Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: E-Banking-Trojaner Gozi via Website verteilt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.04.2016, 22:29   #1
Treend
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Hallo Community,

Das grösste Schweizer Newsportal, 20minuten.ch wurde gehackt. Ich habe die Seite einige mal mit meinem Windows 10 System besucht. Avira Suchdurchlauf läuft gerade durch, gehe jedoch davon aus, dass da nichts gefunden wird. Geht sowas durch die Firewall durch? Bin mir etwas unsicher, da ich häufig E-Banking mit dem Computer betreibe. Wie kann ich herausfinden, ob ich nicht betroffen bin?

Hier der Beitrag dazu:

Zitat:
Heute wurde bekannt, dass via 20minuten.ch Schnüffelsoftware verteilt worden ist. Wir halten Sie an dieser Stelle über die Vorgänge und den Stand der Problemlösung auf dem Laufenden.

Was ist passiert?

Etwa 20 bis 50 Mal pro Tag werden die Server von 20 Minuten von Unbekannten angegriffen. Etwa alle drei Monate gelingt es einem Hacker in das System einzudringen. Der letzte uns bekannte Fall liegt eine Woche zurück. Dabei gelang es den Hackern, über die Domain 20minuten.ch Schadsoftware zu verteilen. Ursache ist eine verseuchte Flash-Datei. Mit Hilfe der Melde- und Analysestelle Informationssicherung des Bundes wurde diese identifiziert. Das Script versucht Schadcodes von einer Drittwebsite über Lücken auf die Computer der Besucher von 20 Minuten zu installieren. Dabei handelt es sich um den E-Banking-Trojaner Gozi. Die verseuchte Datei wurde von IT-Experten von 20 Minuten mittlerweile entfernt. Mit externen Experten werden derzeit weitere Abklärungen getroffen.

Was macht 20 Minuten?

20 Minuten nimmt diesen Vorfall sehr ernst. Die Sicherheitsmassnahmen sind gerade in den letzten Wochen sukzessive und massiv ausgebaut worden und werden aktuell in Absprache mit externen Experten weiter verschärft. Spezialisten konnten die Malware im System finden und löschen. Damit ist sichergestellt, dass von unserem News-Servern keine Gefahr ausgeht. Betroffen waren nur Zugriffe über Desktop-Computer. Die mobilen 20-Minuten-Apps für iPhone, iPad und Android waren zu keinem Zeitpunkt vom Malware-Angriff betroffen.

Was heisst das für mich? Bin ich in Gefahr?

Nach dem aktuellen Wissensstand wird die Schadsoftware nur über die Website 20minuten.ch verteilt. Das entspricht in etwa 20 Prozent des gesamten Traffics aller Kanäle. Von der App sowie von der mobilen Website ging zu keiner Zeit eine Gefahr für die Nutzer aus.

Was macht die Schadsoftware?

Die Malware scannt nach Schwachstellen auf Computern. Gozi sei schon länger aktiv, und es habe auch bereits finanzielle Schäden gegeben, sagte Pascal Lamia, Chef von Melani, gegenüber der Nachrichtenagentur sda. Bei dem jüngsten Angriff auf 20 Minuten seien noch keine Unregelmässigkeiten auf Bankkonten festgestellt worden. Es könne jedoch zwei bis drei Monate dauern, bis Gozi versucht, Geld abzuheben.

Was kann ich nun tun?

Wer die Website von 20 Minuten über einen Computer besucht hat, kann sich infiziert haben, muss aber nicht, wie Lamia sagte. Es sei schwierig festzustellen, ob der eigene Computer vom Trojaner befallen ist. Verdächtig seien beispielsweise eine sehr langsame Verbindung, ein blauer Bildschirm oder eine wiederholte Aufforderung, das Passwort einzugeben. Lamia rät, sich bei verdächtigen Vorkommnissen sofort mit der Hotline seiner Bank in Verbindung zu setzen.

Grundsätzlich gilt es, die eigene Antiviren-Software sowie den verwendeten Browser immer auf dem neusten Stand zu halten (Browsercheck des IT-Fachmagazins Heise.de). Zudem sollten System- und Softwareupdates umgehend installiert werden.

Die Melde- und Analysestelle Informationssicherung Melani gibt auf ihrer Website generelle Tipps zur Entfernung von Malware.
LG

Alt 08.04.2016, 19:09   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.04.2016, 19:19   #3
Treend
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Hallo Jürgen

Besten Dank für deine Antwort. Mittlerweile habe ich Avira, Norton Power Erase und Malewarebytes durchlaufen lassen, es wurde jedoch nichts gefunden. Bin aber dennoch etwas unsicher, da es sich um eine modifizierte Version von Gozi handeln soll, die vielleicht noch nicht erkannt wird. Hier die Logfiles:


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von Claudio (Administrator) auf CLAUDIO-PC (08-04-2016 20:16:45)
Gestartet von C:\Users\Claudio\Desktop
Geladene Profile: Claudio &  (Verfügbare Profile: Claudio)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\NETSTAT.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-15] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{437cbe5f-44b8-455a-87ca-6783bd6b0f03}: [DhcpNameServer] 122.122.10.1
Tcpip\..\Interfaces\{6fa535c9-f87b-4d71-b352-2c2b31e934ab}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2611234398-2104674559-16094915-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-27] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-27] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\ydwffxdl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Block site - C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\ydwffxdl.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-04-08]
FF Extension: Avira Browser Safety - C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\ydwffxdl.default\Extensions\abs@avira.com [2016-03-15]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [ist nicht signiert]

Chrome: 
=======
CHR Profile: C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-01]
CHR Extension: (Google Docs) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-01]
CHR Extension: (Google Drive) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01]
CHR Extension: (YouTube) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-01]
CHR Extension: (Google-Suche) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
CHR Extension: (Google Tabellen) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-01]
CHR Extension: (Avira Browserschutz) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-01]
CHR Extension: (Google Mail) - C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-05] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-01-05] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-01-05] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-11-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-03-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-11] (Avira Operations GmbH & Co. KG)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2015-11-05] (Microsoft Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-01-05] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-01-05] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-01-05] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-01-05] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-01-05] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-01-05] (Microsoft Corporation)
R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-01-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-01-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-08 20:16 - 2016-04-08 20:16 - 00020354 _____ C:\Users\Claudio\Desktop\FRST.txt
2016-04-08 20:15 - 2016-04-08 20:16 - 00000000 ____D C:\FRST
2016-04-08 20:15 - 2016-04-08 20:14 - 02374144 _____ (Farbar) C:\Users\Claudio\Desktop\FRST64.exe
2016-04-08 20:14 - 2016-04-08 20:14 - 02374144 _____ (Farbar) C:\Users\Claudio\Downloads\FRST64.exe
2016-04-08 19:27 - 2016-04-08 19:27 - 00004381 _____ C:\Windows\diagwrn.xml
2016-04-08 19:27 - 2016-04-08 19:27 - 00002515 _____ C:\Windows\diagerr.xml
2016-04-08 19:17 - 2016-04-08 19:17 - 00000000 ____D C:\$WINDOWS.~BT
2016-04-08 19:16 - 2016-04-08 19:16 - 18447464 _____ (Microsoft Corporation) C:\Users\Claudio\Downloads\MediaCreationTool.exe
2016-04-08 19:16 - 2016-04-08 19:16 - 00000000 ___HD C:\$Windows.~WS
2016-04-08 18:36 - 2016-04-08 19:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 18:36 - 2016-04-08 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-08 18:36 - 2016-04-08 18:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-08 18:36 - 2016-04-08 18:36 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-04-08 18:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-08 18:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-08 18:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-08 18:35 - 2016-04-08 18:35 - 22851472 _____ (Malwarebytes ) C:\Users\Claudio\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-08 18:34 - 2016-04-08 20:05 - 00002716 _____ C:\Windows\ntbtlog.txt
2016-04-08 18:30 - 2016-04-08 18:30 - 00000000 ____D C:\NPE
2016-04-08 18:27 - 2016-04-08 20:07 - 00000000 ____D C:\Users\Claudio\AppData\Local\NPE
2016-04-08 18:27 - 2016-04-08 18:27 - 00000000 ____D C:\ProgramData\Norton
2016-04-08 18:26 - 2016-04-08 18:26 - 10079720 _____ (Symantec Corporation) C:\Users\Claudio\Downloads\NPE.exe
2016-04-06 20:58 - 2016-04-05 14:16 - 00007461 _____ C:\Users\Claudio\Desktop\BaseScalability.ini
2016-04-05 14:49 - 2016-04-05 14:49 - 00000000 ____D C:\Users\Claudio\Downloads\Script Hook
2016-04-02 19:37 - 2016-04-02 19:37 - 00000000 ____D C:\Users\Claudio\AppData\LocalLow\Verdun
2016-04-02 02:07 - 2016-04-02 02:08 - 00000000 ____D C:\Users\Claudio\Desktop\Tor Browser
2016-03-30 20:18 - 2016-03-30 20:18 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Raptr
2016-03-29 21:54 - 2016-03-29 21:54 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\library_dir
2016-03-29 21:54 - 2016-03-29 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-03-29 21:54 - 2016-03-29 21:54 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-29 21:54 - 2016-03-29 21:54 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-29 21:54 - 2016-03-29 21:54 - 00000000 ____D C:\Program Files (x86)\AMD
2016-03-29 21:54 - 2016-02-16 01:27 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-03-29 21:54 - 2016-02-16 01:26 - 00126232 _____ C:\Windows\system32\vulkan-1.dll
2016-03-29 21:54 - 2016-02-16 01:25 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe
2016-03-29 21:54 - 2016-02-16 01:25 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-03-29 21:53 - 2016-03-29 21:53 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-03-29 21:52 - 2016-03-29 21:52 - 00000000 ____D C:\ProgramData\ATI
2016-03-27 19:09 - 2016-03-27 19:09 - 08468240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2016-03-27 19:09 - 2016-03-27 19:09 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-03-27 19:08 - 2016-03-27 19:08 - 06658384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2016-03-27 19:08 - 2016-03-27 19:08 - 00471352 _____ C:\Windows\system32\amdmiracast.dll
2016-03-27 19:08 - 2016-03-27 19:08 - 00120768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-03-27 19:08 - 2016-03-27 19:08 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-03-27 19:08 - 2016-03-27 19:08 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-03-27 19:05 - 2016-03-27 19:05 - 00183312 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-03-27 19:05 - 2016-03-27 19:05 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-03-27 19:05 - 2016-03-27 19:05 - 00122384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-03-27 19:04 - 2016-03-27 19:04 - 00874008 _____ (AMD) C:\Windows\system32\coinst_16.15.dll
2016-03-27 19:04 - 2016-03-27 19:04 - 00243728 _____ C:\Windows\system32\clinfo.exe
2016-03-27 19:04 - 2016-03-27 19:04 - 00232984 _____ C:\Windows\system32\dgtrayicon.exe
2016-03-27 19:04 - 2016-03-27 19:04 - 00012824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-03-27 19:04 - 2016-03-27 19:04 - 00012824 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-03-27 19:03 - 2016-03-27 19:03 - 25077784 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-03-27 19:03 - 2016-03-27 19:03 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-03-27 19:03 - 2016-03-27 19:03 - 00089616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-03-27 19:03 - 2016-03-27 19:03 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-03-27 19:02 - 2016-03-27 19:02 - 00573456 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-03-27 19:02 - 2016-03-27 19:02 - 00451088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-03-27 19:02 - 2016-03-27 19:02 - 00171024 _____ C:\Windows\system32\atieah64.exe
2016-03-27 19:02 - 2016-03-27 19:02 - 00154128 _____ C:\Windows\SysWOW64\atieah32.exe
2016-03-27 19:02 - 2016-03-27 19:02 - 00084496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-03-27 19:02 - 2016-03-27 19:02 - 00071184 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-03-27 19:02 - 2016-03-27 19:02 - 00060944 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-03-27 19:02 - 2016-03-27 19:02 - 00057872 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-03-27 19:01 - 2016-03-27 19:01 - 48221720 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-03-27 19:01 - 2016-03-27 19:01 - 05428760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-03-27 19:01 - 2016-03-27 19:01 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-03-27 19:00 - 2016-03-27 19:00 - 21739032 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-03-27 19:00 - 2016-03-27 19:00 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-03-27 18:59 - 2016-03-27 18:59 - 05406744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-03-27 18:59 - 2016-03-27 18:59 - 00305392 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-03-27 18:59 - 2016-03-27 18:59 - 00213520 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-03-27 18:59 - 2016-03-27 18:59 - 00198672 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-03-27 18:59 - 2016-03-27 18:59 - 00073744 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 40135696 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 30386712 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 26895888 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 15720464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 14310928 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 08929408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 06964760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 06893592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00953360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00953360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00710160 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00588816 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-03-27 18:56 - 2016-03-27 18:56 - 00341528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-03-27 18:56 - 2016-03-27 18:56 - 00260112 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-03-27 18:56 - 2016-03-27 18:56 - 00218640 _____ C:\Windows\system32\GameManager64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00203792 _____ C:\Windows\system32\hsa-thunk64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00199704 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00195088 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00143376 _____ C:\Windows\system32\amdhdl64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00132112 _____ C:\Windows\SysWOW64\amdhdl32.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00106000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00098320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00087056 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00068112 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00064528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-03-27 18:56 - 2016-03-27 18:56 - 00048144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-03-27 06:01 - 2016-03-27 06:01 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-03-27 06:01 - 2016-03-27 06:01 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-03-27 06:01 - 2016-03-27 06:01 - 00365824 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00322612 _____ C:\Windows\system32\ativvaxy_vi.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00320944 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00264736 _____ C:\Windows\system32\ativvaxy_stn_nd.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00260640 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00254804 _____ C:\Windows\system32\ativvaxy_FJ.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00251856 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00234292 _____ C:\Windows\system32\ativvaxy_cik.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00232496 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2016-03-27 06:01 - 2016-03-27 06:01 - 00177280 _____ C:\Windows\system32\ativce03.dat
2016-03-27 06:00 - 2016-03-27 06:00 - 00857576 _____ C:\Windows\system32\amdicdxx.dat
2016-03-27 06:00 - 2016-03-27 06:00 - 00697792 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-03-27 06:00 - 2016-03-27 06:00 - 00697792 _____ C:\Windows\system32\atiapfxx.blb
2016-03-27 06:00 - 2016-03-27 06:00 - 00175584 _____ C:\Windows\system32\amde31a.dat
2016-03-27 06:00 - 2016-03-27 06:00 - 00166624 _____ C:\Windows\system32\amde34b.dat
2016-03-27 06:00 - 2016-03-27 06:00 - 00166624 _____ C:\Windows\system32\amde34a.dat
2016-03-27 06:00 - 2016-03-27 06:00 - 00009184 _____ C:\Windows\system32\AMDKernelEvents.man
2016-03-27 06:00 - 2016-03-27 06:00 - 00000144 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2016-03-27 06:00 - 2016-03-27 06:00 - 00000144 _____ C:\Windows\system32\amd-vulkan64.json
2016-03-21 16:37 - 2016-03-21 16:37 - 00023240 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmafd.sys
2016-03-21 15:56 - 2016-03-21 15:56 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-03-20 00:53 - 2016-03-20 02:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-16 19:42 - 2016-03-16 19:42 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\Wireshark
2016-03-16 19:41 - 2016-03-16 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-03-16 19:41 - 2016-03-16 19:41 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-03-16 19:40 - 2016-03-16 19:41 - 00000000 ____D C:\Program Files\Wireshark
2016-03-14 00:53 - 2016-04-06 19:44 - 00000000 ____D C:\Users\Claudio\AppData\Roaming\StardewValley
2016-03-14 00:53 - 2016-03-14 00:53 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-03-09 00:14 - 2016-03-01 07:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-03-09 00:14 - 2016-03-01 07:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-09 00:14 - 2016-02-24 11:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 00:14 - 2016-02-24 11:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 00:14 - 2016-02-24 11:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 00:14 - 2016-02-24 11:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 00:14 - 2016-02-24 11:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 00:14 - 2016-02-24 11:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-09 00:14 - 2016-02-24 11:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-03-09 00:14 - 2016-02-24 11:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 00:14 - 2016-02-24 10:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 00:14 - 2016-02-24 10:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 00:14 - 2016-02-24 10:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 00:14 - 2016-02-24 10:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-03-09 00:14 - 2016-02-24 10:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-03-09 00:14 - 2016-02-24 10:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-03-09 00:14 - 2016-02-24 10:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 00:14 - 2016-02-24 10:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-03-09 00:14 - 2016-02-24 10:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 00:14 - 2016-02-24 10:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-03-09 00:14 - 2016-02-24 10:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-09 00:14 - 2016-02-24 10:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 00:14 - 2016-02-24 10:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-03-09 00:14 - 2016-02-24 10:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-09 00:14 - 2016-02-24 10:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-09 00:14 - 2016-02-24 10:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-09 00:14 - 2016-02-24 10:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-03-09 00:14 - 2016-02-24 10:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-03-09 00:14 - 2016-02-24 10:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-09 00:14 - 2016-02-24 10:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-09 00:14 - 2016-02-24 10:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-09 00:14 - 2016-02-24 09:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 00:14 - 2016-02-24 09:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-03-09 00:14 - 2016-02-24 09:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-03-09 00:14 - 2016-02-24 09:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-09 00:14 - 2016-02-24 09:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-03-09 00:14 - 2016-02-24 09:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-03-09 00:14 - 2016-02-24 09:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-03-09 00:14 - 2016-02-24 09:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-09 00:14 - 2016-02-24 09:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-09 00:14 - 2016-02-24 09:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-09 00:14 - 2016-02-24 09:35 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 00:14 - 2016-02-24 09:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-09 00:14 - 2016-02-24 09:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-09 00:14 - 2016-02-24 09:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 00:14 - 2016-02-24 09:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-03-09 00:14 - 2016-02-24 09:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-03-09 00:14 - 2016-02-24 09:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 00:14 - 2016-02-24 09:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-03-09 00:14 - 2016-02-24 09:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-03-09 00:14 - 2016-02-24 09:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-03-09 00:14 - 2016-02-24 09:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-03-09 00:14 - 2016-02-24 09:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-03-09 00:14 - 2016-02-24 09:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-03-09 00:14 - 2016-02-24 09:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 00:14 - 2016-02-24 09:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 00:14 - 2016-02-24 09:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-03-09 00:14 - 2016-02-24 09:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-03-09 00:14 - 2016-02-24 09:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-03-09 00:14 - 2016-02-24 09:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-03-09 00:14 - 2016-02-24 09:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-03-09 00:14 - 2016-02-24 09:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-03-09 00:14 - 2016-02-24 09:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-03-09 00:14 - 2016-02-24 09:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-03-09 00:14 - 2016-02-24 09:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-03-09 00:14 - 2016-02-24 09:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 00:14 - 2016-02-24 09:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-03-09 00:14 - 2016-02-24 09:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-03-09 00:14 - 2016-02-24 09:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-03-09 00:14 - 2016-02-24 09:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-03-09 00:14 - 2016-02-24 09:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-03-09 00:14 - 2016-02-24 08:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-03-09 00:14 - 2016-02-24 08:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-03-09 00:14 - 2016-02-24 08:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-03-09 00:14 - 2016-02-24 08:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-09 00:14 - 2016-02-24 08:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-03-09 00:14 - 2016-02-24 08:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-03-09 00:14 - 2016-02-24 08:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-03-09 00:14 - 2016-02-24 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-03-09 00:14 - 2016-02-24 08:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-03-09 00:14 - 2016-02-24 08:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-09 00:14 - 2016-02-24 08:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 00:14 - 2016-02-24 08:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-03-09 00:14 - 2016-02-24 08:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 00:14 - 2016-02-24 08:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-09 00:14 - 2016-02-24 08:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 00:14 - 2016-02-24 08:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 00:14 - 2016-02-24 08:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-03-09 00:14 - 2016-02-24 08:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 00:14 - 2016-02-24 08:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-03-09 00:14 - 2016-02-24 08:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-03-09 00:14 - 2016-02-24 08:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-09 00:14 - 2016-02-24 08:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-03-09 00:14 - 2016-02-24 08:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-03-09 00:14 - 2016-02-24 08:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-03-09 00:14 - 2016-02-24 08:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-03-09 00:14 - 2016-02-24 08:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-03-09 00:14 - 2016-02-24 08:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-03-09 00:14 - 2016-02-24 08:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-03-09 00:14 - 2016-02-24 08:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 00:14 - 2016-02-24 08:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 00:14 - 2016-02-24 08:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-03-09 00:14 - 2016-02-24 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-03-09 00:14 - 2016-02-24 08:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-03-09 00:14 - 2016-02-24 08:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-09 00:14 - 2016-02-24 08:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-03-09 00:14 - 2016-02-24 08:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 00:14 - 2016-02-24 08:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-03-09 00:14 - 2016-02-24 08:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-03-09 00:14 - 2016-02-24 08:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-03-09 00:14 - 2016-02-24 08:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 00:14 - 2016-02-24 08:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-03-09 00:14 - 2016-02-24 08:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-03-09 00:14 - 2016-02-24 08:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-03-09 00:14 - 2016-02-24 08:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-09 00:14 - 2016-02-24 08:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-03-09 00:14 - 2016-02-24 08:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-03-09 00:14 - 2016-02-24 08:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 00:14 - 2016-02-24 08:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 00:14 - 2016-02-24 08:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-03-09 00:14 - 2016-02-24 08:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-03-09 00:14 - 2016-02-24 08:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-03-09 00:14 - 2016-02-24 08:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-03-09 00:14 - 2016-02-24 08:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-09 00:14 - 2016-02-24 08:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-03-09 00:14 - 2016-02-24 08:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-09 00:14 - 2016-02-24 08:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-03-09 00:14 - 2016-02-24 08:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-03-09 00:14 - 2016-02-24 08:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-03-09 00:14 - 2016-02-24 08:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-09 00:14 - 2016-02-24 08:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-09 00:14 - 2016-02-24 08:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-03-09 00:14 - 2016-02-24 08:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-03-09 00:14 - 2016-02-24 08:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-09 00:14 - 2016-02-24 08:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-03-09 00:14 - 2016-02-24 08:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-09 00:14 - 2016-02-24 08:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 00:14 - 2016-02-24 08:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-03-09 00:14 - 2016-02-24 07:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-09 00:14 - 2016-02-24 07:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-03-09 00:14 - 2016-02-24 07:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-03-09 00:14 - 2016-02-24 07:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-09 00:14 - 2016-02-24 07:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-03-09 00:14 - 2016-02-24 07:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-09 00:14 - 2016-02-24 07:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-09 00:14 - 2016-02-24 07:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 00:14 - 2016-02-24 07:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 00:14 - 2016-02-24 07:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 00:14 - 2016-02-24 07:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 00:14 - 2016-02-24 07:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 00:14 - 2016-02-24 07:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 00:14 - 2016-02-24 06:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-09 00:14 - 2016-02-24 06:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-08 20:04 - 2016-02-29 23:59 - 00001134 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-08 19:45 - 2016-02-21 03:38 - 00000000 ____D C:\Users\Claudio\AppData\Local\Ubisoft Game Launcher
2016-04-08 19:45 - 2016-02-21 03:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-04-08 19:27 - 2016-01-03 16:02 - 00000000 ____D C:\Windows\Panther
2016-04-08 19:23 - 2016-01-25 19:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-08 19:21 - 2016-01-03 16:09 - 01803592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-08 19:21 - 2015-10-30 20:35 - 00776968 _____ C:\Windows\system32\perfh007.dat
2016-04-08 19:21 - 2015-10-30 20:35 - 00156280 _____ C:\Windows\system32\perfc007.dat
2016-04-08 19:21 - 2015-10-30 09:21 - 00000000 ____D C:\Windows\INF
2016-04-08 19:01 - 2016-01-03 18:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-08 18:30 - 2016-02-29 23:59 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-08 18:30 - 2016-01-03 16:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-08 18:30 - 2015-10-30 08:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-08 05:14 - 2016-01-03 16:05 - 00000000 ____D C:\Users\Claudio
2016-04-08 00:06 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-04-07 23:23 - 2016-01-25 19:48 - 00003870 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 22:44 - 2015-10-30 09:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-07 22:43 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-05 15:01 - 2016-01-03 17:38 - 00000000 ____D C:\Users\Claudio\AppData\Local\AMD
2016-04-05 15:00 - 2016-02-14 00:55 - 00000080 _____ C:\Users\Claudio\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-03-31 23:05 - 2016-03-01 00:00 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 23:05 - 2016-03-01 00:00 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-29 21:54 - 2016-01-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-03-29 21:50 - 2016-01-03 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-29 21:50 - 2016-01-03 16:08 - 00000000 ____D C:\Program Files\AMD
2016-03-29 21:50 - 2016-01-03 16:08 - 00000000 ____D C:\AMD
2016-03-27 19:10 - 2015-12-16 21:06 - 09618784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-03-27 19:10 - 2015-12-16 21:06 - 08669624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-03-27 19:09 - 2015-12-16 21:06 - 09675944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-03-27 19:09 - 2015-12-16 21:06 - 01539560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-03-27 19:09 - 2015-12-16 21:06 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-03-27 19:01 - 2015-12-16 21:25 - 01285136 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-03-27 18:56 - 2015-12-16 21:07 - 26354192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-03-27 18:56 - 2015-12-16 21:07 - 00685584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-03-27 18:56 - 2015-12-16 21:06 - 11735800 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-03-27 18:56 - 2015-12-16 21:06 - 07466032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-03-27 18:56 - 2015-12-16 21:06 - 01265208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-03-27 18:56 - 2015-12-16 21:06 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-03-27 18:56 - 2015-12-16 21:06 - 00143600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-03-27 00:44 - 2016-01-03 18:43 - 00000000 ____D C:\ProgramData\Oracle
2016-03-27 00:42 - 2016-01-03 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-27 00:42 - 2016-01-03 18:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-27 00:41 - 2016-01-03 18:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-27 00:41 - 2016-01-03 18:43 - 00000000 ____D C:\Users\Claudio\.oracle_jre_usage
2016-03-26 23:56 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-23 01:55 - 2015-10-30 09:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-21 23:22 - 2016-02-06 21:15 - 00000000 ___RD C:\Users\Claudio\Desktop\Hyper-V
2016-03-21 15:57 - 2015-07-22 00:42 - 00102400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWT6.sys
2016-03-20 02:22 - 2016-01-03 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 23:01 - 2016-01-03 16:06 - 00000000 ____D C:\Users\Claudio\AppData\Local\Packages
2016-03-15 21:03 - 2016-02-14 00:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-15 21:03 - 2016-02-14 00:54 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-15 20:22 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 20:21 - 2016-01-03 18:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-11 01:55 - 2016-01-03 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-11 01:54 - 2016-01-03 16:18 - 00137952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-03-11 01:54 - 2016-01-03 16:18 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-03-11 01:54 - 2016-01-03 16:18 - 00068936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-03-10 00:08 - 2016-01-03 16:03 - 00341800 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 00:08 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 00:08 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 00:08 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 00:08 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 00:05 - 2016-01-03 16:17 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 00:04 - 2016-01-03 16:17 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 23:56 - 2016-01-03 16:07 - 00002389 _____ C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-09 23:56 - 2016-01-03 16:07 - 00000000 ___RD C:\Users\Claudio\OneDrive

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-03 17:04 - 2016-01-03 17:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\Claudio\AppData\Local\Temp\avgnt.exe
C:\Users\Claudio\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Claudio\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Claudio\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Claudio\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Claudio\AppData\Local\Temp\playstv_patch.exe
C:\Users\Claudio\AppData\Local\Temp\raptrpatch.exe
C:\Users\Claudio\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-03 20:33

==================== Ende von FRST.txt ============================
         
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Claudio (2016-04-08 20:17:02)
Gestartet von C:\Users\Claudio\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-03 14:05:06)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2611234398-2104674559-16094915-500 - Administrator - Disabled)
Claudio (S-1-5-21-2611234398-2104674559-16094915-1001 - Administrator - Enabled) => C:\Users\Claudio
DefaultAccount (S-1-5-21-2611234398-2104674559-16094915-503 - Limited - Disabled)
Gast (S-1-5-21-2611234398-2104674559-16094915-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version: - SkyBox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Day of the Tentacle Remastered (HKLM\...\Steam App 388210) (Version: - Double Fine Productions)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version: - Codemasters Racing Studio)
Dying Light Demo (HKLM-x32\...\Steam App 381570) (Version: - Techland)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{94A137EA-92EF-441C-A7E2-6757CC08EA82}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
PeaZip 5.9.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 5.9.1 - Giorgio Tani)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Mean Greens - Plastic Warfare (HKLM-x32\...\Steam App 360940) (Version: - Virtual Basement LLC)
The Vanishing of Ethan Carter Redux (HKLM\...\Steam App 400430) (Version: - The Astronauts)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED)
Verdun (HKLM\...\Steam App 242860) (Version: - M2H)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Wolfenstein: The Old Blood (HKLM-x32\...\Steam App 350080) (Version: - MachineGames)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2611234398-2104674559-16094915-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0A1ACD26-1143-4C5C-B23C-ACA95E9B30D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {0F1EE7BD-39BB-41FA-A719-610C08F3B369} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-03] (Microsoft Corporation)
Task: {471A6F7A-8E4A-4712-AF6D-BC8416121623} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29] (Google Inc.)
Task: {534E476D-9E61-4FD2-B30B-86983FBF7503} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {5816B646-02AD-458B-88D3-EDADFD9BF687} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-03] (Microsoft Corporation)
Task: {5B3AA834-53F8-4D8B-B880-380272CD4AC5} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {5EB8596C-555F-42C5-8D86-26811012D236} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {6B9A421F-B957-4463-A381-75BA15C0B301} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {803DED55-ABDA-4C9F-8D8B-5D7095B494E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {82B8144F-E75B-42C7-9A2F-2A9727C61F3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29] (Google Inc.)
Task: {B73787A9-C689-4C1F-8B9C-22E52206308F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-01-03 18:53 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 17:01 - 2014-08-25 17:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-10-30 09:18 - 2016-01-05 16:58 - 00263168 _____ () C:\Windows\system32\wc_storage.dll
2016-03-01 23:42 - 2016-02-23 13:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-03-01 23:42 - 2016-02-23 13:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-03 16:17 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 23:42 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-03-29 21:38 - 2016-03-29 21:38 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 21:38 - 2016-03-29 21:38 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 23:29 - 2016-03-03 23:29 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-13 00:15 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:15 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 23:27 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 23:27 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-03 18:20 - 2016-03-11 02:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-03 18:20 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-03 18:20 - 2016-03-31 22:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-03 18:20 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-03 18:20 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-03 18:20 - 2016-03-31 22:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 23:56 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-01-03 18:20 - 2016-02-09 03:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-03 18:20 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A6F21D5A-1510-428F-BEB2-435A5DC2D318}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6034BC62-D2EB-4B1C-BFDB-FA171C37B8AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{769A237B-3EA8-46D5-A46E-7BCB77FB820E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D010AC42-8D5E-46EE-A1DB-F5A0475E3EEF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D28D2FE7-E875-4ACF-9F06-CBA5F881898E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DF06B6B9-4733-4E48-B28B-D959D518DDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5488AB67-C4FF-4EBD-94A8-A3B2C11E7897}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{393AFED4-FB75-4AFA-A923-58B395C03B9C}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E1AC9FB3-FF6D-4E66-A81B-A848E3494B6B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{AA706651-909F-4C47-805F-734D728BCA48}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10D0F58F-62D2-494B-A853-264C1889FBCF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{32C5CFB8-06E6-4233-9163-D69E6B990248}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C48C09F9-6CF6-432B-9B01-E67BD4F9DB67}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{102A5622-260E-42DC-A8D8-86627C04D965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{CD528EA8-4DF0-48E9-9EBA-170944184749}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{223CF6C8-A3D2-4A53-B2D5-CEB76B55D23F}] => (Allow) E:\Programme\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D0C9B718-0C4C-4D53-9F64-08D7A5666C18}] => (Allow) E:\Programme\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F8688802-C470-462D-9709-C690FB35B604}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B496135F-21A6-4EA2-AFA0-12E15484F5DB}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{EC461BEC-FBEF-40C8-A1F7-8E097E3C89A8}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{64718D30-21AB-478A-9284-06DA4C581781}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{0FE56C77-3C39-4639-822F-EFF78267ACD1}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{23EF813E-1C30-4E14-B5F5-110696293476}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{AEADE013-8C08-4383-889B-6C84E43828F8}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{094257F0-BFDC-45FF-BA7A-0A17E038C830}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{D4E9F3ED-9ABE-4B7A-9767-DD207E9B5513}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8568463A-81F4-477A-8721-6F269BC2BF0A}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{75238C4C-2EBE-4AFD-BF67-DD8D990800E0}] => (Allow) E:\Programme\Steam\steamapps\common\Wolfenstein The Old Blood\WolfOldBlood_x64.exe
FirewallRules: [{09ABD6B9-C90C-4C20-9B4B-239FF2BA3894}] => (Allow) E:\Programme\Steam\steamapps\common\Wolfenstein The Old Blood\WolfOldBlood_x64.exe
FirewallRules: [{7D7E487F-DBF4-4372-8FB3-9CC95F38DE0D}] => (Allow) E:\Programme\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{C988F138-1A49-4163-BF54-811139F594C6}] => (Allow) E:\Programme\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{8BAC6DEE-4E93-40E9-9551-72E12F9D8497}] => (Allow) E:\Programme\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{9788B649-8BD0-4FC7-B51B-46B075457E6B}] => (Allow) E:\Programme\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{7DC9C95A-F17C-49E2-B81A-875D4AC7CC6C}] => (Allow) E:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{1323DB30-2970-4D42-B4E6-76853232E826}] => (Allow) E:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{11042E01-52EB-415C-B01F-85ECE3EC267D}] => (Allow) E:\Programme\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
FirewallRules: [{F00F6A25-A6AE-4076-A7A3-06C9157A6541}] => (Allow) E:\Programme\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
FirewallRules: [{8927A368-B7B1-4421-9A9C-7643373A2A10}] => (Allow) E:\Programme\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [{04D66F52-DE2A-4BAD-8C83-3A0F648D98BB}] => (Allow) E:\Programme\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [TCP Query User{2687C104-90B0-434F-A493-DC5C4A2A69F7}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{871E5D56-6E42-43BD-9C9F-39E724D0A4D1}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{42EF3549-8826-403B-A3FD-CED0463361AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{336E2CCA-6767-42F4-9F8A-AB34DF5084DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FBDD58E6-678C-42F7-8E6D-3C7008CA16BF}] => (Allow) E:\Programme\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{1B1737D9-99A3-4502-9850-2C6935F215A5}] => (Allow) E:\Programme\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{4F9C4B87-2E00-4675-B6CB-C63EF2691B6B}] => (Allow) E:\Programme\Steam\steamapps\common\The Vanishing of Ethan Carter Redux\EthanCarter.exe
FirewallRules: [{7DEA5A57-02F8-42F9-850C-039D6264C928}] => (Allow) E:\Programme\Steam\steamapps\common\The Vanishing of Ethan Carter Redux\EthanCarter.exe
FirewallRules: [{DCD998D3-3D7F-4A00-A13A-B602C011ED86}] => (Allow) E:\Programme\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{F8A2030D-6E05-454C-AB69-6A73CBC7E06B}] => (Allow) E:\Programme\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6CE4EEE5-2FFB-4207-82ED-FCAB876AAFFA}] => (Allow) E:\Programme\Steam\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{C5230FE6-0397-4CF6-9BE6-AEF0E94EE5B5}] => (Allow) E:\Programme\Steam\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{237C96F7-B6DB-4BC8-978B-FACDB26B6FDC}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{BB6115AE-2E7F-4C4E-BC8E-CEA02A57F407}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{81888F3C-4CD0-4878-B057-A5839EC07AA5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B9CA5EE5-C205-4027-BBDC-290FB47BDC31}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5F8DC918-3165-4449-9430-1781A6B6A889}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{20277E72-2C77-4EC7-B332-0645D7246B5E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{20673AF6-3837-47BE-88C8-8CDD81DA9DBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1CB4D6C5-32E5-4023-976E-710114A8E81D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{3A8B6814-0D49-4144-BE44-3BDDE52E8F30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{77A294CC-2CB9-469A-A34D-A4D354F2E0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A6D90278-BF12-4766-9078-AC63E25E1908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{1069B0AB-B8A7-41A5-A3DA-2B26D89D9C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{DAA7C7A7-7110-4443-BD2B-E004F01AAD0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{5613E012-4776-40F7-85CC-304BE1783DCB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{71363EA2-65E2-42C2-8D5D-36430DA2A5DA}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
==================== Wiederherstellungspunkte =========================
08-04-2016 01:12:40 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Hyper-V Virtual Ethernet Adapter
Description: Hyper-V-Adapter - virtuelles Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: VMSMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/08/2016 01:12:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/05/2016 02:54:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.37.92.83 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1738
Startzeit: 01d18f1d87ac97a3
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID: 80694daa-fb2d-11e5-84cc-d050993b52e2
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (04/05/2016 11:28:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (04/03/2016 08:33:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (04/03/2016 07:34:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsort "D:\" nicht abgeschlossen. Fehler: Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006).
Error: (04/03/2016 04:44:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prison architect.exe, Version: 0.0.0.0, Zeitstempel: 0x56fa975c
Name des fehlerhaften Moduls: prison architect.exe, Version: 0.0.0.0, Zeitstempel: 0x56fa975c
Ausnahmecode: 0xc0000409
Fehleroffset: 0x003f44de
ID des fehlerhaften Prozesses: 0x534
Startzeit der fehlerhaften Anwendung: 0xprison architect.exe0
Pfad der fehlerhaften Anwendung: prison architect.exe1
Pfad des fehlerhaften Moduls: prison architect.exe2
Berichtskennung: prison architect.exe3
Vollständiger Name des fehlerhaften Pakets: prison architect.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: prison architect.exe5
Error: (04/02/2016 07:51:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.37.92.83 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b48
Startzeit: 01d18ce4f0011176
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID: 793b3e67-f8fb-11e5-84cc-d050993b52e2
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (04/01/2016 07:26:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (03/29/2016 09:50:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/28/2016 04:32:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Systemfehler:
=============
Error: (04/08/2016 08:08:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2016 07:27:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2016 07:10:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2016 07:09:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2016 06:58:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2016 06:30:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_882baca" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/08/2016 06:30:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/08/2016 06:30:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (04/08/2016 05:14:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_364c6d7" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/08/2016 05:14:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
CodeIntegrity:
===================================
Date: 2016-04-07 22:48:34.490
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-06 19:02:04.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-05 11:38:08.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-31 23:16:53.655
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-29 22:00:36.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-23 00:55:41.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-13 14:28:21.043
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-11 21:08:50.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-09 23:08:39.321
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 19:05:40.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 13%
Installierter physikalischer RAM: 24515.86 MB
Verfügbarer physikalischer RAM: 21259.9 MB
Summe virtueller Speicher: 28099.86 MB
Verfügbarer virtueller Speicher: 24645.07 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:232.4 GB) (Free:17.74 GB) NTFS
Drive e: () (Fixed) (Total:930.58 GB) (Free:543.58 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FF4BC7EE)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CED8E90)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
__________________

Alt 09.04.2016, 16:17   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Hi,
kannst Du bitte die Addition.txt so posten wie die FRST.txt?

Bzgl. Gozi, seit der Variante mit "MBR-Rootkit" besteht die Weiterentwicklung v.a. ja darin, dass der Windows 10 Browser Edge ebenfalls per code-injection angreifbar wurde. Aktuelle samples werden gut detektiert: https://www.virustotal.com/en/file/3...cc77/analysis/

Am wichtigsten ist, auf Veränderungen beim Online-Banking zu achten. Gozi kann sowohl Service-Seiten als auch Telefonnummern ändern.

Letztlich muss aber eine TAN abgegriffen werden. D.h. Betrag und Empfänger bei der mTAN SMS kontrollieren.

Außer einem Addon, welches anscheined fp ist, sehe ich auf den ersten Blick nichts.

Machen trotzdem die Routine-Scans:

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 09.04.2016, 18:38   #5
Treend
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Hi Jürgen,

Danke fürs anschauen. Blocksite habe ich installiert, von der offizielen Mozilla Website heruntergeladen, das ist schon sauber.

Hier nochmals die Addition.txt:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von Claudio (2016-04-08 20:17:02)
Gestartet von C:\Users\Claudio\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-03 14:05:06)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2611234398-2104674559-16094915-500 - Administrator - Disabled)
Claudio (S-1-5-21-2611234398-2104674559-16094915-1001 - Administrator - Enabled) => C:\Users\Claudio
DefaultAccount (S-1-5-21-2611234398-2104674559-16094915-503 - Limited - Disabled)
Gast (S-1-5-21-2611234398-2104674559-16094915-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Day of the Tentacle Remastered (HKLM\...\Steam App 388210) (Version:  - Double Fine Productions)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
Dying Light Demo (HKLM-x32\...\Steam App 381570) (Version:  - Techland)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{94A137EA-92EF-441C-A7E2-6757CC08EA82}) (Version: 5.0.10.2907 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
OpenIV (HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\OpenIV) (Version: 2.7.681 - .black/OpenIV Team)
PeaZip 5.9.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 5.9.1 - Giorgio Tani)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Mean Greens - Plastic Warfare (HKLM-x32\...\Steam App 360940) (Version:  - Virtual Basement LLC)
The Vanishing of Ethan Carter Redux (HKLM\...\Steam App 400430) (Version:  - The Astronauts)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Verdun (HKLM\...\Steam App 242860) (Version:  - M2H)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Wolfenstein: The Old Blood  (HKLM-x32\...\Steam App 350080) (Version:  - MachineGames)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2611234398-2104674559-16094915-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0A1ACD26-1143-4C5C-B23C-ACA95E9B30D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {0F1EE7BD-39BB-41FA-A719-610C08F3B369} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-03] (Microsoft Corporation)
Task: {471A6F7A-8E4A-4712-AF6D-BC8416121623} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29] (Google Inc.)
Task: {534E476D-9E61-4FD2-B30B-86983FBF7503} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {5816B646-02AD-458B-88D3-EDADFD9BF687} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-01-03] (Microsoft Corporation)
Task: {5B3AA834-53F8-4D8B-B880-380272CD4AC5} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {5EB8596C-555F-42C5-8D86-26811012D236} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {6B9A421F-B957-4463-A381-75BA15C0B301} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {803DED55-ABDA-4C9F-8D8B-5D7095B494E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {82B8144F-E75B-42C7-9A2F-2A9727C61F3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-29] (Google Inc.)
Task: {B73787A9-C689-4C1F-8B9C-22E52206308F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-01-03 18:53 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-08-25 17:01 - 2014-08-25 17:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-08-25 17:01 - 2014-08-25 17:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-10-30 09:18 - 2016-01-05 16:58 - 00263168 _____ () C:\Windows\system32\wc_storage.dll
2016-03-01 23:42 - 2016-02-23 13:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-03-01 23:42 - 2016-02-23 13:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-03 16:17 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 23:42 - 2016-02-23 10:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-03-29 21:38 - 2016-03-29 21:38 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 21:38 - 2016-03-29 21:38 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 23:29 - 2016-03-03 23:29 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-13 00:15 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:15 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 23:27 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 23:27 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-03 18:20 - 2016-03-11 02:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-03 18:20 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-03 18:20 - 2016-03-31 22:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-03 18:20 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-03 18:20 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-03 18:20 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-03 18:20 - 2016-03-31 22:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 23:56 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-01-03 18:20 - 2016-02-09 03:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-03 18:20 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2611234398-2104674559-16094915-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2611234398-2104674559-16094915-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2611234398-2104674559-16094915-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A6F21D5A-1510-428F-BEB2-435A5DC2D318}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6034BC62-D2EB-4B1C-BFDB-FA171C37B8AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{769A237B-3EA8-46D5-A46E-7BCB77FB820E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D010AC42-8D5E-46EE-A1DB-F5A0475E3EEF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D28D2FE7-E875-4ACF-9F06-CBA5F881898E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DF06B6B9-4733-4E48-B28B-D959D518DDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5488AB67-C4FF-4EBD-94A8-A3B2C11E7897}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{393AFED4-FB75-4AFA-A923-58B395C03B9C}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E1AC9FB3-FF6D-4E66-A81B-A848E3494B6B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{AA706651-909F-4C47-805F-734D728BCA48}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10D0F58F-62D2-494B-A853-264C1889FBCF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{32C5CFB8-06E6-4233-9163-D69E6B990248}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C48C09F9-6CF6-432B-9B01-E67BD4F9DB67}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{102A5622-260E-42DC-A8D8-86627C04D965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{CD528EA8-4DF0-48E9-9EBA-170944184749}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{223CF6C8-A3D2-4A53-B2D5-CEB76B55D23F}] => (Allow) E:\Programme\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D0C9B718-0C4C-4D53-9F64-08D7A5666C18}] => (Allow) E:\Programme\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F8688802-C470-462D-9709-C690FB35B604}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B496135F-21A6-4EA2-AFA0-12E15484F5DB}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{EC461BEC-FBEF-40C8-A1F7-8E097E3C89A8}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{64718D30-21AB-478A-9284-06DA4C581781}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{0FE56C77-3C39-4639-822F-EFF78267ACD1}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{23EF813E-1C30-4E14-B5F5-110696293476}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{AEADE013-8C08-4383-889B-6C84E43828F8}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{094257F0-BFDC-45FF-BA7A-0A17E038C830}] => (Allow) E:\Programme\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{D4E9F3ED-9ABE-4B7A-9767-DD207E9B5513}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8568463A-81F4-477A-8721-6F269BC2BF0A}] => (Allow) E:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{75238C4C-2EBE-4AFD-BF67-DD8D990800E0}] => (Allow) E:\Programme\Steam\steamapps\common\Wolfenstein The Old Blood\WolfOldBlood_x64.exe
FirewallRules: [{09ABD6B9-C90C-4C20-9B4B-239FF2BA3894}] => (Allow) E:\Programme\Steam\steamapps\common\Wolfenstein The Old Blood\WolfOldBlood_x64.exe
FirewallRules: [{7D7E487F-DBF4-4372-8FB3-9CC95F38DE0D}] => (Allow) E:\Programme\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{C988F138-1A49-4163-BF54-811139F594C6}] => (Allow) E:\Programme\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{8BAC6DEE-4E93-40E9-9551-72E12F9D8497}] => (Allow) E:\Programme\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{9788B649-8BD0-4FC7-B51B-46B075457E6B}] => (Allow) E:\Programme\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{7DC9C95A-F17C-49E2-B81A-875D4AC7CC6C}] => (Allow) E:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{1323DB30-2970-4D42-B4E6-76853232E826}] => (Allow) E:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{11042E01-52EB-415C-B01F-85ECE3EC267D}] => (Allow) E:\Programme\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
FirewallRules: [{F00F6A25-A6AE-4076-A7A3-06C9157A6541}] => (Allow) E:\Programme\Steam\steamapps\common\The Mean Greens - Plastic Warfare\TheMeanGreens\Binaries\Win64\TheMeanGreens-Win64-Shipping.exe
FirewallRules: [{8927A368-B7B1-4421-9A9C-7643373A2A10}] => (Allow) E:\Programme\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [{04D66F52-DE2A-4BAD-8C83-3A0F648D98BB}] => (Allow) E:\Programme\Steam\steamapps\common\Dying Light Demo\DyingLightDemo.exe
FirewallRules: [TCP Query User{2687C104-90B0-434F-A493-DC5C4A2A69F7}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{871E5D56-6E42-43BD-9C9F-39E724D0A4D1}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{42EF3549-8826-403B-A3FD-CED0463361AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{336E2CCA-6767-42F4-9F8A-AB34DF5084DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{FBDD58E6-678C-42F7-8E6D-3C7008CA16BF}] => (Allow) E:\Programme\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{1B1737D9-99A3-4502-9850-2C6935F215A5}] => (Allow) E:\Programme\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{4F9C4B87-2E00-4675-B6CB-C63EF2691B6B}] => (Allow) E:\Programme\Steam\steamapps\common\The Vanishing of Ethan Carter Redux\EthanCarter.exe
FirewallRules: [{7DEA5A57-02F8-42F9-850C-039D6264C928}] => (Allow) E:\Programme\Steam\steamapps\common\The Vanishing of Ethan Carter Redux\EthanCarter.exe
FirewallRules: [{DCD998D3-3D7F-4A00-A13A-B602C011ED86}] => (Allow) E:\Programme\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{F8A2030D-6E05-454C-AB69-6A73CBC7E06B}] => (Allow) E:\Programme\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6CE4EEE5-2FFB-4207-82ED-FCAB876AAFFA}] => (Allow) E:\Programme\Steam\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{C5230FE6-0397-4CF6-9BE6-AEF0E94EE5B5}] => (Allow) E:\Programme\Steam\steamapps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{237C96F7-B6DB-4BC8-978B-FACDB26B6FDC}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{BB6115AE-2E7F-4C4E-BC8E-CEA02A57F407}] => (Allow) E:\Programme\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{81888F3C-4CD0-4878-B057-A5839EC07AA5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B9CA5EE5-C205-4027-BBDC-290FB47BDC31}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5F8DC918-3165-4449-9430-1781A6B6A889}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{20277E72-2C77-4EC7-B332-0645D7246B5E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{20673AF6-3837-47BE-88C8-8CDD81DA9DBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1CB4D6C5-32E5-4023-976E-710114A8E81D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{3A8B6814-0D49-4144-BE44-3BDDE52E8F30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Verdun\Verdun.exe
FirewallRules: [{77A294CC-2CB9-469A-A34D-A4D354F2E0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A6D90278-BF12-4766-9078-AC63E25E1908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{1069B0AB-B8A7-41A5-A3DA-2B26D89D9C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{DAA7C7A7-7110-4443-BD2B-E004F01AAD0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{5613E012-4776-40F7-85CC-304BE1783DCB}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{71363EA2-65E2-42C2-8D5D-36430DA2A5DA}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

==================== Wiederherstellungspunkte =========================

08-04-2016 01:12:40 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Hyper-V Virtual Ethernet Adapter
Description: Hyper-V-Adapter - virtuelles Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: VMSMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/08/2016 01:12:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (04/05/2016 02:54:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.37.92.83 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1738

Startzeit: 01d18f1d87ac97a3

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 80694daa-fb2d-11e5-84cc-d050993b52e2

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (04/05/2016 11:28:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile  UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/03/2016 08:33:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/03/2016 07:34:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsort "D:\" nicht abgeschlossen. Fehler: Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006).

Error: (04/03/2016 04:44:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prison architect.exe, Version: 0.0.0.0, Zeitstempel: 0x56fa975c
Name des fehlerhaften Moduls: prison architect.exe, Version: 0.0.0.0, Zeitstempel: 0x56fa975c
Ausnahmecode: 0xc0000409
Fehleroffset: 0x003f44de
ID des fehlerhaften Prozesses: 0x534
Startzeit der fehlerhaften Anwendung: 0xprison architect.exe0
Pfad der fehlerhaften Anwendung: prison architect.exe1
Pfad des fehlerhaften Moduls: prison architect.exe2
Berichtskennung: prison architect.exe3
Vollständiger Name des fehlerhaften Pakets: prison architect.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: prison architect.exe5

Error: (04/02/2016 07:51:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 3.37.92.83 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b48

Startzeit: 01d18ce4f0011176

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 793b3e67-f8fb-11e5-84cc-d050993b52e2

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (04/01/2016 07:26:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/29/2016 09:50:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (03/28/2016 04:32:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


Systemfehler:
=============
Error: (04/08/2016 08:08:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2016 07:27:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2016 07:10:07 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2016 07:09:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2016 06:58:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2016 06:30:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_882baca" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/08/2016 06:30:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (04/08/2016 06:30:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/08/2016 05:14:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_364c6d7" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/08/2016 05:14:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


CodeIntegrity:
===================================
  Date: 2016-04-07 22:48:34.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-06 19:02:04.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-05 11:38:08.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-31 23:16:53.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-29 22:00:36.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 00:55:41.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 14:28:21.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 21:08:50.051
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-09 23:08:39.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 19:05:40.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 13%
Installierter physikalischer RAM: 24515.86 MB
Verfügbarer physikalischer RAM: 21259.9 MB
Summe virtueller Speicher: 28099.86 MB
Verfügbarer virtueller Speicher: 24645.07 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:17.74 GB) NTFS
Drive e: () (Fixed) (Total:930.58 GB) (Free:543.58 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FF4BC7EE)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CED8E90)
Partition 1: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Und hier noch das TDSS Logfile:

Code:
ATTFilter
19:32:41.0740 0x1df4  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
19:32:44.0877 0x1df4  ============================================================
19:32:44.0877 0x1df4  Current date / time: 2016/04/09 19:32:44.0877
19:32:44.0877 0x1df4  SystemInfo:
19:32:44.0877 0x1df4  
19:32:44.0878 0x1df4  OS Version: 10.0.10586 ServicePack: 0.0
19:32:44.0878 0x1df4  Product type: Workstation
19:32:44.0878 0x1df4  ComputerName: CLAUDIO-PC
19:32:44.0878 0x1df4  UserName: Claudio
19:32:44.0878 0x1df4  Windows directory: C:\Windows
19:32:44.0878 0x1df4  System windows directory: C:\Windows
19:32:44.0878 0x1df4  Running under WOW64
19:32:44.0878 0x1df4  Processor architecture: Intel x64
19:32:44.0878 0x1df4  Number of processors: 4
19:32:44.0878 0x1df4  Page size: 0x1000
19:32:44.0878 0x1df4  Boot type: Normal boot
19:32:44.0878 0x1df4  ============================================================
19:32:44.0961 0x1df4  KLMD registered as C:\Windows\system32\drivers\14148194.sys
19:32:45.0068 0x1df4  System UUID: {9EAEF1F6-E30F-FD75-C569-2748DCF8D49C}
19:32:45.0441 0x1df4  Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:32:45.0649 0x1df4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:32:45.0659 0x1df4  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:32:45.0661 0x1df4  Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:32:45.0664 0x1df4  ============================================================
19:32:45.0664 0x1df4  \Device\Harddisk2\DR5:
19:32:45.0664 0x1df4  MBR partitions:
19:32:45.0664 0x1df4  \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x2, BlocksNum 0x1D1C596E
19:32:45.0664 0x1df4  \Device\Harddisk0\DR0:
19:32:45.0664 0x1df4  MBR partitions:
19:32:45.0664 0x1df4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
19:32:45.0664 0x1df4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0x7452A800
19:32:45.0664 0x1df4  \Device\Harddisk1\DR1:
19:32:45.0664 0x1df4  MBR partitions:
19:32:45.0664 0x1df4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0x1D0CA800
19:32:45.0664 0x1df4  \Device\Harddisk2\DR5:
19:32:45.0665 0x1df4  MBR partitions:
19:32:45.0665 0x1df4  \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x2, BlocksNum 0x1D1C596E
19:32:45.0665 0x1df4  ============================================================
19:32:45.0665 0x1df4  C: <-> \Device\Harddisk1\DR1\Partition1
19:32:45.0668 0x1df4  D: <-> \Device\Harddisk2\DR5\Partition1
19:32:45.0685 0x1df4  E: <-> \Device\Harddisk0\DR0\Partition2
19:32:45.0685 0x1df4  ============================================================
19:32:45.0685 0x1df4  Initialize success
19:32:45.0685 0x1df4  ============================================================
19:33:41.0981 0x1c7c  ============================================================
19:33:41.0981 0x1c7c  Scan started
19:33:41.0981 0x1c7c  Mode: Manual; SigCheck; TDLFS; 
19:33:41.0981 0x1c7c  ============================================================
19:33:41.0981 0x1c7c  KSN ping started
19:33:44.0299 0x1c7c  KSN ping finished: true
19:33:44.0989 0x1c7c  ================ Scan system memory ========================
19:33:44.0989 0x1c7c  System memory - ok
19:33:44.0989 0x1c7c  ================ Scan services =============================
19:33:45.0014 0x1c7c  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
19:33:45.0043 0x1c7c  1394ohci - ok
19:33:45.0050 0x1c7c  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\Windows\system32\drivers\3ware.sys
19:33:45.0059 0x1c7c  3ware - ok
19:33:45.0071 0x1c7c  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:33:45.0088 0x1c7c  ACPI - ok
19:33:45.0093 0x1c7c  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
19:33:45.0102 0x1c7c  acpiex - ok
19:33:45.0105 0x1c7c  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
19:33:45.0113 0x1c7c  acpipagr - ok
19:33:45.0116 0x1c7c  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
19:33:45.0125 0x1c7c  AcpiPmi - ok
19:33:45.0127 0x1c7c  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\Windows\System32\drivers\acpitime.sys
19:33:45.0136 0x1c7c  acpitime - ok
19:33:45.0140 0x1c7c  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:33:45.0146 0x1c7c  AdobeARMservice - ok
19:33:45.0158 0x1c7c  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:33:45.0166 0x1c7c  AdobeFlashPlayerUpdateSvc - ok
19:33:45.0187 0x1c7c  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
19:33:45.0215 0x1c7c  ADP80XX - ok
19:33:45.0229 0x1c7c  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\Windows\system32\drivers\afd.sys
19:33:45.0248 0x1c7c  AFD - ok
19:33:45.0253 0x1c7c  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:33:45.0262 0x1c7c  agp440 - ok
19:33:45.0268 0x1c7c  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
19:33:45.0282 0x1c7c  ahcache - ok
19:33:45.0285 0x1c7c  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\Windows\System32\AJRouter.dll
19:33:45.0294 0x1c7c  AJRouter - ok
19:33:45.0298 0x1c7c  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\Windows\System32\alg.exe
19:33:45.0309 0x1c7c  ALG - ok
19:33:45.0315 0x1c7c  [ B87B7B9565BEE77C49085B03C74E748D, 19DF707C440C5D50E06F74CC6545B3580547E1927E77E51A8A565157D2AEB18B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:33:45.0327 0x1c7c  AMD External Events Utility - ok
19:33:45.0332 0x1c7c  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
19:33:45.0343 0x1c7c  AmdK8 - ok
19:33:45.0346 0x1c7c  [ 66CD2F9A6AD1B720E448053B5CE6F3A4, D9156F311E36297BE63A5BE8E41AA2E6C32AA5A9BD188C4BC6D804BA39F71E15 ] amdkmafd        C:\Windows\system32\drivers\amdkmafd.sys
19:33:45.0353 0x1c7c  amdkmafd - ok
19:33:45.0356 0x1c7c  amdkmdag - ok
19:33:45.0368 0x1c7c  [ A5684E51ABDD91A661142A3C5AC1FCEC, D6AE5D948AE1AC4745F9DC9E7EC46D227F929501EBCA3DEE7829862005F6930E ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:33:45.0387 0x1c7c  amdkmdap - ok
19:33:45.0391 0x1c7c  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
19:33:45.0402 0x1c7c  AmdPPM - ok
19:33:45.0405 0x1c7c  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:33:45.0414 0x1c7c  amdsata - ok
19:33:45.0421 0x1c7c  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:33:45.0432 0x1c7c  amdsbs - ok
19:33:45.0435 0x1c7c  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:33:45.0442 0x1c7c  amdxata - ok
19:33:45.0461 0x1c7c  [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
19:33:45.0481 0x1c7c  AntiVirMailService - ok
19:33:45.0491 0x1c7c  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
19:33:45.0502 0x1c7c  AntiVirSchedulerService - ok
19:33:45.0511 0x1c7c  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
19:33:45.0522 0x1c7c  AntiVirService - ok
19:33:45.0546 0x1c7c  [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
19:33:45.0572 0x1c7c  AntiVirWebService - ok
19:33:45.0578 0x1c7c  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\Windows\system32\drivers\appid.sys
19:33:45.0588 0x1c7c  AppID - ok
19:33:45.0591 0x1c7c  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:33:45.0603 0x1c7c  AppIDSvc - ok
19:33:45.0607 0x1c7c  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\Windows\System32\appinfo.dll
19:33:45.0620 0x1c7c  Appinfo - ok
19:33:45.0625 0x1c7c  [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:33:45.0637 0x1c7c  AppMgmt - ok
19:33:45.0647 0x1c7c  [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
19:33:45.0667 0x1c7c  AppReadiness - ok
19:33:45.0701 0x1c7c  [ 3DF25A56F18D2AB4CF58C1300C8CD323, 34A20004A93BC0F22BF99E56E6657CF0A68B64B375A66408FB1E26ADA7A72FC4 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
19:33:45.0762 0x1c7c  AppXSvc - ok
19:33:45.0767 0x1c7c  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:33:45.0776 0x1c7c  arcsas - ok
19:33:45.0779 0x1c7c  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
19:33:45.0789 0x1c7c  AsyncMac - ok
19:33:45.0792 0x1c7c  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:33:45.0799 0x1c7c  atapi - ok
19:33:45.0803 0x1c7c  [ 85581E7A7935BD30C04F97A5B9F6DB80, DC0E1373C5F2DFC937CFB9C977F8577CC6A45CAA83E97BF8ED2182F017FB7927 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWT6.sys
19:33:45.0811 0x1c7c  AtiHDAudioService - ok
19:33:45.0818 0x1c7c  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:33:45.0832 0x1c7c  AudioEndpointBuilder - ok
19:33:45.0851 0x1c7c  [ 9610CE53A9ED0789C8B669A5F86008F7, 9EE4B3F8528B20682595DDBDB0FF9F98FD8B957EE4C335FDD4382AE30D3C2EA0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:33:45.0883 0x1c7c  Audiosrv - ok
19:33:45.0888 0x1c7c  [ 5CF5E80616F74B769AABCF76FEA791D1, CA56643D41DB4E139FE85098DCD67187AAC126CE2414276364A97334E15F9F53 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:33:45.0894 0x1c7c  avgntflt - ok
19:33:45.0899 0x1c7c  [ 8AC3D6C2E2B0B22E918817A96DA4875E, AE6FB86A09373918DD7FA7E19DA9B2915AAAE6DDF5939245F44B5512E3710E1B ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:33:45.0904 0x1c7c  avipbb - ok
19:33:45.0912 0x1c7c  [ 98BB62ABFD17F284C3C5DE40F8266F3C, CD08C737BE9FC32FF98252FCFFCAE779EC6FAB76BF80F0835ACE71F1E155D70D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
19:33:45.0920 0x1c7c  Avira.ServiceHost - ok
19:33:45.0923 0x1c7c  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:33:45.0929 0x1c7c  avkmgr - ok
19:33:45.0932 0x1c7c  [ 02488D56FE0DB002CE3B1E120A0ED889, 487067731C2CA1BA8A1CF1C403C2342C153E6BE0CE9B003D914D9647059EFDBD ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
19:33:45.0937 0x1c7c  avnetflt - ok
19:33:45.0941 0x1c7c  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:33:45.0953 0x1c7c  AxInstSV - ok
19:33:45.0964 0x1c7c  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:33:45.0980 0x1c7c  b06bdrv - ok
19:33:45.0984 0x1c7c  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
19:33:45.0993 0x1c7c  BasicDisplay - ok
19:33:45.0996 0x1c7c  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
19:33:46.0004 0x1c7c  BasicRender - ok
19:33:46.0008 0x1c7c  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\Windows\System32\drivers\bcmfn.sys
19:33:46.0016 0x1c7c  bcmfn - ok
19:33:46.0019 0x1c7c  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
19:33:46.0027 0x1c7c  bcmfn2 - ok
19:33:46.0034 0x1c7c  [ F8F398A4AF7E0917320BC2B2CD812888, 02B9A6EA0AA750CA9B62AB09E99956C35E252A12B22C2CBFDC4E941ED5870591 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:33:46.0051 0x1c7c  BDESVC - ok
19:33:46.0053 0x1c7c  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:33:46.0062 0x1c7c  Beep - ok
19:33:46.0084 0x1c7c  [ 34E728ACD12ACC3C8502F437DF4D6601, 025B8A3C463ADEA72FB0A3F70B148547E45091F54A2040E3B07E82EC37430D7E ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
19:33:46.0110 0x1c7c  BEService - ok
19:33:46.0126 0x1c7c  [ 8EA08141590CB9331FA773FB430E91E4, 0507499EF423CC9EE9AC18C2B5CBF9965E69481C69DC96E361C2184C53C3F404 ] BFE             C:\Windows\System32\bfe.dll
19:33:46.0152 0x1c7c  BFE - ok
19:33:46.0172 0x1c7c  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\Windows\System32\qmgr.dll
19:33:46.0207 0x1c7c  BITS - ok
19:33:46.0211 0x1c7c  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:33:46.0221 0x1c7c  bowser - ok
19:33:46.0233 0x1c7c  [ 9972A886D911234F833A265D5D641D30, E64199AB64CC60C75371D8421031DC02818C852427C4F66AD3DF7DCDF33952B1 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:33:46.0255 0x1c7c  BrokerInfrastructure - ok
19:33:46.0260 0x1c7c  [ DA4C9335434E71D6CC86A3CA567769CC, 9FE5EE3CC91CADBF952446E0A9A79A8834B03C8D4C47D6E9257AF64B2C17F518 ] Browser         C:\Windows\System32\browser.dll
19:33:46.0270 0x1c7c  Browser - ok
19:33:46.0274 0x1c7c  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
19:33:46.0282 0x1c7c  BthAvrcpTg - ok
19:33:46.0286 0x1c7c  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
19:33:46.0295 0x1c7c  BthHFEnum - ok
19:33:46.0298 0x1c7c  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
19:33:46.0306 0x1c7c  bthhfhid - ok
19:33:46.0314 0x1c7c  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
19:33:46.0329 0x1c7c  BthHFSrv - ok
19:33:46.0332 0x1c7c  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
19:33:46.0342 0x1c7c  BTHMODEM - ok
19:33:46.0346 0x1c7c  [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv         C:\Windows\system32\bthserv.dll
19:33:46.0356 0x1c7c  bthserv - ok
19:33:46.0359 0x1c7c  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
19:33:46.0367 0x1c7c  buttonconverter - ok
19:33:46.0372 0x1c7c  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\Windows\System32\drivers\capimg.sys
19:33:46.0382 0x1c7c  CapImg - ok
19:33:46.0386 0x1c7c  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:33:46.0396 0x1c7c  cdfs - ok
19:33:46.0404 0x1c7c  [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
19:33:46.0419 0x1c7c  CDPSvc - ok
19:33:46.0425 0x1c7c  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
19:33:46.0436 0x1c7c  cdrom - ok
19:33:46.0441 0x1c7c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:33:46.0457 0x1c7c  CertPropSvc - ok
19:33:46.0460 0x1c7c  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\Windows\System32\drivers\circlass.sys
19:33:46.0468 0x1c7c  circlass - ok
19:33:46.0477 0x1c7c  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
19:33:46.0490 0x1c7c  CLFS - ok
19:33:46.0537 0x1c7c  [ 43102F2322F0CB42A7D2C685278BC460, 5586485A472BD5D99D27A36CEEEBB2C849C9D0D9EDB8312203B78279D69C6CA2 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
19:33:46.0588 0x1c7c  ClickToRunSvc - ok
19:33:46.0603 0x1c7c  [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC         C:\Windows\System32\ClipSVC.dll
19:33:46.0621 0x1c7c  ClipSVC - ok
19:33:46.0628 0x1c7c  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
19:33:46.0636 0x1c7c  CmBatt - ok
19:33:46.0648 0x1c7c  [ A1105260EEEE3DBD8D38FD054B22BD00, CA943B0B03527B07690CAFFD53F8ABF14FB3974DAAA1036E54815BD0DAF803D8 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:33:46.0665 0x1c7c  CNG - ok
19:33:46.0668 0x1c7c  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
19:33:46.0676 0x1c7c  cnghwassist - ok
19:33:46.0683 0x1c7c  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
19:33:46.0692 0x1c7c  CompositeBus - ok
19:33:46.0695 0x1c7c  COMSysApp - ok
19:33:46.0697 0x1c7c  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\Windows\system32\drivers\condrv.sys
19:33:46.0705 0x1c7c  condrv - ok
19:33:46.0719 0x1c7c  [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
19:33:46.0740 0x1c7c  CoreMessagingRegistrar - ok
19:33:46.0746 0x1c7c  [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:33:46.0757 0x1c7c  CryptSvc - ok
19:33:46.0767 0x1c7c  [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC             C:\Windows\system32\drivers\csc.sys
19:33:46.0788 0x1c7c  CSC - ok
19:33:46.0802 0x1c7c  [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService      C:\Windows\System32\cscsvc.dll
19:33:46.0827 0x1c7c  CscService - ok
19:33:46.0831 0x1c7c  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\Windows\system32\drivers\dam.sys
19:33:46.0840 0x1c7c  dam - ok
19:33:46.0843 0x1c7c  [ 3C290C1DFFA58A950B24B9E80728999D, 693A85CE2D8A29A2D2DA1892715BB0CF6CABC2B501BE281C39ED75783B8A9F4B ] dc1-controller  C:\Windows\System32\drivers\dc1-controller.sys
19:33:46.0853 0x1c7c  dc1-controller - ok
19:33:46.0871 0x1c7c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:33:46.0902 0x1c7c  DcomLaunch - ok
19:33:46.0908 0x1c7c  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\Windows\system32\dcpsvc.dll
19:33:46.0924 0x1c7c  DcpSvc - ok
19:33:46.0934 0x1c7c  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:33:46.0959 0x1c7c  defragsvc - ok
19:33:46.0968 0x1c7c  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\Windows\system32\das.dll
19:33:46.0986 0x1c7c  DeviceAssociationService - ok
19:33:46.0991 0x1c7c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
19:33:47.0006 0x1c7c  DeviceInstall - ok
19:33:47.0009 0x1c7c  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
19:33:47.0018 0x1c7c  DevQueryBroker - ok
19:33:47.0022 0x1c7c  [ C9478D7DB7BE5D7ACE65CB1167F07320, D5082D09EE62E34A195768040B741E22ACC9421CFF315423D77A63ABF8F5E39E ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
19:33:47.0033 0x1c7c  Dfsc - ok
19:33:47.0042 0x1c7c  [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:33:47.0058 0x1c7c  Dhcp - ok
19:33:47.0062 0x1c7c  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
19:33:47.0070 0x1c7c  diagnosticshub.standardcollector.service - ok
19:33:47.0096 0x1c7c  [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack       C:\Windows\system32\diagtrack.dll
19:33:47.0131 0x1c7c  DiagTrack - ok
19:33:47.0136 0x1c7c  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\Windows\system32\drivers\disk.sys
19:33:47.0145 0x1c7c  disk - ok
19:33:47.0151 0x1c7c  [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
19:33:47.0168 0x1c7c  DmEnrollmentSvc - ok
19:33:47.0171 0x1c7c  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
19:33:47.0180 0x1c7c  dmvsc - ok
19:33:47.0183 0x1c7c  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
19:33:47.0194 0x1c7c  dmwappushservice - ok
19:33:47.0201 0x1c7c  [ 570BB222E3AFC4407636B53F6EABFA70, D0194A128370BB0A337B61402F9EEDD6F7942ADB19BF672D0F92DA2DA563D0DD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:33:47.0216 0x1c7c  Dnscache - ok
19:33:47.0223 0x1c7c  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\Windows\System32\dot3svc.dll
19:33:47.0239 0x1c7c  dot3svc - ok
19:33:47.0244 0x1c7c  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\Windows\system32\dps.dll
19:33:47.0257 0x1c7c  DPS - ok
19:33:47.0260 0x1c7c  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\Windows\System32\drivers\drmkaud.sys
19:33:47.0267 0x1c7c  drmkaud - ok
19:33:47.0273 0x1c7c  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
19:33:47.0286 0x1c7c  DsmSvc - ok
19:33:47.0291 0x1c7c  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\Windows\System32\DsSvc.dll
19:33:47.0303 0x1c7c  DsSvc - ok
19:33:47.0335 0x1c7c  [ F45665E77D11F3C1552EDBEAD1559DC8, C7C4B493CB36A1A35B8CA33C044BA0ED273CDA80E36F48BFF7CE3A0356246838 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:33:47.0376 0x1c7c  DXGKrnl - ok
19:33:47.0383 0x1c7c  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\Windows\System32\eapsvc.dll
19:33:47.0395 0x1c7c  Eaphost - ok
19:33:47.0446 0x1c7c  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:33:47.0512 0x1c7c  ebdrv - ok
19:33:47.0519 0x1c7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\Windows\System32\lsass.exe
19:33:47.0528 0x1c7c  EFS - ok
19:33:47.0531 0x1c7c  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
19:33:47.0540 0x1c7c  EhStorClass - ok
19:33:47.0544 0x1c7c  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:33:47.0553 0x1c7c  EhStorTcgDrv - ok
19:33:47.0557 0x1c7c  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
19:33:47.0567 0x1c7c  embeddedmode - ok
19:33:47.0574 0x1c7c  [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc       C:\Windows\system32\EnterpriseAppMgmtSvc.dll
19:33:47.0590 0x1c7c  EntAppSvc - ok
19:33:47.0593 0x1c7c  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\Windows\System32\drivers\errdev.sys
19:33:47.0601 0x1c7c  ErrDev - ok
19:33:47.0612 0x1c7c  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\Windows\system32\es.dll
19:33:47.0632 0x1c7c  EventSystem - ok
19:33:47.0640 0x1c7c  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:33:47.0655 0x1c7c  exfat - ok
19:33:47.0663 0x1c7c  [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:33:47.0676 0x1c7c  fastfat - ok
19:33:47.0688 0x1c7c  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\Windows\system32\fxssvc.exe
19:33:47.0712 0x1c7c  Fax - ok
19:33:47.0715 0x1c7c  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\Windows\System32\drivers\fdc.sys
19:33:47.0724 0x1c7c  fdc - ok
19:33:47.0726 0x1c7c  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:33:47.0738 0x1c7c  fdPHost - ok
19:33:47.0742 0x1c7c  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\Windows\system32\fdrespub.dll
19:33:47.0754 0x1c7c  FDResPub - ok
19:33:47.0758 0x1c7c  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\Windows\system32\fhsvc.dll
19:33:47.0773 0x1c7c  fhsvc - ok
19:33:47.0776 0x1c7c  [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt       C:\Windows\system32\drivers\filecrypt.sys
19:33:47.0786 0x1c7c  FileCrypt - ok
19:33:47.0790 0x1c7c  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:33:47.0798 0x1c7c  FileInfo - ok
19:33:47.0801 0x1c7c  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:33:47.0812 0x1c7c  Filetrace - ok
19:33:47.0815 0x1c7c  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
19:33:47.0824 0x1c7c  flpydisk - ok
19:33:47.0832 0x1c7c  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:33:47.0845 0x1c7c  FltMgr - ok
19:33:47.0873 0x1c7c  [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache       C:\Windows\system32\FntCache.dll
19:33:47.0910 0x05d0  Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
19:33:47.0920 0x1c7c  FontCache - ok
19:33:47.0925 0x1c7c  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:33:47.0931 0x1c7c  FontCache3.0.0.0 - ok
19:33:47.0934 0x1c7c  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:33:47.0942 0x1c7c  FsDepends - ok
19:33:47.0944 0x1c7c  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:33:47.0951 0x1c7c  Fs_Rec - ok
19:33:47.0957 0x1c7c  [ 8EC36B9FD3D25687C3F996200BBB8DED, 7711D8EA638EAF045F6C91C86C98136E8EED81F0B0AABF19984C469F87DDDA68 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
19:33:47.0963 0x1c7c  FTDIBUS - ok
19:33:47.0967 0x1c7c  [ 535AB1F6600D8384145E4A8521194D3F, 570E9D42B3D78E839BDDD96D2051B465E6AEEBC6F1E28DB94EE64F111A7DB18D ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
19:33:47.0972 0x1c7c  FTSER2K - ok
19:33:47.0984 0x1c7c  [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:33:48.0002 0x1c7c  fvevol - ok
19:33:48.0006 0x1c7c  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:33:48.0014 0x1c7c  gagp30kx - ok
19:33:48.0016 0x1c7c  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
19:33:48.0024 0x1c7c  gencounter - ok
19:33:48.0027 0x1c7c  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
19:33:48.0035 0x1c7c  genericusbfn - ok
19:33:48.0040 0x1c7c  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
19:33:48.0049 0x1c7c  GPIOClx0101 - ok
19:33:48.0072 0x1c7c  [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:33:48.0114 0x1c7c  gpsvc - ok
19:33:48.0118 0x1c7c  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
19:33:48.0129 0x1c7c  GpuEnergyDrv - ok
19:33:48.0134 0x1c7c  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:33:48.0142 0x1c7c  gupdate - ok
19:33:48.0145 0x1c7c  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:33:48.0152 0x1c7c  gupdatem - ok
19:33:48.0160 0x1c7c  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
19:33:48.0178 0x1c7c  HdAudAddService - ok
19:33:48.0182 0x1c7c  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
19:33:48.0191 0x1c7c  HDAudBus - ok
19:33:48.0194 0x1c7c  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
19:33:48.0202 0x1c7c  HidBatt - ok
19:33:48.0206 0x1c7c  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
19:33:48.0216 0x1c7c  HidBth - ok
19:33:48.0219 0x1c7c  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
19:33:48.0228 0x1c7c  hidi2c - ok
19:33:48.0231 0x1c7c  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
19:33:48.0238 0x1c7c  hidinterrupt - ok
19:33:48.0241 0x1c7c  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\Windows\System32\drivers\hidir.sys
19:33:48.0250 0x1c7c  HidIr - ok
19:33:48.0254 0x1c7c  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\Windows\system32\hidserv.dll
19:33:48.0263 0x1c7c  hidserv - ok
19:33:48.0266 0x1c7c  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
19:33:48.0274 0x1c7c  HidUsb - ok
19:33:48.0281 0x1c7c  [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:33:48.0295 0x1c7c  HomeGroupListener - ok
19:33:48.0305 0x1c7c  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:33:48.0323 0x1c7c  HomeGroupProvider - ok
19:33:48.0327 0x1c7c  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:33:48.0335 0x1c7c  HpSAMD - ok
19:33:48.0353 0x1c7c  [ 318E816717431D3C23DC82779900C744, 363702CC8A5B5FBF5E8CE2DA5C48D52CBD6244C9398B164EFDF1A4B0FAF592E6 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:33:48.0379 0x1c7c  HTTP - ok
19:33:48.0383 0x1c7c  [ BAA6D282D883F01CEE76A94B75FD09B7, 9F8EFF8A9228E3549015D94FAB540D398184F8C2E17A9BCC367BBCCC45F2D992 ] HvHost          C:\Windows\System32\hvhostsvc.dll
19:33:48.0392 0x1c7c  HvHost - ok
19:33:48.0396 0x1c7c  [ A9986C5338204F69C32AEB7FB32B215B, 0E991B6C54807BA1919707B9B8E72A699DE6E9571A84F28417DDE03E6B4005FF ] hvservice       C:\Windows\system32\drivers\hvservice.sys
19:33:48.0403 0x1c7c  hvservice - ok
19:33:48.0406 0x1c7c  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:33:48.0413 0x1c7c  hwpolicy - ok
19:33:48.0416 0x1c7c  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
19:33:48.0424 0x1c7c  hyperkbd - ok
19:33:48.0428 0x1c7c  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
19:33:48.0438 0x1c7c  i8042prt - ok
19:33:48.0443 0x1c7c  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\Windows\System32\drivers\iai2c.sys
19:33:48.0452 0x1c7c  iai2c - ok
19:33:48.0458 0x1c7c  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
19:33:48.0470 0x1c7c  iaLPSS2i_I2C - ok
19:33:48.0473 0x1c7c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
19:33:48.0479 0x1c7c  iaLPSSi_GPIO - ok
19:33:48.0483 0x1c7c  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
19:33:48.0494 0x1c7c  iaLPSSi_I2C - ok
19:33:48.0517 0x1c7c  [ 12859E1215AA083A42E7ADCDE5C061D1, 262F9C65C3FA7EB69C4FA7C6547E1C79DB49697A083309909BC78726A116557F ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
19:33:48.0524 0x0b08  Object required for P2P: [ 5CF5E80616F74B769AABCF76FEA791D1 ] avgntflt
19:33:48.0545 0x1c7c  iaStorA - ok
19:33:48.0559 0x1c7c  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
19:33:48.0577 0x1c7c  iaStorAV - ok
19:33:48.0580 0x1c7c  [ 14E3DB5ADA7E2187A404129F4E5CE336, 5925C8E9DC00A6C682D6A3B37C6EBF2C325D37C8E4BF584F0B5AAC5A7B666E47 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:33:48.0585 0x1c7c  IAStorDataMgrSvc - ok
19:33:48.0594 0x1c7c  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:33:48.0607 0x1c7c  iaStorV - ok
19:33:48.0616 0x1c7c  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\Windows\System32\drivers\ibbus.sys
19:33:48.0630 0x1c7c  ibbus - ok
19:33:48.0635 0x1c7c  [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc          C:\Windows\System32\tetheringservice.dll
19:33:48.0647 0x1c7c  icssvc - ok
19:33:48.0649 0x1c7c  IEEtwCollectorService - ok
19:33:48.0651 0x1c7c  [ FF604BCE2537A4734DA0CE19AD9B7B7A, E40E87961F46B374122ED2B06E79C575FCFA4D29F95763ADC7E88270D064AFE8 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
19:33:48.0657 0x1c7c  ikbevent - ok
19:33:48.0674 0x1c7c  [ 12F8D27ED8623DDDC09A549EDADCBAC9, D3A3F0588D9CAF1027D8BC14601E2A6AB7E5924A2C23C90D38A9E14538DB02A9 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:33:48.0704 0x1c7c  IKEEXT - ok
19:33:48.0707 0x1c7c  [ 298E67827BE3C4403C32EAB66987A334, BE7D95E2BB0D6D60B40966305D0354CA93F773FD2FA2727F1076DC8E162D5EB1 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
19:33:48.0712 0x1c7c  imsevent - ok
19:33:48.0716 0x1c7c  [ 0BBE196EED750C18E5D4B3CB55EB097C, 6A67BF6CD9BBC77034AD1BBDE6FD1DE78440825E317DB7C517BD4D773FEBDA39 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
19:33:48.0721 0x1c7c  INETMON - ok
19:33:48.0789 0x1c7c  [ 7F08B78B1516626869FB44A61EFDF566, C585902D4F6E36A44097C192CCF19F1947F99C86A7BB77E83C0BE475F0151161 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:33:48.0865 0x1c7c  IntcAzAudAddService - ok
19:33:48.0873 0x1c7c  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\Windows\system32\drivers\intelide.sys
19:33:48.0880 0x1c7c  intelide - ok
19:33:48.0883 0x1c7c  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\Windows\system32\drivers\intelpep.sys
19:33:48.0890 0x1c7c  intelpep - ok
19:33:48.0894 0x1c7c  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
19:33:48.0904 0x1c7c  intelppm - ok
19:33:48.0906 0x1c7c  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\Windows\system32\drivers\ioqos.sys
19:33:48.0914 0x1c7c  IoQos - ok
19:33:48.0918 0x1c7c  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:33:48.0929 0x1c7c  IpFilterDriver - ok
19:33:48.0946 0x1c7c  [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:33:48.0978 0x1c7c  iphlpsvc - ok
19:33:48.0982 0x1c7c  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
19:33:48.0991 0x1c7c  IPMIDRV - ok
19:33:48.0996 0x1c7c  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:33:49.0008 0x1c7c  IPNAT - ok
19:33:49.0010 0x1c7c  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:33:49.0020 0x1c7c  IRENUM - ok
19:33:49.0022 0x1c7c  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:33:49.0029 0x1c7c  isapnp - ok
19:33:49.0036 0x1c7c  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
19:33:49.0047 0x1c7c  iScsiPrt - ok
19:33:49.0050 0x1c7c  [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT            C:\Windows\System32\drivers\ISCTD.sys
19:33:49.0055 0x1c7c  ISCT - ok
19:33:49.0061 0x1c7c  [ 796A8DFCB3609C61E6AD43E551F55D9A, 20A0FF8E72238DAC64A65DEEAA84BD8D7AD45249FC87DEA11B715D0CD0DBDCBC ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
19:33:49.0068 0x1c7c  ISCTAgent - ok
19:33:49.0072 0x1c7c  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
19:33:49.0079 0x1c7c  kbdclass - ok
19:33:49.0083 0x1c7c  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
19:33:49.0091 0x1c7c  kbdhid - ok
19:33:49.0094 0x1c7c  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\Windows\System32\drivers\kdnic.sys
19:33:49.0102 0x1c7c  kdnic - ok
19:33:49.0104 0x1c7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\Windows\system32\lsass.exe
19:33:49.0113 0x1c7c  KeyIso - ok
19:33:49.0117 0x1c7c  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:33:49.0126 0x1c7c  KSecDD - ok
19:33:49.0131 0x1ef8  Object required for P2P: [ 43102F2322F0CB42A7D2C685278BC460 ] ClickToRunSvc
19:33:49.0131 0x1c7c  [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:33:49.0141 0x1c7c  KSecPkg - ok
19:33:49.0144 0x1c7c  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:33:49.0152 0x1c7c  ksthunk - ok
19:33:49.0160 0x1c7c  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:33:49.0178 0x1c7c  KtmRm - ok
19:33:49.0184 0x1c7c  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:33:49.0200 0x1c7c  LanmanServer - ok
19:33:49.0207 0x1c7c  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:33:49.0222 0x1c7c  LanmanWorkstation - ok
19:33:49.0226 0x1c7c  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\Windows\System32\lfsvc.dll
19:33:49.0234 0x1c7c  lfsvc - ok
19:33:49.0237 0x1c7c  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
19:33:49.0246 0x1c7c  LicenseManager - ok
19:33:49.0249 0x1c7c  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\Windows\system32\drivers\lltdio.sys
19:33:49.0260 0x1c7c  lltdio - ok
19:33:49.0266 0x1c7c  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:33:49.0283 0x1c7c  lltdsvc - ok
19:33:49.0285 0x1c7c  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:33:49.0294 0x1c7c  lmhosts - ok
19:33:49.0299 0x1c7c  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:33:49.0307 0x1c7c  LSI_SAS - ok
19:33:49.0311 0x1c7c  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\Windows\system32\drivers\lsi_sas2i.sys
19:33:49.0319 0x1c7c  LSI_SAS2i - ok
19:33:49.0323 0x1c7c  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\Windows\system32\drivers\lsi_sas3i.sys
19:33:49.0332 0x1c7c  LSI_SAS3i - ok
19:33:49.0335 0x1c7c  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
19:33:49.0343 0x1c7c  LSI_SSS - ok
19:33:49.0357 0x1c7c  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\Windows\System32\lsm.dll
19:33:49.0383 0x1c7c  LSM - ok
19:33:49.0388 0x1c7c  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ]
         


Alt 09.04.2016, 18:39   #6
Treend
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Teil 2 des TDS Logfiles:

Code:
ATTFilter
luafv           C:\Windows\system32\drivers\luafv.sys
19:33:49.0401 0x1c7c  luafv - ok
19:33:49.0404 0x1c7c  [ 46BDB3C12FB0E2D67E623BA4C370C9FA, 5F929722F607B995975D867E161F7F54D4E6386A2056FDC7E87934A895638C62 ] lunparser       C:\Windows\system32\drivers\lunparser.sys
19:33:49.0412 0x1c7c  lunparser - ok
19:33:49.0416 0x1c7c  [ 88B38A7435DFA9B7E8F94F5D5FE999D2, FF4EBB6CE013D0EA62FEDA5FBBD1205D9A6F684E701F40039A95A4EF4145DC16 ] MapsBroker      C:\Windows\System32\moshost.dll
19:33:49.0426 0x1c7c  MapsBroker - ok
19:33:49.0429 0x1c7c  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:33:49.0434 0x1c7c  MBAMProtector - ok
19:33:49.0458 0x1c7c  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
19:33:49.0485 0x1c7c  MBAMScheduler - ok
19:33:49.0507 0x1c7c  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
19:33:49.0529 0x1c7c  MBAMService - ok
19:33:49.0536 0x1c7c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:33:49.0543 0x1c7c  MBAMSwissArmy - ok
19:33:49.0547 0x1c7c  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
19:33:49.0553 0x1c7c  MBAMWebAccessControl - ok
19:33:49.0557 0x1c7c  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:33:49.0565 0x1c7c  megasas - ok
19:33:49.0577 0x1c7c  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\Windows\system32\drivers\megasr.sys
19:33:49.0594 0x1c7c  megasr - ok
19:33:49.0600 0x1c7c  [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64          C:\Windows\System32\drivers\TeeDriverW8x64.sys
19:33:49.0609 0x1c7c  MEIx64 - ok
19:33:49.0612 0x1c7c  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\Windows\System32\MessagingService.dll
19:33:49.0623 0x1c7c  MessagingService - ok
19:33:49.0638 0x1c7c  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
19:33:49.0658 0x1c7c  mlx4_bus - ok
19:33:49.0662 0x1c7c  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\Windows\system32\drivers\mmcss.sys
19:33:49.0670 0x1c7c  MMCSS - ok
19:33:49.0673 0x1c7c  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\Windows\system32\drivers\modem.sys
19:33:49.0684 0x1c7c  Modem - ok
19:33:49.0687 0x1c7c  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\Windows\System32\drivers\monitor.sys
19:33:49.0696 0x1c7c  monitor - ok
19:33:49.0699 0x1c7c  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\Windows\System32\drivers\mouclass.sys
19:33:49.0708 0x1c7c  mouclass - ok
19:33:49.0711 0x1c7c  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\Windows\System32\drivers\mouhid.sys
19:33:49.0719 0x1c7c  mouhid - ok
19:33:49.0723 0x1c7c  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:33:49.0732 0x1c7c  mountmgr - ok
19:33:49.0736 0x1c7c  [ A43F5F2D3D71A902502D61E71A18C265, 9685DABFF80EFFFD28B9B12696BF4821F30989C8441EA0AA3FF0F03ED799AD9D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:33:49.0743 0x1c7c  MozillaMaintenance - ok
19:33:49.0747 0x1c7c  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:33:49.0756 0x1c7c  mpsdrv - ok
19:33:49.0772 0x1c7c  [ 553F19DC6F3F73545CB17FCD7A8AE37B, 49ABB625EB9C2981254EEA1FE7858DF630BA2D65653CC91CD4FEEACF69C5392F ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:33:49.0802 0x1c7c  MpsSvc - ok
19:33:49.0808 0x1c7c  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:33:49.0819 0x1c7c  MRxDAV - ok
19:33:49.0829 0x1c7c  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:33:49.0844 0x1c7c  mrxsmb - ok
19:33:49.0848 0x0b68  Object required for P2P: [ 2619DC483579DB9FE804044C1ADFFD1A ] dam
19:33:49.0851 0x1c7c  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:33:49.0865 0x1c7c  mrxsmb10 - ok
19:33:49.0871 0x1c7c  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:33:49.0882 0x1c7c  mrxsmb20 - ok
19:33:49.0887 0x1c7c  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\Windows\system32\drivers\bridge.sys
19:33:49.0897 0x1c7c  MsBridge - ok
19:33:49.0902 0x1c7c  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\Windows\System32\msdtc.exe
19:33:49.0914 0x1c7c  MSDTC - ok
19:33:49.0920 0x1c7c  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:33:49.0929 0x1c7c  Msfs - ok
19:33:49.0932 0x1c7c  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
19:33:49.0939 0x1c7c  msgpiowin32 - ok
19:33:49.0942 0x1c7c  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:33:49.0950 0x1c7c  mshidkmdf - ok
19:33:49.0953 0x1c7c  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
19:33:49.0961 0x1c7c  mshidumdf - ok
19:33:49.0964 0x1c7c  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:33:49.0971 0x1c7c  msisadrv - ok
19:33:49.0976 0x1c7c  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:33:49.0988 0x1c7c  MSiSCSI - ok
19:33:49.0990 0x1c7c  msiserver - ok
19:33:49.0993 0x1c7c  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\Windows\system32\DRIVERS\MSKSSRV.sys
19:33:50.0002 0x1c7c  MSKSSRV - ok
19:33:50.0006 0x1c7c  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
19:33:50.0016 0x1c7c  MsLldp - ok
19:33:50.0019 0x1c7c  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\Windows\system32\DRIVERS\MSPCLOCK.sys
19:33:50.0027 0x1c7c  MSPCLOCK - ok
19:33:50.0030 0x1c7c  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\Windows\system32\DRIVERS\MSPQM.sys
19:33:50.0038 0x1c7c  MSPQM - ok
19:33:50.0045 0x1c7c  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:33:50.0058 0x1c7c  MsRPC - ok
19:33:50.0062 0x1c7c  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
19:33:50.0069 0x1c7c  mssmbios - ok
19:33:50.0071 0x1c7c  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\Windows\system32\DRIVERS\MSTEE.sys
19:33:50.0080 0x1c7c  MSTEE - ok
19:33:50.0082 0x1c7c  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
19:33:50.0091 0x1c7c  MTConfig - ok
19:33:50.0095 0x1c7c  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:33:50.0104 0x1c7c  Mup - ok
19:33:50.0107 0x1c7c  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
19:33:50.0115 0x1c7c  mvumis - ok
19:33:50.0126 0x1c7c  [ 536A0806CE2061A2157E65D4D8ABF30C, F9893F66505E3F748365CD4625B34357531804BDFE33E57285C0106C03F7916C ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:33:50.0148 0x1c7c  NativeWifiP - ok
19:33:50.0153 0x1c7c  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\Windows\System32\ncasvc.dll
19:33:50.0165 0x1c7c  NcaSvc - ok
19:33:50.0172 0x1c7c  [ 7467BD76D6ED5981E6C3DBFEB50F0F4D, 237E1C2E15D5F3BAC49B09E1CD0EAE56A6998AE1FF560A4F7A7EFFEB46884798 ] NcbService      C:\Windows\System32\ncbservice.dll
19:33:50.0188 0x1c7c  NcbService - ok
19:33:50.0192 0x1c7c  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
19:33:50.0208 0x1c7c  NcdAutoSetup - ok
19:33:50.0212 0x1c7c  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
19:33:50.0219 0x1c7c  ndfltr - ok
19:33:50.0239 0x1c7c  [ AFAECF904F1C343EBD50F91BC8D0DBE8, FABAE70F62895708415B8E176A880D2D20D46D9A14C3D41D371B905CE4D64BA0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:33:50.0268 0x1c7c  NDIS - ok
19:33:50.0273 0x1c7c  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
19:33:50.0282 0x1c7c  NdisCap - ok
19:33:50.0285 0x1c7c  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
19:33:50.0298 0x1c7c  NdisImPlatform - ok
19:33:50.0301 0x1c7c  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:33:50.0311 0x1c7c  NdisTapi - ok
19:33:50.0314 0x1c7c  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
19:33:50.0323 0x1c7c  Ndisuio - ok
19:33:50.0326 0x1c7c  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
19:33:50.0331 0x05d0  Object send P2P result: true
19:33:50.0336 0x1c7c  NdisVirtualBus - ok
19:33:50.0341 0x1c7c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
19:33:50.0355 0x1c7c  NdisWan - ok
19:33:50.0360 0x1c7c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
19:33:50.0373 0x1c7c  ndiswanlegacy - ok
19:33:50.0377 0x1c7c  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
19:33:50.0387 0x1c7c  ndproxy - ok
19:33:50.0391 0x1c7c  [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu             C:\Windows\system32\drivers\Ndu.sys
19:33:50.0401 0x1c7c  Ndu - ok
19:33:50.0404 0x1c7c  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
19:33:50.0412 0x1c7c  NetBIOS - ok
19:33:50.0420 0x1c7c  [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:33:50.0435 0x1c7c  NetBT - ok
19:33:50.0438 0x1c7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\Windows\system32\lsass.exe
19:33:50.0446 0x1c7c  Netlogon - ok
19:33:50.0453 0x1c7c  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\Windows\System32\netman.dll
19:33:50.0469 0x1c7c  Netman - ok
19:33:50.0479 0x1c7c  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\Windows\System32\netprofmsvc.dll
19:33:50.0502 0x1c7c  netprofm - ok
19:33:50.0509 0x1c7c  [ 3D58D04A9269CE21B61960544A05573D, 250DB1266EE37BAAA9F9E51434879DB4564A8550FCAB28BAB3308772882850CF ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
19:33:50.0522 0x1c7c  NetSetupSvc - ok
19:33:50.0528 0x1c7c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:50.0536 0x1c7c  NetTcpPortSharing - ok
19:33:50.0544 0x1c7c  [ 91B32D7036700BEED5343E1F6A7122CC, 8123CA398A79F0E69126F962AA29C2464FAB50182E961CB6A6ADB6CEA09A6732 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
19:33:50.0559 0x1c7c  NgcCtnrSvc - ok
19:33:50.0572 0x1c7c  [ C64B693DF26EB7BFF25F9BAD8B54D571, 12363E81B329D048E0148739AA542958F7CAF6FF3404BB001AF51850EF84338D ] NgcSvc          C:\Windows\system32\ngcsvc.dll
19:33:50.0596 0x1c7c  NgcSvc - ok
19:33:50.0604 0x1c7c  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:33:50.0623 0x1c7c  NlaSvc - ok
19:33:50.0626 0x1c7c  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
19:33:50.0631 0x1c7c  NPF - ok
19:33:50.0634 0x1c7c  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:33:50.0644 0x1c7c  Npfs - ok
19:33:50.0647 0x1c7c  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
19:33:50.0655 0x1c7c  npsvctrig - ok
19:33:50.0658 0x1c7c  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\Windows\system32\nsisvc.dll
19:33:50.0667 0x1c7c  nsi - ok
19:33:50.0670 0x1c7c  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:33:50.0679 0x1c7c  nsiproxy - ok
19:33:50.0713 0x1c7c  [ 58BFFEF692A47FCE3FAAEDBC8F3DCBBB, 4F55CDF153306B17EDEA6F621939990667735676CBA460CC3078789C2766EF68 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
19:33:50.0760 0x1c7c  NTFS - ok
19:33:50.0764 0x1c7c  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\Windows\system32\drivers\Null.sys
19:33:50.0772 0x1c7c  Null - ok
19:33:50.0777 0x1c7c  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:33:50.0787 0x1c7c  nvraid - ok
19:33:50.0791 0x1c7c  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:33:50.0802 0x1c7c  nvstor - ok
19:33:50.0806 0x1c7c  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:33:50.0815 0x1c7c  nv_agp - ok
19:33:50.0823 0x1c7c  [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
19:33:50.0842 0x1c7c  OneSyncSvc - ok
19:33:50.0847 0x1910  Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
19:33:50.0849 0x1c7c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:33:50.0858 0x1c7c  ose - ok
19:33:50.0867 0x1c7c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:33:50.0884 0x1c7c  p2pimsvc - ok
19:33:50.0893 0x1c7c  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\Windows\system32\p2psvc.dll
19:33:50.0912 0x1c7c  p2psvc - ok
19:33:50.0917 0x1c7c  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\Windows\System32\drivers\parport.sys
19:33:50.0919 0x0b08  Object send P2P result: true
19:33:50.0919 0x0b08  Object required for P2P: [ 98BB62ABFD17F284C3C5DE40F8266F3C ] Avira.ServiceHost
19:33:50.0928 0x1c7c  Parport - ok
19:33:50.0932 0x1c7c  [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:33:50.0941 0x1c7c  partmgr - ok
19:33:50.0944 0x1c7c  [ DA47E1FA043F87A697B68C40B63ECBEB, FD4EFB739B871108BDE10BA14B3266817558406DBA7D223E8A6DFF8372729FED ] passthruparser  C:\Windows\system32\drivers\passthruparser.sys
19:33:50.0952 0x1c7c  passthruparser - ok
19:33:50.0962 0x1c7c  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:33:50.0979 0x1c7c  PcaSvc - ok
19:33:50.0987 0x1c7c  [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci             C:\Windows\system32\drivers\pci.sys
19:33:51.0000 0x1c7c  pci - ok
19:33:51.0002 0x1c7c  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:33:51.0010 0x1c7c  pciide - ok
19:33:51.0013 0x1c7c  [ 3F4E984C82B490F8EA686302990A54A9, B81A0C5DE83B7F1EB2C251CCC3485E41616C9D7262C80F53D6229F6F18034756 ] pcip            C:\Windows\System32\drivers\pcip.sys
19:33:51.0022 0x1c7c  pcip - ok
19:33:51.0026 0x1c7c  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:33:51.0035 0x1c7c  pcmcia - ok
19:33:51.0039 0x1c7c  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:33:51.0047 0x1c7c  pcw - ok
19:33:51.0051 0x1c7c  [ 48F3A3222CF340FE31535CB6D49C6D6F, 5F8904871219FA6C1BD74747583855B0FBCE42F340A3BE10270D8D3F02766E9D ] pdc             C:\Windows\system32\drivers\pdc.sys
19:33:51.0061 0x1c7c  pdc - ok
19:33:51.0075 0x1c7c  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:33:51.0104 0x1c7c  PEAUTH - ok
19:33:51.0138 0x1c7c  [ C7D210982B6C8454E52191D0DCF6DC52, D53D575CD9A0AB7EA94E7D1B9730ABE0A582CA3460AEAC4680D01034D69D3949 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:33:51.0197 0x1c7c  PeerDistSvc - ok
19:33:51.0202 0x1c7c  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
19:33:51.0210 0x1c7c  percsas2i - ok
19:33:51.0214 0x1c7c  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
19:33:51.0222 0x1c7c  percsas3i - ok
19:33:51.0233 0x1c7c  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:33:51.0242 0x1c7c  PerfHost - ok
19:33:51.0261 0x1c7c  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\Windows\System32\PhoneService.dll
19:33:51.0289 0x1c7c  PhoneSvc - ok
19:33:51.0297 0x1c7c  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
19:33:51.0312 0x1c7c  PimIndexMaintenanceSvc - ok
19:33:51.0341 0x1c7c  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\Windows\system32\pla.dll
19:33:51.0388 0x1c7c  pla - ok
19:33:51.0395 0x1c7c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:33:51.0410 0x1c7c  PlugPlay - ok
19:33:51.0414 0x1c7c  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:33:51.0424 0x1c7c  PNRPAutoReg - ok
19:33:51.0433 0x1c7c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:33:51.0451 0x1c7c  PNRPsvc - ok
19:33:51.0460 0x1c7c  [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:33:51.0479 0x1c7c  PolicyAgent - ok
19:33:51.0484 0x1c7c  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\Windows\system32\umpo.dll
19:33:51.0496 0x1c7c  Power - ok
19:33:51.0499 0x1c7c  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
19:33:51.0511 0x1c7c  PptpMiniport - ok
19:33:51.0522 0x1ef8  Object send P2P result: true
19:33:51.0563 0x1c7c  [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
19:33:51.0651 0x1c7c  PrintNotify - ok
19:33:51.0658 0x1c7c  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\Windows\System32\drivers\processr.sys
19:33:51.0668 0x1c7c  Processor - ok
19:33:51.0676 0x1c7c  [ A08AAC62EF7A1E291B3E895B5864BB86, 340E6648F9A5F4B7543FDEC5BDAFBDA3DE319B8F998FF2EF60D02EE5EF3D56CB ] ProfSvc         C:\Windows\system32\profsvc.dll
19:33:51.0693 0x1c7c  ProfSvc - ok
19:33:51.0697 0x1c7c  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\Windows\system32\drivers\pacer.sys
19:33:51.0707 0x1c7c  Psched - ok
19:33:51.0711 0x1c7c  [ C5C8531652AB3C9839C28EEE939186D5, 6C3556741FDE5ADD7CF8F7490DE7AF156D9433D61253A4388EFB9AF7665767D6 ] pvhdparser      C:\Windows\system32\drivers\pvhdparser.sys
19:33:51.0720 0x1c7c  pvhdparser - ok
19:33:51.0726 0x1c7c  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\Windows\system32\qwave.dll
19:33:51.0741 0x1c7c  QWAVE - ok
19:33:51.0745 0x1c7c  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:33:51.0754 0x1c7c  QWAVEdrv - ok
19:33:51.0757 0x1c7c  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:33:51.0765 0x1c7c  RasAcd - ok
19:33:51.0769 0x1c7c  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
19:33:51.0782 0x1c7c  RasAgileVpn - ok
19:33:51.0786 0x1c7c  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\Windows\System32\rasauto.dll
19:33:51.0798 0x1c7c  RasAuto - ok
19:33:51.0802 0x1c7c  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
19:33:51.0812 0x1c7c  Rasl2tp - ok
19:33:51.0826 0x1c7c  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\Windows\System32\rasmans.dll
19:33:51.0853 0x1c7c  RasMan - ok
19:33:51.0859 0x1c7c  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:33:51.0870 0x1c7c  RasPppoe - ok
19:33:51.0874 0x1c7c  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
19:33:51.0886 0x1c7c  RasSstp - ok
19:33:51.0895 0x1c7c  [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:33:51.0910 0x1c7c  rdbss - ok
19:33:51.0914 0x1c7c  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
19:33:51.0923 0x1c7c  rdpbus - ok
19:33:51.0929 0x1c7c  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:33:51.0941 0x1c7c  RDPDR - ok
19:33:51.0945 0x1c7c  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:33:51.0952 0x1c7c  RdpVideoMiniport - ok
19:33:51.0959 0x1c7c  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:33:51.0970 0x1c7c  rdyboost - ok
19:33:51.0986 0x1c7c  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
19:33:52.0010 0x1c7c  ReFSv1 - ok
19:33:52.0021 0x1c7c  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:33:52.0043 0x1c7c  RemoteAccess - ok
19:33:52.0048 0x1c7c  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:33:52.0065 0x1c7c  RemoteRegistry - ok
19:33:52.0084 0x1c7c  [ AD43141CE6D5074DA1D28B5BCD4E4507, C1A9AA856DD4FEE00BBA329C150E0CBCD1CE13ED0BB7B4AC9B152321CD854212 ] RetailDemo      C:\Windows\system32\RDXService.dll
19:33:52.0124 0x1c7c  RetailDemo - ok
19:33:52.0128 0x1c7c  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
19:33:52.0134 0x1c7c  rpcapd - ok
19:33:52.0137 0x1c7c  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:33:52.0149 0x1c7c  RpcEptMapper - ok
19:33:52.0151 0x1c7c  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\Windows\system32\locator.exe
19:33:52.0161 0x1c7c  RpcLocator - ok
19:33:52.0177 0x1c7c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\Windows\system32\rpcss.dll
19:33:52.0208 0x1c7c  RpcSs - ok
19:33:52.0212 0x1c7c  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\Windows\system32\drivers\rspndr.sys
19:33:52.0224 0x1c7c  rspndr - ok
19:33:52.0235 0x1c7c  [ FBEFF38DE03450E03E6CD9E8E37A8C74, C1C0876785DB4366D67792A3AFA219FC933FC1894AF93D07B0016BBCC81A5886 ] rt640x64        C:\Windows\System32\drivers\rt640x64.sys
19:33:52.0257 0x1c7c  rt640x64 - ok
19:33:52.0260 0x1c7c  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
19:33:52.0268 0x1c7c  s3cap - ok
19:33:52.0271 0x1c7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\Windows\system32\lsass.exe
19:33:52.0280 0x1c7c  SamSs - ok
19:33:52.0283 0x1c7c  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:33:52.0292 0x1c7c  sbp2port - ok
19:33:52.0298 0x1c7c  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:33:52.0315 0x1c7c  SCardSvr - ok
19:33:52.0320 0x1c7c  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
19:33:52.0335 0x1c7c  ScDeviceEnum - ok
19:33:52.0338 0x1c7c  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:33:52.0350 0x1c7c  scfilter - ok
19:33:52.0368 0x1c7c  [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule        C:\Windows\system32\schedsvc.dll
19:33:52.0400 0x1c7c  Schedule - ok
19:33:52.0406 0x1c7c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:33:52.0420 0x1c7c  SCPolicySvc - ok
19:33:52.0427 0x1c7c  [ 70165A0A2653FB8AFDE3D85000727F29, BAC35D7B0296CAC78EAC4266FC96E292174827E0B24ECAF085228B26A5052911 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
19:33:52.0439 0x1c7c  sdbus - ok
19:33:52.0444 0x1c7c  [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:33:52.0455 0x1c7c  SDRSVC - ok
19:33:52.0460 0x1c7c  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
19:33:52.0468 0x1c7c  sdstor - ok
19:33:52.0471 0x1c7c  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\Windows\system32\seclogon.dll
19:33:52.0480 0x1c7c  seclogon - ok
19:33:52.0483 0x1c7c  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\Windows\System32\sens.dll
19:33:52.0497 0x1c7c  SENS - ok
19:33:52.0518 0x1c7c  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\Windows\System32\SensorDataService.exe
19:33:52.0562 0x1c7c  SensorDataService - ok
19:33:52.0571 0x1c7c  [ A74C62AE99A015CD6275F0D8D8843886, DF08E0BB1160E054C6B000BC5F62DEF77C6D9E4B5679AD013C313BA14207B589 ] SensorService   C:\Windows\system32\SensorService.dll
19:33:52.0589 0x1c7c  SensorService - ok
19:33:52.0595 0x1c7c  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:33:52.0609 0x1c7c  SensrSvc - ok
19:33:52.0613 0x1c7c  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\Windows\system32\drivers\SerCx.sys
19:33:52.0621 0x1c7c  SerCx - ok
19:33:52.0627 0x1c7c  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
19:33:52.0636 0x1c7c  SerCx2 - ok
19:33:52.0640 0x1c7c  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\Windows\System32\drivers\serenum.sys
19:33:52.0650 0x1c7c  Serenum - ok
19:33:52.0654 0x1c7c  [ 88D58E1DAA6C5062DD3A26273106961F, D1E2FF37C888245BD0BABCD7C6B76AD5A87415B68FEFE37B5FA29AE3342AE50B ] Serial          C:\Windows\System32\drivers\serial.sys
19:33:52.0665 0x1c7c  Serial - ok
19:33:52.0668 0x1c7c  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
19:33:52.0677 0x1c7c  sermouse - ok
19:33:52.0688 0x1c7c  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\Windows\system32\sessenv.dll
19:33:52.0706 0x1c7c  SessionEnv - ok
19:33:52.0710 0x1c7c  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
19:33:52.0718 0x1c7c  sfloppy - ok
19:33:52.0723 0x0b68  Object send P2P result: true
19:33:52.0728 0x1878  Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
19:33:52.0728 0x1c7c  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:33:52.0748 0x1c7c  SharedAccess - ok
19:33:52.0760 0x1c7c  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:33:52.0788 0x1c7c  ShellHWDetection - ok
19:33:52.0791 0x1c7c  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:33:52.0799 0x1c7c  SiSRaid2 - ok
19:33:52.0802 0x1c7c  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:33:52.0810 0x1c7c  SiSRaid4 - ok
19:33:52.0813 0x1c7c  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\Windows\System32\smphost.dll
19:33:52.0825 0x1c7c  smphost - ok
19:33:52.0838 0x1c7c  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
19:33:52.0860 0x1c7c  SmsRouter - ok
19:33:52.0866 0x1c7c  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:33:52.0878 0x1c7c  SNMPTRAP - ok
19:33:52.0889 0x1c7c  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\Windows\system32\drivers\spaceport.sys
19:33:52.0905 0x1c7c  spaceport - ok
19:33:52.0909 0x1c7c  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
19:33:52.0917 0x1c7c  SpbCx - ok
19:33:52.0931 0x1c7c  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\Windows\System32\spoolsv.exe
19:33:52.0957 0x1c7c  Spooler - ok
19:33:53.0052 0x1c7c  [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc          C:\Windows\system32\sppsvc.exe
19:33:53.0175 0x1c7c  sppsvc - ok
19:33:53.0189 0x1c7c  [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:33:53.0206 0x1c7c  srv - ok
19:33:53.0219 0x1c7c  [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:33:53.0242 0x1c7c  srv2 - ok
19:33:53.0248 0x1c7c  [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:33:53.0261 0x1c7c  srvnet - ok
19:33:53.0267 0x1c7c  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:33:53.0283 0x1c7c  SSDPSRV - ok
19:33:53.0289 0x1c7c  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:33:53.0301 0x1910  Object send P2P result: true
19:33:53.0301 0x1910  Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
19:33:53.0305 0x1c7c  SstpSvc - ok
19:33:53.0348 0x1c7c  [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\Windows\system32\windows.staterepository.dll
19:33:53.0419 0x1c7c  StateRepository - ok
19:33:53.0437 0x1c7c  [ D27C8C88CEB69075465B41DA6ECF3374, B1A70A30787080474E901E4743996EEE4FCD09BEDBBA89CE57ACAE05A67907AB ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:33:53.0453 0x1c7c  Steam Client Service - ok
19:33:53.0457 0x1c7c  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:33:53.0464 0x1c7c  stexstor - ok
19:33:53.0477 0x1c7c  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\Windows\System32\wiaservc.dll
19:33:53.0500 0x1c7c  stisvc - ok
19:33:53.0506 0x1c7c  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\Windows\system32\drivers\storahci.sys
19:33:53.0515 0x1c7c  storahci - ok
19:33:53.0518 0x1c7c  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:33:53.0525 0x1c7c  storflt - ok
19:33:53.0529 0x1c7c  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\Windows\system32\drivers\stornvme.sys
19:33:53.0537 0x1c7c  stornvme - ok
19:33:53.0541 0x1c7c  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
19:33:53.0550 0x1c7c  storqosflt - ok
19:33:53.0563 0x1c7c  [ 9953FA89A4E3BC33296DAFB1ACFDC62F, D2F2698834691FF7915BDFFB82DB549354311A5DD7D37BF767F95D407AC4019F ] StorSvc         C:\Windows\system32\storsvc.dll
19:33:53.0586 0x1c7c  StorSvc - ok
19:33:53.0589 0x1c7c  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\Windows\system32\drivers\storufs.sys
19:33:53.0601 0x1c7c  storufs - ok
19:33:53.0604 0x1c7c  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:33:53.0611 0x1c7c  storvsc - ok
19:33:53.0615 0x1c7c  [ 5399DC59AFBED2D5A32603D1D81D2328, 2AF5C70D14E1041EC8CFC1013DD61734EF0E1E7F6830FCD1F04628C5736D9DA4 ] storvsp         C:\Windows\System32\drivers\storvsp.sys
19:33:53.0625 0x1c7c  storvsp - ok
19:33:53.0627 0x1c7c  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\Windows\system32\svsvc.dll
19:33:53.0639 0x1c7c  svsvc - ok
19:33:53.0642 0x1c7c  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\Windows\System32\drivers\swenum.sys
19:33:53.0649 0x1c7c  swenum - ok
19:33:53.0659 0x1c7c  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\Windows\System32\swprv.dll
19:33:53.0682 0x1c7c  swprv - ok
19:33:53.0685 0x1c7c  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
19:33:53.0695 0x1c7c  Synth3dVsc - ok
19:33:53.0699 0x1c7c  [ 93ABD3FCFC36A55D97A5B4A9F6636A73, E3F08CDBEEA6E972E41D01FE02ECCF2ACABA42676B5B544348A9A834C1CBBDBB ] Synth3dVsp      C:\Windows\system32\drivers\synth3dvsp.sys
19:33:53.0709 0x1c7c  Synth3dVsp - ok
19:33:53.0728 0x1c7c  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\Windows\system32\sysmain.dll
19:33:53.0765 0x1c7c  SysMain - ok
19:33:53.0774 0x1c7c  [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:33:53.0791 0x1c7c  SystemEventsBroker - ok
19:33:53.0796 0x1c7c  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:33:53.0808 0x1c7c  TabletInputService - ok
19:33:53.0815 0x1c7c  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:33:53.0824 0x0b08  Object send P2P result: true
19:33:53.0824 0x0b08  Object required for P2P: [ 34E728ACD12ACC3C8502F437DF4D6601 ] BEService
19:33:53.0832 0x1c7c  TapiSrv - ok
19:33:53.0871 0x1c7c  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:33:53.0920 0x1c7c  Tcpip - ok
19:33:53.0961 0x1c7c  [ 892F30506DCCF230C5A57019C1D8D31B, 52C83A963E2D05770B6A281E8E559C8203E102D6B4C9C37801B1F58CB4B92D2F ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
19:33:54.0010 0x1c7c  Tcpip6 - ok
19:33:54.0016 0x1c7c  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:33:54.0027 0x1c7c  tcpipreg - ok
19:33:54.0031 0x1c7c  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:33:54.0040 0x1c7c  tdx - ok
19:33:54.0043 0x1c7c  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
19:33:54.0051 0x1c7c  terminpt - ok
19:33:54.0069 0x1c7c  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\Windows\System32\termsrv.dll
19:33:54.0102 0x1c7c  TermService - ok
19:33:54.0106 0x1c7c  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\Windows\system32\themeservice.dll
19:33:54.0122 0x1c7c  Themes - ok
19:33:54.0129 0x1c7c  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
19:33:54.0148 0x1c7c  TieringEngineService - ok
19:33:54.0158 0x1c7c  [ FC971E1D1B5900C231591A7720FCD8B8, DF58C350977019E4A8F381FB35702E9BEA89F6A8C6BF36C56376D36BC8FE630F ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
19:33:54.0178 0x1c7c  tiledatamodelsvc - ok
19:33:54.0183 0x1c7c  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
19:33:54.0196 0x1c7c  TimeBroker - ok
19:33:54.0201 0x1c7c  [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM             C:\Windows\System32\drivers\tpm.sys
19:33:54.0212 0x1c7c  TPM - ok
19:33:54.0216 0x1c7c  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\Windows\System32\trkwks.dll
19:33:54.0228 0x1c7c  TrkWks - ok
19:33:54.0231 0x1c7c  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:33:54.0242 0x1c7c  TrustedInstaller - ok
19:33:54.0245 0x1c7c  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
19:33:54.0255 0x1c7c  tsusbflt - ok
19:33:54.0258 0x1c7c  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
19:33:54.0266 0x1c7c  TsUsbGD - ok
19:33:54.0271 0x1c7c  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\Windows\System32\drivers\tunnel.sys
19:33:54.0284 0x1c7c  tunnel - ok
19:33:54.0288 0x1c7c  [ 1A9A77ACDAC29C39F50D2A492FD0DB16, E21F2E2BA6EABE0F6B5A1930DDB2CE5A921389A58C08A2D3F66D245E8698E6B4 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
19:33:54.0298 0x1c7c  tzautoupdate - ok
19:33:54.0301 0x1c7c  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:33:54.0310 0x1c7c  uagp35 - ok
19:33:54.0313 0x1c7c  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
19:33:54.0321 0x1c7c  UASPStor - ok
19:33:54.0324 0x1c7c  [ 3995CC3DEDED258768B8EBC2F4C0DC73, 130E99EF13EB494B8BB6A8E037DD8D59C195190EA3C27CA9E3A695AF4349DC7C ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
19:33:54.0333 0x1c7c  UcmCx0101 - ok
19:33:54.0336 0x1c7c  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
19:33:54.0345 0x1c7c  UcmUcsi - ok
19:33:54.0351 0x1c7c  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
19:33:54.0361 0x1c7c  Ucx01000 - ok
19:33:54.0364 0x1c7c  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
19:33:54.0372 0x1c7c  UdeCx - ok
19:33:54.0380 0x1c7c  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:33:54.0398 0x1c7c  udfs - ok
19:33:54.0401 0x1c7c  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
19:33:54.0408 0x1c7c  UEFI - ok
19:33:54.0414 0x1c7c  [ 5F0D997E6FC5A418D7673148CEF72887, 6C142CB8F06E5958045451253C9188CE876A84D08266FFD7F64AAE09964D8431 ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
19:33:54.0426 0x1c7c  Ufx01000 - ok
19:33:54.0429 0x1c7c  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
19:33:54.0437 0x1c7c  UfxChipidea - ok
19:33:54.0442 0x1c7c  [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
19:33:54.0451 0x1c7c  ufxsynopsys - ok
19:33:54.0455 0x1c7c  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:33:54.0468 0x1c7c  UI0Detect - ok
19:33:54.0471 0x1c7c  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:33:54.0480 0x1c7c  uliagpkx - ok
19:33:54.0483 0x1c7c  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\Windows\System32\drivers\umbus.sys
19:33:54.0492 0x1c7c  umbus - ok
19:33:54.0495 0x1c7c  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\Windows\System32\drivers\umpass.sys
19:33:54.0502 0x1c7c  UmPass - ok
19:33:54.0510 0x1c7c  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:33:54.0525 0x1c7c  UmRdpService - ok
19:33:54.0546 0x1c7c  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\Windows\System32\unistore.dll
19:33:54.0583 0x1c7c  UnistoreSvc - ok
19:33:54.0595 0x1c7c  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\Windows\System32\upnphost.dll
19:33:54.0616 0x1c7c  upnphost - ok
19:33:54.0619 0x1c7c  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
19:33:54.0626 0x1c7c  UrsChipidea - ok
19:33:54.0629 0x1c7c  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
19:33:54.0637 0x1c7c  UrsCx01000 - ok
19:33:54.0639 0x1c7c  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
19:33:54.0647 0x1c7c  UrsSynopsys - ok
19:33:54.0651 0x1c7c  [ 9F9D5E2086BB9AEEA96E9BF73B7B2D32, AFA84CE1E96C07EBFB7A05D0181C876E027B848AF6C6DB932765912B814CAF56 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:33:54.0662 0x1c7c  usbaudio - ok
19:33:54.0666 0x1c7c  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
19:33:54.0676 0x1c7c  usbccgp - ok
19:33:54.0680 0x1c7c  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\Windows\System32\drivers\usbcir.sys
19:33:54.0690 0x1c7c  usbcir - ok
19:33:54.0694 0x1c7c  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\Windows\System32\drivers\usbehci.sys
19:33:54.0702 0x1c7c  usbehci - ok
19:33:54.0713 0x1c7c  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\Windows\System32\drivers\usbhub.sys
19:33:54.0728 0x1c7c  usbhub - ok
19:33:54.0739 0x1c7c  [ B7E1CAA9429E4C3E7E01CB35B97E1536, 11A6431C27821F247202AC9F18441FEA26544630461522C129F1671257C527BA ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
19:33:54.0755 0x1c7c  USBHUB3 - ok
19:33:54.0759 0x1c7c  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
19:33:54.0767 0x1c7c  usbohci - ok
19:33:54.0770 0x1c7c  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
19:33:54.0779 0x1c7c  usbprint - ok
19:33:54.0783 0x1c7c  [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser          C:\Windows\System32\drivers\usbser.sys
19:33:54.0792 0x1c7c  usbser - ok
19:33:54.0797 0x1c7c  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
19:33:54.0806 0x1c7c  USBSTOR - ok
19:33:54.0809 0x1c7c  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
19:33:54.0818 0x1c7c  usbuhci - ok
19:33:54.0826 0x1c7c  [ 325727F01F03C504CF788618A13DC266, 9F685113F714ADBC6DCD423CCD205F71E00D1AA9B5DD045B95E61E53B0F8E9AF ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
19:33:54.0840 0x1c7c  USBXHCI - ok
19:33:54.0866 0x1c7c  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\Windows\System32\userdataservice.dll
19:33:54.0909 0x1c7c  UserDataSvc - ok
19:33:54.0930 0x1c7c  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\Windows\System32\usermgr.dll
19:33:54.0960 0x1c7c  UserManager - ok
19:33:54.0968 0x1c7c  [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc          C:\Windows\system32\usocore.dll
19:33:54.0985 0x1c7c  UsoSvc - ok
19:33:54.0989 0x1c7c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\Windows\system32\lsass.exe
19:33:54.0997 0x1c7c  VaultSvc - ok
19:33:55.0001 0x1c7c  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:33:55.0008 0x1c7c  vdrvroot - ok
19:33:55.0021 0x1c7c  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\Windows\System32\vds.exe
19:33:55.0049 0x1c7c  vds - ok
19:33:55.0054 0x1c7c  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
19:33:55.0065 0x1c7c  VerifierExt - ok
19:33:55.0078 0x1c7c  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
19:33:55.0098 0x1c7c  vhdmp - ok
19:33:55.0101 0x1c7c  [ 100CB4D54BE6AFC511E613588AB578E8, AB86CCDF45CE92CBA787BC799AC0F722E03C4D4CCBB41164F9F0B3654215C5A6 ] vhdparser       C:\Windows\system32\drivers\vhdparser.sys
19:33:55.0110 0x1c7c  vhdparser - ok
19:33:55.0112 0x1878  Object send P2P result: true
19:33:55.0112 0x1c7c  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\Windows\System32\drivers\vhf.sys
19:33:55.0121 0x1c7c  vhf - ok
19:33:55.0127 0x1c7c  [ 872DCA6EEE13E2A8A53C60206EE71527, 4A2334DCA88641B660A855C28CE6C207788AA3669A5B45818AC52B3224BF7655 ] Vid             C:\Windows\System32\drivers\Vid.sys
19:33:55.0141 0x1c7c  Vid - ok
19:33:55.0145 0x1c7c  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:33:55.0154 0x1c7c  vmbus - ok
19:33:55.0156 0x1c7c  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
19:33:55.0165 0x1c7c  VMBusHID - ok
19:33:55.0169 0x1c7c  [ DF4EDDB3E556B069E50BD1E42F1C8F0F, 9AEB2BAEFE7B111E754D8B1B5B7B913BD83D7CB0545267EA4E8CF46FBE98B57F ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
19:33:55.0181 0x1c7c  vmbusr - ok
19:33:55.0201 0x1c7c  [ 2E56D59C9D915756C01B1ACC4137E93A, 15E0B10B73202093588F901543AE1648ED3D6F606C8285A02EF66E51CE10FF49 ] vmcompute       C:\Windows\system32\vmcompute.exe
19:33:55.0235 0x1c7c  vmcompute - ok
19:33:55.0246 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\Windows\System32\ICSvc.dll
19:33:55.0266 0x1c7c  vmicguestinterface - ok
19:33:55.0276 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
19:33:55.0295 0x1c7c  vmicheartbeat - ok
19:33:55.0304 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\Windows\System32\ICSvc.dll
19:33:55.0324 0x1c7c  vmickvpexchange - ok
19:33:55.0334 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\Windows\System32\ICSvc.dll
19:33:55.0355 0x1c7c  vmicrdv - ok
19:33:55.0365 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\Windows\System32\ICSvc.dll
19:33:55.0386 0x1c7c  vmicshutdown - ok
19:33:55.0395 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\Windows\System32\ICSvc.dll
19:33:55.0416 0x1c7c  vmictimesync - ok
19:33:55.0425 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\Windows\System32\ICSvc.dll
19:33:55.0445 0x1c7c  vmicvmsession - ok
19:33:55.0455 0x1c7c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\Windows\System32\ICSvc.dll
19:33:55.0475 0x1c7c  vmicvss - ok
19:33:55.0679 0x1c7c  [ EF8DC421354A33B7B607E2A908B8E1AB, 406E77FF8BC58BAD30835E33033A5269D6AEDB8878B214A946D54B57D5B44EA3 ] vmms            C:\Windows\system32\vmms.exe
19:33:55.0684 0x1910  Object send P2P result: true
19:33:56.0017 0x1c7c  vmms - ok
19:33:56.0045 0x1c7c  [ CE2F7AEE1966399C228443414C3D9351, BCFDF770A1CD8B6AC96691757D8593F055662A0FF3EF3EEC30146475EA35D94B ] vmsmp           C:\Windows\System32\drivers\vmswitch.sys
19:33:56.0075 0x1c7c  vmsmp - ok
19:33:56.0093 0x1c7c  [ CE2F7AEE1966399C228443414C3D9351, BCFDF770A1CD8B6AC96691757D8593F055662A0FF3EF3EEC30146475EA35D94B ] VMSP            C:\Windows\system32\drivers\vmswitch.sys
19:33:56.0123 0x1c7c  VMSP - ok
19:33:56.0127 0x1c7c  [ C109EE97BDB2CDEC89FA4BF3481A39CB, 856D9A123968CBD426BEBBF2085FCE31AAE557718A477FF0B1F645A09C902F9D ] vmsproxy        C:\Windows\system32\drivers\vmsproxy.sys
19:33:56.0135 0x1c7c  vmsproxy - ok
19:33:56.0152 0x1c7c  [ CE2F7AEE1966399C228443414C3D9351, BCFDF770A1CD8B6AC96691757D8593F055662A0FF3EF3EEC30146475EA35D94B ] VMSVSF          C:\Windows\system32\drivers\vmswitch.sys
19:33:56.0182 0x1c7c  VMSVSF - ok
19:33:56.0200 0x1c7c  [ CE2F7AEE1966399C228443414C3D9351, BCFDF770A1CD8B6AC96691757D8593F055662A0FF3EF3EEC30146475EA35D94B ] VMSVSP          C:\Windows\system32\drivers\vmswitch.sys
19:33:56.0216 0x0b08  Object send P2P result: true
19:33:56.0231 0x1c7c  VMSVSP - ok
19:33:56.0235 0x1c7c  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:33:56.0243 0x1c7c  volmgr - ok
19:33:56.0251 0x1c7c  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:33:56.0265 0x1c7c  volmgrx - ok
19:33:56.0274 0x1c7c  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:33:56.0288 0x1c7c  volsnap - ok
19:33:56.0292 0x1c7c  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\Windows\System32\drivers\vpci.sys
19:33:56.0300 0x1c7c  vpci - ok
19:33:56.0303 0x1c7c  [ 2372509964B5203FFC25ECB3C6B42E8B, 98B2F35C09AE2337193044CA0490EF142B44B47B85163F1221628D513FBFE4A6 ] vpcivsp         C:\Windows\System32\drivers\vpcivsp.sys
19:33:56.0314 0x1c7c  vpcivsp - ok
19:33:56.0319 0x1c7c  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:33:56.0329 0x1c7c  vsmraid - ok
19:33:56.0355 0x1c7c  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\Windows\system32\vssvc.exe
19:33:56.0403 0x1c7c  VSS - ok
19:33:56.0411 0x1c7c  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
19:33:56.0423 0x1c7c  VSTXRAID - ok
19:33:56.0426 0x1c7c  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:33:56.0436 0x1c7c  vwifibus - ok
19:33:56.0439 0x1c7c  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
19:33:56.0450 0x1c7c  vwififlt - ok
19:33:56.0461 0x1c7c  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\Windows\system32\w32time.dll
19:33:56.0486 0x1c7c  W32Time - ok
19:33:56.0489 0x1c7c  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
19:33:56.0498 0x1c7c  WacomPen - ok
19:33:56.0508 0x1c7c  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\Windows\system32\WalletService.dll
19:33:56.0528 0x1c7c  WalletService - ok
19:33:56.0532 0x1c7c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:33:56.0544 0x1c7c  wanarp - ok
19:33:56.0546 0x1c7c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:33:56.0558 0x1c7c  wanarpv6 - ok
19:33:56.0583 0x1c7c  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\Windows\system32\wbengine.exe
19:33:56.0628 0x1c7c  wbengine - ok
19:33:56.0642 0x1c7c  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:33:56.0665 0x1c7c  WbioSrvc - ok
19:33:56.0678 0x1c7c  [ E9A0D466F6D8EC349DB526146618BCB6, CFD6F3F979E4366A68FBEC3BE90A42BF3D65403A987E80741A720C0622871F32 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
19:33:56.0701 0x1c7c  Wcmsvc - ok
19:33:56.0711 0x1c7c  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:33:56.0732 0x1c7c  wcncsvc - ok
19:33:56.0735 0x1c7c  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:33:56.0745 0x1c7c  WcsPlugInService - ok
19:33:56.0748 0x1c7c  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
19:33:56.0756 0x1c7c  WdBoot - ok
19:33:56.0759 0x1c7c  [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\Windows\System32\drivers\wdcsam64.sys
19:33:56.0767 0x1c7c  WDC_SAM - ok
19:33:56.0782 0x1c7c  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:33:56.0801 0x1c7c  Wdf01000 - ok
19:33:56.0808 0x1c7c  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
19:33:56.0820 0x1c7c  WdFilter - ok
19:33:56.0824 0x1c7c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:33:56.0839 0x1c7c  WdiServiceHost - ok
19:33:56.0842 0x1c7c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:33:56.0857 0x1c7c  WdiSystemHost - ok
19:33:56.0869 0x1c7c  [ E70DDD8E2245CC67547B0861983912D8, 64C73B1496FFF1F6BB3D877CB5BE54DE35C303AE234B11FC90038DC4F73241D9 ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
19:33:56.0895 0x1c7c  wdiwifi - ok
19:33:56.0899 0x1c7c  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
19:33:56.0908 0x1c7c  WdNisDrv - ok
19:33:56.0910 0x1c7c  WdNisSvc - ok
19:33:56.0917 0x1c7c  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\Windows\System32\webclnt.dll
19:33:56.0935 0x1c7c  WebClient - ok
19:33:56.0942 0x1c7c  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:33:56.0958 0x1c7c  Wecsvc - ok
19:33:56.0961 0x1c7c  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
19:33:56.0973 0x1c7c  WEPHOSTSVC - ok
19:33:56.0977 0x1c7c  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:33:56.0993 0x1c7c  wercplsupport - ok
19:33:56.0997 0x1c7c  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:33:57.0014 0x1c7c  WerSvc - ok
19:33:57.0019 0x1c7c  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
19:33:57.0028 0x1c7c  WFPLWFS - ok
19:33:57.0032 0x1c7c  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\Windows\System32\wiarpc.dll
19:33:57.0043 0x1c7c  WiaRpc - ok
19:33:57.0046 0x1c7c  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:33:57.0053 0x1c7c  WIMMount - ok
19:33:57.0054 0x1c7c  WinDefend - ok
19:33:57.0060 0x1c7c  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
19:33:57.0069 0x1c7c  WindowsTrustedRT - ok
19:33:57.0072 0x1c7c  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
19:33:57.0079 0x1c7c  WindowsTrustedRTProxy - ok
19:33:57.0093 0x1c7c  [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:33:57.0121 0x1c7c  WinHttpAutoProxySvc - ok
19:33:57.0124 0x1c7c  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\Windows\System32\drivers\winmad.sys
19:33:57.0131 0x1c7c  WinMad - ok
19:33:57.0138 0x1c7c  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:33:57.0152 0x1c7c  Winmgmt - ok
19:33:57.0160 0x1c7c  [ C8932FBE1C00E8A37BBF6ED3BF22CA10, 6B349F8330CA3B07BDC911A1DA22C83A302F471DACEF1F0953380A7B0CA21F99 ] WinNat          C:\Windows\system32\drivers\winnat.sys
19:33:57.0176 0x1c7c  WinNat - ok
19:33:57.0215 0x1c7c  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\Windows\system32\WsmSvc.dll
19:33:57.0286 0x1c7c  WinRM - ok
19:33:57.0299 0x1c7c  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
19:33:57.0309 0x1c7c  WINUSB - ok
19:33:57.0312 0x1c7c  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
19:33:57.0320 0x1c7c  WinVerbs - ok
19:33:57.0356 0x1c7c  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\Windows\System32\wlansvc.dll
19:33:57.0420 0x1c7c  WlanSvc - ok
19:33:57.0454 0x1c7c  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
19:33:57.0512 0x1c7c  wlidsvc - ok
19:33:57.0516 0x1c7c  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
19:33:57.0524 0x1c7c  WmiAcpi - ok
19:33:57.0531 0x1c7c  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:33:57.0544 0x1c7c  wmiApSrv - ok
19:33:57.0546 0x1c7c  WMPNetworkSvc - ok
19:33:57.0551 0x1c7c  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\Windows\system32\drivers\Wof.sys
19:33:57.0562 0x1c7c  Wof - ok
19:33:57.0592 0x1c7c  [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
19:33:57.0646 0x1c7c  workfolderssvc - ok
19:33:57.0650 0x1c7c  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
19:33:57.0658 0x1c7c  wpcfltr - ok
19:33:57.0662 0x1c7c  [ D282ECA35ADAC7A93D6B4943E775010B, A76A9698A95646FA63AC18DFFA02B744D7C6043934CBF6C37832ED2E6B21F570 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:33:57.0673 0x1c7c  WPDBusEnum - ok
19:33:57.0676 0x1c7c  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
19:33:57.0684 0x1c7c  WpdUpFltr - ok
19:33:57.0687 0x1c7c  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\Windows\system32\WpnService.dll
19:33:57.0697 0x1c7c  WpnService - ok
19:33:57.0700 0x1c7c  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:33:57.0710 0x1c7c  ws2ifsl - ok
19:33:57.0716 0x1c7c  [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:33:57.0729 0x1c7c  wscsvc - ok
19:33:57.0732 0x1c7c  WSearch - ok
19:33:57.0785 0x1c7c  [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService       C:\Windows\System32\WSService.dll
19:33:57.0855 0x1c7c  WSService - ok
19:33:57.0894 0x1c7c  [ 722FA682ED9EA8B85FA843A5C8F39E61, 47B09984582E55C22450A851FAF00EBEC76CD46149B19B199916255D553C6BF8 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:33:57.0955 0x1c7c  wuauserv - ok
19:33:57.0962 0x1c7c  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:33:57.0972 0x1c7c  WudfPf - ok
19:33:57.0978 0x1c7c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\Windows\system32\drivers\WudfRd.sys
19:33:57.0991 0x1c7c  WUDFRd - ok
19:33:57.0995 0x1c7c  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:33:58.0008 0x1c7c  wudfsvc - ok
19:33:58.0014 0x1c7c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:58.0027 0x1c7c  WUDFWpdFs - ok
19:33:58.0032 0x1c7c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:58.0045 0x1c7c  WUDFWpdMtp - ok
19:33:58.0066 0x1c7c  [ 417D1526811D9646A7E8779209F11361, 220FE28801474AB26579F2A37D792975D9AAD2384B420BCE52215B1389E08F91 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:33:58.0104 0x1c7c  WwanSvc - ok
19:33:58.0122 0x1c7c  [ 405A419F4CDAC3C18F91FEDBD146C0A8, 92A6539AE6FC1B140366A0F733FDB784CAFB2359C4E0E2DF80629FEEA2CBFC98 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
19:33:58.0154 0x1c7c  XblAuthManager - ok
19:33:58.0175 0x1c7c  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
19:33:58.0213 0x1c7c  XblGameSave - ok
19:33:58.0220 0x1c7c  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
19:33:58.0234 0x1c7c  xboxgip - ok
19:33:58.0253 0x1c7c  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
19:33:58.0288 0x1c7c  XboxNetApiSvc - ok
19:33:58.0293 0x1c7c  [ DBACD4E4FE191D0CE7C624ACA389535E, A706DA0A284398E80AEB6FBE1B5F6C3192C3F4D1C1B7533528D689D163374DDF ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
19:33:58.0301 0x1c7c  xinputhid - ok
19:33:58.0305 0x1c7c  ================ Scan global ===============================
19:33:58.0309 0x1c7c  [ D923EC03E24F7633DED3F2D46AD59A28, C635DB4483E24BE0188583E63B06D0F37BDE7AD944E4D0246A7D19CBC3EA3A6B ] C:\Windows\system32\basesrv.dll
19:33:58.0315 0x1c7c  [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\Windows\system32\winsrv.dll
19:33:58.0321 0x1c7c  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\Windows\system32\sxssrv.dll
19:33:58.0332 0x1c7c  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\Windows\system32\services.exe
19:33:58.0338 0x1c7c  [ Global ] - ok
19:33:58.0338 0x1c7c  ================ Scan MBR ==================================
19:33:58.0342 0x1c7c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR5
19:33:58.0393 0x1c7c  \Device\Harddisk2\DR5 - ok
19:33:58.0395 0x1c7c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:33:58.0565 0x1c7c  \Device\Harddisk0\DR0 - ok
19:33:58.0568 0x1c7c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:33:58.0578 0x1c7c  \Device\Harddisk1\DR1 - ok
19:33:58.0581 0x1c7c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR5
19:33:58.0629 0x1c7c  \Device\Harddisk2\DR5 - ok
19:33:58.0629 0x1c7c  ================ Scan VBR ==================================
19:33:58.0631 0x1c7c  [ D2262EEE27A565C8DA63BB011BAF518D ] \Device\Harddisk2\DR5\Partition1
19:33:58.0632 0x1c7c  \Device\Harddisk2\DR5\Partition1 - ok
19:33:58.0634 0x1c7c  [ 269084A9948CBFDC620148CD6D322AED ] \Device\Harddisk0\DR0\Partition1
19:33:58.0695 0x1c7c  \Device\Harddisk0\DR0\Partition1 - ok
19:33:58.0697 0x1c7c  [ F99A7BC136E0326221A11A5DF69B2950 ] \Device\Harddisk0\DR0\Partition2
19:33:58.0775 0x1c7c  \Device\Harddisk0\DR0\Partition2 - ok
19:33:58.0777 0x1c7c  [ 01C072C140B22DE27DEF3A9FDEBAAE97 ] \Device\Harddisk1\DR1\Partition1
19:33:58.0778 0x1c7c  \Device\Harddisk1\DR1\Partition1 - ok
19:33:58.0782 0x1c7c  [ D2262EEE27A565C8DA63BB011BAF518D ] \Device\Harddisk2\DR5\Partition1
19:33:58.0783 0x1c7c  \Device\Harddisk2\DR5\Partition1 - ok
19:33:58.0784 0x1c7c  ================ Scan generic autorun ======================
19:33:58.0871 0x1c7c  [ EEF85F53AB2B172D10629CAE1A491EC2, C0787C1F8C193BCC0577F13A503E939056AD41BC4D34BD4B62DADA7F3D0AF429 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
19:33:58.0965 0x1c7c  ISCT Tray - ok
19:33:59.0171 0x1c7c  [ 4878D4D36D683EBE2F1E5F83C6A3BDB3, 82DA7BFED5F61DF4B679B06339E4065CCE0DA0D6741287F93A2EF1BCC85AB1E1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:33:59.0381 0x1c7c  RTHDVCPL - ok
19:33:59.0393 0x1c7c  [ BAEDADCD6509201F82CE5B404AB14814, 8C39C18CE00DB254F370D9C4AA80E88BF67C457240F3D30A58E39DBF9B96F44B ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
19:33:59.0397 0x1c7c  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
19:34:01.0700 0x1c7c  Detect skipped due to KSN trusted
19:34:01.0700 0x1c7c  IAStorIcon - ok
19:34:01.0778 0x1c7c  [ E41245791F9B6F4022F8C46154C358E8, 3E1597352DC9DBBAD8262B8271FC532F38C39EBB2D7461DE6839880A0D099E2F ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
19:34:01.0859 0x1c7c  StartCN - ok
19:34:01.0867 0x1c7c  [ 86069F4F421FB355C41FD734500E477F, CB4CE22C3298280B033105875079A373D7E1ADEA15F0F71A2095CCA50CF7E5A5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
19:34:01.0872 0x1c7c  Avira SystrayStartTrigger - ok
19:34:01.0888 0x1c7c  [ 1CE11C53E562D5F7EAFCF47E0E696516, 4E8264DB3CA9B2344905BC2CAE6A9E73190A3CCF3D154B3CBDAF4F73F8FCD64B ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
19:34:01.0904 0x1c7c  avgnt - ok
19:34:01.0916 0x1c7c  [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:34:01.0929 0x1c7c  SunJavaUpdateSched - ok
19:34:02.0049 0x1c7c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:34:02.0168 0x1c7c  OneDriveSetup - ok
19:34:02.0285 0x1c7c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:34:02.0407 0x1c7c  OneDriveSetup - ok
19:34:02.0424 0x1c7c  [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:34:02.0439 0x1c7c  OneDrive - ok
19:34:02.0487 0x1c7c  [ 2CD5F1053AB2BC2ED35EF1B253B9E44A, 28A0A3785797D9DDD0A0D0D07B291E24E68B3523F55DE223C60EF59F5FD3361C ] C:\Program Files (x86)\Steam\steam.exe
19:34:02.0537 0x1c7c  Steam - ok
19:34:02.0560 0x1c7c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\Windows\system32\cmd.exe
19:34:02.0577 0x1c7c  Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
19:34:02.0586 0x1c7c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\Windows\system32\cmd.exe
19:34:02.0603 0x1c7c  Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
19:34:02.0603 0x1c7c  Waiting for KSN requests completion. In queue: 313
19:34:03.0605 0x1c7c  Waiting for KSN requests completion. In queue: 313
19:34:04.0606 0x1c7c  Waiting for KSN requests completion. In queue: 313
19:34:04.0934 0x0c18  Object required for P2P: [ DA47E1FA043F87A697B68C40B63ECBEB ] passthruparser
19:34:05.0607 0x1c7c  Waiting for KSN requests completion. In queue: 266
19:34:06.0607 0x1c7c  Waiting for KSN requests completion. In queue: 266
19:34:07.0321 0x0c18  Object send P2P result: true
19:34:07.0324 0x0c18  Object required for P2P: [ AD43141CE6D5074DA1D28B5BCD4E4507 ] RetailDemo
19:34:07.0607 0x1c7c  Waiting for KSN requests completion. In queue: 224
19:34:08.0607 0x1c7c  Waiting for KSN requests completion. In queue: 224
19:34:09.0608 0x1c7c  Waiting for KSN requests completion. In queue: 224
19:34:09.0715 0x0c18  Object send P2P result: true
19:34:09.0717 0x0c18  Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
19:34:10.0608 0x1c7c  Waiting for KSN requests completion. In queue: 187
19:34:11.0609 0x1c7c  Waiting for KSN requests completion. In queue: 187
19:34:12.0110 0x0c18  Object send P2P result: true
19:34:12.0112 0x0c18  Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
19:34:12.0609 0x1c7c  Waiting for KSN requests completion. In queue: 164
19:34:13.0610 0x1c7c  Waiting for KSN requests completion. In queue: 164
19:34:14.0499 0x0c18  Object send P2P result: true
19:34:14.0503 0x0c18  Object required for P2P: [ 100CB4D54BE6AFC511E613588AB578E8 ] vhdparser
19:34:14.0610 0x1c7c  Waiting for KSN requests completion. In queue: 103
19:34:15.0610 0x1c7c  Waiting for KSN requests completion. In queue: 103
19:34:16.0610 0x1c7c  Waiting for KSN requests completion. In queue: 103
19:34:16.0886 0x0c18  Object send P2P result: true
19:34:16.0887 0x0c18  Object required for P2P: [ EF8DC421354A33B7B607E2A908B8E1AB ] vmms
19:34:17.0610 0x1c7c  Waiting for KSN requests completion. In queue: 88
19:34:18.0610 0x1c7c  Waiting for KSN requests completion. In queue: 88
19:34:19.0301 0x0c18  Object send P2P result: true
19:34:19.0304 0x0c18  Object required for P2P: [ 2372509964B5203FFC25ECB3C6B42E8B ] vpcivsp
19:34:19.0610 0x1c7c  Waiting for KSN requests completion. In queue: 78
19:34:20.0611 0x1c7c  Waiting for KSN requests completion. In queue: 78
19:34:21.0611 0x1c7c  Waiting for KSN requests completion. In queue: 78
19:34:21.0686 0x0c18  Object send P2P result: true
19:34:21.0686 0x0c18  Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
19:34:22.0612 0x1c7c  Waiting for KSN requests completion. In queue: 76
19:34:23.0612 0x1c7c  Waiting for KSN requests completion. In queue: 76
19:34:24.0072 0x0c18  Object send P2P result: true
19:34:24.0077 0x0c18  Object required for P2P: [ E41245791F9B6F4022F8C46154C358E8 ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
19:34:24.0612 0x1c7c  Waiting for KSN requests completion. In queue: 10
19:34:25.0612 0x1c7c  Waiting for KSN requests completion. In queue: 10
19:34:26.0474 0x0c18  Object send P2P result: true
19:34:26.0474 0x0c18  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\Windows\system32\cmd.exe
19:34:26.0612 0x1c7c  Waiting for KSN requests completion. In queue: 2
19:34:27.0612 0x1c7c  Waiting for KSN requests completion. In queue: 2
19:34:28.0613 0x1c7c  Waiting for KSN requests completion. In queue: 2
19:34:28.0857 0x0c18  Object send P2P result: true
19:34:28.0857 0x0c18  Object required for P2P: [ 41E25E514D90E9C8BC570484DBAFF62B ] C:\Windows\system32\cmd.exe
19:34:29.0614 0x1c7c  Waiting for KSN requests completion. In queue: 1
19:34:30.0614 0x1c7c  Waiting for KSN requests completion. In queue: 1
19:34:31.0238 0x0c18  Object send P2P result: true
19:34:31.0626 0x1c7c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.16.273 ), 0x41000 ( enabled : updated )
19:34:31.0626 0x1c7c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
19:34:31.0629 0x1c7c  Win FW state via NFP2: enabled ( trusted )
19:34:33.0988 0x1c7c  ============================================================
19:34:33.0988 0x1c7c  Scan finished
19:34:33.0988 0x1c7c  ============================================================
19:34:33.0993 0x07f8  Detected object count: 0
19:34:33.0993 0x07f8  Actual detected object count: 0
         

Alt 09.04.2016, 18:41   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Jetzt bitte Suchscan durchführen:

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 09.04.2016, 21:00   #8
Treend
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Hier noch der EST Scan:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9d0f7d9b72280447877d295bfac6f534
# end=init
# utc_time=2016-04-09 06:52:39
# local_time=2016-04-09 08:52:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28989
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9d0f7d9b72280447877d295bfac6f534
# end=updated
# utc_time=2016-04-09 06:54:27
# local_time=2016-04-09 08:54:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9d0f7d9b72280447877d295bfac6f534
# engine=28989
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-09 07:56:32
# local_time=2016-04-09 09:56:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 19405 11082727 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8401073 14045935 0 0
# scanned=385348
# found=0
# cleaned=0
# scan_time=3724
         

Alt 10.04.2016, 19:33   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Sieht gut aus. Irgendwelche Auffälligkeiten bemerkt?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 10.04.2016, 22:19   #10
Treend
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



Danke für deinen Einsatz.

Auffälligkeiten habe ich soweit nicht bemerkt. Ausser das Malewarebytes manchmal folgende Meldung raushaut:

hxxp://i.imgur.com/AxgDqCK.jpg

Screenshot ist jetzt nicht von mir, aber ist 1:1 die gleiche Meldung. Gibt hier einen Thread dazu: https://steamcommunity.com/discussions/forum/1/412448792348602305/?l=turkish (siehe ab Post Nummer 11).

Ist aber wohl eine Fehlermeldung. Die IP gehtört einem Gameserver in Schweden (hxxp://www.whois.com/whois/46.246.69.81). Die Meldung kommt beim Starten von Steam, manchmal aber auch beim Starten eines Spiels. Weiss nicht genau warum der eine Verbindung aufbauen will, aber ist wohl nichts oder?

Alt 11.04.2016, 21:21   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
E-Banking-Trojaner Gozi via Website verteilt - Standard

E-Banking-Trojaner Gozi via Website verteilt



https://virustotal.com/de/url/dda092...f9d6/analysis/

IP scheint OK zu sein...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu E-Banking-Trojaner Gozi via Website verteilt
aktiv, aktuelle, avira, besucher, bildschirm, blauer bildschirm, browser, computer, e-banking-trojaner gozi, festgestellt, firewall, geld, hacker, ide, infiziert, malware, melani, passwort, scan, scannt, script, seite, server, system, tipps, verbindung, windows



Ähnliche Themen: E-Banking-Trojaner Gozi via Website verteilt


  1. Gefälschte EFF-Webseite verteilt Spionage-Trojaner
    Nachrichten - 01.09.2015 (0)
  2. serienjunkies.org verteilt Backdoor.PoisonIvy Trojaner
    Diskussionsforum - 28.05.2013 (0)
  3. Meine Website verteilt Trojaner - und ich weiß nichts davon?
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (0)
  4. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  5. Gozi online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (24)
  6. online banking gesperrt wegen gozi
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (26)
  7. online banking dank gozi gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (24)
  8. Online Banking gesperrt, Hinweis mals von mail provider, ebay, etc (Gozi)
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (15)
  9. Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)
    Log-Analyse und Auswertung - 18.11.2010 (1)
  10. Online-Banking gesperrt - Trojaner Gozi?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2010 (18)
  11. Online-Banking durch Trojaner Gozi gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.11.2010 (21)
  12. Online-Banking wegen Trojaner "gozi" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (28)
  13. Gozi-Trojaner Online Banking gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (8)
  14. online-banking gesperrt - Gozi auf Rechner
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (3)
  15. Trojaner GOZI sorgt für Deaktivierung des Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (5)
  16. hp verteilt trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.03.2008 (5)

Zum Thema E-Banking-Trojaner Gozi via Website verteilt - Hallo Community, Das grösste Schweizer Newsportal, 20minuten.ch wurde gehackt. Ich habe die Seite einige mal mit meinem Windows 10 System besucht. Avira Suchdurchlauf läuft gerade durch, gehe jedoch davon aus, - E-Banking-Trojaner Gozi via Website verteilt...
Archiv
Du betrachtest: E-Banking-Trojaner Gozi via Website verteilt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.