JS:Trojan.Cryxos.566 auf der Login-Seite vom Amazon-Verkaufsaccount

Derio · 14.04.2017, 01:59

Hallo und schöne Ostern

F-Secure Internet Security meldet mir beim Aufrufen der Website https://sellercentral.amazon.com/ seit einigen Tagen die Meldung:

Schädliche Datei "signin[1].htm" wurde entfernt

'Weitere Informationen' leitet zu diesen Links weiter, liefert allerdings keine Informationen wie man den Trojaner dauerhaft entfernen kann:

hxxp://www.europe.f-secure.com/cgi-bin/AT-Vdescssearch.cgi?search=JS:Trojan.Cryxos.566
https://www.f-secure.com/v-descs/trojan.shtml

F-Secure entfernt die Datei jeweils nur nach dem Aufruf des Links, ruft man den Link erneut auf, wird auch die Datei erneut gefunden und entfernt, Neustart des Pc's bringt nichts.

Das Problem tritt nur mit dem Internet Explorer auf, bei anderen Browsern kommt keine Meldung beim Aufruf des Links.

Ich hatte erst rumgerätselt warum nur F-Secure etwas findet und andere Programme wie Mbam, adwcleaner, hijackjthis gar nichts finden, was aber ja logisch ist, weil meine Festplatte und mein PC nicht direkt infiziert sind, sondern nur mein Browser ?!

Mit ClearProg habe ich bereits alle Internet Explorer Daten gelöscht (Cookies, Cache, History etc.), was keinen Erfolg brachte.

Was kann ich tun um den Trojaner dauerhaft zu entfernen ?

(Eine Neuinstallation des Browsers habe ich bisher noch nicht versucht.)

Vielen Dank

M-K-D-B · 15.04.2017, 10:59

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Für mich hört sich das nach einem FalsePositive von F-Secure an, aber wir schauen mal zur Sicherheit nach.

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

Derio · 15.04.2017, 21:26

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ACHTUNG: ====> FRSTVersion ist 31 Tage alt und könnte veraltet sein)
durchgeführt von Derio (Administrator) auf DERIO-PC (15-04-2017 22:16:12)
Gestartet von C:\Users\Derio\Desktop\cleaner
Geladene Profile: Derio (Verfügbare Profile: Derio)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\MultiScreen\MultiScreen.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_24_0_0_186_ActiveX.exe
(AO Kaspersky Lab) C:\Users\Derio\Desktop\cleaner\tdsskiller.exe
(AO Kaspersky Lab) C:\Users\Derio\AppData\Local\Temp\{F536AB11-B901-413F-9A88-8BBDE1791DBB}\{9C34C1BD-B5F5-446D-8736-5ECBBF2F8C81}.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2013-10-02] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\Run: [MultiScreen] => C:\Program Files (x86)\MultiScreen\MultiScreen.exe [303104 2009-08-11] ()
HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\MountPoints2: {65e28d3c-2b9e-11e3-baad-a0b107c1e797} - E:\pushinst.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2013-10-06]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-12-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-10-02]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{35B2DE7B-802A-4E1E-BF4E-4496945F73ED}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{68AA28DA-B75C-4755-B43C-663417F5BB0B}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-2271304684-954645281-654055257-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.royalgames.com/
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https64.dll [2017-04-05] (F-Secure Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_ie_https\fs_ie_https.dll [2017-04-05] (F-Secure Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Derio\AppData\Roaming\Mozilla\Firefox\Profiles\rzg6ntxy.default [2017-04-14]
FF HKLM\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi [2017-04-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-06] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-07-05] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ols@f-secure.com] - C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default [2017-04-15]
CHR Extension: (ProxFlow) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-01-24]
CHR Extension: (YouTube) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-26]
CHR Extension: (Google-Suche) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Search by F-Secure) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmikccifolokanfakbeadbmgchomeli [2016-09-18]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2016-09-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Google Mail) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\Derio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2271304684-954645281-654055257-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkmikccifolokanfakbeadbmgchomeli] - C:\Program Files (x86)\F-Secure\apps\SafeSearch\Chrome\main.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [Datei ist nicht signiert]
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [218080 2016-10-26] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [181216 2016-10-25] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [62432 2016-05-20] (F-Secure Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [229080 2017-02-02] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [106704 2017-04-03] (F-Secure Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-07-07] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-10-02] (FNet Co., Ltd.)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [73928 2016-07-06] ()
R3 fsni; C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [120016 2017-04-05] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13352 2014-06-24] ()
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2017-04-15] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-04-15 22:11 - 2017-04-15 22:13 - 00202974 _____ C:\TDSSKiller.3.1.0.12_15.04.2017_22.11.17_log.txt
2017-04-15 22:06 - 2017-04-15 22:16 - 00000000 ____D C:\FRST
2017-04-15 21:49 - 2017-04-15 21:49 - 00000000 ___RD C:\Users\Derio\Documents\Notes
2017-04-15 18:42 - 2017-04-15 18:42 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2017-04-14 03:49 - 2017-04-14 03:49 - 04089296 _____ C:\Users\Derio\Desktop\AdwCleaner_6.045.exe
2017-04-13 23:13 - 2017-04-13 23:14 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2017-04-13 23:13 - 2017-04-13 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-04-13 23:13 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-04-13 23:13 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-13 23:13 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-13 23:12 - 2017-04-13 23:13 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-04-13 23:09 - 2017-04-13 23:09 - 22851472 _____ (Malwarebytes ) C:\mbam-setup-bc.1878-2.2.1.1043.exe
2017-04-13 20:58 - 2017-04-13 20:58 - 00002968 _____ C:\Windows\System32\Tasks\{DAB5A521-3BDC-48A1-BDE3-E8BBE308B6DE}
2017-04-13 20:29 - 2017-04-13 22:56 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-13 20:29 - 2017-04-13 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-13 20:29 - 2017-04-13 20:29 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-13 20:19 - 2017-04-13 20:19 - 00270712 _____ C:\Windows\Minidump\041317-21621-01.dmp
2017-04-13 20:13 - 2017-04-13 20:13 - 00270712 _____ C:\Windows\Minidump\041317-20342-01.dmp
2017-04-13 19:05 - 2017-04-13 20:01 - 00158230 _____ C:\Windows\ntbtlog.txt
2017-04-13 19:05 - 2017-04-13 19:05 - 00270712 _____ C:\Windows\Minidump\041317-24897-01.dmp
2017-04-12 17:48 - 2017-03-27 20:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 17:48 - 2017-03-27 19:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 17:48 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 17:48 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 17:48 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 17:48 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 17:48 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 17:48 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 17:48 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 17:48 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 17:48 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 17:48 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 17:48 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 17:48 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 17:48 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 17:48 - 2017-03-25 18:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 17:48 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 17:48 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 17:48 - 2017-03-25 00:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 17:48 - 2017-03-25 00:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 17:48 - 2017-03-22 17:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 17:48 - 2017-03-22 17:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 17:48 - 2017-03-22 17:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 17:48 - 2017-03-22 17:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 17:48 - 2017-03-22 17:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 17:48 - 2017-03-22 17:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 17:48 - 2017-03-22 17:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 17:48 - 2017-03-22 17:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 17:48 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 17:48 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 17:48 - 2017-03-22 17:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 17:48 - 2017-03-22 17:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 17:48 - 2017-03-22 17:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 17:48 - 2017-03-22 17:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 17:48 - 2017-03-22 17:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 17:48 - 2017-03-22 17:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 17:48 - 2017-03-14 17:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 17:48 - 2017-03-14 17:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 17:48 - 2017-03-10 18:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 17:48 - 2017-03-10 18:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 17:48 - 2017-03-10 18:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 17:48 - 2017-03-08 22:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 17:48 - 2017-03-08 06:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 17:48 - 2017-03-08 06:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 17:48 - 2017-03-08 06:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 17:48 - 2017-03-08 06:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 17:48 - 2017-03-08 06:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 17:48 - 2017-03-08 06:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 17:48 - 2017-03-08 06:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 17:48 - 2017-03-08 06:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 17:48 - 2017-03-08 06:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 17:48 - 2017-03-08 06:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 17:48 - 2017-03-07 18:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 17:48 - 2017-03-04 03:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 17:48 - 2017-03-04 03:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 17:48 - 2017-02-14 18:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 17:48 - 2017-02-14 18:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 17:48 - 2017-02-09 18:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 17:48 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 17:47 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 17:47 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 17:47 - 2017-03-25 20:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 17:47 - 2017-03-25 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 17:47 - 2017-03-25 20:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 17:47 - 2017-03-25 20:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 17:47 - 2017-03-25 20:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 17:47 - 2017-03-25 20:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 17:47 - 2017-03-25 20:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 17:47 - 2017-03-25 20:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 17:47 - 2017-03-25 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 17:47 - 2017-03-25 20:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 17:47 - 2017-03-25 20:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 17:47 - 2017-03-25 20:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 17:47 - 2017-03-25 20:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 17:47 - 2017-03-25 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 17:47 - 2017-03-25 20:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 17:47 - 2017-03-25 20:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 17:47 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 17:47 - 2017-03-25 20:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 17:47 - 2017-03-25 20:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 17:47 - 2017-03-25 20:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 17:47 - 2017-03-25 19:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 17:47 - 2017-03-25 19:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 17:47 - 2017-03-25 19:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 17:47 - 2017-03-25 19:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 17:47 - 2017-03-25 19:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 17:47 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 17:47 - 2017-03-25 19:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 17:47 - 2017-03-25 19:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 17:47 - 2017-03-25 19:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 17:47 - 2017-03-25 19:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 17:47 - 2017-03-25 19:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 17:47 - 2017-03-25 19:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 17:47 - 2017-03-25 19:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 17:47 - 2017-03-25 19:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 17:47 - 2017-03-25 19:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 17:47 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 17:47 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 17:47 - 2017-03-25 18:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 17:47 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 17:47 - 2017-03-14 17:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 17:47 - 2017-03-10 18:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 17:47 - 2017-03-10 18:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 17:47 - 2017-03-10 18:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 17:47 - 2017-03-10 18:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 17:47 - 2017-03-10 18:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 17:47 - 2017-03-10 18:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 17:47 - 2017-03-10 18:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 17:47 - 2017-03-10 17:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 17:47 - 2017-03-08 22:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 17:47 - 2017-03-08 06:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 06:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 17:47 - 2017-03-08 06:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 17:47 - 2017-03-08 06:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 17:47 - 2017-03-08 06:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 17:47 - 2017-03-08 06:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 17:47 - 2017-03-08 05:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 17:47 - 2017-03-08 05:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 17:47 - 2017-03-08 05:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 17:47 - 2017-03-08 05:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 17:47 - 2017-03-08 05:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 17:47 - 2017-03-08 05:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 17:47 - 2017-03-08 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 17:47 - 2017-03-08 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 17:47 - 2017-03-08 05:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 17:47 - 2017-03-08 05:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 17:47 - 2017-03-08 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 17:47 - 2017-03-08 05:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 17:47 - 2017-03-08 05:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 05:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 05:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 05:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:47 - 2017-03-07 18:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 17:47 - 2017-03-04 03:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 17:47 - 2017-03-04 03:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 17:47 - 2017-02-11 18:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 17:47 - 2017-02-11 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 17:47 - 2017-02-09 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 17:47 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-07 07:49 - 2017-04-07 07:49 - 00270712 _____ C:\Windows\Minidump\040717-20888-01.dmp
2017-04-06 04:02 - 2017-04-06 04:11 - 00000000 ____D C:\Users\Derio\Desktop\elkovnaneu
2017-04-03 04:26 - 2017-04-03 04:26 - 00270712 _____ C:\Windows\Minidump\040317-19234-01.dmp
2017-03-16 05:19 - 2017-04-14 06:03 - 00000000 ____D C:\rtrtdzffcggf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-04-15 22:10 - 2009-07-14 06:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-15 22:10 - 2009-07-14 06:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-15 22:09 - 2014-06-09 00:59 - 00000000 ____D C:\Users\Derio\Desktop\cleaner
2017-04-15 19:59 - 2013-10-02 22:23 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-15 18:42 - 2013-10-02 22:26 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2017-04-15 18:41 - 2013-10-02 22:23 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-15 18:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-15 07:07 - 2013-12-05 17:45 - 00693672 _____ C:\Users\Derio\Desktop\dok3.txt
2017-04-15 06:14 - 2016-04-16 01:51 - 00000000 ____D C:\Users\Derio\AppData\Local\FSDART
2017-04-15 06:14 - 2013-11-02 21:11 - 00000634 _____ C:\Windows\Tasks\Scheduled scanning task.job
2017-04-15 01:56 - 2015-01-01 20:00 - 02273280 _____ C:\Users\Derio\Desktop\verkäufe2015.xls
2017-04-15 00:07 - 2013-12-05 17:45 - 00621056 _____ C:\Users\Derio\Desktop\bestand.xls
2017-04-15 00:03 - 2013-11-02 21:11 - 00003516 _____ C:\Windows\System32\Tasks\Scheduled scanning task
2017-04-14 23:59 - 2013-12-22 04:31 - 00000000 ____D C:\Users\Derio\Desktop\neue bilder
2017-04-14 23:43 - 2013-12-05 17:45 - 00195058 _____ C:\Users\Derio\Desktop\zusatzbestellungen.txt
2017-04-14 05:00 - 2014-11-30 05:08 - 00000000 ____D C:\AdwCleaner
2017-04-14 03:56 - 2013-12-06 01:42 - 00000000 ____D C:\Users\Derio\AppData\Roaming\Yahoo!
2017-04-14 03:56 - 2013-12-06 01:42 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-04-13 23:25 - 2017-01-03 02:17 - 00000000 ____D C:\Users\Derio\Desktop\einkäufe2017
2017-04-13 23:25 - 2013-12-05 17:45 - 00409600 _____ C:\Users\Derio\Desktop\bilanzgesamt.xls
2017-04-13 23:16 - 2014-07-15 00:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-13 20:29 - 2013-10-06 01:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-13 20:19 - 2013-11-10 19:29 - 522559859 _____ C:\Windows\MEMORY.DMP
2017-04-13 20:19 - 2013-11-10 19:29 - 00000000 ____D C:\Windows\Minidump
2017-04-13 20:12 - 2013-10-03 01:32 - 00000000 ____D C:\Users\Derio\AppData\Local\CrashDumps
2017-04-13 04:38 - 2013-12-22 04:24 - 00000000 ____D C:\Users\Derio\Desktop\spring
2017-04-12 21:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-04-12 18:25 - 2013-10-03 07:45 - 00654150 _____ C:\Windows\system32\perfh007.dat
2017-04-12 18:25 - 2013-10-03 07:45 - 00130022 _____ C:\Windows\system32\perfc007.dat
2017-04-12 18:25 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 18:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-12 18:18 - 2009-07-14 06:45 - 00285872 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 18:12 - 2013-10-05 20:41 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 18:11 - 2013-10-05 20:41 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-11 03:25 - 2013-10-02 22:26 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 03:25 - 2013-10-02 22:26 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-06 04:18 - 2016-01-02 15:53 - 00000000 ____D C:\Users\Derio\Desktop\EST 2016
2017-04-06 04:17 - 2013-12-05 17:46 - 00000000 ____D C:\Users\Derio\Desktop\EST 2013
2017-04-05 05:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-04 21:39 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-04 01:47 - 2013-10-02 22:26 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-04 01:47 - 2013-10-02 22:26 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-03 23:00 - 2014-07-01 22:30 - 00000000 ____D C:\Users\Derio\Desktop\sachen
2017-03-30 06:19 - 2013-12-05 17:45 - 00000000 ____D C:\Users\Derio\Desktop\primary
2017-03-28 02:45 - 2013-12-05 17:45 - 00004544 _____ C:\Users\Derio\Desktop\zahlungshinweiseneu.txt

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-10-29 00:53 - 2017-03-12 21:32 - 0169472 _____ () C:\Users\Derio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-02 22:27 - 2013-10-02 22:27 - 0000003 _____ () C:\Users\Derio\AppData\Local\user_data.ini
2013-12-06 01:39 - 2013-12-06 01:45 - 0000836 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-04-14 20:18

==================== Ende von FRST.txt ============================

Code:

ATTFilter

ZusÃ¤tzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgefÃ¼hrt von Derio (15-04-2017 22:16:26)
Gestartet von C:\Users\Derio\Desktop\cleaner
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-02 19:53:20)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2271304684-954645281-654055257-500 - Administrator - Disabled)
Derio (S-1-5-21-2271304684-954645281-654055257-1000 - Administrator - Enabled) => C:\Users\Derio
Gast (S-1-5-21-2271304684-954645281-654055257-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Antivirus by F-Secure (Enabled - Up to date) {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
AS: Antivirus by F-Secure (Enabled - Up to date) {B4114720-50DE-65B5-1C25-6AED390C569D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" kÃ¶nnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{D4DEB532-1003-D978-B678-D08A430CE548}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.185 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
ClearProg 1.6.0 Final (HKLM-x32\...\ClearProg) (Version: 1.6.0 Final - Sven Hoffman)
Computer Security 14.176.101.0 (release) (x32 Version: 14.176.101.0 - F-Secure Corporation) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1611_37043 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Siedler II - Die nÃ¤chste Generation (HKLM-x32\...\S2TNG) (Version:  - )
DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 17.3.24.20160513 - Landesfinanzdirektion ThÃ¼ringen)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
F-Secure (HKLM-x32\...\F-Secure ServiceEnabler 666) (Version: 2.76.211.0 - F-Secure Corporation)
F-Secure (x32 Version: 2.76.211.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 2.1.1342.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.73.275.1078 (release) (x32 Version: 1.73.275.1078 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.214 (x32 Version: 1.04.214 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.11.101.0 (release) (x32 Version: 1.11.101.0 - F-Secure Corporation) Hidden
Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.37.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{01C324B7-3744-4EC0-9C4F-40BCCDD47CFB}) (Version: 3.0.41.1571 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
king.com (remove only) (HKLM-x32\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiScreen (HKLM-x32\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.)
Naviextras Toolbox (HKLM-x32\...\Naviextras Toolbox) (Version: 3.18.5.667499 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Online Safety 2.176.4626.2945 (x32 Version: 2.176.4626.2945 - F-Secure Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.45.22485 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skypeâ„¢ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Warzone 2100-3.1.2 (HKLM-x32\...\Warzone 2100-3.1.2) (Version: 3.1.2 - Warzone 2100 Project)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2271304684-954645281-654055257-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.31 - ASRock Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0937FA0F-817F-4447-B72E-F70143A01BC4} - System32\Tasks\Scheduled scanning task => C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsav.exe [2017-04-03] (F-Secure Corporation)
Task: {4B0372D4-1118-4394-9319-E30B753B7790} - System32\Tasks\{F11E2E2F-C323-4544-8DE4-DEDBD88F3C0C} => pcalua.exe -a C:\Users\Derio\Desktop\hijackthis.exe -d C:\Users\Derio\Desktop
Task: {51A56646-6105-462B-AEF1-47B13D7B6B2E} - System32\Tasks\{324F4C7E-FEA5-4784-AD2A-3120EC395156} => C:\Program Files (x86)\Ubisoft\Funatics\Die Siedler II - Die nÃ¤chste Generation\bin\S2DNG.exe [2006-08-06] ()
Task: {55E9F69B-8C1F-4424-96A1-F81D92341877} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe 
Task: {57DDBBE9-B4A0-4623-80FD-56B287E7CDEE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {7AA70855-23C5-4E60-B7C9-6F5959613F01} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {8434005D-0898-4699-8FEC-25990D344D63} - System32\Tasks\{DAB5A521-3BDC-48A1-BDE3-E8BBE308B6DE} => C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [2017-01-20] (Malwarebytes)
Task: {8B13F0C5-A310-4625-85A3-0FD51083013E} - System32\Tasks\{0C5C3F86-2090-4DF3-A0C7-3B96CA8E4253} => C:\Program Files (x86)\ElsterFormular\bin\pica.exe [2016-05-13] ()
Task: {A8D27786-ED64-4D1C-B2D8-0EC13BE48976} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {CCA07218-FE3A-44F9-B33F-747CBC2ACD94} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {DEF9C873-2792-41FE-A64E-72F588E2245B} - System32\Tasks\{459BFF12-4D7C-40F6-83A2-863F543B4C16} => pcalua.exe -a C:\Users\Derio\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\installationsverwaltung.exe -d C:\Users\Derio\AppData\Roaming\elsterformular\pluginmanager\tmp\ElsterFormular\bin\ -c --picaDir="C:\Program Files (x86)\ElsterFormular" --updatepruefung
Task: {E80EF2D3-CD7B-4C61-A6AA-AFDDFBF43C34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\Scheduled scanning task.job => C:\PROGRA~3\F-Secure\apps\COMPUT~1\ANTI-V~1\fsav.exe X /HARD /POLICY /SCHED /REPORT C:\PROGRA~3\F-Secure\apps\COMPUT~1\ANTI-V~1\report.txt  ,C:\PROGRA~3\F-Secure\apps\COMPUT~1\ANTI-V~1 SYSTEM .Von

==================== VerknÃ¼pfungen =============================

(Die EintrÃ¤ge kÃ¶nnen gelistet werden, um sie zurÃ¼ckzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-08-16 20:36 - 2012-08-16 20:36 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2012-08-16 20:36 - 2012-08-16 20:36 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-10-02 22:29 - 2011-05-19 09:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-10-24 22:58 - 2009-08-11 13:57 - 00303104 _____ () C:\Program Files (x86)\MultiScreen\MultiScreen.exe
2012-04-16 14:45 - 2012-04-16 14:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2013-10-02 23:39 - 2016-10-26 17:05 - 00074720 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSAVHRES.eng
2016-05-31 13:07 - 2016-05-31 13:07 - 00254944 _____ () C:\Program Files (x86)\F-Secure\daas2.dll
2013-10-24 22:58 - 2009-08-11 13:54 - 00094208 _____ () C:\Program Files (x86)\MultiScreen\TitleBar.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2012-04-16 11:42 - 2012-04-16 11:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 11:41 - 2012-04-16 11:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 11:56 - 2012-04-16 11:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 11:38 - 2012-04-16 11:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2013-10-24 22:58 - 2009-08-11 13:54 - 00053248 _____ () C:\Program Files (x86)\MultiScreen\SmartMouseDll.dll
2013-10-24 22:58 - 2009-08-11 13:56 - 00057344 _____ () C:\Program Files (x86)\MultiScreen\MGResGer.dll
2012-08-16 20:36 - 2012-08-16 20:36 - 00110592 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\de\iSCTsysTray.resources.dll
2013-10-02 22:29 - 2011-05-04 16:32 - 00094208 ____N () C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
2013-10-02 23:39 - 2016-11-25 20:06 - 00212008 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsas.dll
2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2013-10-02 22:22 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== VerknÃ¼pfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt.)


==================== Internet Explorer VertrauenswÃ¼rdig/EingeschrÃ¤nkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benÃ¶tigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurÃ¼ckzusetzen.)

2009-07-14 04:34 - 2016-09-20 17:47 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fÃ¼r diesen Bereich.)

HKU\S-1-5-21-2271304684-954645281-654055257-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Derio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte EintrÃ¤ge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{31B2733B-4766-4663-AD8D-3094AD91BF58}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3DD665CA-FA54-40DA-9D30-27CEA4E78AEC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{A73950BB-C048-46D6-B536-5F395F689481}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [UDP Query User{E23E6DD3-9E5E-4837-A485-FA56A9E9277D}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [TCP Query User{36DA61CB-F07D-4FA2-B90E-23491C54F001}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [UDP Query User{EB62EA4A-3B5E-4D74-8B4A-B976762E8E1E}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [{4DDED544-CE74-423D-92E8-1E04AD7DCDCF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6F235DD6-9E6D-47D4-9D54-F5F3E9B7F751}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3C3E149E-AD0D-4146-A4B3-9E1FB86DA5EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{6C975299-61EC-427C-BB67-3257B78A37C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6F2B92B9-AF91-4BBC-8A74-FC658124194D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{85034CF4-D5FB-4FB1-9F99-B77EA5247F0B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4818B1CF-650E-4BCB-921B-9DF2DABFF065}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{872E2A49-32A5-4917-837C-47D44EAD92F6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6991F48F-3993-4086-9788-9C9CF33915FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{10296596-1D9C-4D8F-8B8B-294BE87BBF2E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{ED6AB29B-E66F-42F7-A9A8-83C34A087986}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{EA80E726-A735-462F-9C77-F5F8A38D7473}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{827FA036-BEDA-4F77-B624-87E41D5288C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CB18C1BE-0CED-4075-885F-D1868FAD3467}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{EAEAFE68-5391-4783-A309-429A65671019}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{9C4802B1-C136-47ED-A083-FE507202BAED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{50D02952-9BE0-49FE-8692-578E997EBCDB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{5BB61511-212D-4AF9-B8C2-EA8209FC084D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{93D74B2C-6955-4C07-96F6-5F1909E9DAB6}C:\program files\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files\ws_ftp\ws_ftp95.exe
FirewallRules: [UDP Query User{5012B6D0-854F-49DB-802D-4433A6996A06}C:\program files\ws_ftp\ws_ftp95.exe] => (Allow) C:\program files\ws_ftp\ws_ftp95.exe
FirewallRules: [{276EE61E-A122-4DF7-8B6B-28B0ABE80FA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CA64F66E-B500-48E9-B621-FA2BC4827562}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B82D2611-82CF-4523-BB56-3FD922428CBE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B5562C98-C312-4016-B788-E9B8F6FAC411}C:\users\derio\desktop\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe] => (Block) C:\users\derio\desktop\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe
FirewallRules: [UDP Query User{C1874C26-6BE3-48EC-A428-3BDE675DC6DA}C:\users\derio\desktop\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe] => (Block) C:\users\derio\desktop\tetrisonlinepoland_en\tetrisonlinepoland\tetris.exe
FirewallRules: [{983FDDD9-BE94-4C6D-8DA5-CE49E0FC1A95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

06-04-2017 20:00:23 Geplanter PrÃ¼fpunkt
12-04-2017 18:09:45 Windows Update

==================== Fehlerhafte GerÃ¤te im GerÃ¤temanager =============


==================== FehlereintrÃ¤ge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/15/2017 08:52:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungÃ¼ltig.

Error: (04/15/2017 06:41:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e599
ID des fehlerhaften Prozesses: 0x444
Startzeit der fehlerhaften Anwendung: 0x01d2b6072194ce76
Pfad der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\atieclxx.exe
Berichtskennung: 687d0fc7-21fa-11e7-a601-bc5ff4a93e75

Error: (04/15/2017 06:15:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e599
ID des fehlerhaften Prozesses: 0x4d0
Startzeit der fehlerhaften Anwendung: 0x01d2b59ed3ad3ef3
Pfad der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\atieclxx.exe
Berichtskennung: 1a5c5f3d-2192-11e7-9f1e-bc5ff4a93e75

Error: (04/15/2017 02:20:35 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 2  2017-04-15  02:20:35+02:00  DERIO-PC  Derio-PC\Derio  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Derio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X6DJECYG\signin[1].htm.
 Infection: JS:Trojan.Cryxos.566
 Action: The file was deleted.

Error: (04/15/2017 02:19:57 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2017-04-15  02:19:57+02:00  DERIO-PC  Derio-PC\Derio  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Derio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9SSWR49Q\signin[1].htm.
 Infection: JS:Trojan.Cryxos.566
 Action: The file was deleted.

Error: (04/14/2017 08:19:20 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes fÃ¼r "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungÃ¼ltig.

Error: (04/14/2017 07:02:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e599
ID des fehlerhaften Prozesses: 0x4e4
Startzeit der fehlerhaften Anwendung: 0x01d2b540c95979b6
Pfad der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\atieclxx.exe
Berichtskennung: 14e412a1-2134-11e7-a0e1-bc5ff4a93e75

Error: (04/14/2017 04:10:38 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 1  2017-04-14  04:10:38+02:00  DERIO-PC  Derio-PC\Derio  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Derio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FRTSBOY6\signin[1].htm.
 Infection: JS:Trojan.Cryxos.566
 Action: The file was deleted.

Error: (04/14/2017 03:58:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x511ea34f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e599
ID des fehlerhaften Prozesses: 0x4dc
Startzeit der fehlerhaften Anwendung: 0x01d2b4c28fd49c3f
Pfad der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\atieclxx.exe
Berichtskennung: d624857e-20b5-11e7-ba30-bc5ff4a93e75

Error: (04/14/2017 03:37:24 AM) (Source: FSecure-FSecure-F-Secure Anti-Virus) (EventID: 103) (User: )
Description: 6  2017-04-14  03:37:24+02:00  DERIO-PC  Derio-PC\Derio  F-Secure Anti-Virus
 Malicious code found in file C:\Users\Derio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZSGL8A5C\signin[1].htm.
 Infection: JS:Trojan.Cryxos.566
 Action: The file was deleted.


Systemfehler:
=============
Error: (04/15/2017 08:16:40 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÃ„T)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (04/15/2017 08:05:18 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÃ„T)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (04/15/2017 06:41:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (04/15/2017 06:41:19 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÃ„T)
Description: 0xc000014d0

Error: (04/15/2017 06:15:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (04/14/2017 07:45:40 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÃ„T)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (04/14/2017 07:43:47 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÃ„T)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (04/14/2017 07:38:43 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÃ„T)
Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

Error: (04/14/2017 07:02:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (04/14/2017 03:58:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU G2120 @ 3.10GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 3788.31 MB
Verfügbarer physikalischer RAM: 2035.84 MB
Summe virtueller Speicher: 7574.81 MB
Verfügbarer virtueller Speicher: 5414.33 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:337.93 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10BB10BB)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Derio · 15.04.2017, 21:27

Code:

ATTFilter

22:17:10.0107 0x169c  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
22:17:13.0777 0x169c  ============================================================
22:17:13.0777 0x169c  Current date / time: 2017/04/15 22:17:13.0777
22:17:13.0777 0x169c  SystemInfo:
22:17:13.0777 0x169c  
22:17:13.0777 0x169c  OS Version: 6.1.7601 ServicePack: 1.0
22:17:13.0777 0x169c  Product type: Workstation
22:17:13.0777 0x169c  ComputerName: DERIO-PC
22:17:13.0777 0x169c  UserName: Derio
22:17:13.0777 0x169c  Windows directory: C:\Windows
22:17:13.0777 0x169c  System windows directory: C:\Windows
22:17:13.0777 0x169c  Running under WOW64
22:17:13.0777 0x169c  Processor architecture: Intel x64
22:17:13.0777 0x169c  Number of processors: 2
22:17:13.0777 0x169c  Page size: 0x1000
22:17:13.0777 0x169c  Boot type: Normal boot
22:17:13.0777 0x169c  CodeIntegrityOptions = 0x00000001
22:17:13.0777 0x169c  ============================================================
22:17:15.0327 0x169c  KLMD registered as C:\Windows\system32\drivers\99412476.sys
22:17:15.0327 0x169c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23714, osProperties = 0x1
22:17:15.0507 0x169c  System UUID: {ED6D6F3D-30FC-E122-3548-243FF7FA34B3}
22:17:15.0867 0x169c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:17:15.0867 0x169c  ============================================================
22:17:15.0867 0x169c  \Device\Harddisk0\DR0:
22:17:15.0867 0x169c  MBR partitions:
22:17:15.0867 0x169c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:17:15.0867 0x169c  ============================================================
22:17:15.0887 0x169c  C: <-> \Device\Harddisk0\DR0\Partition1
22:17:15.0887 0x169c  ============================================================
22:17:15.0887 0x169c  Initialize success
22:17:15.0887 0x169c  ============================================================
22:17:38.0463 0x1f5c  ============================================================
22:17:38.0463 0x1f5c  Scan started
22:17:38.0463 0x1f5c  Mode: Manual; SigCheck; TDLFS; 
22:17:38.0463 0x1f5c  ============================================================
22:17:38.0463 0x1f5c  KSN ping started
22:17:49.0523 0x1f5c  KSN ping finished: true
22:17:50.0453 0x1f5c  ================ Scan system memory ========================
22:17:50.0453 0x1f5c  System memory - ok
22:17:50.0453 0x1f5c  ================ Scan services =============================
22:17:50.0603 0x1f5c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:17:50.0663 0x1f5c  1394ohci - ok
22:17:50.0703 0x1f5c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:17:50.0723 0x1f5c  ACPI - ok
22:17:50.0753 0x1f5c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:17:50.0763 0x1f5c  AcpiPmi - ok
22:17:50.0813 0x1f5c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:17:50.0843 0x1f5c  adp94xx - ok
22:17:50.0863 0x1f5c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:17:50.0883 0x1f5c  adpahci - ok
22:17:50.0903 0x1f5c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:17:50.0923 0x1f5c  adpu320 - ok
22:17:50.0963 0x1f5c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:17:51.0013 0x1f5c  AeLookupSvc - ok
22:17:51.0063 0x1f5c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
22:17:51.0093 0x1f5c  AFD - ok
22:17:51.0133 0x1f5c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:17:51.0153 0x1f5c  agp440 - ok
22:17:51.0163 0x1f5c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:17:51.0183 0x1f5c  ALG - ok
22:17:51.0203 0x1f5c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:17:51.0213 0x1f5c  aliide - ok
22:17:51.0263 0x1f5c  [ FC14222714EA840870ECA91AC05279C2, B27502A37FF64B8DE782D4222F86508BE008A2C986E4BA98D968AB02CA533542 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:17:51.0283 0x1f5c  AMD External Events Utility - ok
22:17:51.0293 0x1f5c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:17:51.0303 0x1f5c  amdide - ok
22:17:51.0333 0x1f5c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:17:51.0343 0x1f5c  AmdK8 - ok
22:17:51.0633 0x1f5c  [ 0B84FD0FD5564507E4FE05562347B4B0, 71D59444FC523EA93681E9DF953F08619A00BC59908C303F180263DFA2B15B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:17:51.0893 0x1f5c  amdkmdag - ok
22:17:51.0983 0x1f5c  [ A2ABF8C759FD89A69D78C97C05AF623D, B02B044EEE9F76FA5D7929099336E1B0AC60CE3621C715929547867E0553925B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:17:52.0023 0x1f5c  amdkmdap - ok
22:17:52.0053 0x1f5c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:17:52.0063 0x1f5c  AmdPPM - ok
22:17:52.0103 0x1f5c  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:17:52.0123 0x1f5c  amdsata - ok
22:17:52.0153 0x1f5c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:17:52.0173 0x1f5c  amdsbs - ok
22:17:52.0193 0x1f5c  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:17:52.0193 0x1f5c  amdxata - ok
22:17:52.0233 0x1f5c  [ F165140EFE85E7767A80BAA234D05A4C, 56101973CEAAFE78C8B723B03AC0835AC693F48EFB32A626BEB29E78C21485E2 ] AppID           C:\Windows\system32\drivers\appid.sys
22:17:52.0253 0x1f5c  AppID - ok
22:17:52.0283 0x1f5c  [ 43DDA527D48452D9F060744BDD5B0FE3, 94BA31B28E62E224AB60D494286355AF2C848FD75709BC56CDEA7B1BDD75A876 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:17:52.0303 0x1f5c  AppIDSvc - ok
22:17:52.0363 0x1f5c  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
22:17:52.0383 0x1f5c  Appinfo - ok
22:17:52.0393 0x1f5c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:17:52.0403 0x1f5c  arc - ok
22:17:52.0413 0x1f5c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:17:52.0423 0x1f5c  arcsas - ok
22:17:52.0453 0x1f5c  [ E1AFEE1584C74050DE0DD16DE2A54BF3, 77C8D98159D8BCDC7917B04977949823D50C49D0D13587310E060A4B8893AE42 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
22:17:52.0473 0x1f5c  AsrAppCharger - ok
22:17:52.0503 0x1f5c  [ 0C3F9E39C0B10D351026D580D9FF6F86, 0A19F09FD2EF200BED07CDBC4AAF41261A0C0468F680A5AAEBCD26B371676D53 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
22:17:52.0523 0x1f5c  AsrRamDisk - ok
22:17:52.0553 0x1f5c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:52.0603 0x1f5c  AsyncMac - ok
22:17:52.0613 0x1f5c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:17:52.0623 0x1f5c  atapi - ok
22:17:52.0683 0x1f5c  [ ED3A041014FBBFDC23D6C04F9C7A5D79, A039D8F4C0EA2101898A253E13DFED5FA8500C412ACC47835415E27C9BD068FF ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:17:52.0703 0x1f5c  AtiHDAudioService - ok
22:17:52.0773 0x1f5c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:17:52.0813 0x1f5c  AudioEndpointBuilder - ok
22:17:52.0843 0x1f5c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:17:52.0863 0x1f5c  AudioSrv - ok
22:17:52.0973 0x1f5c  [ C6F4C466B654C1BE98AF31418BB5AC30, 62AA4456F8E22A6E508EB44DE4309615057117AAF923C13BBED15AA39630E76B ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
22:17:52.0993 0x1f5c  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic ( 1 )
22:17:53.0073 0x1f5c  Detect skipped due to KSN trusted
22:17:53.0073 0x1f5c  AVM WLAN Connection Service - ok
22:17:53.0123 0x1f5c  [ 1DC2F715792CF33428AD7993ACBD224D, 129FBD517E016914CD61C35894C0B9B2074E680F1EB21201597E5C13CAF4529F ] avmeject        C:\Windows\system32\drivers\avmeject.sys
22:17:53.0133 0x1f5c  avmeject - ok
22:17:53.0183 0x1f5c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:17:53.0213 0x1f5c  AxInstSV - ok
22:17:53.0253 0x1f5c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:17:53.0293 0x1f5c  b06bdrv - ok
22:17:53.0333 0x1f5c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:17:53.0353 0x1f5c  b57nd60a - ok
22:17:53.0373 0x1f5c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:17:53.0383 0x1f5c  BDESVC - ok
22:17:53.0413 0x1f5c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:17:53.0433 0x1f5c  Beep - ok
22:17:53.0523 0x1f5c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:17:53.0573 0x1f5c  BFE - ok
22:17:53.0623 0x1f5c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
22:17:53.0673 0x1f5c  BITS - ok
22:17:53.0693 0x1f5c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:17:53.0713 0x1f5c  blbdrive - ok
22:17:53.0743 0x1f5c  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:17:53.0763 0x1f5c  bowser - ok
22:17:53.0803 0x1f5c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:17:53.0823 0x1f5c  BrFiltLo - ok
22:17:53.0843 0x1f5c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:17:53.0863 0x1f5c  BrFiltUp - ok
22:17:53.0903 0x1f5c  [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser         C:\Windows\System32\browser.dll
22:17:53.0943 0x1f5c  Browser - ok
22:17:53.0963 0x1f5c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:17:53.0983 0x1f5c  Brserid - ok
22:17:54.0003 0x1f5c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:17:54.0013 0x1f5c  BrSerWdm - ok
22:17:54.0023 0x1f5c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:17:54.0033 0x1f5c  BrUsbMdm - ok
22:17:54.0053 0x1f5c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:17:54.0063 0x1f5c  BrUsbSer - ok
22:17:54.0083 0x1f5c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:17:54.0093 0x1f5c  BTHMODEM - ok
22:17:54.0133 0x1f5c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:17:54.0173 0x1f5c  bthserv - ok
22:17:54.0183 0x1f5c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:17:54.0213 0x1f5c  cdfs - ok
22:17:54.0243 0x1f5c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:17:54.0273 0x1f5c  cdrom - ok
22:17:54.0313 0x1f5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:17:54.0363 0x1f5c  CertPropSvc - ok
22:17:54.0453 0x1f5c  [ 33B82CF69E41B38A2EC0C3CABDE80D6E, E7331B38232001A4055CE1F6D74AED0F108385DDBD5211006DA8EA932D3B1575 ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
22:17:54.0513 0x1f5c  cFosSpeed - ok
22:17:54.0603 0x1f5c  [ A469854CD303A39162931FA770EA45A2, 45CB65C6079B023A808EA76B96C4FE0D6A588E4A6747B337CC24FDDD35B5D356 ] cFosSpeedS      C:\Program Files\ASRock\XFast LAN\spd.exe
22:17:54.0663 0x1f5c  cFosSpeedS - ok
22:17:54.0683 0x1f5c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:17:54.0703 0x1f5c  circlass - ok
22:17:54.0743 0x1f5c  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
22:17:54.0773 0x1f5c  CLFS - ok
22:17:54.0853 0x1f5c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:17:54.0873 0x1f5c  clr_optimization_v2.0.50727_32 - ok
22:17:54.0923 0x1f5c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:17:54.0943 0x1f5c  clr_optimization_v2.0.50727_64 - ok
22:17:55.0013 0x1f5c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:17:55.0033 0x1f5c  clr_optimization_v4.0.30319_32 - ok
22:17:55.0073 0x1f5c  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:17:55.0093 0x1f5c  clr_optimization_v4.0.30319_64 - ok
22:17:55.0143 0x1f5c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:55.0163 0x1f5c  CmBatt - ok
22:17:55.0203 0x1f5c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:17:55.0213 0x1f5c  cmdide - ok
22:17:55.0253 0x1f5c  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:17:55.0293 0x1f5c  CNG - ok
22:17:55.0303 0x1f5c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:17:55.0313 0x1f5c  Compbatt - ok
22:17:55.0333 0x1f5c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:17:55.0343 0x1f5c  CompositeBus - ok
22:17:55.0353 0x1f5c  COMSysApp - ok
22:17:55.0363 0x1f5c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:17:55.0373 0x1f5c  crcdisk - ok
22:17:55.0393 0x1f5c  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:17:55.0413 0x1f5c  CryptSvc - ok
22:17:55.0473 0x1f5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:17:55.0513 0x1f5c  DcomLaunch - ok
22:17:55.0553 0x1f5c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:17:55.0603 0x1f5c  defragsvc - ok
22:17:55.0633 0x1f5c  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:17:55.0653 0x1f5c  DfsC - ok
22:17:55.0703 0x1f5c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:17:55.0743 0x1f5c  Dhcp - ok
22:17:55.0853 0x1f5c  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
22:17:55.0913 0x1f5c  DiagTrack - ok
22:17:55.0943 0x1f5c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:17:55.0973 0x1f5c  discache - ok
22:17:56.0013 0x1f5c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:17:56.0023 0x1f5c  Disk - ok
22:17:56.0063 0x1f5c  [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:17:56.0093 0x1f5c  Dnscache - ok
22:17:56.0145 0x1f5c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:17:56.0185 0x1f5c  dot3svc - ok
22:17:56.0225 0x1f5c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:17:56.0245 0x1f5c  Dot4 - ok
22:17:56.0305 0x1f5c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
22:17:56.0325 0x1f5c  Dot4Print - ok
22:17:56.0355 0x1f5c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:17:56.0375 0x1f5c  dot4usb - ok
22:17:56.0425 0x1f5c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:17:56.0455 0x1f5c  DPS - ok
22:17:56.0495 0x1f5c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:17:56.0505 0x1f5c  drmkaud - ok
22:17:56.0565 0x1f5c  [ C727B350874B61E4BE80AB013530F655, D3C2B704276A8C11017F21BA2AA78E9EB7C4830C4198A89C8CCB92CD5545A6CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:17:56.0605 0x1f5c  DXGKrnl - ok
22:17:56.0635 0x1f5c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:17:56.0655 0x1f5c  EapHost - ok
22:17:56.0765 0x1f5c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:17:56.0845 0x1f5c  ebdrv - ok
22:17:56.0865 0x1f5c  [ D6CCBE51C4FAA41F21BC451AE2C95B97, 17C99A71E169DD885B40717508D7988B7D0A78BACB11392890ED80518D0BF3F5 ] EFS             C:\Windows\System32\lsass.exe
22:17:56.0875 0x1f5c  EFS - ok
22:17:56.0955 0x1f5c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:17:56.0985 0x1f5c  ehRecvr - ok
22:17:57.0025 0x1f5c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:17:57.0035 0x1f5c  ehSched - ok
22:17:57.0095 0x1f5c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:17:57.0135 0x1f5c  elxstor - ok
22:17:57.0175 0x1f5c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:17:57.0185 0x1f5c  ErrDev - ok
22:17:57.0235 0x1f5c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:17:57.0275 0x1f5c  EventSystem - ok
22:17:57.0295 0x1f5c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:17:57.0325 0x1f5c  exfat - ok
22:17:57.0475 0x1f5c  [ AF87637EA82F338CAADDEF5251BA4E6B, 33E8451D252D8A9F5C228F5B2E24E48F765E811F0627E4FDE13F17ABB5844545 ] F-Secure Gatekeeper C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
22:17:57.0505 0x1f5c  F-Secure Gatekeeper - ok
22:17:57.0585 0x1f5c  [ 81B36F28119B7F2E4B314E3CF5F35F45, 06D984A7D221C42F1BC513E051153D55096D80CD404CB24F0FE3C7F29ED362EB ] F-Secure HIPS   C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
22:17:57.0605 0x1f5c  F-Secure HIPS - ok
22:17:57.0645 0x1f5c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:17:57.0685 0x1f5c  fastfat - ok
22:17:57.0745 0x1f5c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:17:57.0785 0x1f5c  Fax - ok
22:17:57.0795 0x1f5c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:17:57.0795 0x1f5c  fdc - ok
22:17:57.0825 0x1f5c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:17:57.0845 0x1f5c  fdPHost - ok
22:17:57.0875 0x1f5c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:17:57.0915 0x1f5c  FDResPub - ok
22:17:57.0935 0x1f5c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:17:57.0945 0x1f5c  FileInfo - ok
22:17:57.0955 0x1f5c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:17:57.0985 0x1f5c  Filetrace - ok
22:17:58.0005 0x1f5c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:58.0015 0x1f5c  flpydisk - ok
22:17:58.0045 0x1f5c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:17:58.0065 0x1f5c  FltMgr - ok
22:17:58.0105 0x1f5c  [ 508401A63E6B1CBF0B9C9A011498731F, F636B0A9C0EB6AE7EC04E5C5FD8A0578AEB76A1B0D974F355BCE6B6091901725 ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
22:17:58.0115 0x1f5c  FNETTBOH_305 - ok
22:17:58.0125 0x1f5c  [ E341178C116DAC6A3A764587E68DFA7B, 91B4C79057908A622666FF069CF1C7ECA42952A6587432F5E99E33E8B19D29AF ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
22:17:58.0135 0x1f5c  FNETURPX - ok
22:17:58.0215 0x1f5c  [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache       C:\Windows\system32\FntCache.dll
22:17:58.0255 0x1f5c  FontCache - ok
22:17:58.0315 0x1f5c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:17:58.0335 0x1f5c  FontCache3.0.0.0 - ok
22:17:58.0375 0x1f5c  [ AA0F9F7EC70D19EA1E6390FD0D93E4AB, 0DA5A3020F0D57C38AF9D1F51A4AA6A1C24CBCB065F960E683DF00127891DB18 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
22:17:58.0405 0x1f5c  fsbts - ok
22:17:58.0425 0x1f5c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:17:58.0445 0x1f5c  FsDepends - ok
22:17:58.0485 0x1f5c  [ 7CF18849F5250961137D6318C906141D, 20CC67B5DE041C8D7376D94D6645E0EC4A864270C1994B43E4C3D9A633FA09C8 ] fshoster        C:\Program Files (x86)\F-Secure\fshoster32.exe
22:17:58.0505 0x1f5c  fshoster - ok
22:17:58.0585 0x1f5c  [ 2B50E6EEA5470950AA0741FB259CC301, 3A67C4EF53308CC6D63D20EA2D7B510712BD8D1BFCBC6B053A4F196664D85204 ] FSMA            C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
22:17:58.0615 0x1f5c  FSMA - ok
22:17:58.0645 0x1f5c  [ 7CF18849F5250961137D6318C906141D, 20CC67B5DE041C8D7376D94D6645E0EC4A864270C1994B43E4C3D9A633FA09C8 ] fsnethoster     C:\Program Files (x86)\F-Secure\fshoster32.exe
22:17:58.0675 0x1f5c  fsnethoster - ok
22:17:58.0775 0x1f5c  [ 3E256298A209F8704CCC90B55B28C69E, 94A7984B115D190D5DFFBABC8A64F1161B66CF61637DECFBC030FC634693799C ] fsni            C:\Program Files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys
22:17:58.0795 0x1f5c  fsni - ok
22:17:58.0855 0x1f5c  [ E4680A4DA828E056442F304A6A5D0F97, B7D7694F2ECD6129455259A043F92510E3580F3ADFB7E7A13147B55372989629 ] FSORSPClient    C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
22:17:58.0875 0x1f5c  FSORSPClient - ok
22:17:58.0885 0x1f5c  [ BDC821334C7C770ADB21F8C166DE8525, 9C39C83AEF79D480BF62B4EA72646BE80830210103E021CAA17CD6A450588400 ] fsvista         C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
22:17:58.0905 0x1f5c  fsvista - ok
22:17:58.0965 0x1f5c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:17:58.0975 0x1f5c  Fs_Rec - ok
22:17:59.0045 0x1f5c  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:17:59.0075 0x1f5c  fvevol - ok
22:17:59.0125 0x1f5c  [ 444534CBA693DD23C1CC589681E01656, DF8ED7FFA66E0A88EBB58A491A177D8CEB35B08B0911D7A1F4B8865755DC27CE ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
22:17:59.0155 0x1f5c  FWLANUSB - ok
22:17:59.0185 0x1f5c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:17:59.0205 0x1f5c  gagp30kx - ok
22:17:59.0265 0x1f5c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
22:17:59.0305 0x1f5c  gpsvc - ok
22:17:59.0355 0x1f5c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:17:59.0375 0x1f5c  gupdate - ok
22:17:59.0375 0x1f5c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:17:59.0395 0x1f5c  gupdatem - ok
22:17:59.0425 0x1f5c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:17:59.0435 0x1f5c  hcw85cir - ok
22:17:59.0475 0x1f5c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:17:59.0505 0x1f5c  HdAudAddService - ok
22:17:59.0535 0x1f5c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:17:59.0545 0x1f5c  HDAudBus - ok
22:17:59.0575 0x1f5c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:17:59.0585 0x1f5c  HidBatt - ok
22:17:59.0605 0x1f5c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:17:59.0625 0x1f5c  HidBth - ok
22:17:59.0645 0x1f5c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:17:59.0665 0x1f5c  HidIr - ok
22:17:59.0695 0x1f5c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
22:17:59.0725 0x1f5c  hidserv - ok
22:17:59.0765 0x1f5c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:17:59.0785 0x1f5c  HidUsb - ok
22:17:59.0825 0x1f5c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:17:59.0865 0x1f5c  hkmsvc - ok
22:17:59.0895 0x1f5c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:17:59.0905 0x1f5c  HomeGroupListener - ok
22:17:59.0935 0x1f5c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:17:59.0955 0x1f5c  HomeGroupProvider - ok
22:18:00.0065 0x1f5c  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:18:00.0085 0x1f5c  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
22:18:00.0165 0x1f5c  Detect skipped due to KSN trusted
22:18:00.0165 0x1f5c  hpqcxs08 - ok
22:18:00.0185 0x1f5c  [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:18:00.0195 0x1f5c  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
22:18:00.0275 0x1f5c  Detect skipped due to KSN trusted
22:18:00.0275 0x1f5c  hpqddsvc - ok
22:18:00.0325 0x1f5c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:18:00.0335 0x1f5c  HpSAMD - ok
22:18:00.0405 0x1f5c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:18:00.0445 0x1f5c  HTTP - ok
22:18:00.0485 0x1f5c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:18:00.0495 0x1f5c  hwpolicy - ok
22:18:00.0545 0x1f5c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:18:00.0565 0x1f5c  i8042prt - ok
22:18:00.0615 0x1f5c  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:18:00.0645 0x1f5c  iaStorV - ok
22:18:00.0745 0x1f5c  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:18:00.0755 0x1f5c  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
22:18:00.0855 0x1f5c  Detect skipped due to KSN trusted
22:18:00.0855 0x1f5c  IDriverT - ok
22:18:00.0925 0x1f5c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:18:00.0965 0x1f5c  idsvc - ok
22:18:00.0985 0x1f5c  IEEtwCollectorService - ok
22:18:01.0015 0x1f5c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:18:01.0025 0x1f5c  iirsp - ok
22:18:01.0065 0x1f5c  [ F2C300C2E56F016B485B88080CD7D2FE, 3C4904B3BA45C0DCCD6789E9C7FC1191BCA3C6B498CDE5D77CA06359FBBDD5E7 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
22:18:01.0075 0x1f5c  ikbevent - ok
22:18:01.0155 0x1f5c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:18:01.0195 0x1f5c  IKEEXT - ok
22:18:01.0205 0x1f5c  [ 5082439C30729042C60075A1176DA19C, 3747C6740EF33BF21FB9DE44025436D42085116341EBD2D6FD6CC5518A7E42F4 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
22:18:01.0215 0x1f5c  imsevent - ok
22:18:01.0325 0x1f5c  [ F2744FD54BE1580BE05916D1C755C92A, 27FAC146876B6C6EBE0C00CDEC3E01C69DACB2584BEC85DD0FE5B55AD2157452 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:18:01.0435 0x1f5c  IntcAzAudAddService - ok
22:18:01.0505 0x1f5c  [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:18:01.0555 0x1f5c  Intel(R) Capability Licensing Service Interface - ok
22:18:01.0615 0x1f5c  [ 125BED41A1AFDA9CAB2B6177553D5758, 00A6267AACC467FA09B49ECC6076F4C666BE98931C97D821E3225D68A3FF1BF1 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
22:18:01.0635 0x1f5c  Intel(R) ME Service - ok
22:18:01.0655 0x1f5c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:18:01.0675 0x1f5c  intelide - ok
22:18:01.0705 0x1f5c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:18:01.0725 0x1f5c  intelppm - ok
22:18:01.0755 0x1f5c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:18:01.0805 0x1f5c  IPBusEnum - ok
22:18:01.0835 0x1f5c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:18:01.0875 0x1f5c  IpFilterDriver - ok
22:18:01.0945 0x1f5c  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:18:01.0985 0x1f5c  iphlpsvc - ok
22:18:02.0025 0x1f5c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:18:02.0045 0x1f5c  IPMIDRV - ok
22:18:02.0075 0x1f5c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:18:02.0095 0x1f5c  IPNAT - ok
22:18:02.0125 0x1f5c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:18:02.0135 0x1f5c  IRENUM - ok
22:18:02.0165 0x1f5c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:18:02.0185 0x1f5c  isapnp - ok
22:18:02.0235 0x1f5c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:18:02.0255 0x1f5c  iScsiPrt - ok
22:18:02.0295 0x1f5c  [ 5AB18D8055A4280C0F377A6262F3157E, 091366AE17601407E2A882BFF7901F1970C1111DA935B913BEAA2AFA76D4EEA2 ] ISCT            C:\Windows\system32\DRIVERS\ISCTD64.sys
22:18:02.0305 0x1f5c  ISCT - ok
22:18:02.0345 0x1f5c  [ B1010068CC23F73B874A70B94D6C8373, 9B11E1CE020F003153261F676B7AA479AF70E3A7CD748A0E79CF5E97C02A8FA5 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
22:18:02.0365 0x1f5c  ISCTAgent - ok
22:18:02.0415 0x1f5c  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:18:02.0425 0x1f5c  iusb3hcs - ok
22:18:02.0475 0x1f5c  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:18:02.0505 0x1f5c  iusb3hub - ok
22:18:02.0535 0x1f5c  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:18:02.0565 0x1f5c  iusb3xhc - ok
22:18:02.0595 0x1f5c  [ 5B14FDE79871F83A5E0DCDC01F78BECF, B3103D4671F7BD4843C62D6080894E068F7E794CB02D7A84AEFB5AC10EA23BDE ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:18:02.0615 0x1f5c  jhi_service - ok
22:18:02.0645 0x1f5c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:18:02.0655 0x1f5c  kbdclass - ok
22:18:02.0665 0x1f5c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:18:02.0675 0x1f5c  kbdhid - ok
22:18:02.0685 0x1f5c  [ D6CCBE51C4FAA41F21BC451AE2C95B97, 17C99A71E169DD885B40717508D7988B7D0A78BACB11392890ED80518D0BF3F5 ] KeyIso          C:\Windows\system32\lsass.exe
22:18:02.0695 0x1f5c  KeyIso - ok
22:18:02.0725 0x1f5c  [ 1C19A55425902DC7EAFD208664837F5B, 8021BCDD0A010351490B8647379776030179F2390365C004A839A00C030D9D3D ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:18:02.0735 0x1f5c  KSecDD - ok
22:18:02.0775 0x1f5c  [ 800B40CE64259F6EEFB1627C9DA0038E, 21D02F7790FB8089C6006A4B65763F8F7F4F52B7D84D2743B8967A542FF42214 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:18:02.0805 0x1f5c  KSecPkg - ok
22:18:02.0815 0x1f5c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:18:02.0845 0x1f5c  ksthunk - ok
22:18:02.0885 0x1f5c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:18:02.0925 0x1f5c  KtmRm - ok
22:18:02.0975 0x1f5c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:18:03.0015 0x1f5c  LanmanServer - ok
22:18:03.0045 0x1f5c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:18:03.0075 0x1f5c  LanmanWorkstation - ok
22:18:03.0105 0x1f5c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:18:03.0125 0x1f5c  lltdio - ok
22:18:03.0165 0x1f5c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:18:03.0205 0x1f5c  lltdsvc - ok
22:18:03.0235 0x1f5c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:18:03.0265 0x1f5c  lmhosts - ok
22:18:03.0295 0x1f5c  [ 3974B7CE015A6EEF30DA4ADD5F1203D0, ED776F1C1B1834550F3D45591EB1F0829BBA07F9F7CB73F7FBB0AFDEF8F4411B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:18:03.0305 0x1f5c  LMS - ok
22:18:03.0335 0x1f5c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:18:03.0345 0x1f5c  LSI_FC - ok
22:18:03.0355 0x1f5c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:18:03.0365 0x1f5c  LSI_SAS - ok
22:18:03.0375 0x1f5c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:18:03.0385 0x1f5c  LSI_SAS2 - ok
22:18:03.0405 0x1f5c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:18:03.0415 0x1f5c  LSI_SCSI - ok
22:18:03.0445 0x1f5c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:18:03.0475 0x1f5c  luafv - ok
22:18:03.0495 0x1f5c  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
22:18:03.0505 0x1f5c  MBfilt - ok
22:18:03.0535 0x1f5c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:18:03.0545 0x1f5c  Mcx2Svc - ok
22:18:03.0565 0x1f5c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:18:03.0565 0x1f5c  megasas - ok
22:18:03.0585 0x1f5c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:18:03.0605 0x1f5c  MegaSR - ok
22:18:03.0635 0x1f5c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:18:03.0645 0x1f5c  MEIx64 - ok
22:18:03.0665 0x1f5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:18:03.0705 0x1f5c  MMCSS - ok
22:18:03.0725 0x1f5c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:18:03.0755 0x1f5c  Modem - ok
22:18:03.0775 0x1f5c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:18:03.0785 0x1f5c  monitor - ok
22:18:03.0825 0x1f5c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:18:03.0845 0x1f5c  mouclass - ok
22:18:03.0875 0x1f5c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:18:03.0885 0x1f5c  mouhid - ok
22:18:03.0925 0x1f5c  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:18:03.0935 0x1f5c  mountmgr - ok
22:18:03.0995 0x1f5c  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:18:04.0005 0x1f5c  MozillaMaintenance - ok
22:18:04.0045 0x1f5c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:18:04.0065 0x1f5c  mpio - ok
22:18:04.0075 0x1f5c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:18:04.0095 0x1f5c  mpsdrv - ok
22:18:04.0155 0x1f5c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:18:04.0195 0x1f5c  MpsSvc - ok
22:18:04.0235 0x1f5c  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:18:04.0245 0x1f5c  MRxDAV - ok
22:18:04.0275 0x1f5c  [ 2EB36DF5E373FCD1783F941A85803F9F, B492BD954CD88F359B33528752B990E03B96337E60F4E732977A1820562FC73B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:18:04.0295 0x1f5c  mrxsmb - ok
22:18:04.0345 0x1f5c  [ 6C6A67FFEC4C06AEB61BC07E5E5B03C1, D0C461BAD39E9F7606AAE3CCE245252451DE1B391CB279C4E90ECE002CCDB2D7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:18:04.0375 0x1f5c  mrxsmb10 - ok
22:18:04.0405 0x1f5c  [ D9973E3B4637A4EA35DBF86A26F58270, C571FDCBBF7D5A79FCCD0A308FC5BBA2DCB9E04BB544316BFEB69C31AC803D38 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:18:04.0415 0x1f5c  mrxsmb20 - ok
22:18:04.0455 0x1f5c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:18:04.0465 0x1f5c  msahci - ok
22:18:04.0485 0x1f5c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:18:04.0495 0x1f5c  msdsm - ok
22:18:04.0505 0x1f5c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:18:04.0525 0x1f5c  MSDTC - ok
22:18:04.0555 0x1f5c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:18:04.0575 0x1f5c  Msfs - ok
22:18:04.0605 0x1f5c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:18:04.0625 0x1f5c  mshidkmdf - ok
22:18:04.0635 0x1f5c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:18:04.0645 0x1f5c  msisadrv - ok
22:18:04.0675 0x1f5c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:18:04.0705 0x1f5c  MSiSCSI - ok
22:18:04.0705 0x1f5c  msiserver - ok
22:18:04.0725 0x1f5c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:18:04.0755 0x1f5c  MSKSSRV - ok
22:18:04.0775 0x1f5c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:18:04.0795 0x1f5c  MSPCLOCK - ok
22:18:04.0815 0x1f5c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:18:04.0835 0x1f5c  MSPQM - ok
22:18:04.0875 0x1f5c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:18:04.0935 0x1f5c  MsRPC - ok
22:18:04.0965 0x1f5c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:18:04.0975 0x1f5c  mssmbios - ok
22:18:04.0985 0x1f5c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:18:05.0015 0x1f5c  MSTEE - ok
22:18:05.0025 0x1f5c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:18:05.0035 0x1f5c  MTConfig - ok
22:18:05.0055 0x1f5c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:18:05.0065 0x1f5c  Mup - ok
22:18:05.0085 0x1f5c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:18:05.0125 0x1f5c  napagent - ok
22:18:05.0155 0x1f5c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:18:05.0175 0x1f5c  NativeWifiP - ok
22:18:05.0235 0x1f5c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:18:05.0285 0x1f5c  NDIS - ok
22:18:05.0315 0x1f5c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:18:05.0355 0x1f5c  NdisCap - ok
22:18:05.0395 0x1f5c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:18:05.0425 0x1f5c  NdisTapi - ok
22:18:05.0485 0x1f5c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:18:05.0515 0x1f5c  Ndisuio - ok
22:18:05.0545 0x1f5c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:18:05.0565 0x1f5c  NdisWan - ok
22:18:05.0615 0x1f5c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:18:05.0635 0x1f5c  NDProxy - ok
22:18:05.0675 0x1f5c  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:18:05.0685 0x1f5c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:18:05.0755 0x1f5c  Detect skipped due to KSN trusted
22:18:05.0755 0x1f5c  Net Driver HPZ12 - ok
22:18:05.0785 0x1f5c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:18:05.0815 0x1f5c  NetBIOS - ok
22:18:05.0845 0x1f5c  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:18:05.0865 0x1f5c  NetBT - ok
22:18:05.0885 0x1f5c  [ D6CCBE51C4FAA41F21BC451AE2C95B97, 17C99A71E169DD885B40717508D7988B7D0A78BACB11392890ED80518D0BF3F5 ] Netlogon        C:\Windows\system32\lsass.exe
22:18:05.0895 0x1f5c  Netlogon - ok
22:18:05.0915 0x1f5c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:18:05.0955 0x1f5c  Netman - ok
22:18:05.0985 0x1f5c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:18:06.0015 0x1f5c  netprofm - ok
22:18:06.0035 0x1f5c  [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:18:06.0055 0x1f5c  NetTcpPortSharing - ok
22:18:06.0065 0x1f5c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:18:06.0075 0x1f5c  nfrd960 - ok
22:18:06.0115 0x1f5c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:18:06.0135 0x1f5c  NlaSvc - ok
22:18:06.0155 0x1f5c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:18:06.0185 0x1f5c  Npfs - ok
22:18:06.0225 0x1f5c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:18:06.0265 0x1f5c  nsi - ok
22:18:06.0275 0x1f5c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:18:06.0315 0x1f5c  nsiproxy - ok
22:18:06.0375 0x1f5c  [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:18:06.0435 0x1f5c  Ntfs - ok
22:18:06.0445 0x1f5c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:18:06.0475 0x1f5c  Null - ok
22:18:06.0515 0x1f5c  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:18:06.0525 0x1f5c  nvraid - ok
22:18:06.0555 0x1f5c  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:18:06.0565 0x1f5c  nvstor - ok
22:18:06.0605 0x1f5c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:18:06.0625 0x1f5c  nv_agp - ok
22:18:06.0665 0x1f5c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:18:06.0685 0x1f5c  ohci1394 - ok
22:18:06.0765 0x1f5c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:06.0785 0x1f5c  ose - ok
22:18:06.0815 0x1f5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:18:06.0835 0x1f5c  p2pimsvc - ok
22:18:06.0865 0x1f5c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:18:06.0885 0x1f5c  p2psvc - ok
22:18:06.0915 0x1f5c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:18:06.0925 0x1f5c  Parport - ok
22:18:06.0975 0x1f5c  [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:18:06.0995 0x1f5c  partmgr - ok
22:18:07.0035 0x1f5c  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:18:07.0045 0x1f5c  PcaSvc - ok
22:18:07.0065 0x1f5c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:18:07.0075 0x1f5c  pci - ok
22:18:07.0125 0x1f5c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:18:07.0135 0x1f5c  pciide - ok
22:18:07.0165 0x1f5c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:18:07.0185 0x1f5c  pcmcia - ok
22:18:07.0205 0x1f5c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:18:07.0215 0x1f5c  pcw - ok
22:18:07.0335 0x1f5c  [ 501015A7570DA3E2B159B6191B37B347, C202C053ED78E956C00EDB8F265CED53344BD90D3A614FBFF789B98B0C4D7A90 ] PDF Architect 3 C:\Program Files (x86)\PDF Architect 3\ws.exe
22:18:07.0415 0x1f5c  PDF Architect 3 - ok
22:18:07.0475 0x1f5c  [ 07DA9CEDFC7441AE061DFA7E2BD825F6, 35A8060EA0E2E34EBB1EB25F40BB72A6D3B83CBA8BD8CD4BF9E427A777D42D28 ] PDF Architect 3 CrashHandler C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
22:18:07.0515 0x1f5c  PDF Architect 3 CrashHandler - ok
22:18:07.0555 0x1f5c  [ 1234BB5F8C7EC1E52F32A3EBF65F52EA, AEE529A96C6F21D27B3F5AEF6AADF42129C676584DEE550C8F42815D1C913B0C ] PDF Architect 3 Creator C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
22:18:07.0585 0x1f5c  PDF Architect 3 Creator - ok
22:18:07.0655 0x1f5c  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:18:07.0685 0x1f5c  PEAUTH - ok
22:18:07.0775 0x1f5c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:18:07.0795 0x1f5c  PerfHost - ok
22:18:07.0875 0x1f5c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:18:07.0945 0x1f5c  pla - ok
22:18:07.0965 0x1f5c  [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:18:08.0005 0x1f5c  PlugPlay - ok
22:18:08.0055 0x1f5c  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:18:08.0065 0x1f5c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:18:08.0145 0x1f5c  Detect skipped due to KSN trusted
22:18:08.0145 0x1f5c  Pml Driver HPZ12 - ok
22:18:08.0175 0x1f5c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:18:08.0195 0x1f5c  PNRPAutoReg - ok
22:18:08.0215 0x1f5c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:18:08.0235 0x1f5c  PNRPsvc - ok
22:18:08.0275 0x1f5c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:18:08.0295 0x1f5c  PolicyAgent - ok
22:18:08.0325 0x1f5c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:18:08.0355 0x1f5c  Power - ok
22:18:08.0395 0x1f5c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:18:08.0415 0x1f5c  PptpMiniport - ok
22:18:08.0425 0x1f5c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:18:08.0435 0x1f5c  Processor - ok
22:18:08.0475 0x1f5c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:18:08.0495 0x1f5c  ProfSvc - ok
22:18:08.0515 0x1f5c  [ D6CCBE51C4FAA41F21BC451AE2C95B97, 17C99A71E169DD885B40717508D7988B7D0A78BACB11392890ED80518D0BF3F5 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:18:08.0535 0x1f5c  ProtectedStorage - ok
22:18:08.0585 0x1f5c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:18:08.0615 0x1f5c  Psched - ok
22:18:08.0675 0x1f5c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:18:08.0725 0x1f5c  ql2300 - ok
22:18:08.0745 0x1f5c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:08.0755 0x1f5c  ql40xx - ok
22:18:08.0815 0x1f5c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:18:08.0835 0x1f5c  QWAVE - ok
22:18:08.0845 0x1f5c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:18:08.0865 0x1f5c  QWAVEdrv - ok
22:18:08.0885 0x1f5c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:18:08.0905 0x1f5c  RasAcd - ok
22:18:08.0935 0x1f5c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:08.0965 0x1f5c  RasAgileVpn - ok
22:18:08.0975 0x1f5c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:18:08.0995 0x1f5c  RasAuto - ok
22:18:09.0025 0x1f5c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:09.0055 0x1f5c  Rasl2tp - ok
22:18:09.0095 0x1f5c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:18:09.0125 0x1f5c  RasMan - ok
22:18:09.0155 0x1f5c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:09.0175 0x1f5c  RasPppoe - ok
22:18:09.0205 0x1f5c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:18:09.0235 0x1f5c  RasSstp - ok
22:18:09.0275 0x1f5c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:18:09.0305 0x1f5c  rdbss - ok
22:18:09.0315 0x1f5c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:09.0325 0x1f5c  rdpbus - ok
22:18:09.0355 0x1f5c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:09.0385 0x1f5c  RDPCDD - ok
22:18:09.0395 0x1f5c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:18:09.0425 0x1f5c  RDPENCDD - ok
22:18:09.0425 0x1f5c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:18:09.0445 0x1f5c  RDPREFMP - ok
22:18:09.0485 0x1f5c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:18:09.0515 0x1f5c  RDPWD - ok
22:18:09.0565 0x1f5c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:18:09.0585 0x1f5c  rdyboost - ok
22:18:09.0625 0x1f5c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:18:09.0655 0x1f5c  RemoteAccess - ok
22:18:09.0685 0x1f5c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:18:09.0755 0x1f5c  RemoteRegistry - ok
22:18:09.0767 0x1f5c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:18:09.0787 0x1f5c  RpcEptMapper - ok
22:18:09.0817 0x1f5c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:18:09.0827 0x1f5c  RpcLocator - ok
22:18:09.0867 0x1f5c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
22:18:09.0907 0x1f5c  RpcSs - ok
22:18:09.0937 0x1f5c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:18:09.0967 0x1f5c  rspndr - ok
22:18:10.0007 0x1f5c  [ 9140DB0911DE035FED0A9A77A2D156EA, 07C9D7E2978062ABD84B58B390360D4C0F72C6A5A2310444579DC095943BD008 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:18:10.0027 0x1f5c  RTL8167 - ok
22:18:10.0037 0x1f5c  [ D6CCBE51C4FAA41F21BC451AE2C95B97, 17C99A71E169DD885B40717508D7988B7D0A78BACB11392890ED80518D0BF3F5 ] SamSs           C:\Windows\system32\lsass.exe
22:18:10.0047 0x1f5c  SamSs - ok
22:18:10.0077 0x1f5c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:18:10.0087 0x1f5c  sbp2port - ok
22:18:10.0117 0x1f5c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:18:10.0147 0x1f5c  SCardSvr - ok
22:18:10.0187 0x1f5c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:18:10.0207 0x1f5c  scfilter - ok
22:18:10.0257 0x1f5c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
22:18:10.0297 0x1f5c  Schedule - ok
22:18:10.0347 0x1f5c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:18:10.0387 0x1f5c  SCPolicySvc - ok
22:18:10.0437 0x1f5c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:18:10.0457 0x1f5c  SDRSVC - ok
22:18:10.0487 0x1f5c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:18:10.0497 0x1f5c  secdrv - ok
22:18:10.0527 0x1f5c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
22:18:10.0547 0x1f5c  seclogon - ok
22:18:10.0567 0x1f5c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
22:18:10.0607 0x1f5c  SENS - ok
22:18:10.0627 0x1f5c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:18:10.0637 0x1f5c  SensrSvc - ok
22:18:10.0667 0x1f5c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:18:10.0677 0x1f5c  Serenum - ok
22:18:10.0697 0x1f5c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:18:10.0707 0x1f5c  Serial - ok
22:18:10.0737 0x1f5c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:18:10.0747 0x1f5c  sermouse - ok
22:18:10.0777 0x1f5c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:18:10.0807 0x1f5c  SessionEnv - ok
22:18:10.0847 0x1f5c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:18:10.0857 0x1f5c  sffdisk - ok
22:18:10.0857 0x1f5c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:18:10.0867 0x1f5c  sffp_mmc - ok
22:18:10.0877 0x1f5c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:18:10.0887 0x1f5c  sffp_sd - ok
22:18:10.0897 0x1f5c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:10.0907 0x1f5c  sfloppy - ok
22:18:10.0937 0x1f5c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:18:10.0977 0x1f5c  SharedAccess - ok
22:18:11.0027 0x1f5c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:18:11.0057 0x1f5c  ShellHWDetection - ok
22:18:11.0077 0x1f5c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:11.0097 0x1f5c  SiSRaid2 - ok
22:18:11.0117 0x1f5c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:11.0127 0x1f5c  SiSRaid4 - ok
22:18:11.0157 0x1f5c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:18:11.0177 0x1f5c  Smb - ok
22:18:11.0217 0x1f5c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:18:11.0227 0x1f5c  SNMPTRAP - ok
22:18:11.0237 0x1f5c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:18:11.0237 0x1f5c  spldr - ok
22:18:11.0297 0x1f5c  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
22:18:11.0337 0x1f5c  Spooler - ok
22:18:11.0457 0x1f5c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:18:11.0567 0x1f5c  sppsvc - ok
22:18:11.0597 0x1f5c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:18:11.0627 0x1f5c  sppuinotify - ok
22:18:11.0657 0x1f5c  [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:18:11.0677 0x1f5c  srv - ok
22:18:11.0717 0x1f5c  [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:18:11.0737 0x1f5c  srv2 - ok
22:18:11.0767 0x1f5c  [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:18:11.0787 0x1f5c  srvnet - ok
22:18:11.0817 0x1f5c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:18:11.0847 0x1f5c  SSDPSRV - ok
22:18:11.0867 0x1f5c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:18:11.0887 0x1f5c  SstpSvc - ok
22:18:11.0917 0x1f5c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:18:11.0927 0x1f5c  stexstor - ok
22:18:11.0967 0x1f5c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:18:11.0997 0x1f5c  stisvc - ok
22:18:12.0027 0x1f5c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:18:12.0037 0x1f5c  swenum - ok
22:18:12.0057 0x1f5c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:18:12.0097 0x1f5c  swprv - ok
22:18:12.0177 0x1f5c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
22:18:12.0227 0x1f5c  SysMain - ok
22:18:12.0257 0x1f5c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:18:12.0277 0x1f5c  TabletInputService - ok
22:18:12.0327 0x1f5c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:18:12.0367 0x1f5c  TapiSrv - ok
22:18:12.0397 0x1f5c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:18:12.0427 0x1f5c  TBS - ok
22:18:12.0487 0x1f5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:18:12.0547 0x1f5c  Tcpip - ok
22:18:12.0607 0x1f5c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:18:12.0667 0x1f5c  TCPIP6 - ok
22:18:12.0727 0x1f5c  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:18:12.0757 0x1f5c  tcpipreg - ok
22:18:12.0787 0x1f5c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:18:12.0797 0x1f5c  TDPIPE - ok
22:18:12.0807 0x1f5c  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:18:12.0837 0x1f5c  TDTCP - ok
22:18:12.0877 0x1f5c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:18:12.0897 0x1f5c  tdx - ok
22:18:12.0937 0x1f5c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:18:12.0957 0x1f5c  TermDD - ok
22:18:12.0997 0x1f5c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
22:18:13.0032 0x1f5c  TermService - ok
22:18:13.0049 0x1f5c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:18:13.0059 0x1f5c  Themes - ok
22:18:13.0089 0x1f5c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:18:13.0109 0x1f5c  THREADORDER - ok
22:18:13.0119 0x1f5c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:18:13.0149 0x1f5c  TrkWks - ok
22:18:13.0209 0x1f5c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:18:13.0249 0x1f5c  TrustedInstaller - ok
22:18:13.0279 0x1f5c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:13.0289 0x1f5c  tssecsrv - ok
22:18:13.0329 0x1f5c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:18:13.0349 0x1f5c  TsUsbFlt - ok
22:18:13.0399 0x1f5c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:18:13.0439 0x1f5c  tunnel - ok
22:18:13.0479 0x1f5c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:18:13.0499 0x1f5c  uagp35 - ok
22:18:13.0539 0x1f5c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:18:13.0579 0x1f5c  udfs - ok
22:18:13.0619 0x1f5c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:18:13.0639 0x1f5c  UI0Detect - ok
22:18:13.0679 0x1f5c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:18:13.0699 0x1f5c  uliagpkx - ok
22:18:13.0749 0x1f5c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
22:18:13.0769 0x1f5c  umbus - ok
22:18:13.0779 0x1f5c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:18:13.0789 0x1f5c  UmPass - ok
22:18:13.0859 0x1f5c  [ 1E9A5658E0EBDBC381F52123363F74CB, 62CB592F32BCC10FC9C3AF44941CC473F2F62EEBF829CA383F118650451F8F7E ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:18:13.0889 0x1f5c  UNS - ok
22:18:13.0909 0x1f5c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:18:13.0959 0x1f5c  upnphost - ok
22:18:13.0989 0x1f5c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:14.0009 0x1f5c  usbccgp - ok
22:18:14.0049 0x1f5c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:18:14.0069 0x1f5c  usbcir - ok
22:18:14.0099 0x1f5c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:18:14.0109 0x1f5c  usbehci - ok
22:18:14.0179 0x1f5c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:18:14.0209 0x1f5c  usbhub - ok
22:18:14.0239 0x1f5c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:18:14.0249 0x1f5c  usbohci - ok
22:18:14.0279 0x1f5c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:18:14.0289 0x1f5c  usbprint - ok
22:18:14.0319 0x1f5c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
22:18:14.0329 0x1f5c  usbscan - ok
22:18:14.0359 0x1f5c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:14.0369 0x1f5c  USBSTOR - ok
22:18:14.0409 0x1f5c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:18:14.0419 0x1f5c  usbuhci - ok
22:18:14.0449 0x1f5c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:18:14.0479 0x1f5c  UxSms - ok
22:18:14.0489 0x1f5c  [ D6CCBE51C4FAA41F21BC451AE2C95B97, 17C99A71E169DD885B40717508D7988B7D0A78BACB11392890ED80518D0BF3F5 ] VaultSvc        C:\Windows\system32\lsass.exe
22:18:14.0499 0x1f5c  VaultSvc - ok
22:18:14.0519 0x1f5c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:18:14.0529 0x1f5c  vdrvroot - ok
22:18:14.0579 0x1f5c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:18:14.0609 0x1f5c  vds - ok
22:18:14.0639 0x1f5c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:14.0649 0x1f5c  vga - ok
22:18:14.0669 0x1f5c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:18:14.0699 0x1f5c  VgaSave - ok
22:18:14.0749 0x1f5c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:18:14.0779 0x1f5c  vhdmp - ok
22:18:14.0809 0x1f5c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:18:14.0829 0x1f5c  viaide - ok
22:18:14.0869 0x1f5c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:18:14.0889 0x1f5c  volmgr - ok
22:18:14.0929 0x1f5c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:18:14.0959 0x1f5c  volmgrx - ok
22:18:14.0969 0x1f5c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:18:14.0989 0x1f5c  volsnap - ok
22:18:15.0019 0x1f5c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:15.0039 0x1f5c  vsmraid - ok
22:18:15.0129 0x1f5c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:18:15.0609 0x1f5c  VSS - ok
22:18:15.0639 0x1f5c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:18:15.0659 0x1f5c  vwifibus - ok
22:18:15.0689 0x1f5c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:18:15.0729 0x1f5c  W32Time - ok
22:18:15.0739 0x1f5c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:18:15.0749 0x1f5c  WacomPen - ok
22:18:15.0789 0x1f5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:18:15.0839 0x1f5c  WANARP - ok
22:18:15.0849 0x1f5c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:18:15.0879 0x1f5c  Wanarpv6 - ok
22:18:15.0949 0x1f5c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:18:16.0009 0x1f5c  wbengine - ok
22:18:16.0019 0x1f5c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:18:16.0039 0x1f5c  WbioSrvc - ok
22:18:16.0099 0x1f5c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:18:16.0129 0x1f5c  wcncsvc - ok
22:18:16.0179 0x1f5c  [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:18:16.0199 0x1f5c  WcsPlugInService - ok
22:18:16.0199 0x1f5c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:18:16.0219 0x1f5c  Wd - ok
22:18:16.0289 0x1f5c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:18:16.0319 0x1f5c  Wdf01000 - ok
22:18:16.0339 0x1f5c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:18:16.0349 0x1f5c  WdiServiceHost - ok
22:18:16.0359 0x1f5c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:18:16.0369 0x1f5c  WdiSystemHost - ok
22:18:16.0419 0x1f5c  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
22:18:16.0439 0x1f5c  WebClient - ok
22:18:16.0469 0x1f5c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:18:16.0519 0x1f5c  Wecsvc - ok
22:18:16.0549 0x1f5c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:18:16.0579 0x1f5c  wercplsupport - ok
22:18:16.0589 0x1f5c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:18:16.0619 0x1f5c  WerSvc - ok
22:18:16.0639 0x1f5c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:18:16.0659 0x1f5c  WfpLwf - ok
22:18:16.0669 0x1f5c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:18:16.0679 0x1f5c  WIMMount - ok
22:18:16.0699 0x1f5c  WinDefend - ok
22:18:16.0709 0x1f5c  WinHttpAutoProxySvc - ok
22:18:16.0769 0x1f5c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:18:16.0819 0x1f5c  Winmgmt - ok
22:18:16.0909 0x1f5c  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:18:16.0969 0x1f5c  WinRM - ok
22:18:17.0019 0x1f5c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:18:17.0049 0x1f5c  WinUsb - ok
22:18:17.0089 0x1f5c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:18:17.0139 0x1f5c  Wlansvc - ok
22:18:17.0169 0x1f5c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:18:17.0189 0x1f5c  WmiAcpi - ok
22:18:17.0219 0x1f5c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:18:17.0239 0x1f5c  wmiApSrv - ok
22:18:17.0269 0x1f5c  WMPNetworkSvc - ok
22:18:17.0279 0x1f5c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:18:17.0289 0x1f5c  WPCSvc - ok
22:18:17.0329 0x1f5c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:18:17.0349 0x1f5c  WPDBusEnum - ok
22:18:17.0379 0x1f5c  [ 7CA09731EB7FC99B910C7F239E57720F, 502F8917A0811F37C39B2B3F5E9B4F38A0E899C30CB29D3ECD87A50FF228E536 ] WPRO_41_2001    C:\Windows\system32\drivers\WPRO_41_2001.sys
22:18:17.0389 0x1f5c  WPRO_41_2001 - ok
22:18:17.0399 0x1f5c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:18:17.0439 0x1f5c  ws2ifsl - ok
22:18:17.0459 0x1f5c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
22:18:17.0469 0x1f5c  wscsvc - ok
22:18:17.0479 0x1f5c  WSearch - ok
22:18:17.0579 0x1f5c  [ F24A345C584EC2EFC49F9F375EBDA2A5, 85FBB211CA2320363B5503E06AC23C6A89007D3777D696DF6D7ADB2369965ECD ] wuauserv        C:\Windows\system32\wuaueng.dll
22:18:17.0659 0x1f5c  wuauserv - ok
22:18:17.0669 0x1f5c  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:18:17.0699 0x1f5c  WudfPf - ok
22:18:17.0769 0x1f5c  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:17.0809 0x1f5c  WUDFRd - ok
22:18:17.0859 0x1f5c  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:18:17.0899 0x1f5c  wudfsvc - ok
22:18:17.0909 0x1f5c  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:18:17.0929 0x1f5c  WwanSvc - ok
22:18:17.0949 0x1f5c  ================ Scan global ===============================
22:18:17.0979 0x1f5c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
22:18:18.0019 0x1f5c  [ 1623550592C687B4F6E905FC39E8E8B0, 33D472C15964392391B1274551BFC3E228442BEEF1DCE99041D23E18753C2B35 ] C:\Windows\system32\winsrv.dll
22:18:18.0039 0x1f5c  [ 1623550592C687B4F6E905FC39E8E8B0, 33D472C15964392391B1274551BFC3E228442BEEF1DCE99041D23E18753C2B35 ] C:\Windows\system32\winsrv.dll
22:18:18.0059 0x1f5c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:18:18.0109 0x1f5c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:18:18.0119 0x1f5c  [ Global ] - ok
22:18:18.0119 0x1f5c  ================ Scan MBR ==================================
22:18:18.0129 0x1f5c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:18:18.0379 0x1f5c  \Device\Harddisk0\DR0 - ok
22:18:18.0379 0x1f5c  ================ Scan VBR ==================================
22:18:18.0379 0x1f5c  [ 32C2FD4853ACAB8A7220F229433C9DCB ] \Device\Harddisk0\DR0\Partition1
22:18:18.0379 0x1f5c  \Device\Harddisk0\DR0\Partition1 - ok
22:18:18.0379 0x1f5c  ================ Scan generic autorun ======================
22:18:18.0749 0x1f5c  [ C43D50453404EF1C6801EFFC2492A202, 1D4142E49B2F8129C5643A3B6AD3BA93520FA008D9382EFA60CCDC6172F48D43 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
22:18:18.0999 0x1f5c  RTHDVCPL - ok
22:18:19.0079 0x1f5c  [ 669072AD8B65B2B55CA29E58A68AEF35, 1A272EF904607268E2EDAE2F1C8F8FA3C407F617905BB0865E9868E9564A3687 ] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
22:18:19.0129 0x1f5c  XFast LAN - ok
22:18:19.0159 0x1f5c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\RunDLL32.exe
22:18:19.0179 0x1f5c  THXCfg64 - ok
22:18:19.0219 0x1f5c  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
22:18:19.0249 0x1f5c  USB3MON - ok
22:18:19.0399 0x1f5c  [ 24F4643941535195B19C962C96067DB8, C5A81D6888EDE79D678AB4A019C0A649481DF7DD5085C02BCBB381FD23C175C1 ] C:\Program Files (x86)\XFastUSB\XFastUsb.exe
22:18:19.0549 0x1f5c  XFastUSB - ok
22:18:19.0609 0x1f5c  [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
22:18:19.0619 0x1f5c  Adobe Reader Speed Launcher - ok
22:18:19.0729 0x1f5c  [ D29C3F2BEA792CC2196AF7B2BEB9E899, EC787FC79C01444BAEA4866146FCF810B664D4C176D3F3E9C58C436531EE4266 ] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
22:18:19.0759 0x1f5c  THX TruStudio NB Settings - detected UnsignedFile.Multi.Generic ( 1 )
22:18:19.0849 0x1f5c  Detect skipped due to KSN trusted
22:18:19.0849 0x1f5c  THX TruStudio NB Settings - ok
22:18:19.0879 0x1f5c  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
22:18:19.0899 0x1f5c  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
22:18:19.0989 0x1f5c  Detect skipped due to KSN trusted
22:18:19.0989 0x1f5c  UpdReg - ok
22:18:20.0109 0x1f5c  [ 504C916D52ABA407FD4DC1E709AEA71E, 8F279620247481F28DF7D9FD4A81173396E39EB807E24587E89CAF1172CC846C ] C:\Program Files (x86)\avmwlanstick\wlangui.exe
22:18:20.0169 0x1f5c  AVMWlanClient - detected UnsignedFile.Multi.Generic ( 1 )
22:18:20.0249 0x1f5c  Detect skipped due to KSN trusted
22:18:20.0249 0x1f5c  AVMWlanClient - ok
22:18:20.0329 0x1f5c  [ 80AB96177A32A695984C83B45D41AFFE, 6B6300551918995036EBA714BF1CF9924A471C7C52D130DB9E2811439ABF594C ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:18:20.0359 0x1f5c  StartCCC - ok
22:18:20.0429 0x1f5c  [ 21293443961A4E2597453EE7A9347F22, FDA88181C975C251E56D5A38E5473F45B9CB4E1258A6E93320D34D656AB1E6ED ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
22:18:20.0439 0x1f5c  HP Software Update - ok
22:18:20.0539 0x1f5c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:18:20.0579 0x1f5c  Sidebar - ok
22:18:20.0609 0x1f5c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:18:20.0649 0x1f5c  mctadmin - ok
22:18:20.0759 0x1f5c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:18:20.0799 0x1f5c  Sidebar - ok
22:18:20.0809 0x1f5c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:18:20.0819 0x1f5c  mctadmin - ok
22:18:20.0879 0x1f5c  [ 8DF7C2119DA7FDCE316E5EDBEEC46E47, 63CD2C02DBB2EE5A2214ED9A5F166CFB791F4BF57D7A1F12E694CB405D3B9319 ] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
22:18:20.0899 0x1f5c  MultiScreen - detected UnsignedFile.Multi.Generic ( 1 )
22:18:20.0969 0x1f5c  Detect skipped due to KSN trusted
22:18:20.0969 0x1f5c  MultiScreen - ok
22:18:20.0969 0x1f5c  Waiting for KSN requests completion. In queue: 87
22:18:21.0979 0x1f5c  AV detected via SS2: Antivirus by F-Secure, C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsavwsch.exe ( 11.0.22350.0 ), 0x41000 ( enabled : updated )
22:18:21.0989 0x1f5c  Win FW state via NFP2: enabled ( trusted )
22:18:22.0079 0x1f5c  ============================================================
22:18:22.0079 0x1f5c  Scan finished
22:18:22.0079 0x1f5c  ============================================================
22:18:22.0089 0x1da0  Detected object count: 0
22:18:22.0089 0x1da0  Actual detected object count: 0

M-K-D-B · 16.04.2017, 11:18

Servus,

die Logdateien sehen an sich gut aus.

Du könntest den IE noch zurücksetzen (wenn das nicht hilft, halte ich die Meldung für eine Falschmeldung von F-Secure):

IE :::
Setze folgendermassen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Hinweise:
Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
Starte deinen Rechner zum Abschluss neu auf.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen.

Virenscanner + Firewall
Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware.

Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

Emsisoft Anti-Malware (kostenpflichtig)
ESET NOD32 Antivirus (kostenpflichtig)
Microsoft Security Essentials (kostenlos)

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird)

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen.
Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms.

Absicherungen
Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren.
Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen.

Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:

Browser (Internet Explorer, Edge, Firefox, Chrome, Opera, etc.)
Flash-Player
Java
Adobe Reader

Optionale Browsererweiterungen

Adblock Plus oder uBlock Origin (Firefox - Chrome) - können Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren
NoScript - verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden.

Grundsätzliches

Ändere regelmäßig deine Online-Passwörter und erstelle regelmäßig Backups deiner wichtigen Dateien oder des Systems. Genaueres dazu findest du unten im Lesestoff zu Backups.
Lade keine Software von Chip, Softonic, SourceForge oder VLC.de. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Lade Software von einem sauberen Portal wie oder direkt beim jeweiligen Hersteller / Entwickler.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne die Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten bis nicht belegbar. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht.
Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Lesestoff:
Backup-/Image-Tools

Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), ansonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor "Verschlüsselungstrojanern" zu schützen.

Du solltest dich für eines der folgenden Programmen entscheiden und damit regelmäßig deine Daten sichern.

Optioin 1 - Drivesnapshot
Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64

Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe
Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe

Screenshots:
http://www.drivesnapshot.de/images/startup.png
http://www.drivesnapshot.de/images/save3.png

Option 2 - Seagate DiscWizard
Seagate DiscWizard - Download - Filepony

Screenshots:
http://filepony.de/screenshot/seagate_discwizard5.jpg
http://filepony.de/screenshot/seagate_discwizard4.png
http://filepony.de/screenshot/seagate_discwizard3.jpg

Option 3 - Acronis TrueImage WD Edition
Acronis True Image WD Edition - Download - Filepony

Screenshots:
http://filepony.de/screenshot/acroni...d_edition1.jpg
http://filepony.de/screenshot/acroni...d_edition2.jpg

Derio · 16.04.2017, 20:10

Ok, leider hat das Zurücksetzen des IE auch nicht geholfen.

Ich werde F-Secure kontaktieren, um mir bestätigen zu lassen, dass es sich um eine Falschmeldung handelt.

Vielen Dank für alles !

Nachtrag: Mir ist gerade aufgefallen, dass nach dem Ausführen von DelFix und anschließendem Neustart alle Dateien plötzlich samt ihrer Dateiendung angezeigt werden.

Also z.B. vorher: 'bild', jetzt: 'bild.jpg', vorher: 'Programm1', jetzt: 'Programm1.exe'

Wie kann ich dies wieder rückgängig machen ?

M-K-D-B · 16.04.2017, 20:35

Zitat:

Zitat von Derio

Wie kann ich dies wieder rückgängig machen ?

Klicke auf Start > Computer.
Wähle links oben Organisieren > Ordner- und Suchoptionen.
Klicke auf den Tab Ansicht.
Setze (falls nicht vorhanden) vor dem folgenden Punkt ein Häkchen:
- Erweiterungen bei bekannten Dateitypen ausblenden
Klicke auf Übernehmen und bestätige mit Ok.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

JS:Trojan.Cryxos.566 auf der Login-Seite vom Amazon-Verkaufsaccount

Log-Analyse und Auswertung: JS:Trojan.Cryxos.566 auf der Login-Seite vom Amazon-Verkaufsaccount