFF3A2A-E89E-4E56-AA70-FA0D2C9A7C2D}] => (Allow) C:\Program Files\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{BFCF23D5-F0EC-4750-99AE-7179067C7218}] => (Allow) C:\Program Files\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{8F24DA1F-1CBF-4793-90FD-EF9950CDDFB9}] => (Allow) C:\Program Files\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{57ADCFCA-1460-45CD-8834-325C1DA31F04}] => (Allow) C:\Program Files\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{3AED76FB-9BC3-4A88-8D39-47CC5052AF4F}] => (Allow) C:\Program Files\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{6AAF9014-E299-4B18-90B9-80EF2D6A9BE4}] => (Allow) C:\Program Files\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{74A142BB-B2EE-42E4-8A8F-FE6718D6AD81}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{3BCAF9D9-DC8B-4F12-9EC8-0616D8113074}C:\program files\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\davinci resolve\dpdecoder.exe
FirewallRules: [{C2FE1182-8FD1-4167-9D52-BBDB32C28056}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{DCE587E7-5B9B-4C25-815D-BFA1CDAE99B6}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{CD1EC1E3-B016-4B55-A2C9-B3779BC427F1}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{A79E73D7-968D-44DE-A6EB-4CF5751F216B}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{B23381AC-00E9-4188-9239-5FB60ADAB2BE}] => (Allow) LPort=21
FirewallRules: [{FEE484B4-FECE-47DA-BE74-25E2A8D64931}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [TCP Query User{9755D8C4-F349-40C6-A3EC-E7946FB38F60}T:\my-folder\production\plugins\imageline-vsts\minihost\minihostmodular.exe] => (Allow) T:\my-folder\production\plugins\imageline-vsts\minihost\minihostmodular.exe
FirewallRules: [TCP Query User{BF550171-0C40-4522-9D72-36B62AC0D5DD}D:\battle.net\starcraft\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [TCP Query User{25A05D70-09FC-4707-9527-A8FCB9737A00}C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe
FirewallRules: [UDP Query User{0AA4971F-1E02-4048-A50D-F16754BF32F1}C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe
FirewallRules: [TCP Query User{5D147D0E-ACB8-4755-A7DC-6CF596436505}D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [UDP Query User{D88E04AB-1E53-4FD0-97E0-CF6EB34DDB00}D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [{16E488C9-B953-43E8-B4B2-B590BAB6CA69}] => (Block) c:\windows\syswow64\macromed\flash\flashplayerplugin_23_0_0_207.exe
FirewallRules: [{2D5E4470-9DE2-4B7C-9654-30522720CEEE}] => (Block) c:\windows\syswow64\macromed\flash\flashplayerplugin_23_0_0_207.exe
FirewallRules: [{0ADCDFD8-F706-42ED-BEA7-92358C8007B2}] => (Block) c:\windows\explorer.exe
FirewallRules: [{6EE97983-C2D9-4E31-B166-9E8B5AF8C96E}] => (Block) c:\windows\explorer.exe
FirewallRules: [{3A92ED55-FA0E-4190-B8FE-C11AA4136D36}] => (Block) c:\windows\temp\opera autoupdate\cprogram files (x86)opera\installing\installer.exe
FirewallRules: [{49237447-2D65-4740-847A-D804DECE40DD}] => (Block) c:\windows\temp\opera autoupdate\cprogram files (x86)opera\installing\installer.exe
FirewallRules: [{550B6BE4-CE38-4B16-944D-630437AF62D6}] => (Block) ?:\folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{F6692C00-2803-4D2F-87ED-232A82AD37C8}] => (Block) ?:\folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{4842CFC0-CE91-4B43-9F55-C1AE06256A56}] => (Block) c:\users\user\appdata\local\adobe\c4d73211-ecab-46f7-874b-e2da4fc0aa7d\3b64c024-d7c1-42cd-84ab-f8a1a3c6ec06\57073c20-0a7a-4ca6-933b-4dc45ae951ee
FirewallRules: [{F5345BD5-4EEA-4433-9C17-EF3C93157E98}] => (Block) c:\users\user\appdata\local\adobe\c4d73211-ecab-46f7-874b-e2da4fc0aa7d\3b64c024-d7c1-42cd-84ab-f8a1a3c6ec06\57073c20-0a7a-4ca6-933b-4dc45ae951ee
FirewallRules: [{2AD1A79D-B844-4144-9F86-371678FA9745}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{9C30ED18-2E49-43ED-9FB8-1B3D810764B6}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{04BB0718-9CC3-47FD-A2E4-498E252BDFD4}D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe
FirewallRules: [UDP Query User{1B49813F-0B86-479A-9E00-0EB77D731F41}D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe
FirewallRules: [{F16767DF-9A4F-41BC-A7BC-52AFAC445B0E}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{7D006F94-DD72-4AAD-A6F3-860B57DF5E03}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe
==================== Wiederherstellungspunkte =========================
22-03-2017 09:41:23 Installed TightVNC
22-03-2017 09:52:42 Installed Intel(R) Network Connections.
22-03-2017 19:20:16 Installed PuTTY release 0.68 (64-bit)
22-03-2017 20:44:57 Installed SDFormatter.
23-03-2017 15:17:18 Installed Bitwig Studio
24-03-2017 10:04:08 VeraCrypt installation
25-03-2017 02:18:25 Windows Update
28-03-2017 09:16:50 Windows-Sicherung
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/29/2017 10:21:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/28/2017 09:07:53 PM) (Source: CyberGhost 6 Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht beendet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei CyberGhost.VPNServices.OpenVpn.DisconnectFromVpnServer(Boolean sendDisconnectEvent) in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.VPNServices\OpenVPN.cs:Zeile 348.
bei Service.ServiceController.OnStop() in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.Service\ServiceController.cs:Zeile 170.
bei System.ServiceProcess.ServiceBase.DeferredStop()
Error: (03/28/2017 09:06:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/28/2017 09:05:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/28/2017 08:41:19 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.
Error: (03/28/2017 08:31:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/28/2017 08:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/25/2017 11:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Name des fehlerhaften Moduls: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000002e628
ID des fehlerhaften Prozesses: 0xe04
Startzeit der fehlerhaften Anwendung: 0x01d2a5adf086e837
Pfad der fehlerhaften Anwendung: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Berichtskennung: 2f5b8c56-11a1-11e7-bb9a-40167ea5eebf
Error: (03/25/2017 02:35:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Battle.net.exe, Version 1.8.0.8554 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8a8
Startzeit: 01d2a4e4e07a8955
Endzeit: 22
Anwendungspfad: C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe
Berichts-ID: 81e0478e-1157-11e7-bb9a-60e32713d0cb
Systemfehler:
=============
Error: (03/28/2017 09:05:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/28/2017 09:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem Fehler beendet: Beim Datenbankaufruf ist ein nicht behebbarer Fehler aufgetreten.
.
Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
Error: (03/28/2017 08:03:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 11952.29 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 25401.51 MB
==================== Laufwerke ================================
Drive ?: (C:) (Fixed) (Total:238.47 GB) (Free:96.91 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:145.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:465.76 GB) (Free:237.62 GB) NTFS
Drive ?: (?) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive ?: (?) (Fixed) (Total:931.51 GB) (Free:637.27 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)
Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
30.03.2017, 08:22
| #8 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? TDSS Code:
ATTFilter 09:16:45.0587 0x0b24 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
09:16:51.0850 0x0b24 ============================================================
09:16:51.0850 0x0b24 Current date / time: 2017/03/30 09:16:51.0850
09:16:51.0850 0x0b24 SystemInfo:
09:16:51.0850 0x0b24
09:16:51.0850 0x0b24 OS Version: 6.1.7601 ServicePack: 1.0
09:16:51.0850 0x0b24 Product type: Workstation
09:16:51.0850 0x0b24 ComputerName: PC
09:16:51.0850 0x0b24 UserName: user
09:16:51.0850 0x0b24 Windows directory: C:\Windows
09:16:51.0850 0x0b24 System windows directory: C:\Windows
09:16:51.0850 0x0b24 Running under WOW64
09:16:51.0850 0x0b24 Processor architecture: Intel x64
09:16:51.0850 0x0b24 Number of processors: 5
09:16:51.0850 0x0b24 Page size: 0x1000
09:16:51.0850 0x0b24 Boot type: Normal boot
09:16:51.0850 0x0b24 CodeIntegrityOptions = 0x00000001
09:16:51.0850 0x0b24 ============================================================
09:16:52.0047 0x0b24 KLMD registered as C:\Windows\system32\drivers\06046288.sys
09:16:52.0047 0x0b24 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23677, osProperties = 0x1
09:16:52.0078 0x0b24 System UUID: {2B1FF162-E8A8-F17D-EAAE-D6C27730F928}
09:16:52.0248 0x0b24 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:16:54.0892 0x0b24 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:16:58.0969 0x0b24 Drive \Device\Harddisk3\DR3 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:04.0048 0x0b24 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:04.0049 0x0b24 Drive \Device\Harddisk2\DR2 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:04.0056 0x0b24 Drive \Device\Harddisk6\DR6 - Size: 0xE8E0B00000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:17:04.0361 0x0b24 ============================================================
09:17:04.0361 0x0b24 \Device\Harddisk0\DR0:
09:17:04.0368 0x0b24 MBR partitions:
09:17:04.0368 0x0b24 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4269
09:17:04.0368 0x0b24 \Device\Harddisk1\DR1:
09:17:04.0368 0x0b24 MBR partitions:
09:17:04.0368 0x0b24 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
09:17:04.0368 0x0b24 \Device\Harddisk3\DR3:
09:17:04.0368 0x0b24 MBR partitions:
09:17:04.0368 0x0b24 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:17:04.0368 0x0b24 \Device\Harddisk4\DR4:
09:17:04.0454 0x0b24 MBR partitions:
09:17:04.0454 0x0b24 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
09:17:04.0454 0x0b24 \Device\Harddisk2\DR2:
09:17:04.0454 0x0b24 MBR partitions:
09:17:04.0454 0x0b24 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
09:17:04.0454 0x0b24 \Device\Harddisk6\DR6:
09:17:04.0455 0x0b24 GPT partitions:
09:17:04.0456 0x0b24 \Device\Harddisk6\DR6\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3357F6D4-5E69-412F-A106-7383080A9D1C}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
09:17:04.0456 0x0b24 \Device\Harddisk6\DR6\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {915211A4-1AFA-491C-A468-1EDD370BB039}, Name: Ohne Titel, StartLBA 0x64800, BlocksNum 0x746A0800
09:17:04.0456 0x0b24 MBR partitions:
09:17:04.0456 0x0b24 \Device\Harddisk6\DR6\Partition3: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x746A0800
09:17:04.0456 0x0b24 ============================================================
09:17:04.0457 0x0b24 ?: <-> \Device\Harddisk2\DR2\Partition1
09:17:04.0464 0x0b24 ?: <-> \Device\Harddisk0\DR0\Partition1
09:17:04.0476 0x0b24 ?: <-> \Device\Harddisk4\DR4\Partition1
09:17:04.0501 0x0b24 ?: <-> \Device\Harddisk6\DR6\Partition3
09:17:04.0532 0x0b24 ?: <-> \Device\Harddisk1\DR1\Partition1
09:17:04.0554 0x0b24 ?: <-> \Device\Harddisk3\DR3\Partition1
09:17:04.0555 0x0b24 ============================================================
09:17:04.0555 0x0b24 Initialize success
09:17:04.0555 0x0b24 ============================================================
09:17:18.0655 0x0ef4 ============================================================
09:17:18.0655 0x0ef4 Scan started
09:17:18.0655 0x0ef4 Mode: Manual; SigCheck; TDLFS;
09:17:18.0655 0x0ef4 ============================================================
09:17:18.0655 0x0ef4 KSN ping started
09:18:38.0624 0x0ef4 KSN ping finished: true
09:18:39.0788 0x0ef4 ================ Scan system memory ========================
09:18:39.0788 0x0ef4 System memory - ok
09:18:39.0788 0x0ef4 ================ Scan services =============================
09:18:39.0806 0x0ef4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:18:39.0826 0x0ef4 1394ohci - ok
09:18:39.0834 0x0ef4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:18:39.0843 0x0ef4 ACPI - ok
09:18:39.0846 0x0ef4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:18:39.0852 0x0ef4 AcpiPmi - ok
09:18:39.0855 0x0ef4 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:18:39.0857 0x0ef4 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
09:18:39.0954 0x0ef4 Detect skipped due to KSN trusted
09:18:39.0955 0x0ef4 Adobe LM Service - ok
09:18:39.0965 0x0ef4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:18:39.0976 0x0ef4 adp94xx - ok
09:18:39.0982 0x0ef4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:18:39.0991 0x0ef4 adpahci - ok
09:18:39.0995 0x0ef4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:18:40.0002 0x0ef4 adpu320 - ok
09:18:40.0005 0x0ef4 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:18:40.0011 0x0ef4 AeLookupSvc - ok
09:18:40.0020 0x0ef4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
09:18:40.0030 0x0ef4 AFD - ok
09:18:40.0034 0x0ef4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:18:40.0038 0x0ef4 agp440 - ok
09:18:40.0041 0x0ef4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:18:40.0047 0x0ef4 ALG - ok
09:18:40.0049 0x0ef4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:18:40.0053 0x0ef4 aliide - ok
09:18:40.0059 0x0ef4 [ C2C6576BD76BDBD5D29555440C0F147B, EB92CCF0670493B63D073976F5026C0F5954733CBC20812118F13716503C249B ] amdacpksd C:\Windows\system32\drivers\amdacpksd.sys
09:18:40.0071 0x0ef4 amdacpksd - ok
09:18:40.0073 0x0ef4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:18:40.0077 0x0ef4 amdide - ok
09:18:40.0080 0x0ef4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:18:40.0085 0x0ef4 AmdK8 - ok
09:18:40.0087 0x0ef4 amdkmdag - ok
09:18:40.0096 0x0ef4 [ 6489E58445DC4E53EE1446EC0CB04842, 13449C7B0BBDC1F2D0B5C9A0299BED47475D2D249BD5E24F68F9E06C4DC601BF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:18:40.0110 0x0ef4 amdkmdap - ok
09:18:40.0113 0x0ef4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:18:40.0118 0x0ef4 AmdPPM - ok
09:18:40.0121 0x0ef4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:18:40.0127 0x0ef4 amdsata - ok
09:18:40.0131 0x0ef4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:18:40.0138 0x0ef4 amdsbs - ok
09:18:40.0140 0x0ef4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:18:40.0144 0x0ef4 amdxata - ok
09:18:40.0147 0x0ef4 [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID C:\Windows\system32\drivers\appid.sys
09:18:40.0152 0x0ef4 AppID - ok
09:18:40.0154 0x0ef4 [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:18:40.0159 0x0ef4 AppIDSvc - ok
09:18:40.0161 0x0ef4 [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo C:\Windows\System32\appinfo.dll
09:18:40.0167 0x0ef4 Appinfo - ok
09:18:40.0170 0x0ef4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:18:40.0175 0x0ef4 arc - ok
09:18:40.0178 0x0ef4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:18:40.0183 0x0ef4 arcsas - ok
09:18:40.0198 0x0ef4 [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
09:18:40.0214 0x0ef4 asComSvc - ok
09:18:40.0229 0x0ef4 [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
09:18:40.0245 0x0ef4 asHmComSvc - ok
09:18:40.0254 0x0ef4 [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
09:18:40.0258 0x0ef4 AsIO - ok
09:18:40.0264 0x0ef4 [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:18:40.0270 0x0ef4 aspnet_state - ok
09:18:40.0272 0x0ef4 [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
09:18:40.0275 0x0ef4 AsUpIO - ok
09:18:40.0277 0x0ef4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:18:40.0294 0x0ef4 AsyncMac - ok
09:18:40.0296 0x0ef4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:18:40.0300 0x0ef4 atapi - ok
09:18:40.0304 0x0ef4 [ F9DB31BC5CD3700D37DB136BA56E5E9D, 9AB7421975500EE7FE583CCF86914F94E697606A9199DC4F27D5609554C5D3F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:18:40.0310 0x0ef4 AtiHDAudioService - ok
09:18:40.0320 0x0ef4 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:18:40.0334 0x0ef4 AudioEndpointBuilder - ok
09:18:40.0345 0x0ef4 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:18:40.0359 0x0ef4 AudioSrv - ok
09:18:40.0363 0x0ef4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:18:40.0371 0x0ef4 AxInstSV - ok
09:18:40.0380 0x0ef4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:18:40.0390 0x0ef4 b06bdrv - ok
09:18:40.0396 0x0ef4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:18:40.0404 0x0ef4 b57nd60a - ok
09:18:40.0408 0x0ef4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:18:40.0414 0x0ef4 BDESVC - ok
09:18:40.0416 0x0ef4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:18:40.0432 0x0ef4 Beep - ok
09:18:40.0444 0x0ef4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:18:40.0458 0x0ef4 BFE - ok
09:18:40.0472 0x0ef4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:18:40.0500 0x0ef4 BITS - ok
09:18:40.0503 0x0ef4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:18:40.0508 0x0ef4 blbdrive - ok
09:18:40.0517 0x0ef4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:18:40.0526 0x0ef4 Bonjour Service - ok
09:18:40.0530 0x0ef4 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:18:40.0536 0x0ef4 bowser - ok
09:18:40.0538 0x0ef4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:18:40.0544 0x0ef4 BrFiltLo - ok
09:18:40.0546 0x0ef4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:18:40.0552 0x0ef4 BrFiltUp - ok
09:18:40.0556 0x0ef4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:18:40.0562 0x0ef4 Browser - ok
09:18:40.0568 0x0ef4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:18:40.0577 0x0ef4 Brserid - ok
09:18:40.0579 0x0ef4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:18:40.0586 0x0ef4 BrSerWdm - ok
09:18:40.0588 0x0ef4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:18:40.0594 0x0ef4 BrUsbMdm - ok
09:18:40.0596 0x0ef4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:18:40.0601 0x0ef4 BrUsbSer - ok
09:18:40.0603 0x0ef4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:18:40.0610 0x0ef4 BTHMODEM - ok
09:18:40.0614 0x0ef4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:18:40.0631 0x0ef4 bthserv - ok
09:18:40.0636 0x0ef4 [ 95C2FEB994798596F0E2CB2BB2C7F45A, 78A39A6EF8E29620F22970AF4AE37404FC33D308BF83F8CDF16F0A79C5561AAF ] cbdisk3 C:\Windows\system32\drivers\cbdisk3.sys
09:18:40.0643 0x0ef4 cbdisk3 - ok
09:18:40.0650 0x0ef4 [ 6C1506E58A2A0F1FC6756D322C576C5F, FBAE9597A594956AD6677DB0FB7FC2483DA6450E66BEB9B2D2D4F2C1373B7AA8 ] cbfs4 C:\Windows\system32\drivers\cbfs4.sys
09:18:40.0658 0x0ef4 cbfs4 - ok
09:18:40.0661 0x0ef4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:18:40.0679 0x0ef4 cdfs - ok
09:18:40.0683 0x0ef4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:18:40.0689 0x0ef4 cdrom - ok
09:18:40.0692 0x0ef4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:18:40.0709 0x0ef4 CertPropSvc - ok
09:18:40.0713 0x0ef4 [ 2B2559146B072EB183DA1AB57E38E886, CAAE41158C3D5EA55834085C9161DB1EFF173CDF2FD0340B5289F541C294C5CC ] CG6Service C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
09:18:40.0720 0x0ef4 CG6Service - ok
09:18:40.0723 0x0ef4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:18:40.0730 0x0ef4 circlass - ok
09:18:40.0737 0x0ef4 [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS C:\Windows\system32\CLFS.sys
09:18:40.0746 0x0ef4 CLFS - ok
09:18:40.0750 0x0ef4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:18:40.0756 0x0ef4 clr_optimization_v2.0.50727_32 - ok
09:18:40.0760 0x0ef4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:18:40.0765 0x0ef4 clr_optimization_v2.0.50727_64 - ok
09:18:40.0770 0x0ef4 [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:18:40.0776 0x0ef4 clr_optimization_v4.0.30319_32 - ok
09:18:40.0781 0x0ef4 [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:18:40.0788 0x0ef4 clr_optimization_v4.0.30319_64 - ok
09:18:40.0790 0x0ef4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:18:40.0795 0x0ef4 CmBatt - ok
09:18:40.0797 0x0ef4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:18:40.0801 0x0ef4 cmdide - ok
09:18:40.0809 0x0ef4 [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG C:\Windows\system32\Drivers\cng.sys
09:18:40.0823 0x0ef4 CNG - ok
09:18:40.0825 0x0ef4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:18:40.0829 0x0ef4 Compbatt - ok
09:18:40.0831 0x0ef4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:18:40.0838 0x0ef4 CompositeBus - ok
09:18:40.0839 0x0ef4 COMSysApp - ok
09:18:40.0851 0x0ef4 [ E20D73654A05670BD21F7876A3A0F747, A1708A4291641D8D17A6A4A7CE80A2B26046D3C35D5F718B008F0D3B290953DC ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:18:40.0860 0x0ef4 cphs - ok
09:18:40.0862 0x0ef4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:18:40.0866 0x0ef4 crcdisk - ok
09:18:40.0871 0x0ef4 [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:18:40.0879 0x0ef4 CryptSvc - ok
09:18:40.0888 0x0ef4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch C:\Windows\system32\rpcss.dll
09:18:40.0900 0x0ef4 DcomLaunch - ok
09:18:40.0903 0x0ef4 [ 5DE1DB1FD27B0486292C881E1D94437E, D2D824CE9F7B57A3659B2249531DBA85C114E65D4EEBA3A159607B2104FF704B ] debutfilter C:\Windows\system32\DRIVERS\debutfilterx64.sys
09:18:40.0906 0x0ef4 debutfilter - ok
09:18:40.0912 0x0ef4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:18:40.0932 0x0ef4 defragsvc - ok
09:18:40.0936 0x0ef4 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:18:40.0942 0x0ef4 DfsC - ok
09:18:40.0949 0x0ef4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:18:40.0958 0x0ef4 Dhcp - ok
09:18:40.0978 0x0ef4 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack C:\Windows\system32\diagtrack.dll
09:18:41.0002 0x0ef4 DiagTrack - ok
09:18:41.0009 0x0ef4 [ F81460DB0644F0E825109F2E0E9F5D06, 21F26663CE22412BC9E6F4CD0F7FC536ED8844DE7C2C104616ACADBF4F47A839 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
09:18:41.0013 0x0ef4 DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
09:18:41.0112 0x0ef4 Detect skipped due to KSN trusted
09:18:41.0112 0x0ef4 DirMngr - ok
09:18:41.0114 0x0ef4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:18:41.0131 0x0ef4 discache - ok
09:18:41.0134 0x0ef4 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk C:\Windows\system32\drivers\disk.sys
09:18:41.0140 0x0ef4 Disk - ok
09:18:41.0144 0x0ef4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:18:41.0151 0x0ef4 Dnscache - ok
09:18:41.0157 0x0ef4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:18:41.0176 0x0ef4 dot3svc - ok
09:18:41.0180 0x0ef4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:18:41.0198 0x0ef4 DPS - ok
09:18:41.0200 0x0ef4 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:18:41.0205 0x0ef4 drmkaud - ok
09:18:41.0220 0x0ef4 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:18:41.0237 0x0ef4 DXGKrnl - ok
09:18:41.0246 0x0ef4 [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
09:18:41.0256 0x0ef4 e1dexpress - ok
09:18:41.0260 0x0ef4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:18:41.0278 0x0ef4 EapHost - ok
09:18:41.0323 0x0ef4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:18:41.0372 0x0ef4 ebdrv - ok
09:18:41.0378 0x0ef4 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS C:\Windows\System32\lsass.exe
09:18:41.0383 0x0ef4 EFS - ok
09:18:41.0392 0x0ef4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:18:41.0404 0x0ef4 elxstor - ok
09:18:41.0406 0x0ef4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:18:41.0411 0x0ef4 ErrDev - ok
09:18:41.0419 0x0ef4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:18:41.0441 0x0ef4 EventSystem - ok
09:18:41.0446 0x0ef4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:18:41.0465 0x0ef4 exfat - ok
09:18:41.0469 0x0ef4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:18:41.0488 0x0ef4 fastfat - ok
09:18:41.0491 0x0ef4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:18:41.0496 0x0ef4 fdc - ok
09:18:41.0498 0x0ef4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:18:41.0515 0x0ef4 fdPHost - ok
09:18:41.0517 0x0ef4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:18:41.0535 0x0ef4 FDResPub - ok
09:18:41.0538 0x0ef4 [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio C:\Windows\system32\DRIVERS\ffusb2audio.sys
09:18:41.0544 0x0ef4 ffusb2audio - ok
09:18:41.0546 0x0ef4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:18:41.0551 0x0ef4 FileInfo - ok
09:18:41.0553 0x0ef4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:18:41.0571 0x0ef4 Filetrace - ok
09:18:41.0573 0x0ef4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:18:41.0578 0x0ef4 flpydisk - ok
09:18:41.0584 0x0ef4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:18:41.0592 0x0ef4 FltMgr - ok
09:18:41.0609 0x0ef4 [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache C:\Windows\system32\FntCache.dll
09:18:41.0630 0x0ef4 FontCache - ok
09:18:41.0633 0x0ef4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:18:41.0638 0x0ef4 FontCache3.0.0.0 - ok
09:18:41.0640 0x0ef4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:18:41.0645 0x0ef4 FsDepends - ok
09:18:41.0647 0x0ef4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:18:41.0652 0x0ef4 Fs_Rec - ok
09:18:41.0656 0x0ef4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:18:41.0665 0x0ef4 fvevol - ok
09:18:41.0668 0x0ef4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:18:41.0673 0x0ef4 gagp30kx - ok
09:18:41.0736 0x0ef4 [ 25BBECC7C72D4A1A021FA34534C1C822, F03164CB1624B2E4F6CCDF78562620DD81A3A985D5A6CFF7298B781D924F2F19 ] GlassWire C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
09:18:41.0820 0x0ef4 GlassWire - ok
09:18:41.0837 0x0ef4 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
09:18:41.0853 0x0ef4 gpsvc - ok
09:18:41.0856 0x0ef4 [ 3CF2C2F026B06D3F6B9A402DD50D5C9B, EEC63C73D54BC6F9AA53F6A248A041E3A0F1CE39386DA6243B42D1C14A322B2B ] gwdrv C:\Windows\system32\DRIVERS\gwdrv.sys
09:18:41.0860 0x0ef4 gwdrv - ok
09:18:41.0862 0x0ef4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:18:41.0867 0x0ef4 hcw85cir - ok
09:18:41.0873 0x0ef4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:18:41.0885 0x0ef4 HdAudAddService - ok
09:18:41.0888 0x0ef4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:18:41.0896 0x0ef4 HDAudBus - ok
09:18:41.0899 0x0ef4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:18:41.0904 0x0ef4 HidBatt - ok
09:18:41.0907 0x0ef4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:18:41.0914 0x0ef4 HidBth - ok
09:18:41.0917 0x0ef4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:18:41.0924 0x0ef4 HidIr - ok
09:18:41.0926 0x0ef4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:18:41.0943 0x0ef4 hidserv - ok
09:18:41.0945 0x0ef4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:18:41.0950 0x0ef4 HidUsb - ok
09:18:41.0952 0x0ef4 [ BBCC44D677183BEFED776C1ED6B138D1, A219E3C834550FA70E3D3986BFB31C40249B8A43F13BA023B21341C08249A65C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
09:18:41.0953 0x0ef4 HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
09:18:42.0091 0x0ef4 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
09:18:42.0237 0x0ef4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:18:42.0255 0x0ef4 hkmsvc - ok
09:18:42.0260 0x0ef4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:18:42.0268 0x0ef4 HomeGroupListener - ok
09:18:42.0273 0x0ef4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:18:42.0280 0x0ef4 HomeGroupProvider - ok
09:18:42.0284 0x0ef4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:18:42.0289 0x0ef4 HpSAMD - ok
09:18:42.0301 0x0ef4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:18:42.0316 0x0ef4 HTTP - ok
09:18:42.0318 0x0ef4 [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO64A.SYS
09:18:42.0322 0x0ef4 HWiNFO32 - ok
09:18:42.0324 0x0ef4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:18:42.0328 0x0ef4 hwpolicy - ok
09:18:42.0331 0x0ef4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:18:42.0337 0x0ef4 i8042prt - ok
09:18:42.0346 0x0ef4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:18:42.0355 0x0ef4 iaStorV - ok
09:18:42.0369 0x0ef4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:18:42.0385 0x0ef4 idsvc - ok
09:18:42.0387 0x0ef4 IEEtwCollectorService - ok
09:18:42.0453 0x0ef4 [ 4AA0CEDCA2DCCD38B6F0AA56BC7B80BB, B4D88292CD95DB1DC9BE7A721D3886889D9761F48BCA5ABA8EB8492B53FCC007 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:18:42.0548 0x0ef4 igfx - ok
09:18:42.0560 0x0ef4 [ 486F05A5B011EA206AD5F6BB9A032A6B, 77A9113C6A8C0C096CA2B4A4A70C33A75C3DF14B36BCD10605DC34F39EBABA76 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
09:18:42.0569 0x0ef4 igfxCUIService1.0.0.0 - ok
09:18:42.0571 0x0ef4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:18:42.0576 0x0ef4 iirsp - ok
09:18:42.0589 0x0ef4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:18:42.0606 0x0ef4 IKEEXT - ok
09:18:42.0615 0x0ef4 [ 9D01DDF5EA8494BBCBB73FF385E35D35, C575DC65275BEA8558A855C7DC6CFA84BD7F48D24BB0C522084E89DDC5CB02A7 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:18:42.0627 0x0ef4 IntcDAud - ok
09:18:42.0641 0x0ef4 [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:18:42.0652 0x0ef4 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
09:18:42.0755 0x0ef4 Detect skipped due to KSN trusted
09:18:42.0755 0x0ef4 Intel(R) Capability Licensing Service Interface - ok
09:18:42.0769 0x0ef4 [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:18:42.0784 0x0ef4 Intel(R) Capability Licensing Service TCP IP Interface - ok
09:18:42.0789 0x0ef4 [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
09:18:42.0795 0x0ef4 Intel(R) PROSet Monitoring Service - ok
09:18:42.0797 0x0ef4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:18:42.0802 0x0ef4 intelide - ok
09:18:42.0804 0x0ef4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:18:42.0810 0x0ef4 intelppm - ok
09:18:42.0812 0x0ef4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:18:42.0831 0x0ef4 IPBusEnum - ok
09:18:42.0833 0x0ef4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:42.0850 0x0ef4 IpFilterDriver - ok
09:18:42.0860 0x0ef4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:18:42.0872 0x0ef4 iphlpsvc - ok
09:18:42.0875 0x0ef4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:18:42.0881 0x0ef4 IPMIDRV - ok
09:18:42.0884 0x0ef4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:18:42.0902 0x0ef4 IPNAT - ok
09:18:42.0904 0x0ef4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:18:42.0912 0x0ef4 IRENUM - ok
09:18:42.0914 0x0ef4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:18:42.0918 0x0ef4 isapnp - ok
09:18:42.0924 0x0ef4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:18:42.0932 0x0ef4 iScsiPrt - ok
09:18:42.0936 0x0ef4 [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:18:42.0941 0x0ef4 jhi_service - ok
09:18:42.0944 0x0ef4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:18:42.0949 0x0ef4 kbdclass - ok
09:18:42.0951 0x0ef4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:18:42.0956 0x0ef4 kbdhid - ok
09:18:42.0958 0x0ef4 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso C:\Windows\system32\lsass.exe
09:18:42.0963 0x0ef4 KeyIso - ok
09:18:42.0966 0x0ef4 [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:18:42.0971 0x0ef4 KSecDD - ok
09:18:42.0975 0x0ef4 [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:18:42.0981 0x0ef4 KSecPkg - ok
09:18:42.0983 0x0ef4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:18:43.0000 0x0ef4 ksthunk - ok
09:18:43.0011 0x0ef4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:18:43.0033 0x0ef4 KtmRm - ok
09:18:43.0038 0x0ef4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:18:43.0057 0x0ef4 LanmanServer - ok
09:18:43.0061 0x0ef4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:18:43.0079 0x0ef4 LanmanWorkstation - ok
09:18:43.0082 0x0ef4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:18:43.0100 0x0ef4 lltdio - ok
09:18:43.0106 0x0ef4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:18:43.0127 0x0ef4 lltdsvc - ok
09:18:43.0129 0x0ef4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:18:43.0146 0x0ef4 lmhosts - ok
09:18:43.0153 0x0ef4 [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:18:43.0161 0x0ef4 LMS - ok
09:18:43.0165 0x0ef4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:18:43.0171 0x0ef4 LSI_FC - ok
09:18:43.0174 0x0ef4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:18:43.0179 0x0ef4 LSI_SAS - ok
09:18:43.0182 0x0ef4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:18:43.0187 0x0ef4 LSI_SAS2 - ok
09:18:43.0190 0x0ef4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:18:43.0195 0x0ef4 LSI_SCSI - ok
09:18:43.0199 0x0ef4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:18:43.0217 0x0ef4 luafv - ok
09:18:43.0219 0x0ef4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:18:43.0223 0x0ef4 megasas - ok
09:18:43.0229 0x0ef4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:18:43.0237 0x0ef4 MegaSR - ok
09:18:43.0240 0x0ef4 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:18:43.0244 0x0ef4 MEIx64 - ok
09:18:43.0247 0x0ef4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:18:43.0265 0x0ef4 MMCSS - ok
09:18:43.0267 0x0ef4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:18:43.0284 0x0ef4 Modem - ok
09:18:43.0286 0x0ef4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:18:43.0293 0x0ef4 monitor - ok
09:18:43.0295 0x0ef4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:18:43.0300 0x0ef4 mouclass - ok
09:18:43.0302 0x0ef4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:18:43.0307 0x0ef4 mouhid - ok
09:18:43.0310 0x0ef4 [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:18:43.0315 0x0ef4 mountmgr - ok
09:18:43.0319 0x0ef4 [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:18:43.0325 0x0ef4 MozillaMaintenance - ok
09:18:43.0329 0x0ef4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:18:43.0335 0x0ef4 mpio - ok
09:18:43.0338 0x0ef4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:18:43.0356 0x0ef4 mpsdrv - ok
09:18:43.0369 0x0ef4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:18:43.0397 0x0ef4 MpsSvc - ok
09:18:43.0402 0x0ef4 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:18:43.0408 0x0ef4 MRxDAV - ok
09:18:43.0412 0x0ef4 [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:43.0419 0x0ef4 mrxsmb - ok
09:18:43.0425 0x0ef4 [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:43.0434 0x0ef4 mrxsmb10 - ok
09:18:43.0437 0x0ef4 [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:43.0444 0x0ef4 mrxsmb20 - ok
09:18:43.0446 0x0ef4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:18:43.0451 0x0ef4 msahci - ok
09:18:43.0455 0x0ef4 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
09:18:43.0461 0x0ef4 MSCamSvc - ok
09:18:43.0464 0x0ef4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:18:43.0470 0x0ef4 msdsm - ok
09:18:43.0474 0x0ef4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:18:43.0481 0x0ef4 MSDTC - ok
09:18:43.0485 0x0ef4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:18:43.0501 0x0ef4 Msfs - ok
09:18:43.0503 0x0ef4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:18:43.0520 0x0ef4 mshidkmdf - ok
09:18:43.0522 0x0ef4 [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
09:18:43.0526 0x0ef4 MSHUSBVideo - ok
09:18:43.0528 0x0ef4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:18:43.0532 0x0ef4 msisadrv - ok
09:18:43.0536 0x0ef4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:18:43.0555 0x0ef4 MSiSCSI - ok
09:18:43.0556 0x0ef4 msiserver - ok
09:18:43.0558 0x0ef4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:18:43.0575 0x0ef4 MSKSSRV - ok
09:18:43.0577 0x0ef4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:43.0593 0x0ef4 MSPCLOCK - ok
09:18:43.0595 0x0ef4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:18:43.0612 0x0ef4 MSPQM - ok
09:18:43.0619 0x0ef4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:18:43.0629 0x0ef4 MsRPC - ok
09:18:43.0632 0x0ef4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:18:43.0636 0x0ef4 mssmbios - ok
09:18:43.0638 0x0ef4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:18:43.0655 0x0ef4 MSTEE - ok
09:18:43.0657 0x0ef4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:18:43.0662 0x0ef4 MTConfig - ok
09:18:43.0665 0x0ef4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:18:43.0670 0x0ef4 Mup - ok
09:18:43.0678 0x0ef4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:18:43.0701 0x0ef4 napagent - ok
09:18:43.0708 0x0ef4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:18:43.0719 0x0ef4 NativeWifiP - ok
09:18:43.0734 0x0ef4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:18:43.0752 0x0ef4 NDIS - ok
09:18:43.0755 0x0ef4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:43.0772 0x0ef4 NdisCap - ok
09:18:43.0774 0x0ef4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:43.0792 0x0ef4 NdisTapi - ok
09:18:43.0794 0x0ef4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:43.0811 0x0ef4 Ndisuio - ok
09:18:43.0815 0x0ef4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:43.0834 0x0ef4 NdisWan - ok
09:18:43.0836 0x0ef4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:18:43.0854 0x0ef4 NDProxy - ok
09:18:43.0856 0x0ef4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:18:43.0874 0x0ef4 NetBIOS - ok
09:18:43.0879 0x0ef4 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:18:43.0887 0x0ef4 NetBT - ok
09:18:43.0889 0x0ef4 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon C:\Windows\system32\lsass.exe
09:18:43.0894 0x0ef4 Netlogon - ok
09:18:43.0901 0x0ef4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:18:43.0923 0x0ef4 Netman - ok
09:18:43.0928 0x0ef4 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:43.0935 0x0ef4 NetMsmqActivator - ok
09:18:43.0938 0x0ef4 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:43.0944 0x0ef4 NetPipeActivator - ok
09:18:43.0953 0x0ef4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:18:43.0977 0x0ef4 netprofm - ok
09:18:43.0991 0x0ef4 [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
09:18:44.0008 0x0ef4 netr28ux - ok
09:18:44.0012 0x0ef4 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:44.0019 0x0ef4 NetTcpActivator - ok
09:18:44.0022 0x0ef4 [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:44.0029 0x0ef4 NetTcpPortSharing - ok
09:18:44.0031 0x0ef4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:18:44.0036 0x0ef4 nfrd960 - ok
09:18:44.0227 0x0ef4 [ 51863664507D84D42DCDA30EE6F284FB, 655DFB2E019E3E5EEF69C90B796F40D74986951BA4A6EA7CDDAE73DAE420FCE9 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
09:18:44.0425 0x0ef4 NIHardwareService - ok
09:18:44.0589 0x0ef4 [ F3B089833C4D3B7238C687F2B92FFB95, 2E593CB336ADBB0911AB0150B92E6E9B2A215666F9987BCD7F48A445DB3E2164 ] NIHostIntegrationAgent C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
09:18:44.0749 0x0ef4 NIHostIntegrationAgent - ok
09:18:44.0762 0x0ef4 [ EEECC4C67144A39BA5B9B6E351932606, C3CB9042D00559893EA37969898840D3D437703E6B13BCF21253AB40F6071446 ] NIWinCDEmu C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
09:18:44.0768 0x0ef4 NIWinCDEmu - ok
09:18:44.0774 0x0ef4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:18:44.0783 0x0ef4 NlaSvc - ok
09:18:44.0785 0x0ef4 [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF C:\Windows\system32\drivers\npf.sys
09:18:44.0790 0x0ef4 NPF - ok
09:18:44.0792 0x0ef4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:18:44.0810 0x0ef4 Npfs - ok
09:18:44.0812 0x0ef4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:18:44.0830 0x0ef4 nsi - ok
09:18:44.0832 0x0ef4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:18:44.0849 0x0ef4 nsiproxy - ok
09:18:44.0874 0x0ef4 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:18:44.0901 0x0ef4 Ntfs - ok
09:18:44.0904 0x0ef4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:18:44.0920 0x0ef4 Null - ok
09:18:44.0924 0x0ef4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:18:44.0930 0x0ef4 nvraid - ok
09:18:44.0934 0x0ef4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:18:44.0940 0x0ef4 nvstor - ok
09:18:44.0944 0x0ef4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:18:44.0949 0x0ef4 nv_agp - ok
09:18:44.0952 0x0ef4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:18:44.0958 0x0ef4 ohci1394 - ok
09:18:45.0024 0x0ef4 [ AEE92DF50D5ADF81FC5709ABF7DFF8A5, 655C2FC05FFF3095D4EBC5A88638D1FF9228FE54154431CBC4F2A34197869A90 ] OSFMount T:\FTK\OSForensics\OSFMount64\OSFMount.sys
09:18:45.0045 0x0ef4 OSFMount - ok
09:18:45.0054 0x0ef4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:18:45.0064 0x0ef4 p2pimsvc - ok
09:18:45.0071 0x0ef4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:18:45.0082 0x0ef4 p2psvc - ok
09:18:45.0344 0x0ef4 [ C8DB2CA854F8D544B634AE73AB3BC344, 50D242599FA45FA4790DC3672C9EFF1ACA5B79FBBC323E750DD079A7C1CD5A38 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
09:18:45.0638 0x0ef4 PaceLicenseDServices - ok
09:18:45.0659 0x0ef4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
09:18:45.0666 0x0ef4 Parport - ok
09:18:45.0668 0x0ef4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:18:45.0673 0x0ef4 partmgr - ok
09:18:45.0678 0x0ef4 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc C:\Windows\System32\pcasvc.dll
09:18:45.0686 0x0ef4 PcaSvc - ok
09:18:45.0690 0x0ef4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:18:45.0697 0x0ef4 pci - ok
09:18:45.0699 0x0ef4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:18:45.0703 0x0ef4 pciide - ok
09:18:45.0708 0x0ef4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:18:45.0715 0x0ef4 pcmcia - ok
09:18:45.0717 0x0ef4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:18:45.0722 0x0ef4 pcw - ok
09:18:45.0733 0x0ef4 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:18:45.0746 0x0ef4 PEAUTH - ok
09:18:45.0755 0x0ef4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:18:45.0761 0x0ef4 PerfHost - ok
09:18:45.0783 0x0ef4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:18:45.0818 0x0ef4 pla - ok
09:18:45.0827 0x0ef4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:18:45.0837 0x0ef4 PlugPlay - ok
09:18:45.0847 0x0ef4 [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
09:18:45.0858 0x0ef4 PMBDeviceInfoProvider - ok
09:18:45.0860 0x0ef4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:18:45.0865 0x0ef4 PNRPAutoReg - ok
09:18:45.0872 0x0ef4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:18:45.0881 0x0ef4 PNRPsvc - ok
09:18:45.0883 0x0ef4 [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
09:18:45.0887 0x0ef4 Point64 - ok
09:18:45.0896 0x0ef4 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:18:45.0907 0x0ef4 PolicyAgent - ok
09:18:45.0912 0x0ef4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:18:45.0932 0x0ef4 Power - ok
09:18:45.0935 0x0ef4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:18:45.0952 0x0ef4 PptpMiniport - ok
09:18:45.0955 0x0ef4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:18:45.0960 0x0ef4 Processor - ok
09:18:45.0965 0x0ef4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
09:18:45.0973 0x0ef4 ProfSvc - ok
09:18:45.0975 0x0ef4 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:18:45.0980 0x0ef4 ProtectedStorage - ok
09:18:45.0983 0x0ef4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:18:46.0000 0x0ef4 Psched - ok
09:18:46.0023 0x0ef4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:18:46.0047 0x0ef4 ql2300 - ok
09:18:46.0052 0x0ef4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:18:46.0057 0x0ef4 ql40xx - ok
09:18:46.0063 0x0ef4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:18:46.0074 0x0ef4 QWAVE - ok
09:18:46.0076 0x0ef4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:18:46.0084 0x0ef4 QWAVEdrv - ok
09:18:46.0086 0x0ef4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:18:46.0103 0x0ef4 RasAcd - ok
09:18:46.0105 0x0ef4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:46.0122 0x0ef4 RasAgileVpn - ok
09:18:46.0126 0x0ef4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:18:46.0144 0x0ef4 RasAuto - ok
09:18:46.0147 0x0ef4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:46.0165 0x0ef4 Rasl2tp - ok
09:18:46.0172 0x0ef4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:18:46.0193 0x0ef4 RasMan - ok
09:18:46.0196 0x0ef4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:46.0214 0x0ef4 RasPppoe - ok
09:18:46.0217 0x0ef4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:18:46.0235 0x0ef4 RasSstp - ok
09:18:46.0241 0x0ef4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:18:46.0261 0x0ef4 rdbss - ok
09:18:46.0263 0x0ef4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:18:46.0270 0x0ef4 rdpbus - ok
09:18:46.0271 0x0ef4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:46.0288 0x0ef4 RDPCDD - ok
09:18:46.0291 0x0ef4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:18:46.0307 0x0ef4 RDPENCDD - ok
09:18:46.0310 0x0ef4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:18:46.0327 0x0ef4 RDPREFMP - ok
09:18:46.0331 0x0ef4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:18:46.0339 0x0ef4 RDPWD - ok
09:18:46.0344 0x0ef4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:18:46.0351 0x0ef4 rdyboost - ok
09:18:46.0354 0x0ef4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:18:46.0373 0x0ef4 RemoteAccess - ok
09:18:46.0376 0x0ef4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:18:46.0396 0x0ef4 RemoteRegistry - ok
09:18:46.0399 0x0ef4 [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
09:18:46.0404 0x0ef4 rpcapd - ok
09:18:46.0406 0x0ef4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:18:46.0425 0x0ef4 RpcEptMapper - ok
09:18:46.0427 0x0ef4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:18:46.0432 0x0ef4 RpcLocator - ok
09:18:46.0441 0x0ef4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs C:\Windows\system32\rpcss.dll
09:18:46.0453 0x0ef4 RpcSs - ok
09:18:46.0456 0x0ef4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:18:46.0474 0x0ef4 rspndr - ok
09:18:46.0476 0x0ef4 [ 24061B0958874C1CB2A5A8E9D25482D4, F84F8173242B95F9F3C4FEA99B5555B33F9CE37CA8188B643871D261CB081496 ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
09:18:46.0480 0x0ef4 RTCore64 - ok
09:18:46.0521 0x0ef4 [ CB1D6D163F1FA16571F4E01B12BD3A77, 9D3125DD74B3C4924F39805B62069F9B4B78D6EA5BB769D7DAC7D0AD3FC7D5BC ] RtlWlanu C:\Windows\system32\DRIVERS\rtwlanu.sys
09:18:46.0565 0x0ef4 RtlWlanu - ok
09:18:46.0571 0x0ef4 [ E5DCAF3BA52C18B8C267B8525393750E, 874B78270C60FE426C3B35C0B5FD00EA35D88C081BB94E03F9B71E4479FE46A7 ] RunSwUSB C:\Windows\runSW.exe
09:18:46.0575 0x0ef4 RunSwUSB - ok
09:18:46.0577 0x0ef4 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] SamSs C:\Windows\system32\lsass.exe
09:18:46.0582 0x0ef4 SamSs - ok
09:18:46.0585 0x0ef4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:18:46.0590 0x0ef4 sbp2port - ok
09:18:46.0594 0x0ef4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:18:46.0614 0x0ef4 SCardSvr - ok
09:18:46.0616 0x0ef4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:18:46.0634 0x0ef4 scfilter - ok
09:18:46.0651 0x0ef4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
09:18:46.0671 0x0ef4 Schedule - ok
09:18:46.0675 0x0ef4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:18:46.0692 0x0ef4 SCPolicySvc - ok
09:18:46.0696 0x0ef4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:18:46.0704 0x0ef4 SDRSVC - ok
09:18:46.0706 0x0ef4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:18:46.0711 0x0ef4 secdrv - ok
09:18:46.0713 0x0ef4 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
09:18:46.0718 0x0ef4 seclogon - ok
09:18:46.0721 0x0ef4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:18:46.0739 0x0ef4 SENS - ok
09:18:46.0741 0x0ef4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:18:46.0747 0x0ef4 SensrSvc - ok
09:18:46.0749 0x0ef4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:18:46.0754 0x0ef4 Serenum - ok
09:18:46.0757 0x0ef4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
09:18:46.0763 0x0ef4 Serial - ok
09:18:46.0765 0x0ef4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:18:46.0770 0x0ef4 sermouse - ok
09:18:46.0775 0x0ef4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:18:46.0794 0x0ef4 SessionEnv - ok
09:18:46.0796 0x0ef4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:18:46.0802 0x0ef4 sffdisk - ok
09:18:46.0804 0x0ef4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:18:46.0810 0x0ef4 sffp_mmc - ok
09:18:46.0812 0x0ef4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:18:46.0819 0x0ef4 sffp_sd - ok
09:18:46.0821 0x0ef4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:18:46.0826 0x0ef4 sfloppy - ok
09:18:46.0832 0x0ef4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:18:46.0854 0x0ef4 SharedAccess - ok
09:18:46.0861 0x0ef4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:18:46.0882 0x0ef4 ShellHWDetection - ok
09:18:46.0884 0x0ef4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:18:46.0889 0x0ef4 SiSRaid2 - ok
09:18:46.0892 0x0ef4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:18:46.0897 0x0ef4 SiSRaid4 - ok
09:18:46.0900 0x0ef4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:18:46.0918 0x0ef4 Smb - ok
09:18:46.0922 0x0ef4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:18:46.0928 0x0ef4 SNMPTRAP - ok
09:18:46.0930 0x0ef4 [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan C:\Windows\SysWOW64\speedfan.sys
09:18:46.0935 0x0ef4 speedfan - ok
09:18:46.0937 0x0ef4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:18:46.0941 0x0ef4 spldr - ok
09:18:46.0951 0x0ef4 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
09:18:46.0975 0x0ef4 Spooler - ok
09:18:47.0024 0x0ef4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:18:47.0088 0x0ef4 sppsvc - ok
09:18:47.0095 0x0ef4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:18:47.0113 0x0ef4 sppuinotify - ok
09:18:47.0123 0x0ef4 [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:18:47.0139 0x0ef4 srv - ok
09:18:47.0147 0x0ef4 [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:18:47.0157 0x0ef4 srv2 - ok
09:18:47.0162 0x0ef4 [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:18:47.0169 0x0ef4 srvnet - ok
09:18:47.0173 0x0ef4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:18:47.0194 0x0ef4 SSDPSRV - ok
09:18:47.0196 0x0ef4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:18:47.0215 0x0ef4 SstpSvc - ok
09:18:47.0236 0x0ef4 [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:18:47.0260 0x0ef4 Steam Client Service - ok
09:18:47.0263 0x0ef4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:18:47.0267 0x0ef4 stexstor - ok
09:18:47.0277 0x0ef4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:18:47.0293 0x0ef4 stisvc - ok
09:18:47.0295 0x0ef4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:18:47.0299 0x0ef4 swenum - ok
09:18:47.0308 0x0ef4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:18:47.0333 0x0ef4 swprv - ok
09:18:47.0358 0x0ef4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
09:18:47.0387 0x0ef4 SysMain - ok
09:18:47.0391 0x0ef4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:18:47.0401 0x0ef4 TabletInputService - ok
09:18:47.0403 0x0ef4 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
09:18:47.0408 0x0ef4 tap0901 - ok
09:18:47.0414 0x0ef4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:18:47.0435 0x0ef4 TapiSrv - ok
09:18:47.0463 0x0ef4 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:18:47.0492 0x0ef4 Tcpip - ok
09:18:47.0520 0x0ef4 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:18:47.0549 0x0ef4 TCPIP6 - ok
09:18:47.0554 0x0ef4 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:18:47.0559 0x0ef4 tcpipreg - ok
09:18:47.0561 0x0ef4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:18:47.0566 0x0ef4 TDPIPE - ok
09:18:47.0568 0x0ef4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:18:47.0572 0x0ef4 TDTCP - ok
09:18:47.0576 0x0ef4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:18:47.0581 0x0ef4 tdx - ok
09:18:47.0725 0x0ef4 [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
09:18:47.0867 0x0ef4 TeamViewer - ok
09:18:47.0876 0x0ef4 [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
09:18:47.0880 0x0ef4 teamviewervpn - ok
09:18:47.0883 0x0ef4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:18:47.0888 0x0ef4 TermDD - ok
09:18:47.0899 0x0ef4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
09:18:47.0914 0x0ef4 TermService - ok
09:18:47.0917 0x0ef4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:18:47.0925 0x0ef4 Themes - ok
09:18:47.0928 0x0ef4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:18:47.0947 0x0ef4 THREADORDER - ok
09:18:47.0950 0x0ef4 [ D154DD00C8F12D94C9CC94027356B6E4, 501026564147DC43D0764521816B8D20576DA8F5D9DB0D2D8D3A16AA48A534A3 ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
09:18:47.0955 0x0ef4 Tpkd - ok
09:18:47.0959 0x0ef4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:18:47.0978 0x0ef4 TrkWks - ok
09:18:47.0982 0x0ef4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:18:48.0001 0x0ef4 TrustedInstaller - ok
09:18:48.0004 0x0ef4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:48.0009 0x0ef4 tssecsrv - ok
09:18:48.0011 0x0ef4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:18:48.0016 0x0ef4 TsUsbFlt - ok
09:18:48.0018 0x0ef4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:18:48.0023 0x0ef4 TsUsbGD - ok
09:18:48.0026 0x0ef4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:18:48.0044 0x0ef4 tunnel - ok
09:18:48.0046 0x0ef4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:18:48.0052 0x0ef4 uagp35 - ok
09:18:48.0058 0x0ef4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:18:48.0079 0x0ef4 udfs - ok
09:18:48.0082 0x0ef4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:18:48.0088 0x0ef4 UI0Detect - ok
09:18:48.0091 0x0ef4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:18:48.0096 0x0ef4 uliagpkx - ok
09:18:48.0098 0x0ef4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:18:48.0103 0x0ef4 umbus - ok
09:18:48.0105 0x0ef4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:18:48.0110 0x0ef4 UmPass - ok
09:18:48.0116 0x0ef4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:18:48.0138 0x0ef4 upnphost - ok
09:18:48.0142 0x0ef4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:18:48.0147 0x0ef4 usbaudio - ok
09:18:48.0150 0x0ef4 [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:48.0156 0x0ef4 usbccgp - ok
09:18:48.0159 0x0ef4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:18:48.0165 0x0ef4 usbcir - ok
09:18:48.0167 0x0ef4 [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:18:48.0173 0x0ef4 usbehci - ok
09:18:48.0179 0x0ef4 [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub C:\Windows\system32\drivers\usbhub.sys
09:18:48.0188 0x0ef4 usbhub - ok
09:18:48.0190 0x0ef4 [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:18:48.0195 0x0ef4 usbohci - ok
09:18:48.0197 0x0ef4 [ E657C5CEA6B8EF318FEA1BCF971EE32D, B97314C2E82E2D942BE22D59DA8703EBF6631EF82ED34EDCD210CC37E206DE37 ] USBPcap C:\Windows\system32\DRIVERS\USBPcap.sys
09:18:48.0201 0x0ef4 USBPcap - ok
09:18:48.0203 0x0ef4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:18:48.0209 0x0ef4 usbprint - ok
09:18:48.0212 0x0ef4 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:48.0218 0x0ef4 USBSTOR - ok
09:18:48.0220 0x0ef4 [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:18:48.0224 0x0ef4 usbuhci - ok
09:18:48.0229 0x0ef4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:18:48.0235 0x0ef4 usbvideo - ok
09:18:48.0238 0x0ef4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:18:48.0255 0x0ef4 UxSms - ok
09:18:48.0257 0x0ef4 [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] VaultSvc C:\Windows\system32\lsass.exe
09:18:48.0262 0x0ef4 VaultSvc - ok
09:18:48.0277 0x0ef4 [ B9762134953EF28EC04286AA4B35863E, 032C3CCA358E3AEA18FEAD374223544C69287B7380892BB266573D9BEB571B4E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
09:18:48.0295 0x0ef4 VBoxDrv - ok
09:18:48.0299 0x0ef4 [ 6DFE5B5F1E614E2088139D4A0C11AB15, 4347577D3E913EED1A094026B6898875B0DA7C5D57182DF77762EDDC3C0AF63F ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
09:18:48.0306 0x0ef4 VBoxNetAdp - ok
09:18:48.0310 0x0ef4 [ E4DCFB40B687F565CD8261EB558586BD, 7B961F069850653DDB9EA68A67A5129845B6F735EB99F6591E109AEF425B84F9 ] VBoxNetLwf C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
09:18:48.0318 0x0ef4 VBoxNetLwf - ok
09:18:48.0321 0x0ef4 [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
09:18:48.0328 0x0ef4 VBoxUSB - ok
09:18:48.0332 0x0ef4 [ 312FB8707B51E327DFFBD7DD08BE9E2E, 02E0A4FCA3560B993209C6F2BF4C4056162FE8F6B9560C142E8263DCFBE7BE90 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
09:18:48.0338 0x0ef4 VBoxUSBMon - ok
09:18:48.0340 0x0ef4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:18:48.0345 0x0ef4 vdrvroot - ok
09:18:48.0354 0x0ef4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:18:48.0378 0x0ef4 vds - ok
09:18:48.0383 0x0ef4 [ C0BB7F0C789AC778549DCC20B18A8DC0, 6C985B008488EB9766C4CE6709C37AF6ECCEDA7A69EB45627B1871D891D925DF ] veracrypt C:\Windows\system32\drivers\veracrypt.sys
09:18:48.0389 0x0ef4 veracrypt - ok
09:18:48.0391 0x0ef4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:48.0397 0x0ef4 vga - ok
09:18:48.0399 0x0ef4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:18:48.0416 0x0ef4 VgaSave - ok
09:18:48.0421 0x0ef4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:18:48.0427 0x0ef4 vhdmp - ok
09:18:48.0439 0x0ef4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:18:48.0444 0x0ef4 viaide - ok
09:18:48.0447 0x0ef4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:18:48.0452 0x0ef4 volmgr - ok
09:18:48.0458 0x0ef4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:18:48.0467 0x0ef4 volmgrx - ok
09:18:48.0473 0x0ef4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:18:48.0481 0x0ef4 volsnap - ok
09:18:48.0483 0x0ef4 [ 0804B6E024B4A3116E8BF39B65933329, B6A816FAD170E16D03D0F1293B937B600D393331011A8DF66CC3D1EE6569922C ] vpnpbus C:\Windows\system32\DRIVERS\vpnpbus.sys
09:18:48.0487 0x0ef4 vpnpbus - ok
09:18:48.0491 0x0ef4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:18:48.0497 0x0ef4 vsmraid - ok
09:18:48.0520 0x0ef4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:18:48.0558 0x0ef4 VSS - ok
09:18:48.0561 0x0ef4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:18:48.0567 0x0ef4 vwifibus - ok
09:18:48.0570 0x0ef4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:18:48.0578 0x0ef4 vwififlt - ok
09:18:48.0580 0x0ef4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:18:48.0587 0x0ef4 vwifimp - ok
09:18:48.0594 0x0ef4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:18:48.0617 0x0ef4 W32Time - ok
09:18:48.0619 0x0ef4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:18:48.0625 0x0ef4 WacomPen - ok
09:18:48.0628 0x0ef4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:18:48.0645 0x0ef4 WANARP - ok
09:18:48.0647 0x0ef4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:18:48.0665 0x0ef4 Wanarpv6 - ok
09:18:48.0687 0x0ef4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:18:48.0713 0x0ef4 wbengine - ok
09:18:48.0718 0x0ef4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:18:48.0729 0x0ef4 WbioSrvc - ok
09:18:48.0736 0x0ef4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:18:48.0749 0x0ef4 wcncsvc - ok
09:18:48.0751 0x0ef4 [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:18:48.0757 0x0ef4 WcsPlugInService - ok
09:18:48.0759 0x0ef4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:18:48.0763 0x0ef4 Wd - ok
09:18:48.0765 0x0ef4 [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
09:18:48.0773 0x0ef4 WDC_SAM - ok
09:18:48.0785 0x0ef4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:18:48.0801 0x0ef4 Wdf01000 - ok
09:18:48.0804 0x0ef4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:18:48.0811 0x0ef4 WdiServiceHost - ok
09:18:48.0813 0x0ef4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:18:48.0819 0x0ef4 WdiSystemHost - ok
09:18:48.0824 0x0ef4 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient C:\Windows\System32\webclnt.dll
09:18:48.0833 0x0ef4 WebClient - ok
09:18:48.0838 0x0ef4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:18:48.0859 0x0ef4 Wecsvc - ok
09:18:48.0862 0x0ef4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:18:48.0880 0x0ef4 wercplsupport - ok
09:18:48.0883 0x0ef4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:18:48.0901 0x0ef4 WerSvc - ok
09:18:48.0903 0x0ef4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:48.0920 0x0ef4 WfpLwf - ok
09:18:48.0922 0x0ef4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:18:48.0927 0x0ef4 WIMMount - ok
09:18:48.0928 0x0ef4 WinDefend - ok
09:18:48.0931 0x0ef4 WinHttpAutoProxySvc - ok
09:18:48.0937 0x0ef4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:18:48.0957 0x0ef4 Winmgmt - ok
09:18:48.0986 0x0ef4 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM C:\Windows\system32\WsmSvc.dll
09:18:49.0018 0x0ef4 WinRM - ok
09:18:49.0023 0x0ef4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:18:49.0030 0x0ef4 WinUsb - ok
09:18:49.0043 0x0ef4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:18:49.0063 0x0ef4 Wlansvc - ok
09:18:49.0066 0x0ef4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:18:49.0070 0x0ef4 WmiAcpi - ok
09:18:49.0076 0x0ef4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:18:49.0083 0x0ef4 wmiApSrv - ok
09:18:49.0085 0x0ef4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:18:49.0091 0x0ef4 WPCSvc - ok
09:18:49.0094 0x0ef4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:18:49.0102 0x0ef4 WPDBusEnum - ok
09:18:49.0104 0x0ef4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:18:49.0121 0x0ef4 ws2ifsl - ok
09:18:49.0124 0x0ef4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:18:49.0133 0x0ef4 wscsvc - ok
09:18:49.0135 0x0ef4 WSearch - ok
09:18:49.0173 0x0ef4 [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv C:\Windows\system32\wuaueng.dll
09:18:49.0213 0x0ef4 wuauserv - ok
09:18:49.0217 0x0ef4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:18:49.0223 0x0ef4 WudfPf - ok
09:18:49.0227 0x0ef4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:49.0234 0x0ef4 WUDFRd - ok
09:18:49.0237 0x0ef4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:18:49.0243 0x0ef4 wudfsvc - ok
09:18:49.0248 0x0ef4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:18:49.0256 0x0ef4 WwanSvc - ok
09:18:49.0262 0x0ef4 ================ Scan global ===============================
09:18:49.0264 0x0ef4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
09:18:49.0268 0x0ef4 [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
09:18:49.0275 0x0ef4 [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
09:18:49.0280 0x0ef4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:18:49.0287 0x0ef4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:18:49.0291 0x0ef4 [ Global ] - ok
09:18:49.0291 0x0ef4 ================ Scan MBR ==================================
09:18:49.0297 0x0ef4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:18:49.0411 0x0ef4 \Device\Harddisk0\DR0 - ok
09:18:49.0444 0x0ef4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:18:49.0513 0x0ef4 \Device\Harddisk1\DR1 - ok
09:18:49.0514 0x0ef4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
09:18:49.0729 0x0ef4 \Device\Harddisk3\DR3 - ok
09:18:50.0000 0x0ef4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
09:18:50.0114 0x0ef4 \Device\Harddisk4\DR4 - ok
09:18:50.0116 0x0ef4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:18:50.0125 0x0ef4 \Device\Harddisk2\DR2 - ok
09:18:50.0128 0x0ef4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
09:18:50.0518 0x0ef4 \Device\Harddisk6\DR6 - ok
09:18:50.0518 0x0ef4 ================ Scan VBR ==================================
09:18:50.0519 0x0ef4 [ 74332BDD85CCD3192CACAC8835903D3F ] \Device\Harddisk0\DR0\Partition1
09:18:50.0520 0x0ef4 \Device\Harddisk0\DR0\Partition1 - ok
09:18:50.0521 0x0ef4 [ E6418B4AB1CA8DAC363AFA50FAF4D751 ] \Device\Harddisk1\DR1\Partition1
09:18:50.0522 0x0ef4 \Device\Harddisk1\DR1\Partition1 - ok
09:18:50.0523 0x0ef4 [ 284DD4A4C34F1A45A011505DCAEAE5F1 ] \Device\Harddisk3\DR3\Partition1
09:18:50.0524 0x0ef4 \Device\Harddisk3\DR3\Partition1 - ok
09:18:50.0574 0x0ef4 [ 5452882DF8BC294F58CEFE9BADBA7E1E ] \Device\Harddisk4\DR4\Partition1
09:18:50.0576 0x0ef4 \Device\Harddisk4\DR4\Partition1 - ok
09:18:50.0578 0x0ef4 [ 968005344DE1B36D36991B76FAD2D247 ] \Device\Harddisk2\DR2\Partition1
09:18:50.0578 0x0ef4 \Device\Harddisk2\DR2\Partition1 - ok
09:18:50.0580 0x0ef4 [ 7D307B81C9F87F79DB5EEF5803D40BC8 ] \Device\Harddisk6\DR6\Partition1
09:18:50.0581 0x0ef4 \Device\Harddisk6\DR6\Partition1 - ok
09:18:50.0583 0x0ef4 [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition2
09:18:50.0585 0x0ef4 \Device\Harddisk6\DR6\Partition2 - ok
09:18:50.0587 0x0ef4 [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition3
09:18:50.0589 0x0ef4 \Device\Harddisk6\DR6\Partition3 - ok
09:18:50.0589 0x0ef4 ================ Scan generic autorun ======================
09:18:50.0622 0x0ef4 [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
09:18:50.0657 0x0ef4 IntelliPoint - ok
09:18:50.0661 0x0ef4 [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
09:18:50.0664 0x0ef4 amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
09:18:50.0762 0x0ef4 Detect skipped due to KSN trusted
09:18:50.0762 0x0ef4 amd_dc_opt - ok
09:18:50.0763 0x0ef4 Sidebar - ok
09:18:50.0765 0x0ef4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:18:50.0774 0x0ef4 mctadmin - ok
09:18:50.0775 0x0ef4 Sidebar - ok
09:18:50.0777 0x0ef4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:18:50.0786 0x0ef4 mctadmin - ok
09:18:50.0810 0x0ef4 [ B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
09:18:50.0837 0x0ef4 Process Hacker 2 - ok
09:18:50.0951 0x0ef4 [ 52F5D651B8E39F258C1C34272FEB1AB2, C13AD8762A4474D8246DE7BC023244BD74456D45348F74F77373CC61C238A0F3 ] C:\Program Files\CCleaner\CCleaner64.exe
09:18:51.0067 0x0ef4 CCleaner Monitoring - ok
09:18:51.0153 0x0ef4 [ D03053F72A74801A32F41EFD088FA30E, 3F6E9AD19139F9A5881DB475EC3FD817C1F8CA1622B97E8864A7C59A7F7A2DA2 ] C:\Program Files (x86)\GlassWire\glasswire.exe
09:18:51.0258 0x0ef4 GlassWire - ok
09:18:51.0261 0x0ef4 Waiting for KSN requests completion. In queue: 120
09:18:52.0267 0x0ef4 Win FW state via NFP2: enabled ( trusted )
09:18:52.0369 0x0ef4 ============================================================
09:18:52.0369 0x0ef4 Scan finished
09:18:52.0369 0x0ef4 ============================================================
09:18:52.0372 0x0cb8 Detected object count: 1
09:18:52.0372 0x0cb8 Actual detected object count: 1
09:19:04.0115 0x0cb8 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0115 0x0cb8 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.03.2017, 20:27
| #9 |
| /// TB-Ausbilder | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Servus, Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
01.04.2017, 05:51
| #10 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Mach ich sofort. Das sit nur ne zwischen Info. Code:
ATTFilter # AdwCleaner v6.045 - Bericht erstellt am 01/04/2017 um 06:04:26
# Aktualisiert am 28/03/2017 von Malwarebytes
# Datenbank : 2017-03-31.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : user - PC
# Gestartet von : C:\Users\user\Desktop\AdwCleaner_6.045.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Program Files (x86)\{A1306F56-8B03-428B-84AD-2F932D81774C}
[-] Ordner gelöscht: C:\Program Files\{572656F2-7906-4D07-BDBD-0CC44146CD48}
[-] Ordner gelöscht: C:\Users\user\AppData\Roaming\Microleaves
[-] Ordner gelöscht: C:\ProgramData\Microleaves
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Microleaves
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2501 Bytes] - [17/09/2016 08:11:04]
C:\AdwCleaner\AdwCleaner[C2].txt - [1635 Bytes] - [18/09/2016 03:07:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [1580 Bytes] - [01/04/2017 06:04:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [2443 Bytes] - [17/09/2016 08:08:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [1689 Bytes] - [18/09/2016 03:07:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [1637 Bytes] - [18/09/2016 03:09:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [2006 Bytes] - [01/04/2017 06:03:54]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1945 Bytes] ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 01.04.17
Scan-Zeit: 06:14
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.96
Version des Aktualisierungspakets: 1.0.1640
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: PC\user
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 411948
Abgelaufene Zeit: 5 Min., 18 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (01-04-2017 06:23:05)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
Image Crawler (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\dbf3e072e2bbc3c8) (Version: 1.1.0.4 - Danny Kunz)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Oracle VM VirtualBox 5.1.4 (HKLM\...\{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}) (Version: 5.1.4 - Oracle Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version: - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version: - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Data Recovery 3.84 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.84 - WiseCleaner.com, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-PC-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {4381E764-24C9-4867-8805-ABCB2A0CB9AF} - System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => pcalua.exe -a "?:\Folder\Downloads\Kilohearts Installer [9fWsNErBk_i8x5l9ypGT].exe" -d ?:\Folder\Downloads
Task: {606DF2D9-0BC4-41F6-AA98-54D020707610} - System32\Tasks\Opera scheduled Autoupdate 1454056698 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-04-01 06:13 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2015-10-24 00:23 - 2017-04-01 06:09 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{CFA0E316-915A-4AF6-BEE8-8772C52CB13F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4B63E711-CC41-4744-8A23-5AC41DAAAA83}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
==================== Wiederherstellungspunkte =========================
28-03-2017 09:16:50 Windows-Sicherung
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/01/2017 06:05:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/30/2017 01:56:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/29/2017 10:21:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/28/2017 09:06:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (03/28/2017 09:05:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (03/28/2017 08:41:19 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.
Systemfehler:
=============
Error: (04/01/2017 06:10:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
und APPID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (04/01/2017 06:09:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (04/01/2017 06:09:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (04/01/2017 06:05:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
und APPID
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (04/01/2017 06:05:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (04/01/2017 06:05:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126
Error: (04/01/2017 06:04:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (04/01/2017 06:04:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GlassWire Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/01/2017 06:04:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/01/2017 06:04:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 13503.93 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 29856.77 MB
==================== Laufwerke ================================
Drive ?: (?) (Fixed) (Total:238.47 GB) (Free:98.4 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:145.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:465.76 GB) (Free:237.62 GB) NTFS
Drive ?: (?) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive ?: (?) (Fixed) (Total:931.51 GB) (Free:637.25 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)
Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (01-04-2017 06:22:50)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek) C:\Windows\SwUSB.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\process-explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d85f-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d8dc-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {ff3dbed7-a9d6-11e5-9bce-85ca1d8cd514} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
FireFox:
========
FF DefaultProfile: e2eqo9k.default
FF DefaultProfile: xcy9qu.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e294eqok.default [2017-04-01]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-30]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\89elqu.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (EPUBReader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-03-28]
FF Extension: (FireFTP) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2016-03-04] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-01] (Malwarebytes)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2016-01-26] (IDRIX)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-01 06:20 - 2017-04-01 06:20 - 00001248 _____ C:\Users\user\Desktop\mbam.txt
2017-04-01 06:13 - 2017-04-01 06:13 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00001876 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 06:13 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-01 06:12 - 2017-04-01 06:12 - 59272008 _____ (Malwarebytes ) C:\Users\user\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-01 06:09 - 2017-04-01 06:09 - 00566128 _____ (Malwarebytes) C:\Users\user\Desktop\mbam-clean-2.3.0.1001.exe
2017-04-01 06:09 - 2017-04-01 06:09 - 00000022 _____ C:\Windows\S.dirmngr
2017-04-01 06:00 - 2017-04-01 06:00 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner_6.045.exe
2017-04-01 04:21 - 2017-04-01 04:21 - 00000028 _____ C:\Users\user\Documents\kotbollen poback.txt
2017-04-01 01:02 - 2017-04-01 06:03 - 00005560 _____ C:\Users\user\Documents\staatsferne-anstalt-kör-aör-rundfunk.txt
2017-03-31 11:17 - 2017-03-31 11:17 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-30 09:16 - 2017-03-30 09:22 - 00211158 _____ C:\TDSSKiller.3.1.0.12_30.03.2017_09.16.45_log.txt
2017-03-30 08:40 - 2017-04-01 06:22 - 00014946 _____ C:\Users\user\Desktop\FRST.txt
2017-03-30 08:40 - 2017-03-30 09:16 - 00052023 _____ C:\Users\user\Desktop\Addition.txt
2017-03-29 08:31 - 2017-03-29 09:18 - 00410602 _____ C:\TDSSKiller.3.1.0.12_29.03.2017_08.31.29_log.txt
2017-03-29 07:56 - 2017-03-29 08:12 - 00004462 _____ C:\Users\user\Documents\old-firewall-rules.txt
2017-03-29 07:19 - 2017-03-29 07:19 - 00002531 _____ C:\Users\user\Desktop\Bitwig Studio.lnk
2017-03-28 21:07 - 2017-03-28 21:08 - 00000000 ____D C:\Program Files\Bitwig Studio2
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-27 18:47 - 2017-03-27 18:57 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2017-03-27 18:40 - 2017-03-28 20:04 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-25 12:21 - 2017-03-25 12:21 - 00003454 ____N C:\Users\user\Documents\schlaf-sequencer-de.txt
2017-03-23 15:17 - 2017-03-28 20:04 - 00000000 ____D C:\Program Files\Bitwig Studio
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-21 08:50 - 2017-03-29 07:30 - 04747704 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-03-20 20:59 - 2017-03-20 20:59 - 00106786 ____N C:\Users\user\Documents\Mitgliedsantrag-V2.0-v.-08.03.2017.pdf
2017-03-20 20:55 - 2017-03-11 18:58 - 00595415 ____N C:\Users\user\Desktop\mietvertrag.pdf
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
...
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 07:11 - 2017-03-12 07:11 - 00325806 ____N C:\Users\user\Desktop\rendersound.wav
2017-03-11 18:59 - 2017-03-11 18:58 - 00595415 ____N C:\Users\user\Documents\mietvertrag.pdf
2017-03-11 04:44 - 2017-03-11 04:44 - 00304333 ____N C:\Users\user\Downloads\watch.htm
2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\user\Documents\Camtasia Studio
2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\user\AppData\Roaming\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00001177 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-03-07 23:34 - 2017-03-07 23:34 - 00001015 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obscurium.lnk
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-01 06:22 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-04-01 06:17 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 06:17 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 06:16 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-04-01 06:16 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-04-01 06:16 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 06:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-01 06:13 - 2016-10-30 16:51 - 00960650 _____ C:\Windows\ntbtlog.txt
2017-04-01 06:09 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-04-01 06:09 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-04-01 06:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 06:04 - 2016-09-17 08:05 - 00000000 ____D C:\AdwCleaner
2017-03-31 18:12 - 2016-11-21 12:54 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-30 18:55 - 2015-11-01 08:27 - 00000000 ____D C:\Users\user\AppData\Roaming\inkscape
2017-03-29 17:46 - 2016-01-29 10:36 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-29 10:20 - 2015-10-26 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-03-29 07:29 - 2016-09-18 03:13 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-03-28 21:08 - 2016-12-25 18:08 - 00002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitwig Studio.lnk
2017-03-28 21:05 - 2015-10-23 20:28 - 00000000 ____D C:\Users\user
2017-03-28 20:05 - 2017-01-05 05:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-03-28 20:05 - 2017-01-05 05:02 - 00000000 ____D C:\Users\user\AppData\Roaming\IrfanView
2017-03-28 20:05 - 2016-12-18 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-28 20:05 - 2016-12-15 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-28 20:05 - 2016-12-11 19:57 - 00000000 ____D C:\Users\user\AppData\Roaming\helmplugin
2017-03-28 20:05 - 2016-12-11 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\helm
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Local\atom
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2016-10-30 18:12 - 00000000 ____D C:\Users\user\Documents\passwordfox
2017-03-28 20:05 - 2016-09-12 05:14 - 00000000 ____D C:\Program Files (x86)\Sundog
2017-03-28 20:05 - 2016-08-10 08:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Wise Data Recovery
2017-03-28 20:05 - 2016-08-05 01:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2017-03-28 20:05 - 2016-05-12 22:32 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-03-28 20:05 - 2016-04-04 14:51 - 00000000 ____D C:\Users\user\Desktop\Tor Browser
2017-03-28 20:05 - 2016-03-04 08:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-03-28 20:05 - 2016-01-26 08:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-03-28 20:05 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\PersBackup5
2017-03-28 20:05 - 2015-11-22 06:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:47 - 2016-11-01 02:43 - 00000000 ____D C:\ProgramData\firebird
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-03-28 08:13 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-25 19:49 - 2016-12-04 04:20 - 00000000 ____D C:\Users\user\Documents\Ample Sound
2017-03-25 19:49 - 2016-12-04 04:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Ample Sound
2017-03-24 10:05 - 2016-01-26 08:42 - 00000000 ____D C:\Users\user\AppData\Roaming\VeraCrypt
2017-03-23 15:33 - 2015-10-31 20:07 - 00000255 ____N C:\Users\user\Documents\SongenModularErrorLog.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-21 08:56 - 2016-01-03 23:20 - 00001854 _____ C:\Users\user\Desktop\CCleaner.lnk
2017-03-20 21:26 - 2015-10-23 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-20 18:55 - 2015-11-13 10:50 - 00000000 ____D C:\Fraps
2017-03-20 11:29 - 2015-12-19 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 08:56 - 2016-02-07 20:49 - 00012009 ____N C:\Users\user\Documents\Serien-View-Status.odt
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2016-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-13 03:54 - 2016-01-24 13:07 - 00000000 ____D C:\Users\user\Documents\Shopping-Money
2017-03-12 23:53 - 2016-12-07 18:21 - 00000000 ____D C:\Users\user\Documents\Wohnung
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 01:54 - 2016-12-03 09:11 - 00000000 ____D C:\Users\user\Desktop\PICTURES VARIOUS
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-31 11:17 - 2017-03-31 11:17 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc
Einige Dateien in TEMP:
====================
2017-01-03 18:26 - 2017-04-01 06:10 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
2017-03-29 10:20 - 2017-03-29 10:20 - 0672256 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-amd64-sqlitejdbc.dll
2017-03-20 08:41 - 2017-03-20 08:41 - 0637440 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-24 16:52
==================== Ende von FRST.txt ============================
Zu Schritt 3. Es öffnen sich Popups für die Aktualisierung von MBAM und den Echtzeitschutz, wo zweiteres wohl nicht akzeptiert werden muss oder sollte? MBAM setzt sich zudem in die Taskleiste nach dem Neustart. |
|
01.04.2017, 12:59
| #11 | ||
| /// TB-Ausbilder | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Servus, Zitat:
Wie lauten die Meldungen genau? Zitat:
Wir kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {4381E764-24C9-4867-8805-ABCB2A0CB9AF} - System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => pcalua.exe -a "?:\Folder\Downloads\Kilohearts Installer [9fWsNErBk_i8x5l9ypGT].exe" -d ?:\Folder\Downloads
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
02.04.2017, 04:37
| #12 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Popup ist nicht vom System sondern von MBAM direkt, man kann dort auf aktualisieren klicken. Nur als Info womit ich nicht gerechnet habe, weil ich ja keinen Echtzeitschutz wollte von MBAM er sich aber trotzdem da reinsetzt. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (01-04-2017 21:17:58) Run:2
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {4381E764-24C9-4867-8805-ABCB2A0CB9AF} - System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => pcalua.exe -a "?:\Folder\Downloads\Kilohearts Installer [9fWsNErBk_i8x5l9ypGT].exe" -d ?:\Folder\Downloads
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14C02CA1-F88F-4C59-8F41-CFAC350FD451} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14C02CA1-F88F-4C59-8F41-CFAC350FD451} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4381E764-24C9-4867-8805-ABCB2A0CB9AF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4381E764-24C9-4867-8805-ABCB2A0CB9AF} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C1634C6-C250-4E27-A142-2F29C3222992} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B25374-61A3-48AA-BFEC-F796411ECD2B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B25374-61A3-48AA-BFEC-F796411ECD2B} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC35CD34-092D-4CA0-840A-353ECDEEB877} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC35CD34-092D-4CA0-840A-353ECDEEB877} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => Schlüssel erfolgreich entfernt
C:\ProgramData => ":482EE99B1E21CE8C" ADS erfolgreich entfernt.
"C:\Users\All Users" => ":482EE99B1E21CE8C" ADS nicht gefunden.
"C:\ProgramData\Anwendungsdaten" => ":482EE99B1E21CE8C" ADS nicht gefunden.
"C:\ProgramData\Application Data" => ":482EE99B1E21CE8C" ADS nicht gefunden.
C:\ProgramData\PACE => ":E6530E75740592D0" ADS erfolgreich entfernt.
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile => Schlüssel erfolgreich entfernt
========= dir "%ProgramFiles%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Program Files
01.04.2017 06:13 <DIR> .
01.04.2017 06:13 <DIR> ..
25.11.2016 18:35 <DIR> AMD
24.10.2015 00:23 <DIR> ASUS
15.12.2016 21:02 <DIR> Blender Foundation
28.01.2016 12:15 <DIR> Bonjour
03.01.2016 23:20 <DIR> CCleaner
02.10.2016 17:29 <DIR> Common Files
16.02.2016 23:16 <DIR> CPUID
07.11.2015 06:37 <DIR> DIFX
13.12.2016 18:14 <DIR> Dotz Softwares
01.04.2017 21:15 <DIR> Everything
02.10.2016 08:08 <DIR> FileZilla FTP Client
30.10.2016 06:55 <DIR> HWiNFO64
22.03.2017 09:53 <DIR> Intel
15.03.2017 04:37 <DIR> Internet Explorer
01.04.2017 06:13 <DIR> Malwarebytes
02.09.2016 21:54 <DIR> Microsoft IntelliPoint
14.07.2009 07:32 <DIR> MSBuild
21.11.2016 23:32 <DIR> Process Hacker 2
26.10.2015 01:12 <DIR> process-explorer
22.03.2017 19:20 <DIR> PuTTY
14.07.2009 07:32 <DIR> Reference Assemblies
21.11.2016 12:45 <DIR> Scite
05.01.2016 03:15 <DIR> TAP-Windows
22.03.2017 09:41 <DIR> TightVNC
04.01.2016 15:37 <DIR> USBPcap
18.12.2016 11:03 <DIR> VSTPlugins
25.10.2015 03:58 <DIR> Windows Defender
12.04.2011 09:43 <DIR> Windows Mail
23.10.2015 20:36 <DIR> Windows Media Player
23.10.2015 20:28 <DIR> Windows NT
12.04.2011 09:43 <DIR> Windows Photo Viewer
21.11.2010 05:31 <DIR> Windows Portable Devices
06.01.2016 05:45 <DIR> Windows Sidebar
23.10.2016 01:40 <DIR> Wireshark
0 Datei(en), 0 Bytes
60 Verzeichnis(se), 104.660.430.848 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Program Files (x86)
01.04.2017 06:09 <DIR> .
01.04.2017 06:09 <DIR> ..
21.11.2016 03:53 <DIR> 4Discovery
30.10.2016 07:05 <DIR> AccessData
22.11.2015 18:26 <DIR> AGEIA Technologies
30.08.2016 21:51 <DIR> AMD
16.09.2016 09:52 <DIR> Apple Software Update
24.10.2015 00:28 <DIR> ASUS
25.10.2015 22:10 <DIR> Benchmark
28.01.2016 12:15 <DIR> Bonjour
07.03.2017 23:46 <DIR> Common Files
19.06.2016 16:55 <DIR> ConfrontaPDF
10.08.2016 08:07 <DIR> Convar
05.04.2011 18:07 <DIR> diffpdf-1.1.5-win32-static
17.01.2016 20:43 <DIR> GNU
09.02.2016 10:02 <DIR> Hi-Rez Studios
28.01.2016 12:15 <DIR> iLok License Manager
22.03.2017 21:13 <DIR> ImageWriter
04.11.2015 08:49 <DIR> Intel
02.11.2015 19:28 <DIR> Intel Driver Update Utility
15.03.2017 04:37 <DIR> Internet Explorer
24.11.2016 02:02 <DIR> JetBrains
20.03.2016 07:46 <DIR> Lame For Audacity
09.02.2016 10:03 <DIR> Microsoft Chart Controls
05.03.2016 10:22 <DIR> Microsoft LifeCam
01.11.2015 23:53 <DIR> Microsoft.NET
07.08.2016 04:33 <DIR> MPK MINI Editor .13
14.07.2009 07:32 <DIR> MSBuild
18.09.2016 02:15 <DIR> MSECache
25.02.2016 11:38 <DIR> MSI Afterburner
16.01.2016 10:21 <DIR> MSXML 4.0
28.03.2017 20:05 <DIR> NCH Software
05.08.2016 01:40 <DIR> NirSoft
08.01.2017 07:52 <DIR> Notepad++
11.08.2016 20:31 <DIR> Output
25.10.2016 17:06 <DIR> QuickTime
10.04.2016 01:38 <DIR> Raptr Inc
14.07.2009 07:32 <DIR> Reference Assemblies
29.02.2016 00:37 <DIR> RivaTuner Statistics Server
23.10.2015 20:42 <DIR> Samsung
22.03.2017 20:45 <DIR> SDA
14.06.2016 15:24 <DIR> Sony
25.02.2016 11:20 <DIR> SpeedFan
28.03.2017 20:05 <DIR> Steam
24.10.2015 00:05 <DIR> VLC
12.08.2016 03:05 <DIR> VSTPlugins
25.11.2016 18:35 <DIR> VulkanRT
08.11.2016 08:35 <DIR> Web Page Saver
25.10.2015 03:58 <DIR> Windows Defender
12.04.2011 09:43 <DIR> Windows Mail
14.07.2009 07:32 <DIR> Windows NT
12.04.2011 09:43 <DIR> Windows Photo Viewer
21.11.2010 05:31 <DIR> Windows Portable Devices
06.01.2016 05:45 <DIR> Windows Sidebar
17.10.2016 18:20 <DIR> WinHex
19.06.2016 16:08 <DIR> WinMerge
23.10.2016 01:40 <DIR> WinPcap
10.08.2016 08:09 <DIR> Wise
0 Datei(en), 0 Bytes
92 Verzeichnis(se), 104.660.426.752 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\ProgramData
30.10.2016 07:13 <DIR> AccessData
28.01.2016 12:15 <DIR> Apple
25.10.2016 17:06 <DIR> Apple Computer
01.12.2016 10:30 <DIR> Application Support
24.10.2015 00:28 <DIR> ASUS
13.02.2016 11:23 <DIR> ATI
20.09.2016 02:22 16 autobk.inc
14.06.2016 11:11 <DIR> Blackmagic Design
23.03.2017 15:22 <DIR> boost_interprocess
11.12.2015 13:41 <DIR> FLEXnet
25.10.2015 22:36 <DIR> GlassWire
17.01.2016 20:43 <DIR> GNU
09.02.2016 10:04 <DIR> Hi-Rez Studios
03.11.2015 09:19 <DIR> Intel
04.11.2015 08:49 <DIR> IntelDLM
01.04.2017 06:13 <DIR> Malwarebytes
17.09.2016 00:22 <DIR> Malwarebytes' Anti-Malware (portable)
04.03.2016 08:35 <DIR> NCH Software
01.04.2017 06:09 <DIR> PACE
20.03.2017 18:57 <DIR> Package Cache
01.11.2016 02:25 <DIR> PassMark
07.03.2017 23:46 <DIR> regid.1995-08.com.techsmith
23.10.2015 20:42 <DIR> Samsung
14.06.2016 15:16 <DIR> Sony Corporation
07.02.2016 16:54 <DIR> TargemGames
13.11.2015 17:04 <DIR> TP-LINK
1 Datei(en), 16 Bytes
40 Verzeichnis(se), 104.660.422.656 Bytes frei
========= Ende von CMD: =========
========= dir "%Appdata%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Users\user\AppData\Roaming
01.04.2017 06:04 <DIR> .
01.04.2017 06:04 <DIR> ..
16.01.2016 09:49 <DIR> AlphaLive
18.06.2016 08:29 <DIR> Apple Computer
13.02.2016 11:23 <DIR> ATI
22.11.2016 22:05 <DIR> Atom
28.03.2017 20:05 <DIR> Audacity
11.12.2016 19:57 <DIR> Beepstreet
29.02.2016 22:59 <DIR> Blender Foundation
07.08.2016 04:34 <DIR> Cycling '74
05.10.2016 16:45 <DIR> DigitalSuburban
04.11.2015 09:27 <DIR> endless-sky
11.12.2015 13:48 <DIR> FLEXnet
15.01.2017 05:04 <DIR> fltk.org
31.10.2015 20:06 <DIR> Futucraft
21.11.2016 13:42 <DIR> geany
08.03.2017 00:26 <DIR> gnupg
23.10.2015 20:29 <DIR> Identities
21.11.2016 13:45 <DIR> JetBrains
10.04.2016 01:28 <DIR> library_dir
07.11.2015 07:48 <DIR> Macromedia
25.03.2016 19:51 <DIR> Maize Sampler Player
12.04.2011 09:54 <DIR> Media Center Programs
07.03.2017 23:14 <DIR> Mozilla
20.09.2016 02:22 16 msregsvv.dll
18.12.2016 17:40 1.249.792 msvcr90-ruby191.dll
04.03.2016 09:05 <DIR> NCH Software
08.01.2017 03:08 <DIR> Notepad++
05.08.2016 23:21 <DIR> Polac
04.01.2016 06:16 <DIR> Process Hacker 2
10.04.2016 01:51 <DIR> Raptr
14.06.2016 15:29 <DIR> Sony Corporation
25.01.2016 04:22 <DIR> Sun
22.03.2017 09:42 <DIR> TightVNC
04.03.2016 08:38 1.181 trace_FilterInstaller.1.txt
28.03.2017 08:13 919 trace_FilterInstaller.txt
28.03.2017 08:13 0 trace_FilterInstaller.txt-CRT.txt
16.04.2016 14:14 <DIR> TS3Client
24.03.2017 10:05 <DIR> VeraCrypt
29.03.2017 10:20 <DIR> vlc
17.11.2015 14:14 <DIR> VST3 Presets
5 Datei(en), 1.251.908 Bytes
73 Verzeichnis(se), 104.660.422.656 Bytes frei
========= Ende von CMD: =========
========= dir "%LocalAppdata%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Users\user\AppData\Local
31.03.2017 11:17 <DIR> .
31.03.2017 11:17 <DIR> ..
24.09.2016 03:54 <DIR> AMD
14.06.2016 11:09 <DIR> Apple
05.08.2016 15:54 <DIR> Apple Computer
20.03.2016 02:53 <DIR> Apps
13.02.2016 11:23 <DIR> ATI
28.03.2017 20:05 <DIR> atom
01.11.2015 15:52 <DIR> CEF
28.03.2017 08:49 <DIR> CrashDumps
11.08.2016 20:31 <DIR> Crashpad
24.10.2016 18:07 <DIR> Deployment
22.03.2017 20:44 <DIR> Downloaded Installations
18.11.2015 07:07 <DIR> dxhr
27.10.2015 18:45 <DIR> fontconfig
05.01.2017 03:31 719.744 GDIPFONTCACHEV1.DAT
27.10.2015 18:45 <DIR> gegl-0.2
18.12.2016 12:22 <DIR> GlassWire
28.03.2017 20:05 <DIR> gtk-2.0
10.04.2016 15:17 <DIR> GWX
02.11.2015 00:51 <DIR> Intel
24.01.2016 12:04 <DIR> IsolatedStorage
18.12.2016 12:05 <DIR> Logon Screen
07.11.2015 07:48 <DIR> Macromedia
23.01.2016 08:34 <DIR> MAGIX
24.01.2016 12:45 <DIR> Mediafour
14.06.2016 11:28 <DIR> Meltytech
07.03.2017 23:51 <DIR> Microsoft
07.02.2016 00:04 <DIR> PaceAP
23.01.2016 18:07 <DIR> Package Cache
24.11.2016 08:22 <DIR> pip
23.01.2016 18:08 <DIR> Programs
23.03.2017 13:55 600 PUTTY.RND
31.03.2017 11:17 3.318 recently-used.xbel
01.11.2015 08:16 7.611 Resmon.ResmonCfg
30.11.2015 10:25 <DIR> SCE
22.11.2016 22:04 <DIR> SquirrelTemp
22.11.2015 14:45 <DIR> Targem
01.04.2017 21:14 <DIR> Temp
06.12.2016 12:03 <DIR> Ubisoft Game Launcher
28.01.2016 12:19 <DIR> VirtualStore
4 Datei(en), 731.273 Bytes
61 Verzeichnis(se), 104.660.418.560 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Program Files (x86)\Common Files
07.03.2017 23:46 <DIR> .
07.03.2017 23:46 <DIR> ..
14.06.2016 11:09 <DIR> Apple
13.02.2016 11:19 <DIR> ATI Technologies
18.09.2016 03:43 <DIR> AV
22.11.2015 10:41 <DIR> Avid
22.11.2015 10:41 <DIR> Digidesign
10.08.2016 08:04 <DIR> InstallShield
04.11.2015 08:49 <DIR> Intel
18.09.2016 02:41 <DIR> microsoft shared
28.01.2016 12:15 <DIR> PACE
03.11.2015 09:18 <DIR> postureAgent
14.07.2009 05:20 <DIR> Services
14.07.2009 05:20 <DIR> SpeechEngines
25.10.2015 03:58 <DIR> System
28.01.2016 12:15 <DIR> UVI
11.12.2016 19:49 <DIR> VST3
22.11.2015 18:26 <DIR> Wise Installation Wizard
23.07.2016 15:24 <DIR> WPAPI
0 Datei(en), 0 Bytes
28 Verzeichnis(se), 104.660.414.464 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Program Files\Common Files
02.10.2016 17:29 <DIR> .
02.10.2016 17:29 <DIR> ..
13.02.2016 11:18 <DIR> ATI Technologies
05.12.2015 17:07 <DIR> AV
30.11.2015 09:29 <DIR> Avid
23.07.2016 15:25 <DIR> Merging Technologies
02.09.2016 21:54 <DIR> Microsoft Shared
14.07.2009 05:20 <DIR> Services
14.07.2009 05:20 <DIR> SpeechEngines
25.10.2015 03:58 <DIR> System
12.10.2016 22:05 <DIR> VST3
0 Datei(en), 0 Bytes
14 Verzeichnis(se), 104.660.414.464 Bytes frei
========= Ende von CMD: =========
========= dir "%UserProfile%" =========
Datentr„ger in Laufwerk C: ist ?
Volumeseriennummer: E4C1-8DCC
Verzeichnis von C:\Users\user
28.03.2017 21:05 <DIR> .
28.03.2017 21:05 <DIR> ..
22.11.2016 22:30 <DIR> .atom
27.04.2016 12:27 <DIR> .gimp-2.8
28.03.2017 20:05 <DIR> .idlerc
05.08.2016 01:42 <DIR> .oracle_jre_usage
21.11.2016 13:45 <DIR> .PyCharm2016.2
24.11.2016 02:02 <DIR> .PyCharmCE2016.3
29.02.2016 00:32 <DIR> .thumbnails
31.03.2017 22:07 <DIR> .VirtualBox
28.03.2017 20:05 <DIR> Contacts
01.04.2017 21:17 <DIR> Desktop
23.11.2016 01:51 <DIR> dwhelper
07.02.2016 08:52 <DIR> GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
07.08.2016 01:16 544 Komplete Kontrol.log
28.03.2017 18:50 621 Letzte Sitzung user.prj
12.03.2016 21:51 2.560 PaceKeyChain
24.11.2016 04:11 <DIR> PycharmProjects
28.03.2017 20:05 <DIR> Saved Games
28.03.2017 20:05 <DIR> Searches
27.12.2016 20:00 <DIR> Soundly Data
3 Datei(en), 3.725 Bytes
28 Verzeichnis(se), 104.660.410.368 Bytes frei
========= Ende von CMD: =========
========= RemoveProxy: =========
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12816396 B
Java, Flash, Steam htmlcache => 2680 B
Windows/system/drivers => 100794329 B
Edge => 0 B
Chrome => 0 B
Firefox => 19795408 B
Opera => 9937832 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 106642 B
user => 50708638 B
RecycleBin => 22022172 B
EmptyTemp: => 214.2 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 21:17:59 ====
Code:
ATTFilter HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : PC
Windows . . . . . . . : 6.1.1.7601.X64/5
User name . . . . . . : PC\user
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-04-01 21:43:25
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 9
Objects scanned . . . : 2.899.326
Files scanned . . . . : 191.465
Remnants scanned . . : 1.391.893 files / 1.315.968 keys
Malware _____________________________________________________________________
C:\Program Files\Process Hacker 2\ProcessHacker.exe
Size . . . . . . . : 1.719.840 bytes
Age . . . . . . . : 130.9 days (2016-11-21 23:32:04)
Entropy . . . . . : 6.4
SHA-256 . . . . . : BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4
Product . . . . . : Process Hacker
Publisher . . . . : wj32
Description . . . : Process Hacker
Version . . . . . : 2.39.0.124
RSA Key Size . . . : 2048
Parent Name . . . : C:\Windows\Explorer.EXE
LanguageID . . . . : 3081
Authenticode . . . : Valid
Running processes : 4176
> Kaspersky . . . . : not-a-virus:HEUR:RiskTool.Win32.ProcHack.gen
Fuzzy . . . . . . : 88.0
Startup
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Process Hacker 2
References
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Process Hacker 2.lnk
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Process Hacker 2 (2).lnk
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Process Hacker 2\ProcessHacker.exe
?:\FTK\**.exe
Size . . . . . . . : 5.877.825 bytes
Age . . . . . . . : 151.7 days (2016-11-01 04:11:55)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 0E9CD7B36D3E9F76513E0F48C4B8062DE2C3B41A428A87ED8E7BDD0C2071E6A9
> Kaspersky . . . . : not-a-virus:PSWTool.Win32.PWDump.sa
Fuzzy . . . . . . : 109.0
References
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\?:\FTK\**.exe
Suspicious files ____________________________________________________________
C:\Users\user\Desktop\FRST64.exe
Size . . . . . . . : 2.424.832 bytes
Age . . . . . . . : 2.5 days (2017-03-30 08:38:38)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 3A3DCD0D3C9C1FE10C45AF795DC9452DA192246BB67D896AB7F16151A53C1B5F
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=80edf42d0632184798fa737a55313c9b
# end=init
# utc_time=2017-04-01 07:55:21
# local_time=2017-04-01 09:55:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 32919
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=80edf42d0632184798fa737a55313c9b
# end=updated
# utc_time=2017-04-01 07:58:58
# local_time=2017-04-01 09:58:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=80edf42d0632184798fa737a55313c9b
# engine=32919
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-04-02 01:28:12
# local_time=2017-04-02 03:28:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 156788 242726342 0 0
# scanned=1102167
# found=0
# cleaned=0
# scan_time=19754
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (02-04-2017 05:09:50)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Realtek) C:\Windows\SwUSB.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d85f-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d8dc-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {ff3dbed7-a9d6-11e5-9bce-85ca1d8cd514} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [script_fcbd] => D:\Anno2205\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\fcbd.bat [332 2016-12-06] ()
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
FireFox:
========
FF DefaultProfile: ?.default
FF DefaultProfile: ?.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default [2017-04-02]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-30]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default [2017-04-02]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)
R4 debutfilter; system32\DRIVERS\debutfilterx64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-01 21:54 - 2017-04-01 21:54 - 02870984 _____ (ESET) C:\Users\user\Desktop\esetsmartinstaller_deu.exe
2017-04-01 21:41 - 2017-04-01 21:47 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-01 21:41 - 2017-04-01 21:41 - 11581544 _____ (SurfRight B.V.) C:\Users\user\Desktop\HitmanPro_x64.exe
2017-04-01 21:18 - 2017-04-02 00:31 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-01 21:17 - 2017-04-01 21:17 - 00028636 _____ C:\Users\user\Desktop\Fixlog.txt
2017-04-01 06:20 - 2017-04-01 06:20 - 00001248 _____ C:\Users\user\Desktop\mbam.txt
2017-04-01 06:13 - 2017-04-01 21:18 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 06:13 - 2017-04-01 21:18 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-01 06:13 - 2017-04-01 21:18 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-01 06:13 - 2017-04-01 21:18 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00001876 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 06:13 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-01 06:12 - 2017-04-01 06:12 - 59272008 _____ (Malwarebytes ) C:\Users\user\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-01 06:09 - 2017-04-01 21:18 - 00000022 _____ C:\Windows\S.dirmngr
2017-04-01 06:09 - 2017-04-01 06:09 - 00566128 _____ (Malwarebytes) C:\Users\user\Desktop\mbam-clean-2.3.0.1001.exe
2017-04-01 06:00 - 2017-04-01 06:00 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner_6.045.exe
2017-03-31 11:17 - 2017-03-31 11:17 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-30 09:16 - 2017-03-30 09:22 - 00211158 _____ C:\TDSSKiller.3.1.0.12_30.03.2017_09.16.45_log.txt
2017-03-30 08:40 - 2017-04-02 05:10 - 00015414 _____ C:\Users\user\Desktop\FRST.txt
2017-03-30 08:40 - 2017-04-01 21:06 - 00052762 _____ C:\Users\user\Desktop\Addition.txt
2017-03-29 08:31 - 2017-03-29 09:18 - 00410602 _____ C:\TDSSKiller.3.1.0.12_29.03.2017_08.31.29_log.txt
2017-03-29 07:56 - 2017-03-29 08:12 - 00004462 _____ C:\Users\user\Documents\old-firewall-rules.txt
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-21 08:50 - 2017-03-29 07:30 - 04747704 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-03-20 20:59 - 2017-03-20 20:59 - 00106786 ____N C:\Users\user\Documents\Mitgliedsantrag-V2.0-v.-08.03.2017.pdf
2017-03-20 20:55 - 2017-03-11 18:58 - 00595415 ____N C:\Users\user\Desktop\mietvertrag.pdf
2017-03-15 01:35 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 01:35 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 01:35 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 01:35 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 01:35 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 01:35 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 01:35 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 01:35 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 01:35 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 01:35 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 01:35 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 01:35 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 01:35 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 01:35 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 01:35 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 01:35 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 01:35 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 01:35 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 01:35 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 01:35 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 01:35 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 01:35 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 01:35 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 01:35 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 01:35 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 01:35 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 01:35 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 01:35 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 01:35 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 01:35 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 01:35 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 01:35 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 01:35 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 01:35 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 01:35 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 01:35 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 01:35 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 01:35 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 01:35 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 01:35 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 01:35 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 01:35 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 01:35 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 01:35 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 01:35 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 01:35 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 01:35 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 01:35 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 01:35 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 01:35 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 01:35 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 01:35 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 01:35 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 01:35 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 01:35 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 01:35 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 01:35 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 01:35 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 01:35 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 01:35 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 01:35 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 01:35 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 01:35 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 01:35 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 01:35 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 01:35 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 01:35 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 01:35 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 01:35 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 01:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 01:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-07 23:34 - 2017-03-07 23:34 - 00001015 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obscurium.lnk
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-02 05:09 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-04-02 05:06 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-04-02 05:06 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-04-02 05:06 - 2016-03-04 08:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-04-02 04:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-02 04:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-02 00:31 - 2016-10-30 16:51 - 00979748 _____ C:\Windows\ntbtlog.txt
2017-04-02 00:09 - 2015-10-26 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-04-01 21:24 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-04-01 21:24 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-04-01 21:24 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 21:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-01 21:18 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-04-01 21:18 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-04-01 21:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 21:17 - 2015-11-25 03:13 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2017-04-01 21:15 - 2015-11-09 08:20 - 00000000 ____D C:\Program Files\Everything
2017-04-01 06:04 - 2016-09-17 08:05 - 00000000 ____D C:\AdwCleaner
2017-03-29 07:29 - 2016-09-18 03:13 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-03-28 20:05 - 2016-12-18 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-28 20:05 - 2016-12-15 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-28 20:05 - 2016-12-11 19:57 - 00000000 ____D C:\Users\user\AppData\Roaming\helmplugin
2017-03-28 20:05 - 2016-12-11 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\helm
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Local\atom
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2015-11-04 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2015-10-23 22:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2017-03-23 15:33 - 2015-10-31 20:07 - 00000255 ____N C:\Users\user\Documents\SongenModularErrorLog.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-21 08:56 - 2016-01-03 23:20 - 00001854 _____ C:\Users\user\Desktop\CCleaner.lnk
2017-03-20 21:26 - 2015-10-23 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2016-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.2.txt
2016-03-04 08:38 - 2017-04-02 05:06 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-04-02 05:06 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-31 11:17 - 2017-03-31 11:17 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc
Einige Dateien in TEMP:
====================
2017-04-01 21:18 - 2017-04-01 21:18 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-03-24 16:52
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (02-04-2017 05:10:08)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.4.4 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.4 - Plogue Art et Technologie, Inc)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CPUID ROG CPU-Z 1.75 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.75 - CPUID, Inc.)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Helm (HKLM-x32\...\{2F131038-3C70-4AD4-B44B-7FE7E7F0C2A5}) (Version: 0.8.5.0 - Matt Tytel)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
JetBrains PyCharm Community Edition 2016.3 (HKLM-x32\...\PyCharm Community Edition 2016.3) (Version: 163.8233.8 - JetBrains s.r.o.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version: - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version: - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Page Saver 2.10 (HKLM-x32\...\{76BC9438-A16F-43E1-8596-95FA23768E6C}_is1) (Version: - JADsoftware)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinHex (HKLM-x32\...\WinHex) (Version: - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-PC-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {606DF2D9-0BC4-41F6-AA98-54D020707610} - System32\Tasks\Opera scheduled Autoupdate 1454056698 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2017-04-01 06:13 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-01 06:13 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-10-24 00:23 - 2017-04-01 21:18 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [1]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: CG6Service => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{CFA0E316-915A-4AF6-BEE8-8772C52CB13F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4B63E711-CC41-4744-8A23-5AC41DAAAA83}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
==================== Wiederherstellungspunkte =========================
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update
01-04-2017 19:00:20 Windows-Sicherung
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/02/2017 04:59:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (04/02/2017 04:22:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (04/02/2017 04:22:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\user\desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (04/01/2017 09:55:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (04/01/2017 09:55:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (04/01/2017 09:54:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (04/01/2017 09:18:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Error: (04/01/2017 06:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Systemfehler:
=============
Error: (04/01/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (04/01/2017 09:58:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (04/01/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (04/01/2017 09:58:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (04/01/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (04/01/2017 09:58:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (04/01/2017 09:57:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (04/01/2017 09:57:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (04/01/2017 09:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (04/01/2017 09:57:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 12580.52 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 28866 MB
==================== Laufwerke ================================
Drive c: (SSD-Alpha) (Fixed) (Total:238.47 GB) (Free:96.03 GB) NTFS
Drive d: (Games) (Fixed) (Total:232.88 GB) (Free:145.99 GB) NTFS
Drive e: (Backup) (Fixed) (Total:465.76 GB) (Free:220.84 GB) NTFS
Drive g: (SuperBackup) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive r: (Bkupfiles) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive t: (SWAP) (Fixed) (Total:931.51 GB) (Free:636.78 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)
Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Die Spyware wurde also gut versteckt. ^^ *joke Nach der Wiederherstellung hatten sich die Probleme weitgehend eingestellt. Die kleinen Fetzen scheinen durch die Widerherstellung nicht entfernt worden, was janun funktioniert hat. NoScript verhindert nun tatsächlich die Anzeige des anderen Buttons auf der Webseite wo ich mir das eingefangen habe. Ich konnte noch nicht rausfinden was die Schadware anrichtet. Was macht sie? Was sind alternate DataStreams? Wie helfe ich anderen die evtl. sich das gleiche eingefangen haben? Welche Einträge der Fixlist haben direkt was mit der oder einer Schadware zu tun? Besten Danke Grüße Geändert von construct (01.04.2017 um 20:51 Uhr) |
|
02.04.2017, 10:48
| #13 | ||||||||||||||||
| /// TB-Ausbilder | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Servus, Zitat:
Hier sollte es einen Button geben, mit dem du den Echtzeitschutz deaktivieren kannst. Den genauen Wortlaut weiß ich leider gerade nicht... sowas wie "Zur Kostenlosen Version / Freeware wechseln". Zitat:
Es ist nicht gefährlich, nur lästig Zitat:
Zitat:
Da jeder Infektion eizigartig ist, kann man nicht gewisse Schritte 1:1 wiederholen und davon ausgehen, dass dann alles sauber ist. Zitat:
Zitat:
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
02.04.2017, 17:00
| #14 |
| | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? PACE? Ist nicht gleich: - PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) oder? Vielen Dank für die Infos, das finde ich sehr gut, nicht nur putzen sondern auch wissen was man wegputzt  Deine Infos gehe ich durch, mal sehen was davon für mich in Frage kommt. Grüße |
|
02.04.2017, 20:05
| #15 | |
| /// TB-Ausbilder | PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? Servus, Zitat:
|
|
| Themen zu PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? |
| apptrailer, askbar, ccleaner, download, downloadprotect, exe, firewall, folge, gesucht, icon, internet, log, microleaves lts, namen, neu, nsblock, online guardian, online-guardian, passwörter, rechner, registry, scan, seite, seiten, startet, traffic, updater.exe, verursacht, win, win7, windows, wlan |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
