Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Tr/dropper.gen - Herunterfahren nicht mehr möglich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.11.2016, 18:57   #1
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Guten Abend.

Seit vorgestern bekomme ich von Avira ständig Meldungen über Attacken, Funde und Dateien, die in die Quarantäne verschoben wurden.


Ich habe bis jetzt lediglich versucht die in die Quarantäne verschobenen Dateien von Avira dauerhaft löschen zu lassen, aber sie tauchen immer wieder auf.

Der Laptop und das System haben bis jetzt keine merkbaren Beeinträchtigungen, abgesehen von der Tatsache, dass er sich nicht mehr normal herunterfahren lässt. Nur durch langes Drücken des Ein-/Ausschaltknopfes ist es möglich das Gerät abzuschalten.

Vielen Dank vorab für eure Bemühungen

Avira Quarantäne Log:
Code:
ATTFilter

Typ:	Datei
Quelle:	C:\Users\Patrick\AppData\Local\Temp\7287348tmp000.zip
Status:	Infiziert
Quarantäne-Objekt:	3b13e7f0.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.76
Virendefinitionsdatei:	8.12.138.172
Gefunden:	Adware/BrowSecX.EL.2
Datum/Uhrzeit:	30.11.2016, 18:45


Typ:	Datei
Quelle:	C:\Windows\Temp\linkset.exe
Status:	Infiziert
Quarantäne-Objekt:	445c3f8c.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	TR/Dropper.Gen
Datum/Uhrzeit:	30.11.2016, 17:17


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nse4C16.tmp
Status:	Infiziert
Quarantäne-Objekt:	5cf369af.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	unknown
Virendefinitionsdatei:	unknown
Gefunden:	ADWARE/AD.ConvertAd.e8b1
Datum/Uhrzeit:	30.11.2016, 17:14


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nse4C16.tmp
Status:	Infiziert
Quarantäne-Objekt:	4d267ee1.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	Adware/AD.ConvertAd.e8b19a (Cloud)
Datum/Uhrzeit:	30.11.2016, 17:11


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\netstream.exe
Status:	Infiziert
Quarantäne-Objekt:	111607a2.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	TR/Crypt.ZPACK.Gen8 (Cloud)
Datum/Uhrzeit:	30.11.2016, 17:11


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\mcsdls.exe
Status:	Infiziert
Quarantäne-Objekt:	119e188f.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	TR/AD.Kovter.Y (Cloud)
Datum/Uhrzeit:	30.11.2016, 17:10


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\csienh9s.exe
Status:	Infiziert
Quarantäne-Objekt:	1fde5a74.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	TR/Crypt.ZPACK.Gen4 (Cloud)
Datum/Uhrzeit:	30.11.2016, 17:10


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\spc32.exe
Status:	Infiziert
Quarantäne-Objekt:	4dae611e.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	TR/AD.Boaxxe.fcd57a (Cloud)
Datum/Uhrzeit:	30.11.2016, 17:10


Typ:	Datei
Quelle:	C:\Windows\Temp\linkset.exe
Status:	Infiziert
Quarantäne-Objekt:	1f564583.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.152
Gefunden:	TR/Dropper.Gen
Datum/Uhrzeit:	30.11.2016, 17:07


Typ:	Datei
Quelle:	C:\Windows\Temp\linkset.exe
Status:	Infiziert
Quarantäne-Objekt:	774f7531.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/Dropper.Gen
Datum/Uhrzeit:	29.11.2016, 23:13


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nsz4625.tmp
Status:	Infiziert
Quarantäne-Objekt:	5c1e6972.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	unknown
Virendefinitionsdatei:	unknown
Gefunden:	ADWARE/AD.ConvertAd.2a94
Datum/Uhrzeit:	29.11.2016, 23:10


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\mcsdls.exe
Status:	Infiziert
Quarantäne-Objekt:	43d37079.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/AD.Kovter.Y (Cloud)
Datum/Uhrzeit:	29.11.2016, 23:08


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nsz4625.tmp
Status:	Infiziert
Quarantäne-Objekt:	07dc3a78.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	Adware/AD.ConvertAd.2a9499 (Cloud)
Datum/Uhrzeit:	29.11.2016, 23:08


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\netstream.exe
Status:	Infiziert
Quarantäne-Objekt:	081039fa.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/Crypt.ZPACK.Gen8 (Cloud)
Datum/Uhrzeit:	29.11.2016, 23:08


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\csienh9s.exe
Status:	Infiziert
Quarantäne-Objekt:	77277616.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/AD.Nitedrem.00a82d (Cloud)
Datum/Uhrzeit:	29.11.2016, 23:07


Typ:	Datei
Quelle:	C:\Windows\Temp\linkset.exe
Status:	Infiziert
Quarantäne-Objekt:	788376ad.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/Dropper.Gen
Datum/Uhrzeit:	29.11.2016, 23:07


Typ:	Datei
Quelle:	C:\Windows\Temp\spc32.exe
Status:	Infiziert
Quarantäne-Objekt:	08403c95.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/AD.NsisPureInject.rtlcq
Datum/Uhrzeit:	29.11.2016, 23:06


Typ:	Datei
Quelle:	C:\Windows\Temp\spc32.exe
Status:	Infiziert
Quarantäne-Objekt:	08783add.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.72
Virendefinitionsdatei:	8.12.138.140
Gefunden:	TR/AD.NsisPureInject.rtlcq
Datum/Uhrzeit:	29.11.2016, 23:06


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nsp9C9E.tmp\blowfish.dll
Status:	Verdächtig
Quarantäne-Objekt:	1b684ad6.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	unknown
Virendefinitionsdatei:	unknown
Gefunden:	Verdächtige Datei
Datum/Uhrzeit:	28.11.2016, 23:10


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nsp9C9E.tmp\inetc.dll
Status:	Verdächtig
Quarantäne-Objekt:	493d1020.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	unknown
Virendefinitionsdatei:	unknown
Gefunden:	Verdächtige Datei
Datum/Uhrzeit:	28.11.2016, 23:10


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nsm9004.tmp
Status:	Infiziert
Quarantäne-Objekt:	51a23f52.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	unknown
Virendefinitionsdatei:	unknown
Gefunden:	ADWARE/AD.ConvertAd.2656
Datum/Uhrzeit:	28.11.2016, 23:10


Typ:	Datei
Quelle:	C:\WINDOWS\TEMP\nsm9004.tmp
Status:	Infiziert
Quarantäne-Objekt:	1a1e23ae.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.68
Virendefinitionsdatei:	8.12.138.78
Gefunden:	Adware/AD.ConvertAd.265637 (Cloud)
Datum/Uhrzeit:	28.11.2016, 23:07


Typ:	Datei
Quelle:	C:\Windows\Temp\linkset.exe
Status:	Infiziert
Quarantäne-Objekt:	394d1763.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.68
Virendefinitionsdatei:	8.12.138.78
Gefunden:	TR/Dropper.Gen
Datum/Uhrzeit:	28.11.2016, 23:07


Typ:	Datei
Quelle:	C:\Windows\Temp\linkset.exe
Status:	Infiziert
Quarantäne-Objekt:	399514c6.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.42.68
Virendefinitionsdatei:	8.12.138.78
Gefunden:	TR/Dropper.Gen
Datum/Uhrzeit:	28.11.2016, 23:06
         
FRST.txt
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
durchgeführt von Patrick (Administrator) auf DESKTOP-I54T4B7 (30-11-2016 18:45:16)
Gestartet von C:\Users\Patrick\Desktop
Geladene Profile: Patrick (Verfügbare Profile: Patrick)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(YANDEX LLC) C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2015-12-22] (Dritek System Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-05] ()
HKLM-x32\...\Run: [OGMgmmouseRun] => C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe [3386880 2014-05-19] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [safe_urls768] => "C:\Users\Patrick\AppData\Roaming\Browser-Security\s768.exe"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {19b79380-b27e-11e6-9858-201a06114318} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {ca47ee10-8280-11e6-9848-201a06114318} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\MountPoints2: {d8aa2e3c-7f52-11e6-983e-201a06114318} - "G:\HiSuiteDownLoader.exe" 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-22] ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-03-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Patrick\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ce2c89b3-0cea-4292-b4ba-fd6c0e758f97}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_27&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDtC0AtDyCtCtCyEtAtCzzzyyDzy0BtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyD0AzytAtA0BtD0EtGyE0CyByDtGtAtDyByDtGtAyC0DtAtGtD0BtDzztDyEtCyB0D0BtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtA0EyEtC0CtAtGtCtB0EtDtGyE0A0A0EtGzztA0CtCtGtDzy0DtA0A0D0ByC0CyDtC0F2QtN0A0LzuyE%26cr%3D1695189712%26a%3Dwcg_fremkfs_16_27%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDtC0AtDyCtCtCyEtAtCzzzyyDzy0BtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyD0AzytAtA0BtD0EtGyE0CyByDtGtAtDyByDtGtAyC0DtAtGtD0BtDzztDyEtCyB0D0BtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtA0EyEtC0CtAtGtCtB0EtDtGyE0A0A0EtGzztA0CtCtGtDzy0DtA0A0D0ByC0CyDtC0F2QtN0A0LzuyE%26cr%3D1695189712%26a%3Dwcg_fremkfs_16_27%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wcg_fremkfs_16_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDtC0AtDyCtCtCyEtAtCzzzyyDzy0BtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByDtN1L1G1B1V1N2Y1L1Qzu2SyD0AzytAtA0BtD0EtGyE0CyByDtGtAtDyByDtGtAyC0DtAtGtD0BtDzztDyEtCyB0D0BtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtA0EyEtC0CtAtGtCtB0EtDtGyE0A0A0EtGzztA0CtCtGtDzy0DtA0A0D0ByC0CyDtC0F2QtN0A0LzuyE%26cr%3D1695189712%26a%3Dwcg_fremkfs_16_27%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 5fqwv91p.default
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default [2016-11-30]
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\user.js [2016-08-28]
FF NewTab: Mozilla\Firefox\Profiles\5fqwv91p.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5fqwv91p.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5fqwv91p.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\5fqwv91p.default -> about:newtab
FF Keyword.URL: Mozilla\Firefox\Profiles\5fqwv91p.default -> user_pref("keyword.URL", true);
FF Extension: (Avira Browser Safety) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (Add to Search Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-01-20]
FF Extension: (Alldebrid extension) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\alldebrid@alldebrid.com.xpi [2016-11-07]
FF Extension: (Classic Theme Restorer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-21]
FF Extension: (Classic Reload-Stop-Go Button) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\crsg@ArisT2_Noia4dev.xpi [2016-06-18]
FF Extension: (StatusbarEx) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\doudehou@gmail.com [2016-04-27]
FF Extension: (Kein Name) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\firefox@browser-security.de.xpi [2016-09-21] [ist nicht signiert]
FF Extension: (ExHentai Easy 2) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2016-08-12]
FF Extension: (Video WithOut Flash) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\vwof@drev.com.xpi [2016-01-13]
FF Extension: (Download Status Bar) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27]
FF Extension: (NoScript) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29]
FF Extension: (Web Developer) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-18]
FF Extension: (Greasemonkey) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-19]
FF Extension: (SearchPreview) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2016-10-23]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\searchplugins\yahoo! powered.xml [2016-07-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2015-12-22] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2015-12-22] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @hola.org/FlashPlayer -> C:\Users\Patrick\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-01-26] ()
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @hola.org/vlc -> C:\Users\Patrick\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-01-26] (Hola)
FF Plugin HKU\S-1-5-21-3097098544-2319845998-2187571786-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default [2016-11-28]
CHR Extension: (Google Präsentationen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
CHR Extension: (Google-Suche) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Tabellen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Core) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhcgfdghbiidgeccbldhfceleibkkpe [2016-03-13]
CHR Extension: (SearchPreview) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2016-10-29]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-07-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Unblock Youku) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2016-11-18]
CHR Extension: (Google Mail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349512 2016-11-15] (Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2015-12-22] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [885752 2016-11-09] (YANDEX LLC)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-10-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-10-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-05-12] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-12-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-07] (Disc Soft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R2 kbdssvc; C:\WINDOWS\System32\drivers\kbdssvc.sys [112408 2014-10-31] (CFCA)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9debaf626fb26761\nvlddmkm.sys [14174256 2016-11-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2015-12-22] (Dritek System Inc.)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-30 18:45 - 2016-11-30 18:45 - 00026349 _____ C:\Users\Patrick\Desktop\FRST.txt
2016-11-30 18:44 - 2016-11-30 18:45 - 00000000 ____D C:\FRST
2016-11-30 18:33 - 2016-11-30 18:33 - 02411520 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2016-11-29 19:35 - 2016-11-29 19:35 - 00066714 _____ C:\Users\Patrick\Desktop\SRE4234352.pdf
2016-11-29 06:10 - 2016-11-29 06:10 - 00000222 _____ C:\Users\Patrick\Desktop\Death Road to Canada.url
2016-11-28 20:20 - 2016-10-19 21:13 - 00453382 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-202029.backup
2016-11-27 15:18 - 2016-11-27 15:18 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.madgarden
2016-11-27 14:40 - 2016-11-27 14:40 - 00000220 _____ C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NVIDIA
2016-11-26 17:07 - 2016-11-26 17:07 - 00000000 ____D C:\Users\Patrick\AppData\Local\Uber Entertainment
2016-11-26 17:06 - 2016-11-26 17:06 - 00003484 _____ C:\WINDOWS\System32\Tasks\IntelMemoryDiagnostic
2016-11-26 01:53 - 2016-11-26 01:53 - 00000000 ____D C:\Users\Patrick\.prefs
2016-11-26 01:52 - 2016-11-26 01:52 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Sun
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Oracle
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 01:52 - 2016-11-26 01:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-24 20:49 - 2016-11-24 20:49 - 00000000 ____D C:\Users\Patrick\Neuer Ordner
2016-11-24 18:24 - 2016-11-24 18:24 - 00002162 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-11-24 18:24 - 2016-11-24 18:24 - 00000000 ____D C:\Program Files (x86)\SDA
2016-11-24 18:23 - 2016-11-24 18:23 - 00000000 ____D C:\Users\Patrick\AppData\Local\Downloaded Installations
2016-11-23 23:18 - 2016-11-23 23:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\PWU_ep2
2016-11-23 21:47 - 2016-11-23 21:47 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\rockbox.org
2016-11-23 20:38 - 2016-11-23 20:38 - 00463404 _____ C:\WINDOWS\Minidump\112316-5875-01.dmp
2016-11-23 20:32 - 2016-11-23 20:33 - 00000000 ____D C:\Program Files (x86)\DriverToolkit
2016-11-23 20:32 - 2016-11-23 20:32 - 00000000 ____D C:\Users\Patrick\AppData\Local\DriverToolkit
2016-11-23 20:17 - 2016-11-23 20:38 - 714201435 _____ C:\WINDOWS\MEMORY.DMP
2016-11-23 20:17 - 2016-11-23 20:38 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-23 20:17 - 2016-11-23 20:17 - 00588292 _____ C:\WINDOWS\Minidump\112316-6265-01.dmp
2016-11-21 22:57 - 2016-11-21 22:57 - 00003324 _____ C:\WINDOWS\System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7}
2016-11-21 22:51 - 2016-11-21 22:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\α-ï¼*ODEL
2016-11-21 22:51 - 2016-11-19 08:15 - 00617472 ____N (nobukichi) C:\WINDOWS\eiunin21.exe
2016-11-20 03:11 - 2016-11-20 03:11 - 00000000 ____D C:\Users\Patrick\Documents\Сохранения игр Quest Navigator
2016-11-19 03:15 - 2016-11-19 03:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-19 03:15 - 2016-11-17 02:03 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-19 03:15 - 2016-11-16 10:52 - 07529957 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-19 03:15 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-19 03:15 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-19 03:15 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-19 03:14 - 2016-11-17 01:58 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-19 03:13 - 2016-11-18 00:09 - 00048688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-11-19 03:13 - 2016-11-17 03:06 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 28203576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10803880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 10354800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 09158432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08913328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 08761376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03934504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 03474064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02953152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 02586048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437595.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 01038904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00394888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00327408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-11-19 03:13 - 2016-11-17 03:06 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-11-19 03:13 - 2016-11-17 03:06 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-11-19 03:02 - 2005-01-22 01:53 - 00055296 _____ C:\WINDOWS\system32\huffyuv.dll
2016-11-18 22:48 - 2016-11-18 22:48 - 00001067 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-11-18 22:48 - 2016-11-18 22:48 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-11-18 14:42 - 2016-11-18 14:42 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-18 14:42 - 2016-10-25 21:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-18 14:42 - 2016-10-25 21:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-16 06:45 - 2016-11-30 17:04 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Mozilla
2016-11-13 23:20 - 2016-11-13 23:20 - 00000000 ____D C:\ProgramData\Adventure Game Studio
2016-11-10 06:45 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 06:45 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 06:45 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 06:45 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 06:45 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 06:45 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 06:45 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 06:45 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 06:45 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 06:45 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 06:45 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 06:45 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 06:45 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 06:45 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 06:44 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 06:44 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 06:44 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 06:44 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 06:44 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 06:44 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 06:44 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 06:44 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 06:44 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 06:44 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 06:44 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 06:44 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 06:44 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 06:44 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 06:44 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 06:44 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 06:44 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 06:44 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 06:44 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 06:44 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 06:44 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 06:44 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:44 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 06:44 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 06:44 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 06:44 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 06:44 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 06:44 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 06:44 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 06:43 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 06:43 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 06:43 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 06:43 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 06:43 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 06:43 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 06:43 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 06:43 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 06:43 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 06:43 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 06:43 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 06:43 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 06:43 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 06:43 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 06:43 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 06:43 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 06:43 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 06:43 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 06:43 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 06:43 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 06:43 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 06:43 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 06:43 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 06:43 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 06:43 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 06:36 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 06:36 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 06:36 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 06:36 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 06:36 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 06:36 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 06:36 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 06:36 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 06:36 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 06:36 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 06:36 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 06:36 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 06:36 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 06:36 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 06:36 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 06:36 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 06:36 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 06:36 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 06:36 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 06:36 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 06:36 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 06:36 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 06:36 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 06:36 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 06:36 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 06:36 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 06:36 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 06:36 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 06:36 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 06:35 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 06:35 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 06:35 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 06:35 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 06:35 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 06:35 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 06:35 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 06:35 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 06:35 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 06:35 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 06:35 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 06:35 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 06:35 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 06:35 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 06:35 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 06:35 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 06:35 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 06:35 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 06:35 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 06:35 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 06:35 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 06:35 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 06:35 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 06:35 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 06:35 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 06:35 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 06:35 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 06:35 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 06:35 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 06:35 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 06:35 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 06:34 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 06:34 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 06:34 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 06:34 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 06:34 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 06:34 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 06:34 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 06:34 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 06:34 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 06:34 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 06:34 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 06:34 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 06:34 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 06:34 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 06:58 - 2016-11-09 06:58 - 00329467 _____ C:\Users\Patrick\Kfz_12181232_06112016173912_1.pdf
2016-11-06 23:21 - 2016-11-06 23:21 - 00000000 _____ C:\m23apdfj.tmp.X
2016-11-06 23:21 - 2014-06-26 14:52 - 00140208 _____ C:\WINDOWS\SysWOW64\bgsresit.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00137648 _____ C:\WINDOWS\SysWOW64\bgsrespt.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00136624 _____ C:\WINDOWS\SysWOW64\bgsrespl.dll
2016-11-06 23:21 - 2014-06-26 14:52 - 00133040 _____ C:\WINDOWS\SysWOW64\bgsresda.dll
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 04609928 _____ (SafeNet Inc.) C:\WINDOWS\system32\aksllmtp.exe
2016-11-06 23:21 - 2013-08-01 15:11 - 00140736 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksfridge.sys
2016-11-06 23:21 - 2013-08-01 15:11 - 00091784 _____ (SafeNet Inc.) C:\WINDOWS\system32\Drivers\aksdf.sys
2016-11-06 23:19 - 2016-11-06 23:19 - 00000000 ____D C:\ProgramData\3D Systems
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\Users\Patrick\AppData\Local\DassaultSystemes
2016-11-06 18:10 - 2016-11-06 18:10 - 00000000 ____D C:\ProgramData\DassaultSystemes
2016-11-06 17:39 - 2014-06-30 13:42 - 07642544 _____ (BroadGun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsview.exe
2016-11-06 17:39 - 2014-06-26 14:52 - 00142768 _____ C:\WINDOWS\SysWOW64\bgsreses.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00141232 _____ C:\WINDOWS\SysWOW64\bgsresfr.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00136112 _____ C:\WINDOWS\SysWOW64\bgsresde.dll
2016-11-06 17:39 - 2014-06-26 14:52 - 00134576 _____ C:\WINDOWS\SysWOW64\bgsresen.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00474032 _____ (Broadgun Software Pty Ltd) C:\WINDOWS\SysWOW64\bgsofice.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00269232 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgstb.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00204720 _____ (Broadgun Software) C:\WINDOWS\SysWOW64\bgsmsnd.exe
2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ C:\WINDOWS\system32\bgspm64.dll
2016-11-06 17:39 - 2013-03-17 13:35 - 00439864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHFLXGD.OCX
2016-11-06 17:39 - 2013-03-17 13:12 - 00646952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OC30.DLL
2016-11-06 17:39 - 2009-03-20 09:03 - 00516832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bgscapi.dll
2016-11-06 17:24 - 2016-11-06 17:26 - 00000000 ____D C:\Users\Patrick\TK
2016-11-06 17:24 - 2016-11-06 17:24 - 00000000 ____D C:\Users\Patrick\DA Direkt
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Glassix
2016-11-05 04:57 - 2016-11-05 04:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\Crashpad
2016-11-05 00:26 - 2016-11-05 00:26 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\TeamNimbus
2016-11-01 22:25 - 2016-11-01 22:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\com.coursevector.minerva
2016-11-01 22:25 - 2016-11-01 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Course Vector
2016-11-01 22:25 - 2016-11-01 22:25 - 00000000 ____D C:\Program Files (x86)\Course Vector
2016-11-01 11:25 - 2016-11-01 11:25 - 08828992 _____ (Sogou.com Inc.) C:\WINDOWS\system32\SogouPY.ime
2016-11-01 11:25 - 2016-11-01 11:25 - 05212224 _____ (Sogou.com Inc.) C:\WINDOWS\SysWOW64\SogouPY.ime
2016-11-01 11:25 - 2016-11-01 11:25 - 01904704 _____ (Sogou.com Inc.) C:\WINDOWS\system32\SogouTSF.ime
2016-11-01 11:25 - 2016-11-01 11:25 - 01181248 _____ (Sogou.com Inc.) C:\WINDOWS\SysWOW64\SogouTSF.ime

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-30 18:26 - 2016-09-24 16:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-30 17:07 - 2016-09-24 17:19 - 00243302 _____ C:\WINDOWS\system32\prfh0804.dat
2016-11-30 17:07 - 2016-09-24 17:19 - 00159856 _____ C:\WINDOWS\system32\prfc0804.dat
2016-11-30 17:07 - 2016-07-16 23:51 - 00915030 _____ C:\WINDOWS\system32\perfh007.dat
2016-11-30 17:07 - 2016-07-16 23:51 - 00211044 _____ C:\WINDOWS\system32\perfc007.dat
2016-11-30 17:07 - 2015-12-22 21:42 - 02675908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-30 17:05 - 2016-08-21 15:32 - 00000436 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2016-11-30 17:03 - 2016-09-24 17:13 - 00000514 _____ C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job
2016-11-30 17:03 - 2016-09-24 17:13 - 00000452 _____ C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job
2016-11-30 17:03 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-30 17:03 - 2015-12-22 21:42 - 00000000 __SHD C:\Users\Patrick\IntelGraphicsProfiles
2016-11-30 17:01 - 2016-09-24 16:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-30 07:26 - 2016-09-24 16:27 - 00000000 ____D C:\Users\Patrick
2016-11-30 07:26 - 2015-12-23 10:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-29 18:58 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-29 18:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-29 06:30 - 2015-12-23 00:36 - 00000000 ____D C:\Games
2016-11-28 21:35 - 2015-12-22 23:34 - 00000000 ____D C:\Users\Patrick\Documents\Tencent Files
2016-11-28 02:04 - 2015-12-23 11:29 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Azureus
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00001870 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-11-26 16:44 - 2015-12-23 11:29 - 00000000 ____D C:\Program Files\Vuze
2016-11-26 09:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-26 02:34 - 2016-07-16 23:57 - 00000000 ____D C:\Users\Patrick\AppData\Local\JDownloader v2.0
2016-11-26 01:38 - 2016-01-30 17:53 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\RenPy
2016-11-24 21:42 - 2015-12-22 23:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashDumps
2016-11-24 21:18 - 2016-01-19 22:14 - 00001534 _____ C:\ProgramData\ss.ini
2016-11-24 21:02 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-24 20:50 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\Rechnungen
2016-11-23 20:17 - 2016-01-10 15:00 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\SogouPy
2016-11-23 17:26 - 2015-12-22 21:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-23 17:26 - 2015-12-22 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-22 17:47 - 2016-03-19 19:06 - 00000000 ____D C:\Users\Patrick\AppData\Local\MEGAsync
2016-11-22 17:18 - 2016-09-24 17:13 - 00003694 _____ C:\WINDOWS\System32\Tasks\Systemaktualisierung von Yandex Browser
2016-11-19 03:15 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-19 03:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-19 03:14 - 2016-09-24 16:26 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-19 03:03 - 2016-09-17 12:44 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-19 03:03 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-11-19 03:02 - 2016-09-24 16:35 - 00002784 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-11-19 03:02 - 2016-09-24 16:30 - 00001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-11-19 03:02 - 2016-08-28 16:58 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2016-11-19 02:58 - 2016-09-24 16:35 - 00004086 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-19 02:58 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-19 02:58 - 2015-12-22 22:30 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2016-11-18 22:48 - 2016-02-16 19:53 - 00000000 ____D C:\Users\Patrick\AppData\Local\HiSuite
2016-11-18 14:42 - 2016-10-06 23:00 - 00001492 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-18 14:42 - 2016-09-24 16:48 - 00004006 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003978 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003942 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003916 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003754 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 14:42 - 2016-09-24 16:48 - 00003712 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-17 23:53 - 2015-12-22 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-14 22:55 - 2015-12-22 22:34 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 19:30 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 19:27 - 2015-12-22 21:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 19:26 - 2016-09-24 16:25 - 00425904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 07:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 07:14 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 23:02 - 2015-12-22 22:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-09 23:00 - 2016-10-19 06:16 - 00000000 ____D C:\Program Files (x86)\Cimatron
2016-11-09 22:50 - 2016-01-11 00:18 - 00000000 ____D C:\Program Files\SogouInput
2016-11-09 22:45 - 2016-08-28 16:12 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc
2016-11-08 22:14 - 2015-12-23 02:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-08 22:11 - 2015-12-23 02:16 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-07 18:47 - 2016-09-24 16:35 - 00003558 _____ C:\WINDOWS\System32\Tasks\SogouImeMgr
2016-11-06 23:44 - 2016-10-19 06:16 - 00000215 _____ C:\WINDOWS\CimLicManager.INI
2016-11-06 23:39 - 2015-12-22 22:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\Google
2016-11-06 23:21 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-06 17:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-06 17:37 - 2016-10-19 06:10 - 00000000 ____D C:\Program Files\Cimatron
2016-11-06 17:22 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\HUK24
2016-11-04 17:27 - 2015-12-22 23:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 07:25 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Patrick\Kontoauszüge

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-08-13 14:41 - 2015-08-13 14:47 - 0047462 ___SH () C:\Users\Patrick\AppData\Roaming\d3dx10.exe
2016-05-10 19:35 - 2016-05-10 19:40 - 0000009 _____ () C:\Users\Patrick\AppData\Roaming\update.dat
2016-05-10 19:36 - 2016-05-10 19:36 - 0000004 _____ () C:\Users\Patrick\AppData\Roaming\Microsoft\notaut.txt
2015-12-31 01:56 - 2016-01-04 00:01 - 0007605 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2016-09-24 16:26 - 2016-09-24 16:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-01-19 22:14 - 2016-11-24 21:18 - 0001534 _____ () C:\ProgramData\ss.ini

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Patrick\cc_20161001_142046.reg


Einige Dateien in TEMP:
====================
C:\Users\Jia\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-25 20:55

==================== Ende von FRST.txt ============================
         

Geändert von Machalla666 (30.11.2016 um 19:52 Uhr)

Alt 30.11.2016, 18:58   #2
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Addition.txt
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 30-11-2016
durchgeführt von Patrick (30-11-2016 18:45:52)
Gestartet von C:\Users\Patrick\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-24 15:36:30)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3097098544-2319845998-2187571786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3097098544-2319845998-2187571786-503 - Limited - Disabled)
Gast (S-1-5-21-3097098544-2319845998-2187571786-501 - Limited - Disabled)
Patrick (S-1-5-21-3097098544-2319845998-2187571786-1001 - Administrator - Enabled) => C:\Users\Patrick

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{e7f56494-d786-472e-aba2-1b93089e06cd}) (Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.20506 - Avira Operations GmbH & Co. KG) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Cavern Kings (HKLM-x32\...\Steam App 321830) (Version:  - Vine)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Course Vector .minerva (HKLM-x32\...\com.coursevector.minerva) (Version: 3.5.0 - UNKNOWN)
Course Vector .minerva (x32 Version: 3.5.0 - UNKNOWN) Hidden
CrossCode (HKLM\...\Steam App 368340) (Version:  - Radical Fish Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0196 - Disc Soft Ltd)
Death Road to Canada (HKLM\...\Steam App 252610) (Version:  - Rocketcat Games)
Deathstate (HKLM-x32\...\Steam App 402120) (Version:  - Workinman Interactive, LLC.)
DLC Quest (HKLM\...\Steam App 230050) (Version:  - Going Loud Studios)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dungeon Souls (HKLM-x32\...\Steam App 383230) (Version:  - Mike Studios)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
FreeCAD 0.15 - A free open source CAD system (HKLM\...\FreeCAD 0.15) (Version: 0.15.4671 - Juergen Riegel)
Ghost 1.0 (HKLM\...\Steam App 463270) (Version:  - @unepic_fran)
Good Robot (HKLM\...\Steam App 358830) (Version:  - Pyrodactyl)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version:  - Elias Viglione)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Hyper Light Drifter (HKLM\...\Steam App 257850) (Version:  - Heart Machine)
Hyperdimension Neptunia Re;Birth1 (HKLM\...\Steam App 282900) (Version:  - Idea Factory, Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Iron Fisticle (HKLM-x32\...\Steam App 306700) (Version:  - Confused Pelican)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jets'n'Guns Gold (HKLM\...\Steam App 262260) (Version:  - Rake in Grass)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KH Ultra Trainer (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\4f344c4511ef18b2) (Version: 0.1.0.74 - KongHack)
Leap of Fate (HKLM\...\Steam App 363420) (Version:  - Clever-Plays)
Legends of Pixelia (HKLM\...\Steam App 371530) (Version:  - SimaGames)
LINE (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\LINE) (Version: 4.10.2.1257 - LINE Corporation)
Magicians & Looters (HKLM\...\Steam App 284180) (Version:  - Morgopolis Studios)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Mercenary Kings (HKLM\...\Steam App 218820) (Version:  - Tribute Games Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Rechner-Plus (HKLM-x32\...\{437C19B3-7E20-4E39-B868-CA6BAA820E1C}) (Version: 1.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 de)) (Version: 50.0 - Mozilla)
NFOPad 1.7 (HKLM-x32\...\NFOPad) (Version: 1.7 - True Human Design)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PAC-MAN Championship Edition DX+ (HKLM\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Paranautical Activity: Deluxe Atonement Edition (HKLM\...\Steam App 250580) (Version:  - Digerati Distribution)
Phantom Breaker: Battle Grounds (HKLM\...\Steam App 329490) (Version:  - MAGES.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Princess.Loot.Pixel.Again (HKLM\...\Steam App 414290) (Version:  - EfimovMax)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.05 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Roguelands (HKLM\...\Steam App 364420) (Version:  - SmashGames)
Saints Row IV (HKLM\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Solid Edge ST8 (HKLM\...\{C69F7B10-60F2-476C-B0C1-4D61628462B7}) (Version: 108.00.00091 - Siemens)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Unity Web Player (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Void Raiders (HKLM\...\Steam App 445600) (Version:  - Tryzna83)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.4.0 - Azureus Software, Inc.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Witch & Hero(é*”女と勇者) (HKLM\...\Steam App 434130) (Version:  - FK Digital)
Yandex (HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\YandexBrowser) (Version: 16.10.1.1114 - YANDEX)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)
シãƒ*クãƒ*家出ギャル 泊めてくれたらなんでもするよ (HKLM-x32\...\エルフを飼うオーク「おめぇにゃオラの仔をたぁんと産んでもらうã*よ」) (Version: 1.0.0 - α-ï¼*ODEL)
搜狗拼音输入法 8.1æ*£å¼ç‰ˆ (HKLM-x32\...\Sogou Input) (Version: 8.1.0.8588 - Sogou.com)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001_Classes\CLSID\{F654F1BF-54D9-4A2E-B703-889091D3CB2D}\InprocServer32 -> c:\cimatron e13\program\cimpreviewhandler.dll => Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0CF6A2CF-4CE5-4A2B-8FA9-4E54567A63ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {1F709E53-7E3C-4717-92B2-BE8C89A936F0} - System32\Tasks\SogouImeMgr => C:\Program Files\SogouInput\SogouExe\SogouExe.exe [2016-11-01] (Sogou.com Inc.)
Task: {285F40BD-A904-40FA-951B-ABB14BB69D51} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Patrick\AppData\Roaming\d3dx10.exe [2015-08-13] () <==== ACHTUNG
Task: {33AB4AFF-944D-474A-AE6F-66B7CF4F8590} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {342309AA-8AD2-46DB-A6EA-5D51C5CE2E77} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-11-10] ()
Task: {3CFDDE66-A51F-4118-A971-B2784A2C099E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-19] (Adobe Systems Incorporated)
Task: {55687776-EE70-4178-BD30-F45518292757} - System32\Tasks\Update for Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {5FEFC0D8-B25C-42C7-B193-C7EC237931F7} - System32\Tasks\{6BA690B0-1A65-4FE1-B843-96EDE2B0A4C7} => pcalua.exe -a C:\WINDOWS\eiunin21.exe -c "D:\Games\ShiroKuro Iede Gyaru Tomete\Game\Setup.DAT"
Task: {62755CD6-6F88-4E68-92CC-12876715E12E} - System32\Tasks\Aktualisierung von Yandex Browser => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-11-09] (YANDEX LLC)
Task: {7B8ADF7F-61F3-481A-83D1-8974A93B80FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {88FCB513-78C2-494C-97B8-1C2E1CA04A1B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {8FB13BC2-5CED-434B-ABFC-E8CA8B7A9D4A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {907420C3-5A7F-4040-91F9-F0F26291B9FC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {9EE9C5DF-42DC-48AD-88CD-94D1A7A7CECB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {A78E230A-4226-4614-841C-F6F78BEB70E9} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {A9FD5CD3-9A97-4881-A0BB-7480C51A19E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-08] (Microsoft Corporation)
Task: {BA657DC5-B244-4FF5-BD25-8005343FB1DD} - System32\Tasks\Systemaktualisierung von Yandex Browser => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe [2016-11-09] (YANDEX LLC)
Task: {C056C44B-8F15-4448-92C2-56E043A73A80} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {D1DCFEBF-0295-4E80-94CF-F369B3C71B4B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DECEDBFC-2CA1-4EC6-B86D-83093585DC17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-22] (Google Inc.)
Task: {EF0AAD5A-2E96-411C-87E4-C07B504C01A8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {F0AE3619-7E9F-47D2-B095-38C29BBC4059} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Aktualisierung von Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Systemaktualisierung von Yandex Browser.job => C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-06 17:39 - 2014-06-26 11:55 - 00066480 _____ () C:\WINDOWS\System32\bgspm64.dll
2016-08-26 10:08 - 2016-08-26 10:08 - 00192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2016-09-24 16:48 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-11-19 03:15 - 2016-11-17 02:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 20:12 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00959168 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 15:13 - 2016-11-22 17:47 - 00592384 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-24 17:22 - 2016-09-24 17:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 06:36 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 06:35 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 06:35 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 06:35 - 2016-11-02 11:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 06:35 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 06:35 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-09-30 15:58 - 2014-05-19 18:10 - 03386880 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\OGMMon.exe
2016-11-17 17:54 - 2016-11-17 17:54 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 17:54 - 2016-11-17 17:54 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 17:54 - 2016-11-17 17:54 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-01-03 22:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-03 22:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-03 22:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-03 22:53 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-22 22:08 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-24 16:48 - 2016-10-25 20:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-24 16:48 - 2016-10-25 21:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-24 16:48 - 2016-10-25 21:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-24 16:48 - 2016-10-25 20:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-24 16:48 - 2016-10-25 20:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-30 15:58 - 2014-05-19 18:10 - 00028160 _____ () C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\uiHook.dll
2016-11-22 17:18 - 2016-11-09 06:57 - 01806840 _____ () C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\16.10.1.1114\libglesv2.dll
2016-11-22 17:18 - 2016-11-09 06:58 - 00094712 _____ () C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\16.10.1.1114\libegl.dll
2016-09-24 16:38 - 2016-09-24 16:38 - 00679624 _____ () C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-05-01 15:15 - 2016-11-22 17:47 - 00564736 _____ () C:\Users\Patrick\AppData\Local\MEGAsync\ShellExtX32.dll
2015-12-22 22:31 - 2015-12-22 22:31 - 02109000 _____ () C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\mono\Stable3.x.x\mono-1-vc.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.

IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxp://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\cfca.com.cn -> hxxps://cfca.com.cn
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\hxb.com.cn -> hxxps://dbank.hxb.com.cn
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7917 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2016-11-28 20:20 - 00453482 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15559 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\Pictures\fire-and-ice-dragon.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "safe_urls768"
HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\...\StartupApproved\Run: => "CimatronE12.0_x64"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{3764DFD5-D417-45BC-90EB-D1310FCD24EF}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{7381C9DF-2994-420A-936D-26C12C32B21B}] => C:\Program Files (x86)\Steam\steamapps\common\Good Robot\GoodRobot.exe
FirewallRules: [{31375AFE-B469-4D14-9EEB-59902F581197}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{FAFFFCA4-97CB-461B-8446-3014E8140DF7}] => C:\Program Files (x86)\Steam\steamapps\common\Roguelands\Roguelands.exe
FirewallRules: [{0A714477-C01F-46CF-9572-729D2CDE5F82}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{CB119EB7-91C7-4F18-8552-76550D760525}] => C:\Program Files (x86)\Steam\steamapps\common\Void Raiders\VoidRaiders.exe
FirewallRules: [{D99C49B5-19C6-4FF8-B402-B71DE35D53C3}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{BF7BC0FD-0B8B-486B-81C3-B78A6461F5B8}] => C:\Program Files (x86)\Steam\steamapps\common\Magicians and Looters\mal.exe
FirewallRules: [{ECC4B7A7-C3D2-488F-AF32-5FDAA6F14A5F}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{CE89D393-83CA-4ADE-B55E-A5E6E654C0E5}] => C:\Program Files (x86)\Steam\steamapps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{5CB1B11D-828A-48DD-A485-4C46C23E100C}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(é*”女と勇者)\witchandhero.exe
FirewallRules: [{6B36CFB6-0E38-459A-8270-E8FA8BA7791F}] => C:\Program Files (x86)\Steam\steamapps\common\Witch & Hero(é*”女と勇者)\witchandhero.exe
FirewallRules: [{D72E2045-C71C-439D-933C-81AB4CEA7436}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{5E430C19-EC7A-447E-BB1E-8356D31244D5}] => C:\Program Files (x86)\Steam\steamapps\common\ParanauticalActivity\Paranautical Activity.exe
FirewallRules: [{471B154F-9907-4E2E-AF7F-F39B056C0EF9}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{6EE0233A-1022-4D51-9A06-064B0DA60368}] => C:\Program Files (x86)\Steam\steamapps\common\Princess.Loot.Pixel.Again\game.exe
FirewallRules: [{18F2A80B-8F84-4F20-88A7-2457F51A80A7}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{44D74E01-714E-4680-A1B3-BEF85F2DD33F}] => C:\Program Files (x86)\Steam\steamapps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{08E5FE0A-8B11-4B74-A9D7-B29E23B2FC52}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{85A8FD2F-DD8B-493B-AE96-254566510C00}] => C:\Program Files (x86)\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [UDP Query User{29E3EEAD-2962-4CAC-A152-00CA7C21188F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [TCP Query User{B27B8D37-B155-4C7A-9047-23216E25A07F}C:\program files\sogouinput\7.9.0.7504\sgdownload.exe] => C:\program files\sogouinput\7.9.0.7504\sgdownload.exe
FirewallRules: [{2CAA031F-EB05-48E0-965D-5537212A10F5}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{D972B89E-FEE6-4681-9A5E-9AA8C101C4A0}] => C:\Program Files (x86)\Steam\steamapps\common\CrossCode\crosscode-beta.exe
FirewallRules: [{9AC3B67F-9362-4A04-8FDB-6AE5E92703F7}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{F8B6C5CE-8322-498D-8C32-AA0C5F2E13DA}] => C:\Program Files (x86)\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{235DD586-F3B8-45EE-957B-F6603EB1AB2F}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{718C3044-F348-4F71-82E5-0C9F35DBEA8E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{20FE32C5-D219-4078-A8F6-82F8AC0ED03E}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{BFB4F770-4B63-42CC-A179-20AF6BDAF310}] => C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{B055C440-C4A6-4B6E-984F-FE64611637AF}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [{F1C2D9E1-F78C-4258-B7C8-B42A2F73C73F}] => C:\Program Files (x86)\Steam\steamapps\common\Ghost\ghost.exe
FirewallRules: [UDP Query User{DEA51591-39A9-416D-9210-5BCF02DAD2AE}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [TCP Query User{A6523082-5CA8-4EB2-8CE0-87C5AF05722C}C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe] => C:\users\patrick\appdata\local\apps\2.0\q810qyjk.aoq\pzx0azte.zo5\kong..tion_0000000000000000_0000.0001_ae491a2415382a1a\konghacktrainer.exe
FirewallRules: [{46E4056F-38C3-43D2-9873-0F5CB6657BF5}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{EBE7F259-D304-44EE-BAA9-978AA436B65B}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{84A087DB-1030-43E6-890A-F3B223671A2F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{6F780622-0622-4A0F-9FC6-AE324B1C070F}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
FirewallRules: [{FA096091-49D3-4609-B2E4-22181FCB60C3}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{DD808A59-21DA-4D23-B121-C84B6E6627E6}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{BE3B029E-9D26-40AE-BFB4-EEBF356BA885}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{616D7593-4379-4910-BC48-4B8F5C9C15C8}] => C:\Games\Tor Browser\Browser\TorBrowser\Tor\tor.exe
FirewallRules: [{05123FE3-F069-4B52-9593-4990020FE03E}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{2448D1F8-D212-403E-BCD8-A658EB6999A0}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{534F5062-92B5-4421-99A3-1565B99AC49D}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{D920F5B3-9429-468B-8A68-FD7F9B729D79}] => C:\Games\Tor Browser\Browser\firefox.exe
FirewallRules: [{8F6367D0-CE2C-41EB-A9BA-4F1DAEFFBF45}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{DBD9FB03-B8F1-42AF-9A7A-D7F8FB0CC69E}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{AF9589E2-158D-4C95-BFC9-65BBDD91A19E}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{D5FDCF37-4154-4093-9117-8BD419465C73}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{EC2ABB68-B46C-425A-83F7-CDA9F68FB7FF}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{D500DC79-5ADA-412D-B382-9601912F2550}] => C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe
FirewallRules: [{251828C1-0ECC-440D-803A-75DB68A1B8C5}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{7AF92E39-A085-4E65-BFA6-EBEA938287B1}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{31833F03-49C6-46F5-8DB6-93FAD4067DEF}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{64A06AB9-50A5-4013-AFB4-60B42114BC16}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{3C2711C5-9087-49A9-BE22-DCB24B3882E6}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0E57CF92-59D7-4676-ACD5-D550E0D60D7C}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{23D7BBAB-6A17-48FA-991E-14C6A19B3E6D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{AC851ED3-7362-456E-AE70-1D5CEFE7C89D}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [UDP Query User{95963643-843A-4C3F-8990-57834844732B}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [TCP Query User{ABB12612-9084-4064-9CC6-6BF1C99BFAA6}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [{D6C353DC-6121-487D-966E-479BEE4C83C3}] => C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{92B2A13C-CECB-422E-8932-B5B8B67F8948}] => C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{C01D116D-EFC4-4CE6-8AEC-E832D50650C1}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{873C240A-601E-4C96-A4DD-7CECC158AED4}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{FE2110F3-E125-46AF-985A-696EC1C64382}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{AF85E0AE-2101-4EF1-8103-A5D494C5BA85}] => C:\Program Files\Vuze\jre\bin\javaw.exe
FirewallRules: [{BD71D367-6727-4A6C-8214-0E1B4CDD0370}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{EF176D09-0714-4693-B01A-2F882FA6383E}] => C:\Program Files (x86)\Steam\steamapps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{09F993A2-1C2A-417F-8E24-6A766640D8CD}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{1399F122-9A16-4B47-BDF9-8FFF9B2AC1F6}] => C:\Program Files (x86)\Steam\steamapps\common\Iron Fisticle\IronFisticle.exe
FirewallRules: [{29922ED6-8987-4CD1-B01F-69A16DAABA3B}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6F033B50-F83E-4C8E-8FB8-8124CE0A9B51}] => C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{6DCB7751-498F-4F8F-AA4D-5470F22CF767}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{1815A6A8-AB69-405B-A4F0-FE2E0DF40E5F}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Souls\DungeonSouls.exe
FirewallRules: [{60AC0683-DF68-4FCB-AB90-9B04AEFFBDCC}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{E30B989C-7D43-4738-BB72-D755DD0C0035}] => C:\Program Files (x86)\Steam\steamapps\common\Deathstate\Deathstate.exe
FirewallRules: [{6F921651-3A24-4904-B3F8-43F2E513FAD3}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{988081A4-F5C0-4042-8CEC-F4659DF3F10E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EBAC9118-80CB-497F-A151-7752BAEDDA40}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75ABB2FF-A053-4650-A535-8817F3BE8850}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7CCBD6F6-8101-4382-9511-88A9B3673ADF}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{C6943B46-F017-4E8C-9B3B-10655C08EA16}] => C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{70128B16-2126-4D5C-AB34-598B205A837F}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{B78BCA76-ADDD-4E79-A1D5-A0E62B84EC11}] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{FAED5051-98F2-4FB7-B3CC-0DC1859D2AB2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{650F7EAC-66E2-4705-811A-4786F8186D3F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8DF8682-9EC4-461B-A83C-7137D354D3D7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{EF61B266-6E00-457B-98D9-2882EE3E1E4D}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E3A67D95-B6EF-455E-B3FB-5BAD99F65F70}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9967287-87A3-41DD-8E42-DD2461004836}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86CE6FBC-9E00-484C-834A-A85F1A89840F}] => C:\Users\Patrick\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
FirewallRules: [{7EA154DD-3142-47C5-92B9-86651E5C7CB4}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{D9133A72-07FB-4436-99F4-D7C4E86DF477}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{72774E9B-97BF-4D9E-A3F3-31745482D0C5}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{0F24359D-B5D1-4E4B-A2A3-8311694C6701}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{01775F07-2831-4DD4-B754-C8A0385E099B}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{5B86419F-A53E-40B9-B14F-168B089683DA}] => C:\Program Files\SogouInput\8.1.0.8411\SGTool.exe
FirewallRules: [{7FDB2EB3-9F97-4E66-A7E1-9EDA750A5556}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{5C7661D4-9409-48A3-A224-10BFDE64CA64}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{54CB7C35-71E8-4144-B31C-7CB892EDF390}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{4292ABB5-3849-466E-8968-7B8C885792D3}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{DC6F0713-9B09-4658-9A58-DA3475F25AA6}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{D7C6184B-D3E0-4930-B7E3-66EBE0FA5A1D}] => C:\Program Files\SogouInput\8.1.0.8411\PinyinUp.exe
FirewallRules: [{3129E8F9-898F-4D3B-B6F0-8C8BB4878F38}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{09855C59-7B31-433B-9F51-1E0F50729A08}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{7E578D3A-18A5-421E-978D-1B311DF77447}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{18857925-C99F-4497-91ED-34E71F1A9B8B}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{D4B2A7D4-91F7-41AE-B759-70B4372F5502}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{460F737E-9EC0-4BC7-8F56-40340E87EC0C}] => C:\Program Files\SogouInput\8.1.0.8411\SGDownload.exe
FirewallRules: [{44531322-CDE2-4E6F-84F8-E93757A14AE3}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{2D760737-7C7F-48B2-9F32-094B47DBD9D4}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{F798BCDB-4C1B-4A75-9A1A-B754D246EF44}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{A1C84D1F-E207-428F-9A11-7C3D5887517B}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{3D4A535D-7BD8-4EEB-9DBB-B495FDF1FB76}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{EA243917-0ED1-4AC3-892E-E75E69E85ADD}] => C:\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe
FirewallRules: [{33F72E10-AFF6-4BCA-8C05-FDDFA7F7F7C3}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{68CB1F80-BA9C-482D-BB2D-677FFBFEF16A}] => C:\Program Files\Cimatron\CimatronE\Program\CimatronE.exe
FirewallRules: [{A171EC02-48FD-4221-AB23-6005EE5637B4}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteBoxManager.exe
FirewallRules: [{65380630-63BE-4835-A178-BCADECC758AA}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{B5CFDA5D-8776-4383-8F5F-B76FA77C5ADF}] => C:\Program Files (x86)\Steam\steamapps\common\Leap of Fate\LoF.exe
FirewallRules: [{6907F5CD-3E9A-4E9A-AF7D-659F15399D49}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{3CECCF84-A0F4-4A26-8EE4-2A1C7244B235}] => C:\Program Files (x86)\Steam\steamapps\common\Legends of Pixelia\Legends of Pixelia.exe
FirewallRules: [{612445B6-6A40-49B6-AE58-804F7BF90422}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{EACCBFE3-C8CD-41C5-A91F-AD18D3CBF08E}] => C:\Program Files\Cimatron\CimatronE\Program\CimRemoteWorker.exe
FirewallRules: [{3F7B93DA-04CF-47CE-BE6A-1FAB0995F92B}] => C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{096A419B-62BA-441A-BC77-FAB03072256A}] => C:\Cimatron E13\Program\CimRemoteRedConsolHost.exe
FirewallRules: [{8680F965-A9EC-4271-93B4-505F6466C0FF}] => C:\Cimatron E13\Program\CimatronE.exe
FirewallRules: [{DDCA80CC-D6CE-4D39-BD18-C101BBA5076A}] => C:\Cimatron E13\Program\CimRemoteBoxManager.exe
FirewallRules: [{9935DE82-D3C7-455A-8148-E4A2BD21DCBC}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{990A8079-F4EB-4509-BCBF-E059611C3FC7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{185A022C-9E6A-4647-B71A-6B9817AA1CBF}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{575809EB-3973-4A72-8D33-7DC5F16342B7}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{B6A4366A-DA4F-43E4-8555-F125769D7C8B}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{7F74F2FC-B42F-4D71-B201-0195D17FD6E5}] => C:\Program Files\SogouInput\8.1.0.8588\SGTool.exe
FirewallRules: [{985C7414-DC1D-4E82-94E3-CC2605D736AB}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{54195CC1-AD9D-4998-8172-921D05D97089}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{566CF440-5F41-42BC-86E1-2C64124490AD}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{81E0ED6C-D16A-43EE-B7F5-99A91E6C597D}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{7A016A10-0A8B-4273-A89D-7AEB693826F3}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{B8A5162A-D06B-4D53-BE24-312DBF4B8203}] => C:\Program Files\SogouInput\8.1.0.8588\PinyinUp.exe
FirewallRules: [{EDE1A8F3-1D58-4D6F-8967-04297A1197AB}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{BC483936-A171-4A92-9AA9-3C52D2BEF9F8}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{CF4146B2-62E6-48E4-8478-F24375111FC5}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{4FB6FE8F-7145-4338-ABFE-E412FFEF8412}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{56A8A485-3B98-480F-BFAE-6DF7A0212840}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{03DBD3CA-1AD9-40FA-8F02-939EAECDB990}] => C:\Program Files\SogouInput\8.1.0.8588\SGDownload.exe
FirewallRules: [{5A23DF0C-FE19-46C9-9D70-171735056747}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{A25A85F0-2797-4A9B-9340-5769313C4323}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{BEEA45A0-3546-4241-AAF9-ED51EB1A1644}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{2C9200BD-1504-4379-981E-A01B1FB2B1C0}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{5BFCE98B-5E70-4DB8-B281-F4259913B610}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{6860966F-7701-4302-88B3-FF5B39DF7EC2}] => C:\Program Files\SogouInput\8.1.0.8588\SogouCloud.exe
FirewallRules: [{B751DED2-5796-45A5-AFB5-6AA8CF25308A}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{A402CC30-5D3C-41DD-A0A4-9F862F947A64}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B3976A15-41DD-4BCB-9BFA-02A8CA5D0E93}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B9AE4A8A-2213-49B2-85F3-5819E5D8E9DD}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{06FB5740-E816-43A3-BD23-3B737FCD031E}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B31C6B22-6986-41C8-8625-18EFA04F06B6}] => C:\Program Files\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{372BA32F-C576-4485-8B0C-2B21686E362E}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{6D3DCEDE-22AC-4DAA-8B7E-3EAE40BB8E73}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{BBA09CFE-8FFC-4E12-8F79-17581FF99D51}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{4A38FEC6-47EA-4DBA-85DB-F3165E2755A4}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{E0125ADA-5CAA-4A26-B106-DE3EAD794F4A}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{25366F8D-4DB8-4544-9C5C-3A1F5C4AA82B}] => C:\Program Files\SogouInput\8.1.0.8588\userNetSchedule.exe
FirewallRules: [{2E709EE1-79E0-4A30-AD23-30A0594C0EC0}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DEC9358B-ED88-48DF-965E-238A03FAB10A}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{8E722A9E-3D82-41C9-A6BC-042ECA42C3D5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{393DA665-55A1-4B7F-9044-BB0AD113F3D8}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{C4A26A66-A7EC-417F-A8E9-CCBB78D38B91}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{DD1A2841-49AB-414A-9FB6-3A7205E015A5}] => C:\Program Files\SogouInput\8.1.0.8588\SGMedalLoader.exe
FirewallRules: [{65995093-15F6-444F-B8EE-C2B97DF5C04F}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{DF61DDC9-3D41-4E72-853B-BDAA2F2BC223}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{C45AD099-CB85-460B-803E-E4A51392C38B}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{647D2FEC-9540-4098-8901-49CB0CC72BA7}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{1F608F1A-4F10-46B5-B6FA-E299724EC679}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{97289FA1-85A7-4225-806A-A5E034E602E0}] => C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{CE57EF4C-239D-4A77-A9CF-673A3F733419}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{A1BA72F8-F488-4AB8-B8EE-CE1E1DA04261}] => C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{49452CC4-C124-40D7-866B-BDA3D10CA632}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{58AD4E86-91F1-4263-A4C6-AD79F7FD9918}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4DE9B0A0-7B7F-41DD-B115-71532D9EDB63}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{F6D306F3-0054-4B9C-B691-00FC88976995}] => C:\Program Files (x86)\Steam\steamapps\common\Phantom Breaker Battle Grounds\bin\pbbg_win32.exe
FirewallRules: [{6F765953-4976-4714-804A-811BAFA6E151}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F2E9BBF5-2EC3-4983-B606-1F61508156B7}] => C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{686D3529-E62B-4E90-A104-7B60BBC05F23}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D7E4966C-BAE8-468F-94CC-55E2BAEA1D50}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7DA1BAD8-2869-47BA-B670-7859687B0ACC}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
FirewallRules: [{3CC78B1C-2CC4-4BCD-BF1E-E90514237A9C}] => C:\Program Files (x86)\Steam\steamapps\common\DeathRoadToCanada\prog.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

28-11-2016 17:33:57 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/30/2016 05:03:25 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Fehler beim Aufzählen von Benutzersitzungen zum Generieren von Filterpools.

Details:
	(HRESULT : 0x80040210) (0x80040210)

Error: (11/29/2016 07:44:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (11/28/2016 05:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (11/28/2016 11:59:27 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (11/28/2016 11:59:15 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (11/28/2016 11:56:48 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (11/28/2016 11:56:10 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (11/28/2016 11:55:49 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (11/28/2016 11:55:11 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-I54T4B7)
Description: 7.488: Der EFS-DienstÂ*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.


Systemfehler:
=============
Error: (11/30/2016 05:03:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/30/2016 05:01:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎11.‎2016 um 07:07:48 unerwartet heruntergefahren.

Error: (11/30/2016 06:13:43 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/29/2016 06:54:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (11/29/2016 06:53:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/29/2016 06:52:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29.‎11.‎2016 um 06:51:26 unerwartet heruntergefahren.

Error: (11/29/2016 07:13:12 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/29/2016 05:56:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/28/2016 05:01:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (11/28/2016 04:54:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler


CodeIntegrity:
===================================
  Date: 2016-10-11 15:44:29.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe) attempted to load \Device\HarddiskVolume4\Program Files\SogouInput\8.1.0.8411\SogouCloud.exe that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 8007.27 MB
Verfügbarer physikalischer RAM: 4846.8 MB
Summe virtueller Speicher: 9287.27 MB
Verfügbarer virtueller Speicher: 5863.68 MB

==================== Laufwerke ================================

Drive c: (SSD) (Fixed) (Total:231.52 GB) (Free:84.92 GB) NTFS
Drive d: (HDD) (Fixed) (Total:465.76 GB) (Free:143.6 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 08CA1AAA)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________


Alt 01.12.2016, 16:14   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



+++ WICHTIGER HINWEIS +++


Während der Analyse und Bereinigung nimmst du KEINERLEI Änderungen auf eigene Faust vor, d.h. du installierst oder deinstallierst keine Software ohne Absprache.
Auch veränderst du keine Systemeinstellungen, solange wir deinen Fall bearbeiten. Änderungen, Installationen oder Deinstallationen machst du AUSSCHLIESSLICH nur auf Anweisung!
Es wird erforderlich sein, deinen Virenscanner zu deaktivieren und in bestimmten Fällen auch zu deinstallieren, damit vernünftig bereinigt werden kann. Dein System ist daher erst wenn wir hier fertig sind wieder für den alltäglichen Gebrauch wie surfen oder mailen von mir freigegeben.

Gelesen und verstanden?
__________________
__________________

Alt 01.12.2016, 18:39   #4
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Gelesen und verstanden.
Nur noch eine Frage:
Da ich ja mein System nicht verändern und Software weder installieren noch deinstallieren darf, soll ich erstmal die Vollständige Systemüberprüfung durch Avira und Updates, wie z.B. von Nvidea, aussetzen ?

Alt 02.12.2016, 09:20   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.12.2016, 19:30   #6
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Ok, Avira ist deinstalliert.

Alt 02.12.2016, 19:57   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.12.2016, 20:58   #8
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Malwarebytes keine Funde

Logfile:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.12.02.10
  rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
Patrick :: DESKTOP-I54T4B7 [administrator]

02.12.2016 20:39:42
mbar-log-2016-12-02 (20-39-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 352739
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Kaspersky 2 Funde

Logfile Teil1:
Code:
ATTFilter
20:48:35.0198 0x060c  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
20:48:35.0198 0x060c  UEFI system
20:48:52.0817 0x060c  ============================================================
20:48:52.0817 0x060c  Current date / time: 2016/12/02 20:48:52.0817
20:48:52.0817 0x060c  SystemInfo:
20:48:52.0817 0x060c  
20:48:52.0817 0x060c  OS Version: 10.0.14393 ServicePack: 0.0
20:48:52.0817 0x060c  Product type: Workstation
20:48:52.0817 0x060c  ComputerName: DESKTOP-I54T4B7
20:48:52.0817 0x060c  UserName: Patrick
20:48:52.0817 0x060c  Windows directory: C:\WINDOWS
20:48:52.0817 0x060c  System windows directory: C:\WINDOWS
20:48:52.0817 0x060c  Running under WOW64
20:48:52.0817 0x060c  Processor architecture: Intel x64
20:48:52.0817 0x060c  Number of processors: 8
20:48:52.0817 0x060c  Page size: 0x1000
20:48:52.0817 0x060c  Boot type: Normal boot
20:48:52.0818 0x060c  CodeIntegrityOptions = 0x00000001
20:48:52.0818 0x060c  ============================================================
20:48:52.0842 0x060c  KLMD registered as C:\WINDOWS\system32\drivers\71052118.sys
20:48:52.0842 0x060c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.447, osProperties = 0x19
20:48:52.0874 0x060c  System UUID: {BF06FE79-495B-5F1C-47E0-4EF59F6BFE62}
20:48:53.0088 0x060c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:54.0812 0x060c  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:54.0819 0x060c  ============================================================
20:48:54.0819 0x060c  \Device\Harddisk0\DR0:
20:48:54.0820 0x060c  GPT partitions:
20:48:54.0820 0x060c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {207FAE11-A209-45E1-921F-FA9DF18AD91B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
20:48:54.0820 0x060c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {4705516B-5E69-44AB-833A-A0C78ACD69FC}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x31800
20:48:54.0820 0x060c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AD35254C-E9C6-47F9-967E-C0B25087C0D6}, Name: Microsoft reserved partition, StartLBA 0x113000, BlocksNum 0x8000
20:48:54.0820 0x060c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4963CF99-E017-418C-811F-EE78D4C52D56}, Name: Basic data partition, StartLBA 0x11B000, BlocksNum 0x1CF09060
20:48:54.0820 0x060c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {82E614D8-AF80-463C-9438-E32A0C778068}, Name: , StartLBA 0x1D024800, BlocksNum 0x1A0800
20:48:54.0820 0x060c  MBR partitions:
20:48:54.0820 0x060c  \Device\Harddisk1\DR1:
20:48:54.0825 0x060c  MBR partitions:
20:48:54.0825 0x060c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384441
20:48:54.0825 0x060c  ============================================================
20:48:54.0826 0x060c  C: <-> \Device\Harddisk0\DR0\Partition4
20:48:54.0827 0x060c  D: <-> \Device\Harddisk1\DR1\Partition1
20:48:54.0827 0x060c  ============================================================
20:48:54.0827 0x060c  Initialize success
20:48:54.0827 0x060c  ============================================================
20:49:42.0950 0x1db8  ============================================================
20:49:42.0950 0x1db8  Scan started
20:49:42.0950 0x1db8  Mode: Manual; SigCheck; TDLFS; 
20:49:42.0950 0x1db8  ============================================================
20:49:42.0950 0x1db8  KSN ping started
20:49:43.0038 0x1db8  KSN ping finished: true
20:49:45.0331 0x1db8  ================ Scan system memory ========================
20:49:45.0331 0x1db8  System memory - ok
20:49:45.0332 0x1db8  ================ Scan services =============================
20:49:45.0369 0x1db8  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
20:49:45.0412 0x1db8  1394ohci - ok
20:49:45.0420 0x1db8  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
20:49:45.0432 0x1db8  3ware - ok
20:49:45.0449 0x1db8  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
20:49:45.0476 0x1db8  ACPI - ok
20:49:45.0480 0x1db8  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
20:49:45.0492 0x1db8  AcpiDev - ok
20:49:45.0497 0x1db8  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
20:49:45.0510 0x1db8  acpiex - ok
20:49:45.0513 0x1db8  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
20:49:45.0526 0x1db8  acpipagr - ok
20:49:45.0529 0x1db8  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
20:49:45.0542 0x1db8  AcpiPmi - ok
20:49:45.0545 0x1db8  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
20:49:45.0556 0x1db8  acpitime - ok
20:49:45.0562 0x1db8  [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:49:45.0570 0x1db8  AdobeARMservice - ok
20:49:45.0595 0x1db8  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
20:49:45.0630 0x1db8  ADP80XX - ok
20:49:45.0646 0x1db8  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
20:49:45.0669 0x1db8  AFD - ok
20:49:45.0678 0x1db8  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
20:49:45.0698 0x1db8  ahcache - ok
20:49:45.0702 0x1db8  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
20:49:45.0716 0x1db8  AJRouter - ok
20:49:45.0721 0x1db8  [ 59069329A89025B01708F3DAF9929C58, 57C8D300823E54EE7D77B7A30452519B459D32FF7BCA340ED33FF181BE093F04 ] aksdf           C:\WINDOWS\system32\drivers\aksdf.sys
20:49:45.0728 0x1db8  aksdf - ok
20:49:45.0734 0x1db8  [ 0EF3D7B35431030FFC85F7EF45A64E0C, 720E1F0841571E316BB224E8BC125C56BCDC6195DB9BE1F71EDDB7DCBC638FA9 ] aksfridge       C:\WINDOWS\system32\drivers\aksfridge.sys
20:49:45.0742 0x1db8  aksfridge - ok
20:49:45.0747 0x1db8  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
20:49:45.0762 0x1db8  ALG - ok
20:49:45.0768 0x1db8  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
20:49:45.0784 0x1db8  AmdK8 - ok
20:49:45.0790 0x1db8  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
20:49:45.0804 0x1db8  AmdPPM - ok
20:49:45.0809 0x1db8  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
20:49:45.0820 0x1db8  amdsata - ok
20:49:45.0827 0x1db8  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
20:49:45.0843 0x1db8  amdsbs - ok
20:49:45.0847 0x1db8  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
20:49:45.0856 0x1db8  amdxata - ok
20:49:45.0860 0x1db8  [ 39B6FAE7DFE1B70034F253AB0BB96E2F, 477D9788BB1717F966E8E4F776CE52425BB76288A99FF34AE7A24D4221EA5D05 ] ampa            C:\Windows\system32\ampa.sys
20:49:45.0870 0x1db8  ampa - detected UnsignedFile.Multi.Generic ( 1 )
20:49:45.0944 0x1db8  Detect skipped due to KSN trusted
20:49:45.0944 0x1db8  ampa - ok
20:49:45.0950 0x1db8  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
20:49:45.0963 0x1db8  AppID - ok
20:49:45.0968 0x1db8  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
20:49:45.0988 0x1db8  AppIDSvc - ok
20:49:45.0994 0x1db8  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
20:49:46.0010 0x1db8  Appinfo - ok
20:49:46.0014 0x1db8  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
20:49:46.0035 0x1db8  applockerfltr - ok
20:49:46.0048 0x1db8  [ 21DC11DA29484AE026E536F2EA7E79E5, 6E17B679494CB293DE13DFA18F79A9DFAFEEBAAE41943F95B5E1AE0720A5CA26 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
20:49:46.0078 0x1db8  AppReadiness - ok
20:49:46.0120 0x1db8  [ F9F4CFCB3845EABF81A654001C80854C, 2CB7BED0A838585903056E41D46C2604B5EECA3B6C673497A22BFFCAE7986C5F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
20:49:46.0200 0x1db8  AppXSvc - ok
20:49:46.0207 0x1db8  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
20:49:46.0219 0x1db8  arcsas - ok
20:49:46.0229 0x1db8  [ 5EE26734A882478AF6696092E2E0F352, 6CACFF521B3B839F73EBEB6EFBFDCCA8A8BC319DDB254BE3EFE29A39040B2C26 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:49:46.0241 0x1db8  aspnet_state - ok
20:49:46.0244 0x1db8  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
20:49:46.0259 0x1db8  AsyncMac - ok
20:49:46.0263 0x1db8  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:49:46.0272 0x1db8  atapi - ok
20:49:46.0277 0x1db8  [ 8302D313DCC5536FE6BFB85165D9BB1E, CD9101D9CFE34F0D6CF5A6AD5C997CC5D32CCF5135B78604D0C3CD7252117C2D ] AthBTPort       C:\WINDOWS\system32\DRIVERS\btath_flt.sys
20:49:46.0284 0x1db8  AthBTPort - ok
20:49:46.0294 0x1db8  [ B68BC92DC0F6484E5862BA1B09EE720C, E15BF19CBF83EC33A3DF9371CCEA9EA9765B17C41B13D4B28635111171D43835 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:49:46.0309 0x1db8  AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:49:46.0384 0x1db8  Detect skipped due to KSN trusted
20:49:46.0384 0x1db8  AtherosSvc - ok
20:49:46.0458 0x1db8  [ 835E2C1A3D32492E2B90BD4FE5527CB6, DE129E570C85EE8AAE8084B40F4E32766B4B789A2EED81E46311712B0826053D ] athr            C:\WINDOWS\System32\drivers\athw8x.sys
20:49:46.0597 0x1db8  athr - ok
20:49:46.0610 0x1db8  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
20:49:46.0632 0x1db8  AudioEndpointBuilder - ok
20:49:46.0652 0x1db8  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
20:49:46.0691 0x1db8  Audiosrv - ok
20:49:46.0697 0x1db8  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
20:49:46.0713 0x1db8  AxInstSV - ok
20:49:46.0726 0x1db8  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
20:49:46.0747 0x1db8  b06bdrv - ok
20:49:46.0752 0x1db8  [ C0D49B86B9A3C081FD96E5EDEB7373FA, F9C70993A0F92CD5A798DE3C6150845C1965A1AF43C59001285F3BBEC0681A6F ] b57xdbd         C:\WINDOWS\System32\drivers\b57xdbd.sys
20:49:46.0759 0x1db8  b57xdbd - ok
20:49:46.0763 0x1db8  [ B2B4C0169F3D2BB1106B61C04EE6145B, FD58739228479F525AB748C293C6112A94792584773C6A17E1D1478611B606C0 ] b57xdmp         C:\WINDOWS\System32\drivers\b57xdmp.sys
20:49:46.0768 0x1db8  b57xdmp - ok
20:49:46.0773 0x1db8  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
20:49:46.0787 0x1db8  BasicDisplay - ok
20:49:46.0791 0x1db8  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
20:49:46.0802 0x1db8  BasicRender - ok
20:49:46.0807 0x1db8  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
20:49:46.0818 0x1db8  bcmfn - ok
20:49:46.0821 0x1db8  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
20:49:46.0832 0x1db8  bcmfn2 - ok
20:49:46.0842 0x1db8  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
20:49:46.0865 0x1db8  BDESVC - ok
20:49:46.0868 0x1db8  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:49:46.0880 0x1db8  Beep - ok
20:49:46.0898 0x1db8  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
20:49:46.0934 0x1db8  BFE - ok
20:49:46.0958 0x1db8  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\WINDOWS\System32\qmgr.dll
20:49:47.0004 0x1db8  BITS - ok
20:49:47.0009 0x1db8  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
20:49:47.0024 0x1db8  bowser - ok
20:49:47.0041 0x1db8  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
20:49:47.0077 0x1db8  BrokerInfrastructure - ok
20:49:47.0083 0x1db8  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
20:49:47.0099 0x1db8  Browser - ok
20:49:47.0103 0x1db8  [ F4598EF1BE59937A578F3F68724552A7, 67F2B580462A925583F272BBF664BF2042D2E2B18B1CB21B994B12A9B6288779 ] bScsiMSa        C:\WINDOWS\System32\drivers\bScsiMSa.sys
20:49:47.0110 0x1db8  bScsiMSa - ok
20:49:47.0115 0x1db8  [ FE95727BE64F084EA291ECFCDBE5279F, 462A79100BC776F3D506A1742773FDA53E1E3F33D1172DD8E9287E136AF6B16B ] bScsiSDa        C:\WINDOWS\System32\drivers\bScsiSDa.sys
20:49:47.0121 0x1db8  bScsiSDa - ok
20:49:47.0131 0x1db8  [ 3B178B27E4514638497273C97B08B2A4, 7D7391DE399A414B6EDCD4E992D8B9C6D52FFF0ED7404F4D88E490315A3BDFD6 ] BTATH_A2DP      C:\WINDOWS\system32\drivers\btath_a2dp.sys
20:49:47.0143 0x1db8  BTATH_A2DP - ok
20:49:47.0148 0x1db8  [ FB5EEA3DB72E30D645DC40D0951B1A1B, B4F1FA323D8F259A22193FD67B07E512EBE70C3C483BD15F087EA08C53021F7A ] btath_avdt      C:\WINDOWS\system32\drivers\btath_avdt.sys
20:49:47.0155 0x1db8  btath_avdt - ok
20:49:47.0159 0x1db8  [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS       C:\WINDOWS\System32\drivers\btath_bus.sys
20:49:47.0165 0x1db8  BTATH_BUS - ok
20:49:47.0171 0x1db8  [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP      C:\WINDOWS\System32\drivers\btath_hcrp.sys
20:49:47.0181 0x1db8  BTATH_HCRP - ok
20:49:47.0185 0x1db8  [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT     C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys
20:49:47.0192 0x1db8  BTATH_LWFLT - ok
20:49:47.0197 0x1db8  [ 859A116D748FBA603AF94C251DC5CF97, D64061721BE01F86386C4B0168B166C6AD076630B2229036E1D368D877389D46 ] BTATH_RCP       C:\WINDOWS\System32\drivers\btath_rcp.sys
20:49:47.0205 0x1db8  BTATH_RCP - ok
20:49:47.0220 0x1db8  [ C8BF11D79B29BB23A461B65B58BA8593, 35AFAD5ED40304976287E6C982085DF7A91FF48F0320DAC32370FA039AA03C69 ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
20:49:47.0244 0x1db8  BtFilter - ok
20:49:47.0248 0x1db8  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
20:49:47.0260 0x1db8  BthAvrcpTg - ok
20:49:47.0265 0x1db8  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
20:49:47.0277 0x1db8  BthHFEnum - ok
20:49:47.0281 0x1db8  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
20:49:47.0292 0x1db8  bthhfhid - ok
20:49:47.0301 0x1db8  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
20:49:47.0321 0x1db8  BthHFSrv - ok
20:49:47.0326 0x1db8  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
20:49:47.0339 0x1db8  BTHMODEM - ok
20:49:47.0359 0x1db8  [ E6D5762958A839B119C041256149AAD6, 8FB489F6771C392347E333935E00024309A19F1D3143F365A039A9D2DE0A639C ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
20:49:47.0401 0x1db8  BTHPORT - ok
20:49:47.0408 0x1db8  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
20:49:47.0424 0x1db8  bthserv - ok
20:49:47.0428 0x1db8  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
20:49:47.0441 0x1db8  BTHUSB - ok
20:49:47.0446 0x1db8  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
20:49:47.0458 0x1db8  buttonconverter - ok
20:49:47.0464 0x1db8  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
20:49:47.0480 0x1db8  CapImg - ok
20:49:47.0485 0x1db8  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
20:49:47.0501 0x1db8  cdfs - ok
20:49:47.0512 0x1db8  [ B737F6FB33A6F79BCBC293A5B32C1C4E, B2EAF621052A4CBEE78208ECF1AC9286BD1EB431019372254E442319308112F8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
20:49:47.0536 0x1db8  CDPSvc - ok
20:49:47.0546 0x1db8  [ 2531EF3423A9FE1692005A41907E3BE3, 4E7D3E216937305B73CBCC5031F513CEC38F4FEFE3F2291DED5F37641221CCA0 ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
20:49:47.0566 0x1db8  CDPUserSvc - ok
20:49:47.0576 0x1db8  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
20:49:47.0590 0x1db8  cdrom - ok
20:49:47.0597 0x1db8  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
20:49:47.0615 0x1db8  CertPropSvc - ok
20:49:47.0624 0x1db8  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
20:49:47.0641 0x1db8  cht4iscsi - ok
20:49:47.0681 0x1db8  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
20:49:47.0739 0x1db8  cht4vbd - ok
20:49:47.0745 0x1db8  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
20:49:47.0757 0x1db8  circlass - ok
20:49:47.0766 0x1db8  [ 39591D8510CEC3BA6ED4330EE689B791, E827DEA20AB338308D6E4EEFEF551088088B77CD10BF08C8BE568090E04172E2 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
20:49:47.0783 0x1db8  CLFS - ok
20:49:47.0808 0x1db8  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
20:49:47.0834 0x1db8  ClipSVC - ok
20:49:47.0840 0x1db8  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
20:49:47.0853 0x1db8  clreg - ok
20:49:47.0862 0x1db8  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
20:49:47.0873 0x1db8  CmBatt - ok
20:49:47.0888 0x1db8  [ 3E502EB1701CF54CF237B6250FBE38EA, E63F6F45D3990ACBCA96003F67C83697BA5B74B89F972C5E9CC45F90D05519FF ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
20:49:47.0912 0x1db8  CNG - ok
20:49:47.0916 0x1db8  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
20:49:47.0926 0x1db8  cnghwassist - ok
20:49:47.0940 0x1db8  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
20:49:47.0951 0x1db8  CompositeBus - ok
20:49:47.0955 0x1db8  COMSysApp - ok
20:49:47.0959 0x1db8  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
20:49:47.0969 0x1db8  condrv - ok
20:49:47.0986 0x1db8  [ 03DCC01047713690E312B013C60881AE, B98174222DDFDA2A31BAC4795D99FA07D1D03107ABDB27BF5069FAFBBF00D278 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
20:49:48.0013 0x1db8  CoreMessagingRegistrar - ok
20:49:48.0030 0x1db8  [ A28D6FA203CE094BDE7ED8CEC6079E42, 5DCA8BA21F5FD0D9F00620E7592949ABCF3BA202CF7AF3D84F93DF7C13E2D4C9 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
20:49:48.0046 0x1db8  cphs - ok
20:49:48.0052 0x1db8  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
20:49:48.0068 0x1db8  CryptSvc - ok
20:49:48.0072 0x1db8  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\WINDOWS\system32\drivers\dam.sys
20:49:48.0082 0x1db8  dam - ok
20:49:48.0086 0x1db8  [ 8AE2B187551B9B4BBFF9D65E5BEBA598, 9C3C6D45B5CB456B6798E41ACC5C50C4D433C4523C34ED0C13D98C6F6A5288E8 ] dc1-controller  C:\WINDOWS\System32\drivers\dc1-controller.sys
20:49:48.0100 0x1db8  dc1-controller - ok
20:49:48.0121 0x1db8  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:49:48.0159 0x1db8  DcomLaunch - ok
20:49:48.0166 0x1db8  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
20:49:48.0187 0x1db8  DcpSvc - ok
20:49:48.0199 0x1db8  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
20:49:48.0229 0x1db8  defragsvc - ok
20:49:48.0241 0x1db8  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
20:49:48.0266 0x1db8  DeviceAssociationService - ok
20:49:48.0271 0x1db8  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
20:49:48.0291 0x1db8  DeviceInstall - ok
20:49:48.0295 0x1db8  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
20:49:48.0308 0x1db8  DevQueryBroker - ok
20:49:48.0314 0x1db8  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
20:49:48.0330 0x1db8  Dfsc - ok
20:49:48.0335 0x1db8  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:49:48.0343 0x1db8  dg_ssudbus - ok
20:49:48.0353 0x1db8  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
20:49:48.0377 0x1db8  Dhcp - ok
20:49:48.0382 0x1db8  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
20:49:48.0397 0x1db8  diagnosticshub.standardcollector.service - ok
20:49:48.0436 0x1db8  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
20:49:48.0508 0x1db8  DiagTrack - ok
20:49:48.0539 0x1db8  [ B8BE3CE91E2E47AF54BAC4B2D2AAA4DD, AF64EE4F8B6CB49A9CADC6D0F3DECB2973F3A187DC9B57C2FF43FA68A5CBBA18 ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
20:49:48.0582 0x1db8  Disc Soft Lite Bus Service - ok
20:49:48.0588 0x1db8  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
20:49:48.0599 0x1db8  disk - ok
20:49:48.0611 0x1db8  [ 44A5CAF4E736BCD4360015BB3B841179, 8CD74620C3E163FF998CA8C09A999FED5C9EFDC88D07493192A57032D18CA973 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
20:49:48.0637 0x1db8  DmEnrollmentSvc - ok
20:49:48.0642 0x1db8  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
20:49:48.0654 0x1db8  dmvsc - ok
20:49:48.0658 0x1db8  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
20:49:48.0683 0x1db8  dmwappushservice - ok
20:49:48.0691 0x1db8  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:49:48.0710 0x1db8  Dnscache - ok
20:49:48.0720 0x1db8  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:49:48.0740 0x1db8  dot3svc - ok
20:49:48.0746 0x1db8  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
20:49:48.0763 0x1db8  DPS - ok
20:49:48.0767 0x1db8  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
20:49:48.0776 0x1db8  drmkaud - ok
20:49:48.0783 0x1db8  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
20:49:48.0806 0x1db8  DsmSvc - ok
20:49:48.0812 0x1db8  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
20:49:48.0829 0x1db8  DsSvc - ok
20:49:48.0833 0x1db8  [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
20:49:48.0840 0x1db8  dtlitescsibus - ok
20:49:48.0844 0x1db8  [ E23FDD696839A4790682CA66C48D3F2F, F5F0721BDA751968224E52E75D0C309A3E084C430CD98E85A55AF622D16B9A44 ] dtliteusbbus    C:\WINDOWS\System32\drivers\dtliteusbbus.sys
20:49:48.0851 0x1db8  dtliteusbbus - ok
20:49:48.0892 0x1db8  [ 125C83C44EEE61E2ED5893F23AEF0FC9, D6599AFFA1A554124AEF6862C69027F9FF9B343362091439866641A1CFB0E76A ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
20:49:48.0950 0x1db8  DXGKrnl - ok
20:49:48.0958 0x1db8  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:49:48.0977 0x1db8  EapHost - ok
20:49:49.0042 0x1db8  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
20:49:49.0129 0x1db8  ebdrv - ok
20:49:49.0136 0x1db8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
20:49:49.0146 0x1db8  EFS - ok
20:49:49.0151 0x1db8  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
20:49:49.0161 0x1db8  EhStorClass - ok
20:49:49.0166 0x1db8  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
20:49:49.0178 0x1db8  EhStorTcgDrv - ok
20:49:49.0183 0x1db8  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
20:49:49.0201 0x1db8  embeddedmode - ok
20:49:49.0209 0x1db8  [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
20:49:49.0233 0x1db8  EntAppSvc - ok
20:49:49.0237 0x1db8  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
20:49:49.0249 0x1db8  ErrDev - ok
20:49:49.0263 0x1db8  [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
20:49:49.0279 0x1db8  ETD - ok
20:49:49.0286 0x1db8  [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService      C:\Program Files\Elantech\ETDService.exe
20:49:49.0294 0x1db8  ETDService - ok
20:49:49.0307 0x1db8  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
20:49:49.0332 0x1db8  EventSystem - ok
20:49:49.0341 0x1db8  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
20:49:49.0362 0x1db8  exfat - ok
20:49:49.0372 0x1db8  [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
20:49:49.0387 0x1db8  fastfat - ok
20:49:49.0402 0x1db8  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:49:49.0433 0x1db8  Fax - ok
20:49:49.0437 0x1db8  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
20:49:49.0449 0x1db8  fdc - ok
20:49:49.0452 0x1db8  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
20:49:49.0470 0x1db8  fdPHost - ok
20:49:49.0473 0x1db8  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
20:49:49.0488 0x1db8  FDResPub - ok
20:49:49.0493 0x1db8  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
20:49:49.0509 0x1db8  fhsvc - ok
20:49:49.0514 0x1db8  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
20:49:49.0527 0x1db8  FileCrypt - ok
20:49:49.0532 0x1db8  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
20:49:49.0542 0x1db8  FileInfo - ok
20:49:49.0546 0x1db8  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
20:49:49.0560 0x1db8  Filetrace - ok
20:49:49.0564 0x1db8  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
20:49:49.0576 0x1db8  flpydisk - ok
20:49:49.0586 0x1db8  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:49:49.0603 0x1db8  FltMgr - ok
20:49:49.0639 0x1db8  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\WINDOWS\system32\FntCache.dll
20:49:49.0707 0x1db8  FontCache - ok
20:49:49.0715 0x1db8  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:49:49.0722 0x1db8  FontCache3.0.0.0 - ok
20:49:49.0741 0x1db8  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
20:49:49.0777 0x1db8  FrameServer - ok
20:49:49.0781 0x1db8  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
20:49:49.0791 0x1db8  FsDepends - ok
20:49:49.0795 0x1db8  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:49:49.0803 0x1db8  Fs_Rec - ok
20:49:49.0817 0x1db8  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
20:49:49.0841 0x1db8  fvevol - ok
20:49:49.0845 0x1db8  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
20:49:49.0857 0x1db8  gencounter - ok
20:49:49.0860 0x1db8  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
20:49:49.0872 0x1db8  genericusbfn - ok
20:49:49.0878 0x1db8  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
20:49:49.0890 0x1db8  GPIOClx0101 - ok
20:49:49.0915 0x1db8  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
20:49:49.0962 0x1db8  gpsvc - ok
20:49:49.0967 0x1db8  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
20:49:49.0978 0x1db8  GpuEnergyDrv - ok
20:49:49.0984 0x1db8  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:49.0992 0x1db8  gupdate - ok
20:49:49.0997 0x1db8  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:49:50.0004 0x1db8  gupdatem - ok
20:49:50.0013 0x1db8  [ 445BA8C1553D4F3BDE84E80213BC17B5, 2D39961E9A55902907FC13405235D840F67412BB07F9E3F5D677F4893AA00B8D ] hardlock        C:\WINDOWS\system32\drivers\hardlock.sys
20:49:50.0025 0x1db8  hardlock - ok
20:49:50.0028 0x1db8  hasplms - ok
20:49:50.0032 0x1db8  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
20:49:50.0046 0x1db8  HDAudBus - ok
20:49:50.0050 0x1db8  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
20:49:50.0060 0x1db8  HidBatt - ok
20:49:50.0065 0x1db8  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
20:49:50.0078 0x1db8  HidBth - ok
20:49:50.0083 0x1db8  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
20:49:50.0095 0x1db8  hidi2c - ok
20:49:50.0099 0x1db8  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
20:49:50.0109 0x1db8  hidinterrupt - ok
20:49:50.0112 0x1db8  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
20:49:50.0124 0x1db8  HidIr - ok
20:49:50.0128 0x1db8  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
20:49:50.0140 0x1db8  hidserv - ok
20:49:50.0144 0x1db8  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
20:49:50.0157 0x1db8  HidUsb - ok
20:49:50.0164 0x1db8  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
20:49:50.0184 0x1db8  HomeGroupListener - ok
20:49:50.0195 0x1db8  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
20:49:50.0221 0x1db8  HomeGroupProvider - ok
20:49:50.0226 0x1db8  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
20:49:50.0235 0x1db8  HpSAMD - ok
20:49:50.0258 0x1db8  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
20:49:50.0293 0x1db8  HTTP - ok
20:49:50.0300 0x1db8  [ E548929868BDFD3FC13B46D99605B764, 737C8A1210442533735F10BD80AFBB3E890D0CC9068F2406CA5C577C7C58B97C ] HuaweiHiSuiteService64.exe C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
20:49:50.0912 0x1db8  HuaweiHiSuiteService64.exe - detected UnsignedFile.Multi.Generic ( 1 )
20:49:50.0984 0x1db8  Detect skipped due to KSN trusted
20:49:50.0984 0x1db8  HuaweiHiSuiteService64.exe - ok
20:49:50.0989 0x1db8  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
20:49:51.0003 0x1db8  HvHost - ok
20:49:51.0008 0x1db8  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
20:49:51.0018 0x1db8  hvservice - ok
20:49:51.0023 0x1db8  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
20:49:51.0032 0x1db8  hwpolicy - ok
20:49:51.0037 0x1db8  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
20:49:51.0048 0x1db8  hyperkbd - ok
20:49:51.0053 0x1db8  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
20:49:51.0068 0x1db8  i8042prt - ok
20:49:51.0072 0x1db8  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
20:49:51.0084 0x1db8  iagpio - ok
20:49:51.0088 0x1db8  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
20:49:51.0100 0x1db8  iai2c - ok
20:49:51.0105 0x1db8  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
20:49:51.0117 0x1db8  iaLPSS2i_GPIO2 - ok
20:49:51.0125 0x1db8  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
20:49:51.0135 0x1db8  iaLPSS2i_I2C - ok
20:49:51.0139 0x1db8  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
20:49:51.0146 0x1db8  iaLPSSi_GPIO - ok
20:49:51.0152 0x1db8  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
20:49:51.0166 0x1db8  iaLPSSi_I2C - ok
20:49:51.0181 0x1db8  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
20:49:51.0206 0x1db8  iaStorAV - ok
20:49:51.0217 0x1db8  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
20:49:51.0234 0x1db8  iaStorV - ok
20:49:51.0247 0x1db8  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
20:49:51.0267 0x1db8  ibbus - ok
         

Alt 02.12.2016, 20:59   #9
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Kaspersky Logfile Teil 2:
Code:
ATTFilter
20:49:51.0274 0x1db8  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
20:49:51.0293 0x1db8  icssvc - ok
20:49:51.0361 0x1db8  [ 9CE4D3A79D3180AC5A141E2F7E7137F4, 1D717D2156B78632895281779D2646AB066619EA1DB293A9505BF7C174F53271 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
20:49:51.0445 0x1db8  igfx - ok
20:49:51.0458 0x1db8  [ 6A9C613D0F5F9676D128F39B63ACE45B, 027B9568C740E336C7CBBE952309E2719E8FFA14E7DFC2B85B49E0C0CE7D2149 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
20:49:51.0471 0x1db8  igfxCUIService1.0.0.0 - ok
20:49:51.0491 0x1db8  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
20:49:51.0531 0x1db8  IKEEXT - ok
20:49:51.0535 0x1db8  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
20:49:51.0547 0x1db8  IndirectKmd - ok
20:49:51.0552 0x1db8  [ B1F193AB8FB72E9FC34B3A39314ED872, 408E98D9C8ABB928090DD9E5D1BB227EFBC997BF168437BAEF0461EB0D1DAE3D ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
20:49:51.0560 0x1db8  intaud_WaveExtensible - ok
20:49:51.0625 0x1db8  [ 0CDE7928C4B99C25AAED3B4E84E78168, 5B5444574551D2637A3827F26D248573AECE1B12DFA175C13B10B2A777AD2513 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
20:49:51.0704 0x1db8  IntcAzAudAddService - ok
20:49:51.0719 0x1db8  [ 87871AB7AC797F922A6F3D4C874CED96, 2BCD89911E42827CD294DD7D1486A7845D1F98019E51958E0F488384401B2944 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
20:49:51.0735 0x1db8  IntcDAud - ok
20:49:51.0738 0x1db8  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
20:49:51.0747 0x1db8  intelide - ok
20:49:51.0751 0x1db8  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
20:49:51.0761 0x1db8  intelpep - ok
20:49:51.0767 0x1db8  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
20:49:51.0781 0x1db8  intelppm - ok
20:49:51.0785 0x1db8  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
20:49:51.0795 0x1db8  iorate - ok
20:49:51.0800 0x1db8  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:49:51.0814 0x1db8  IpFilterDriver - ok
20:49:51.0833 0x1db8  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
20:49:51.0873 0x1db8  iphlpsvc - ok
20:49:51.0879 0x1db8  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
20:49:51.0889 0x1db8  IPMIDRV - ok
20:49:51.0896 0x1db8  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
20:49:51.0912 0x1db8  IPNAT - ok
20:49:51.0918 0x1db8  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
20:49:51.0933 0x1db8  irda - ok
20:49:51.0936 0x1db8  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
20:49:51.0947 0x1db8  IRENUM - ok
20:49:51.0951 0x1db8  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
20:49:51.0964 0x1db8  irmon - ok
20:49:51.0967 0x1db8  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
20:49:51.0976 0x1db8  isapnp - ok
20:49:51.0985 0x1db8  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
20:49:51.0999 0x1db8  iScsiPrt - ok
20:49:52.0004 0x1db8  [ 48B904D31F2369D7B0122617038D3F5B, 8A43CB37667929CCCC37B6E79E82509BBCA6C8884B44059DC87BCA7C21BE7FE1 ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
20:49:52.0011 0x1db8  iwdbus - ok
20:49:52.0022 0x1db8  [ 8438B8A45E16258064C19FBEC4EE069F, 9128F825403B26A39BC769A53555DF1FD2B82882AF1384135D0329FCF2BBAC6D ] k57nd60a        C:\WINDOWS\System32\drivers\k57nd60a.sys
20:49:52.0046 0x1db8  k57nd60a - ok
20:49:52.0050 0x1db8  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
20:49:52.0060 0x1db8  kbdclass - ok
20:49:52.0064 0x1db8  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
20:49:52.0075 0x1db8  kbdhid - ok
20:49:52.0080 0x1db8  [ 4A7E3B9EF969F67A10C8EFD1BF967AAB, 48682F85883372A3555D7E701419F42F8BE2FEE125B2BEC9884E63B7B21B6F20 ] kbdssvc         C:\WINDOWS\system32\drivers\kbdssvc.sys
20:49:52.0088 0x1db8  kbdssvc - ok
20:49:52.0091 0x1db8  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
20:49:52.0104 0x1db8  kdnic - ok
20:49:52.0107 0x1db8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
20:49:52.0117 0x1db8  KeyIso - ok
20:49:52.0122 0x1db8  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
20:49:52.0134 0x1db8  KSecDD - ok
20:49:52.0140 0x1db8  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
20:49:52.0152 0x1db8  KSecPkg - ok
20:49:52.0156 0x1db8  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
20:49:52.0172 0x1db8  ksthunk - ok
20:49:52.0181 0x1db8  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
20:49:52.0205 0x1db8  KtmRm - ok
20:49:52.0213 0x1db8  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
20:49:52.0236 0x1db8  LanmanServer - ok
20:49:52.0244 0x1db8  [ B581907FD94F1FF148BF695331F67612, 05D1FFA456557A291566D788B8DE2485552E361EC3C0F63EA1A710BE940A5398 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
20:49:52.0265 0x1db8  LanmanWorkstation - ok
20:49:52.0270 0x1db8  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
20:49:52.0283 0x1db8  lfsvc - ok
20:49:52.0287 0x1db8  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
20:49:52.0299 0x1db8  LicenseManager - ok
20:49:52.0303 0x1db8  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
20:49:52.0316 0x1db8  lltdio - ok
20:49:52.0323 0x1db8  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
20:49:52.0343 0x1db8  lltdsvc - ok
20:49:52.0346 0x1db8  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
20:49:52.0359 0x1db8  lmhosts - ok
20:49:52.0366 0x1db8  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
20:49:52.0377 0x1db8  LSI_SAS - ok
20:49:52.0381 0x1db8  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
20:49:52.0392 0x1db8  LSI_SAS2i - ok
20:49:52.0397 0x1db8  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
20:49:52.0408 0x1db8  LSI_SAS3i - ok
20:49:52.0413 0x1db8  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
20:49:52.0423 0x1db8  LSI_SSS - ok
20:49:52.0438 0x1db8  [ 06276381A0797FD417E7068C1210FA06, 204144E9792216F952CED869ECB6B26FB466BF730B8A73FA4799B1EBC1A630AB ] LSM             C:\WINDOWS\System32\lsm.dll
20:49:52.0472 0x1db8  LSM - ok
20:49:52.0477 0x1db8  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
20:49:52.0494 0x1db8  luafv - ok
20:49:52.0498 0x1db8  [ ED5B42D75F3DEE93040B3930DA9F3009, E919DA20E46FE1C81CB76090B799DD858DD4771DB0EBDE4545DB4681A0AFFE8E ] MapsBroker      C:\WINDOWS\System32\moshost.dll
20:49:52.0513 0x1db8  MapsBroker - ok
20:49:52.0517 0x1db8  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
20:49:52.0527 0x1db8  megasas - ok
20:49:52.0531 0x1db8  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
20:49:52.0541 0x1db8  megasas2i - ok
20:49:52.0555 0x1db8  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
20:49:52.0577 0x1db8  megasr - ok
20:49:52.0584 0x1db8  [ E7C9F74D8CAAB1FF7964C27C070FB16C, 76CCD9109E1031A336B7E275368520FFB60D500E24444B04066F205D1ED5BA2B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
20:49:52.0595 0x1db8  MEIx64 - ok
20:49:52.0599 0x1db8  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
20:49:52.0612 0x1db8  MessagingService - ok
20:49:52.0634 0x1db8  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
20:49:52.0662 0x1db8  mlx4_bus - ok
20:49:52.0667 0x1db8  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
20:49:52.0680 0x1db8  MMCSS - ok
20:49:52.0683 0x1db8  [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem           C:\WINDOWS\system32\drivers\modem.sys
20:49:52.0696 0x1db8  Modem - ok
20:49:52.0700 0x1db8  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
20:49:52.0711 0x1db8  monitor - ok
20:49:52.0715 0x1db8  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
20:49:52.0725 0x1db8  mouclass - ok
20:49:52.0729 0x1db8  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
20:49:52.0741 0x1db8  mouhid - ok
20:49:52.0746 0x1db8  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
20:49:52.0757 0x1db8  mountmgr - ok
20:49:52.0762 0x1db8  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
20:49:52.0775 0x1db8  mpsdrv - ok
20:49:52.0795 0x1db8  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
20:49:52.0833 0x1db8  MpsSvc - ok
20:49:52.0841 0x1db8  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
20:49:52.0856 0x1db8  MRxDAV - ok
20:49:52.0868 0x1db8  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:49:52.0886 0x1db8  mrxsmb - ok
20:49:52.0895 0x1db8  [ 200E4A385F5F370D8866BAE25B0D9D32, 114AD45000A0C74EAE26C3075BBFEF80B9386C69D58CE4436CAFCF13613EAEFA ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
20:49:52.0914 0x1db8  mrxsmb10 - ok
20:49:52.0921 0x1db8  [ F7C22604CD8AFB9AF1C1E3CE39A5A09F, 3F7B39336F8A72525C667D45C9300CA6D017BDE17A6E23EF794BA59D2F3C78F3 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
20:49:52.0935 0x1db8  mrxsmb20 - ok
20:49:52.0940 0x1db8  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
20:49:52.0955 0x1db8  MsBridge - ok
20:49:52.0961 0x1db8  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:49:52.0976 0x1db8  MSDTC - ok
20:49:52.0982 0x1db8  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:49:52.0994 0x1db8  Msfs - ok
20:49:52.0999 0x1db8  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
20:49:53.0009 0x1db8  msgpiowin32 - ok
20:49:53.0012 0x1db8  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
20:49:53.0024 0x1db8  mshidkmdf - ok
20:49:53.0027 0x1db8  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
20:49:53.0038 0x1db8  mshidumdf - ok
20:49:53.0041 0x1db8  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
20:49:53.0050 0x1db8  msisadrv - ok
20:49:53.0056 0x1db8  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
20:49:53.0072 0x1db8  MSiSCSI - ok
20:49:53.0075 0x1db8  msiserver - ok
20:49:53.0078 0x1db8  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
20:49:53.0094 0x1db8  MSKSSRV - ok
20:49:53.0099 0x1db8  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
20:49:53.0112 0x1db8  MsLldp - ok
20:49:53.0116 0x1db8  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
20:49:53.0131 0x1db8  MSPCLOCK - ok
20:49:53.0134 0x1db8  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
20:49:53.0150 0x1db8  MSPQM - ok
20:49:53.0160 0x1db8  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
20:49:53.0176 0x1db8  MsRPC - ok
20:49:53.0182 0x1db8  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
20:49:53.0191 0x1db8  mssmbios - ok
20:49:53.0194 0x1db8  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
20:49:53.0210 0x1db8  MSTEE - ok
20:49:53.0213 0x1db8  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
20:49:53.0225 0x1db8  MTConfig - ok
20:49:53.0230 0x1db8  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
20:49:53.0241 0x1db8  Mup - ok
20:49:53.0246 0x1db8  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
20:49:53.0256 0x1db8  mvumis - ok
20:49:53.0270 0x1db8  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
20:49:53.0298 0x1db8  NativeWifiP - ok
20:49:53.0305 0x1db8  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
20:49:53.0322 0x1db8  NcaSvc - ok
20:49:53.0331 0x1db8  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
20:49:53.0353 0x1db8  NcbService - ok
20:49:53.0358 0x1db8  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
20:49:53.0382 0x1db8  NcdAutoSetup - ok
20:49:53.0387 0x1db8  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
20:49:53.0398 0x1db8  ndfltr - ok
20:49:53.0422 0x1db8  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
20:49:53.0458 0x1db8  NDIS - ok
20:49:53.0464 0x1db8  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
20:49:53.0476 0x1db8  NdisCap - ok
20:49:53.0481 0x1db8  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
20:49:53.0499 0x1db8  NdisImPlatform - ok
20:49:53.0503 0x1db8  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:49:53.0519 0x1db8  NdisTapi - ok
20:49:53.0524 0x1db8  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
20:49:53.0536 0x1db8  Ndisuio - ok
20:49:53.0540 0x1db8  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
20:49:53.0551 0x1db8  NdisVirtualBus - ok
20:49:53.0558 0x1db8  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
20:49:53.0578 0x1db8  NdisWan - ok
20:49:53.0585 0x1db8  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:49:53.0605 0x1db8  ndiswanlegacy - ok
20:49:53.0609 0x1db8  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
20:49:53.0626 0x1db8  ndproxy - ok
20:49:53.0631 0x1db8  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
20:49:53.0652 0x1db8  Ndu - ok
20:49:53.0657 0x1db8  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
20:49:53.0671 0x1db8  NetAdapterCx - ok
20:49:53.0675 0x1db8  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
20:49:53.0685 0x1db8  NetBIOS - ok
20:49:53.0694 0x1db8  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:49:53.0713 0x1db8  NetBT - ok
20:49:53.0719 0x1db8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:49:53.0729 0x1db8  Netlogon - ok
20:49:53.0736 0x1db8  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
20:49:53.0756 0x1db8  Netman - ok
20:49:53.0768 0x1db8  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
20:49:53.0796 0x1db8  netprofm - ok
20:49:53.0804 0x1db8  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
20:49:53.0825 0x1db8  NetSetupSvc - ok
20:49:53.0832 0x1db8  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:49:53.0844 0x1db8  NetTcpPortSharing - ok
20:49:53.0854 0x1db8  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
20:49:53.0875 0x1db8  NgcCtnrSvc - ok
20:49:53.0895 0x1db8  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
20:49:53.0937 0x1db8  NgcSvc - ok
20:49:53.0948 0x1db8  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
20:49:53.0970 0x1db8  NlaSvc - ok
20:49:53.0975 0x1db8  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:49:53.0987 0x1db8  Npfs - ok
20:49:53.0991 0x1db8  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
20:49:54.0003 0x1db8  npsvctrig - ok
20:49:54.0007 0x1db8  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
20:49:54.0020 0x1db8  nsi - ok
20:49:54.0024 0x1db8  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
20:49:54.0035 0x1db8  nsiproxy - ok
20:49:54.0079 0x1db8  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
20:49:54.0134 0x1db8  NTFS - ok
20:49:54.0140 0x1db8  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:49:54.0150 0x1db8  Null - ok
20:49:54.0161 0x1db8  [ A6ED2E5E268D83B77D15348591CB8AE5, 12E2FE967AA46422393E82F112DA0153A2BC86F8B5034187FEF6D37FE51D6562 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
20:49:54.0175 0x1db8  NvContainerLocalSystem - ok
20:49:54.0186 0x1db8  [ A6ED2E5E268D83B77D15348591CB8AE5, 12E2FE967AA46422393E82F112DA0153A2BC86F8B5034187FEF6D37FE51D6562 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
20:49:54.0199 0x1db8  NvContainerNetworkService - ok
20:49:54.0224 0x1db8  [ 6AEBC7136C17478CBC9A772F1E60EB9E, D059A9134A6C7117B70302FF853485614E1E632C6F002F3D11C111C450B2F647 ] NVIDIA Wireless Controller Service C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
20:49:54.0250 0x1db8  NVIDIA Wireless Controller Service - ok
20:49:54.0498 0x1db8  [ 70BC7D732B4AA50EC77D262A89E63E08, 781507DB55582F8BD367020DA844DA6A5D75005E416A2E843255E0F4CA8F896D ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_9debaf626fb26761\nvlddmkm.sys
20:49:54.0787 0x1db8  nvlddmkm - ok
20:49:54.0804 0x1db8  [ C9769A28BB4B7576850DCE6746753CB3, 003D0A654B31EB7537CBBAA87FB9666760FFD2DF18DA5047D56D1D8DE444A8DB ] nvpciflt        C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
20:49:54.0811 0x1db8  nvpciflt - ok
20:49:54.0816 0x1db8  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
20:49:54.0828 0x1db8  nvraid - ok
20:49:54.0834 0x1db8  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
20:49:54.0846 0x1db8  nvstor - ok
20:49:54.0849 0x1db8  [ 06C7DAD44F4B95AA02BE2107486274BC, DBCC2E29F1BEAEFEC5BBD767F71C30FBAA3425E4E88A5C6BAF626661C350CF11 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:49:54.0855 0x1db8  NvStreamKms - ok
20:49:54.0859 0x1db8  [ 9F3F8D255C2D1ED457487CF1FAD56399, 9C75677937D1930AB422EFD653D47034E83E02A10BF713C19CC1B8239CD1AC9C ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
20:49:54.0865 0x1db8  nvvad_WaveExtensible - ok
20:49:54.0877 0x1db8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:49:54.0892 0x1db8  odserv - ok
20:49:54.0902 0x1db8  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
20:49:54.0925 0x1db8  OneSyncSvc - ok
20:49:54.0931 0x1db8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:49:54.0940 0x1db8  ose - ok
20:49:54.0949 0x1db8  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
20:49:54.0972 0x1db8  p2pimsvc - ok
20:49:54.0983 0x1db8  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
20:49:55.0006 0x1db8  p2psvc - ok
20:49:55.0011 0x1db8  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
20:49:55.0025 0x1db8  Parport - ok
20:49:55.0030 0x1db8  [ 9DB326B54C03EF2892E7551D8B354036, 64CD77E8A4425E80CFB61DEE33C1A677A4044C6FC0614D74B20BDDD7C5D5334D ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
20:49:55.0042 0x1db8  partmgr - ok
20:49:55.0054 0x1db8  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
20:49:55.0075 0x1db8  PcaSvc - ok
20:49:55.0084 0x1db8  [ 101CC1FD8D48ED1EF71F0840158D0E6D, A944D70DE230E3FBD8B371EF3BED1FCD12AAFD56945A8F5C44994AF13283FCCD ] pci             C:\WINDOWS\system32\drivers\pci.sys
20:49:55.0099 0x1db8  pci - ok
20:49:55.0103 0x1db8  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
20:49:55.0111 0x1db8  pciide - ok
20:49:55.0116 0x1db8  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
20:49:55.0131 0x1db8  pcmcia - ok
20:49:55.0141 0x1db8  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
20:49:55.0150 0x1db8  pcw - ok
20:49:55.0155 0x1db8  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
20:49:55.0166 0x1db8  pdc - ok
20:49:55.0183 0x1db8  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
20:49:55.0220 0x1db8  PEAUTH - ok
20:49:55.0225 0x1db8  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
20:49:55.0235 0x1db8  percsas2i - ok
20:49:55.0239 0x1db8  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
20:49:55.0249 0x1db8  percsas3i - ok
20:49:55.0264 0x1db8  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
20:49:55.0278 0x1db8  PerfHost - ok
20:49:55.0298 0x1db8  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
20:49:55.0336 0x1db8  PhoneSvc - ok
20:49:55.0344 0x1db8  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
20:49:55.0363 0x1db8  PimIndexMaintenanceSvc - ok
20:49:55.0393 0x1db8  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
20:49:55.0448 0x1db8  pla - ok
20:49:55.0454 0x1db8  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
20:49:55.0473 0x1db8  PlugPlay - ok
20:49:55.0477 0x1db8  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
20:49:55.0489 0x1db8  PNRPAutoReg - ok
20:49:55.0498 0x1db8  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
20:49:55.0518 0x1db8  PNRPsvc - ok
20:49:55.0528 0x1db8  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
20:49:55.0552 0x1db8  PolicyAgent - ok
20:49:55.0559 0x1db8  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
20:49:55.0576 0x1db8  Power - ok
20:49:55.0580 0x1db8  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
20:49:55.0598 0x1db8  PptpMiniport - ok
20:49:55.0662 0x1db8  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
20:49:55.0772 0x1db8  PrintNotify - ok
20:49:55.0780 0x1db8  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
20:49:55.0794 0x1db8  Processor - ok
20:49:55.0805 0x1db8  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
20:49:55.0828 0x1db8  ProfSvc - ok
20:49:55.0832 0x1db8  [ 138DBAE80F390B22297ACD861BDA996E, F0799F40266A11058710AD8ED5D8797A350DCB2A55D3DEF179C1D8C87AFB5208 ] Ps2Kb2Hid       C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys
20:49:55.0837 0x1db8  Ps2Kb2Hid - ok
20:49:55.0843 0x1db8  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
20:49:55.0854 0x1db8  Psched - ok
20:49:55.0862 0x1db8  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
20:49:55.0882 0x1db8  QWAVE - ok
20:49:55.0886 0x1db8  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
20:49:55.0897 0x1db8  QWAVEdrv - ok
20:49:55.0901 0x1db8  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:49:55.0911 0x1db8  RasAcd - ok
20:49:55.0916 0x1db8  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
20:49:55.0934 0x1db8  RasAgileVpn - ok
20:49:55.0939 0x1db8  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:49:55.0954 0x1db8  RasAuto - ok
20:49:55.0959 0x1db8  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
20:49:55.0978 0x1db8  Rasl2tp - ok
20:49:55.0992 0x1db8  [ 3C0A10FFC3CB95D249CA64D62BC912EF, 8A75398EF3FF4BBE822031B3D1C63BFC75ABE11AB35BC0451DFF3B1D56477D97 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:49:56.0025 0x1db8  RasMan - ok
20:49:56.0030 0x1db8  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:49:56.0044 0x1db8  RasPppoe - ok
20:49:56.0048 0x1db8  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
20:49:56.0066 0x1db8  RasSstp - ok
20:49:56.0076 0x1db8  [ EDAF0E161BE98CCC4FC9671481600745, 50DB73C341086E346F6EF57E40A7C3A8F6279E5EBB53A67F9B71B7877EB75734 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:49:56.0094 0x1db8  rdbss - ok
20:49:56.0099 0x1db8  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
20:49:56.0111 0x1db8  rdpbus - ok
20:49:56.0117 0x1db8  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
20:49:56.0132 0x1db8  RDPDR - ok
20:49:56.0139 0x1db8  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
20:49:56.0147 0x1db8  RdpVideoMiniport - ok
20:49:56.0155 0x1db8  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
20:49:56.0169 0x1db8  rdyboost - ok
20:49:56.0189 0x1db8  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
20:49:56.0216 0x1db8  ReFSv1 - ok
20:49:56.0229 0x1db8  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:49:56.0255 0x1db8  RemoteAccess - ok
20:49:56.0261 0x1db8  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:49:56.0281 0x1db8  RemoteRegistry - ok
20:49:56.0295 0x1db8  [ FA62C4E1D753B489832DD0A7033665EE, BB0B59ABC79CEFA949632179239D711944C29E93EBCE60E629DE75AF2C3268B2 ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
20:49:56.0327 0x1db8  RetailDemo - ok
20:49:56.0331 0x1db8  [ F61333867216EDE1A09A7C55FEDCB6A8, 991FC810FB281F4E91B7D22A7C5AF5D11419ACE05BBB3F664812391069A336F0 ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
20:49:56.0337 0x1db8  RfButtonDriverService - ok
20:49:56.0342 0x1db8  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
20:49:56.0358 0x1db8  RmSvc - ok
20:49:56.0363 0x1db8  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
20:49:56.0376 0x1db8  RpcEptMapper - ok
20:49:56.0380 0x1db8  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:49:56.0391 0x1db8  RpcLocator - ok
20:49:56.0410 0x1db8  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:49:56.0447 0x1db8  RpcSs - ok
20:49:56.0452 0x1db8  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
20:49:56.0465 0x1db8  rspndr - ok
20:49:56.0471 0x1db8  [ 421497E425AFB40502013F362E4FA230, 20E2372BEE4BFB21138CA574C9806EC399DDA9D3439F3C391E34ABB2E518106D ] rzudd           C:\WINDOWS\System32\drivers\rzudd.sys
20:49:56.0481 0x1db8  rzudd - ok
20:49:56.0485 0x1db8  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
20:49:56.0495 0x1db8  s3cap - ok
20:49:56.0499 0x1db8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:49:56.0509 0x1db8  SamSs - ok
20:49:56.0514 0x1db8  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
20:49:56.0525 0x1db8  sbp2port - ok
20:49:56.0532 0x1db8  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
20:49:56.0553 0x1db8  SCardSvr - ok
20:49:56.0559 0x1db8  [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
20:49:56.0579 0x1db8  ScDeviceEnum - ok
20:49:56.0583 0x1db8  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
20:49:56.0596 0x1db8  scfilter - ok
20:49:56.0615 0x1db8  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:49:56.0658 0x1db8  Schedule - ok
20:49:56.0663 0x1db8  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
20:49:56.0674 0x1db8  scmbus - ok
20:49:56.0679 0x1db8  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
20:49:56.0693 0x1db8  scmdisk0101 - ok
20:49:56.0700 0x1db8  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
20:49:56.0716 0x1db8  SCPolicySvc - ok
20:49:56.0720 0x1db8  [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus         C:\WINDOWS\System32\drivers\ScpVBus.sys
20:49:56.0727 0x1db8  ScpVBus - ok
20:49:56.0734 0x1db8  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
20:49:56.0749 0x1db8  sdbus - ok
20:49:56.0755 0x1db8  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
20:49:56.0771 0x1db8  SDRSVC - ok
20:49:56.0806 0x1db8  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:49:56.0840 0x1db8  SDScannerService - ok
20:49:56.0847 0x1db8  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
20:49:56.0858 0x1db8  sdstor - ok
20:49:56.0930 0x1db8  [ 94653C9CFDC15B30EEECD94BA7219654, 59F54AC9BC79C1BFBEA84992181C58AF434A3DDDF473C9BE942D3462875A8375 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:49:57.0017 0x1db8  SDUpdateService - ok
20:49:57.0027 0x1db8  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:49:57.0034 0x1db8  SDWSCService - ok
20:49:57.0039 0x1db8  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
20:49:57.0052 0x1db8  seclogon - ok
20:49:57.0057 0x1db8  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
20:49:57.0071 0x1db8  SENS - ok
20:49:57.0098 0x1db8  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
20:49:57.0149 0x1db8  SensorDataService - ok
20:49:57.0161 0x1db8  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
20:49:57.0186 0x1db8  SensorService - ok
20:49:57.0192 0x1db8  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
20:49:57.0210 0x1db8  SensrSvc - ok
20:49:57.0214 0x1db8  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
20:49:57.0224 0x1db8  SerCx - ok
20:49:57.0230 0x1db8  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
20:49:57.0242 0x1db8  SerCx2 - ok
20:49:57.0245 0x1db8  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
20:49:57.0256 0x1db8  Serenum - ok
20:49:57.0261 0x1db8  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
20:49:57.0273 0x1db8  Serial - ok
20:49:57.0276 0x1db8  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
20:49:57.0287 0x1db8  sermouse - ok
20:49:57.0301 0x1db8  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
20:49:57.0324 0x1db8  SessionEnv - ok
20:49:57.0328 0x1db8  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
20:49:57.0339 0x1db8  sfloppy - ok
20:49:57.0352 0x1db8  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:49:57.0379 0x1db8  SharedAccess - ok
20:49:57.0394 0x1db8  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:49:57.0428 0x1db8  ShellHWDetection - ok
20:49:57.0435 0x1db8  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
20:49:57.0452 0x1db8  shpamsvc - ok
20:49:57.0456 0x1db8  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
20:49:57.0466 0x1db8  SiSRaid2 - ok
20:49:57.0470 0x1db8  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
20:49:57.0481 0x1db8  SiSRaid4 - ok
20:49:57.0485 0x1db8  [ DDE8F578FE01F11CC316591AFD411372, 849E0B8A309D0CD0991B81EA0268EC1C882DEE39AFD575CA54655B9B8040E459 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
20:49:57.0491 0x1db8  SmbDrvI - ok
20:49:57.0495 0x1db8  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
20:49:57.0508 0x1db8  smphost - ok
20:49:57.0522 0x1db8  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
20:49:57.0554 0x1db8  SmsRouter - ok
20:49:57.0560 0x1db8  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
20:49:57.0573 0x1db8  SNMPTRAP - ok
20:49:57.0585 0x1db8  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
20:49:57.0607 0x1db8  spaceport - ok
20:49:57.0611 0x1db8  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
20:49:57.0622 0x1db8  SpbCx - ok
20:49:57.0639 0x1db8  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\WINDOWS\System32\spoolsv.exe
20:49:57.0675 0x1db8  Spooler - ok
20:49:57.0771 0x1db8  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
20:49:57.0910 0x1db8  sppsvc - ok
20:49:57.0926 0x1db8  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:49:57.0948 0x1db8  srv - ok
20:49:57.0964 0x1db8  [ 1312896CAE6AF0D4557DB7B37283C116, 9E3701DBBF0F45368A217549A7DFDA2543C4AB3AC9CCF65A73E1FE27CC4A278E ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
20:49:57.0996 0x1db8  srv2 - ok
20:49:58.0004 0x1db8  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
20:49:58.0022 0x1db8  srvnet - ok
20:49:58.0029 0x1db8  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:49:58.0048 0x1db8  SSDPSRV - ok
20:49:58.0055 0x1db8  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
20:49:58.0074 0x1db8  SstpSvc - ok
20:49:58.0080 0x1db8  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:49:58.0090 0x1db8  ssudmdm - ok
20:49:58.0162 0x1db8  [ FD881B87C853EB2F0B8B7B5CC71D6FE3, 780038C203C9277C366794302D90BC0AE75568863F1FB7044197BA20D798E4BA ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
20:49:58.0298 0x1db8  StateRepository - ok
20:49:58.0330 0x1db8  [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:49:58.0366 0x1db8  Steam Client Service - ok
20:49:58.0371 0x1db8  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
20:49:58.0380 0x1db8  stexstor - ok
20:49:58.0396 0x1db8  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
20:49:58.0428 0x1db8  stisvc - ok
20:49:58.0434 0x1db8  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
20:49:58.0445 0x1db8  storahci - ok
20:49:58.0449 0x1db8  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
20:49:58.0459 0x1db8  storflt - ok
20:49:58.0464 0x1db8  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
20:49:58.0474 0x1db8  stornvme - ok
20:49:58.0478 0x1db8  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
20:49:58.0493 0x1db8  storqosflt - ok
20:49:58.0503 0x1db8  [ 6C982BC7E4DB161530A0D831718D7113, B0FAEACC91023031E53A161ECEFCF62764C96B8705E9089B4A7B4F7A2F3B6BAA ] StorSvc         C:\WINDOWS\system32\storsvc.dll
20:49:58.0528 0x1db8  StorSvc - ok
20:49:58.0532 0x1db8  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
20:49:58.0542 0x1db8  storufs - ok
20:49:58.0546 0x1db8  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
20:49:58.0555 0x1db8  storvsc - ok
20:49:58.0559 0x1db8  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
20:49:58.0573 0x1db8  svsvc - ok
20:49:58.0576 0x1db8  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
20:49:58.0584 0x1db8  swenum - ok
20:49:58.0596 0x1db8  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
20:49:58.0624 0x1db8  swprv - ok
20:49:58.0629 0x1db8  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
20:49:58.0641 0x1db8  Synth3dVsc - ok
20:49:58.0661 0x1db8  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
20:49:58.0705 0x1db8  SysMain - ok
20:49:58.0716 0x1db8  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
20:49:58.0739 0x1db8  SystemEventsBroker - ok
20:49:58.0745 0x1db8  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
20:49:58.0762 0x1db8  TabletInputService - ok
20:49:58.0770 0x1db8  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:49:58.0792 0x1db8  TapiSrv - ok
20:49:58.0839 0x1db8  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
20:49:58.0905 0x1db8  Tcpip - ok
20:49:58.0953 0x1db8  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
20:49:59.0014 0x1db8  Tcpip6 - ok
20:49:59.0022 0x1db8  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
20:49:59.0034 0x1db8  tcpipreg - ok
20:49:59.0041 0x1db8  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
20:49:59.0052 0x1db8  tdx - ok
20:49:59.0055 0x1db8  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
20:49:59.0065 0x1db8  terminpt - ok
20:49:59.0085 0x1db8  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
20:49:59.0125 0x1db8  TermService - ok
20:49:59.0130 0x1db8  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
20:49:59.0149 0x1db8  Themes - ok
20:49:59.0158 0x1db8  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
20:49:59.0181 0x1db8  TieringEngineService - ok
20:49:59.0194 0x1db8  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
20:49:59.0224 0x1db8  tiledatamodelsvc - ok
20:49:59.0232 0x1db8  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
20:49:59.0248 0x1db8  TimeBrokerSvc - ok
20:49:59.0255 0x1db8  [ 3D04046C468AD2868A093925B5E2AA0A, 44696259BEF49AC200DEE146DE0E4375B0CD09F9356CCFA22BD7AD8B53E48658 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
20:49:59.0268 0x1db8  TPM - ok
20:49:59.0274 0x1db8  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
20:49:59.0289 0x1db8  TrkWks - ok
20:49:59.0293 0x1db8  [ AF343840E793BE63A9C646760BE8F2CD, 483FE55873A01DB7ACEC99B6823DAACC9EA7C67D36C6F12698113B31A7D5B8BE ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
20:49:59.0309 0x1db8  TrustedInstaller - ok
20:49:59.0314 0x1db8  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
20:49:59.0327 0x1db8  tsusbflt - ok
20:49:59.0331 0x1db8  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
20:49:59.0342 0x1db8  TsUsbGD - ok
20:49:59.0348 0x1db8  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
20:49:59.0363 0x1db8  tunnel - ok
20:49:59.0368 0x1db8  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
20:49:59.0383 0x1db8  tzautoupdate - ok
20:49:59.0388 0x1db8  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
20:49:59.0398 0x1db8  UASPStor - ok
20:49:59.0403 0x1db8  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
20:49:59.0417 0x1db8  UcmCx0101 - ok
20:49:59.0422 0x1db8  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
20:49:59.0435 0x1db8  UcmTcpciCx0101 - ok
20:49:59.0440 0x1db8  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
20:49:59.0451 0x1db8  UcmUcsi - ok
20:49:59.0458 0x1db8  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
20:49:59.0470 0x1db8  Ucx01000 - ok
20:49:59.0475 0x1db8  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
20:49:59.0487 0x1db8  UdeCx - ok
20:49:59.0495 0x1db8  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
20:49:59.0519 0x1db8  udfs - ok
20:49:59.0523 0x1db8  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
20:49:59.0532 0x1db8  UEFI - ok
20:49:59.0539 0x1db8  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
20:49:59.0554 0x1db8  Ufx01000 - ok
20:49:59.0559 0x1db8  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
20:49:59.0570 0x1db8  UfxChipidea - ok
20:49:59.0576 0x1db8  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
20:49:59.0588 0x1db8  ufxsynopsys - ok
20:49:59.0595 0x1db8  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
20:49:59.0609 0x1db8  UI0Detect - ok
20:49:59.0613 0x1db8  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
20:49:59.0626 0x1db8  umbus - ok
20:49:59.0629 0x1db8  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
20:49:59.0639 0x1db8  UmPass - ok
20:49:59.0647 0x1db8  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
20:49:59.0666 0x1db8  UmRdpService - ok
20:49:59.0690 0x1db8  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
20:49:59.0737 0x1db8  UnistoreSvc - ok
20:49:59.0751 0x1db8  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:49:59.0780 0x1db8  upnphost - ok
20:49:59.0784 0x1db8  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
20:49:59.0793 0x1db8  UrsChipidea - ok
20:49:59.0797 0x1db8  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
20:49:59.0807 0x1db8  UrsCx01000 - ok
20:49:59.0811 0x1db8  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
20:49:59.0819 0x1db8  UrsSynopsys - ok
20:49:59.0825 0x1db8  [ 93F169DE94DBAC5DAF4755AFF10193DD, 381E6751EB97426B9BF30929E4B82A665D1ED985DA60BE18D3C17CF2BB41F848 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
20:49:59.0839 0x1db8  usbaudio - ok
20:49:59.0845 0x1db8  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
20:49:59.0858 0x1db8  usbccgp - ok
20:49:59.0863 0x1db8  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
20:49:59.0877 0x1db8  usbcir - ok
20:49:59.0881 0x1db8  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
20:49:59.0892 0x1db8  usbehci - ok
20:49:59.0904 0x1db8  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
20:49:59.0925 0x1db8  usbhub - ok
20:49:59.0938 0x1db8  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
20:49:59.0959 0x1db8  USBHUB3 - ok
20:49:59.0963 0x1db8  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
20:49:59.0974 0x1db8  usbohci - ok
20:49:59.0978 0x1db8  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
20:49:59.0989 0x1db8  usbprint - ok
20:49:59.0994 0x1db8  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
20:50:00.0006 0x1db8  usbser - ok
20:50:00.0011 0x1db8  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
20:50:00.0023 0x1db8  USBSTOR - ok
20:50:00.0026 0x1db8  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
20:50:00.0037 0x1db8  usbuhci - ok
20:50:00.0045 0x1db8  [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
20:50:00.0062 0x1db8  usbvideo - ok
20:50:00.0072 0x1db8  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
20:50:00.0089 0x1db8  USBXHCI - ok
20:50:00.0119 0x1db8  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
20:50:00.0176 0x1db8  UserDataSvc - ok
20:50:00.0199 0x1db8  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
20:50:00.0243 0x1db8  UserManager - ok
20:50:00.0257 0x1db8  [ C75B1B48BCAADEB0275C1EBE2EAE742D, 19875B87BDB23E5B60D6D3173FDF7A7634E81E43501529A56FFCCEE21B7E3B71 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
20:50:00.0286 0x1db8  UsoSvc - ok
20:50:00.0290 0x1db8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
20:50:00.0300 0x1db8  VaultSvc - ok
20:50:00.0304 0x1db8  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
20:50:00.0314 0x1db8  vdrvroot - ok
20:50:00.0329 0x1db8  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
20:50:00.0364 0x1db8  vds - ok
20:50:00.0371 0x1db8  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
20:50:00.0384 0x1db8  VerifierExt - ok
20:50:00.0401 0x1db8  [ 46ADD0CD4473AAEF1C68266A803F704D, D521E46891253884CF8285E864FAE63F2E8E0974AD8D2EB4D910E8A35350844F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
20:50:00.0427 0x1db8  vhdmp - ok
20:50:00.0431 0x1db8  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
20:50:00.0442 0x1db8  vhf - ok
20:50:00.0447 0x1db8  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
20:50:00.0458 0x1db8  vmbus - ok
20:50:00.0462 0x1db8  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
20:50:00.0472 0x1db8  VMBusHID - ok
20:50:00.0475 0x1db8  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
20:50:00.0486 0x1db8  vmgid - ok
20:50:00.0494 0x1db8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
20:50:00.0515 0x1db8  vmicguestinterface - ok
20:50:00.0522 0x1db8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
20:50:00.0541 0x1db8  vmicheartbeat - ok
20:50:00.0548 0x1db8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
20:50:00.0568 0x1db8  vmickvpexchange - ok
20:50:00.0578 0x1db8  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
20:50:00.0599 0x1db8  vmicrdv - ok
20:50:00.0608 0x1db8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
20:50:00.0627 0x1db8  vmicshutdown - ok
20:50:00.0635 0x1db8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
20:50:00.0655 0x1db8  vmictimesync - ok
20:50:00.0663 0x1db8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
20:50:00.0681 0x1db8  vmicvmsession - ok
20:50:00.0691 0x1db8  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
20:50:00.0710 0x1db8  vmicvss - ok
20:50:00.0715 0x1db8  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
20:50:00.0725 0x1db8  volmgr - ok
20:50:00.0734 0x1db8  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
20:50:00.0751 0x1db8  volmgrx - ok
20:50:00.0761 0x1db8  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
20:50:00.0779 0x1db8  volsnap - ok
20:50:00.0782 0x1db8  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
20:50:00.0791 0x1db8  volume - ok
20:50:00.0796 0x1db8  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
20:50:00.0805 0x1db8  vpci - ok
20:50:00.0811 0x1db8  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
20:50:00.0824 0x1db8  vsmraid - ok
20:50:00.0853 0x1db8  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
20:50:00.0911 0x1db8  VSS - ok
20:50:00.0921 0x1db8  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
20:50:00.0936 0x1db8  VSTXRAID - ok
20:50:00.0940 0x1db8  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
20:50:00.0951 0x1db8  vwifibus - ok
20:50:00.0955 0x1db8  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
20:50:00.0968 0x1db8  vwififlt - ok
20:50:00.0972 0x1db8  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
20:50:00.0983 0x1db8  vwifimp - ok
20:50:00.0995 0x1db8  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:50:01.0022 0x1db8  W32Time - ok
20:50:01.0027 0x1db8  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
20:50:01.0039 0x1db8  WacomPen - ok
20:50:01.0049 0x1db8  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
20:50:01.0074 0x1db8  WalletService - ok
20:50:01.0079 0x1db8  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:50:01.0097 0x1db8  wanarp - ok
20:50:01.0101 0x1db8  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:50:01.0117 0x1db8  wanarpv6 - ok
20:50:01.0148 0x1db8  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
20:50:01.0207 0x1db8  wbengine - ok
20:50:01.0227 0x1db8  [ 7C4FAE7A8D55C897E5AE681B245A005F, 7E1E6299579BF02E89C5B828A1C19A43FF4E1F43D46D058F8DC0A8E6421C86A7 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
20:50:01.0264 0x1db8  WbioSrvc - ok
20:50:01.0270 0x1db8  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
20:50:01.0281 0x1db8  wcifs - ok
20:50:01.0298 0x1db8  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
20:50:01.0336 0x1db8  Wcmsvc - ok
20:50:01.0349 0x1db8  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
20:50:01.0375 0x1db8  wcncsvc - ok
20:50:01.0379 0x1db8  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
20:50:01.0392 0x1db8  wcnfs - ok
20:50:01.0396 0x1db8  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
20:50:01.0406 0x1db8  WdBoot - ok
20:50:01.0425 0x1db8  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
20:50:01.0450 0x1db8  Wdf01000 - ok
20:50:01.0459 0x1db8  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
20:50:01.0474 0x1db8  WdFilter - ok
20:50:01.0479 0x1db8  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
20:50:01.0496 0x1db8  WdiServiceHost - ok
20:50:01.0500 0x1db8  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
20:50:01.0516 0x1db8  WdiSystemHost - ok
20:50:01.0532 0x1db8  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
20:50:01.0564 0x1db8  wdiwifi - ok
20:50:01.0570 0x1db8  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
20:50:01.0581 0x1db8  WdNisDrv - ok
20:50:01.0583 0x1db8  WdNisSvc - ok
20:50:01.0591 0x1db8  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:50:01.0612 0x1db8  WebClient - ok
20:50:01.0619 0x1db8  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
20:50:01.0641 0x1db8  Wecsvc - ok
20:50:01.0645 0x1db8  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
20:50:01.0659 0x1db8  WEPHOSTSVC - ok
20:50:01.0664 0x1db8  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
20:50:01.0684 0x1db8  wercplsupport - ok
20:50:01.0692 0x1db8  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
20:50:01.0712 0x1db8  WerSvc - ok
20:50:01.0720 0x1db8  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
20:50:01.0732 0x1db8  WFPLWFS - ok
20:50:01.0736 0x1db8  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
20:50:01.0751 0x1db8  WiaRpc - ok
20:50:01.0755 0x1db8  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
20:50:01.0764 0x1db8  WIMMount - ok
20:50:01.0766 0x1db8  WinDefend - ok
20:50:01.0775 0x1db8  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
20:50:01.0785 0x1db8  WindowsTrustedRT - ok
20:50:01.0789 0x1db8  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
20:50:01.0797 0x1db8  WindowsTrustedRTProxy - ok
20:50:01.0815 0x1db8  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
20:50:01.0852 0x1db8  WinHttpAutoProxySvc - ok
20:50:01.0857 0x1db8  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
20:50:01.0865 0x1db8  WinMad - ok
20:50:01.0875 0x1db8  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:50:01.0894 0x1db8  Winmgmt - ok
20:50:01.0944 0x1db8  [ A26570B4A21AD6F4D597148D3C22274E, 594BD3B9B9B4027E5A7025CAB715378FB565FC5E00A0315A2EC3A6EFBC9CC72E ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
20:50:02.0039 0x1db8  WinRM - ok
20:50:02.0048 0x1db8  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
20:50:02.0061 0x1db8  WINUSB - ok
20:50:02.0065 0x1db8  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
20:50:02.0075 0x1db8  WinVerbs - ok
20:50:02.0090 0x1db8  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
20:50:02.0121 0x1db8  wisvc - ok
20:50:02.0165 0x1db8  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
20:50:02.0247 0x1db8  WlanSvc - ok
20:50:02.0290 0x1db8  [ 8CBA7957D7F7B48C0D396E40AA2FBCDA, 15B0B46B0C6B90350948BA4780C0AADC16FD1754F56D14F5F5C23560190EFAFF ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
20:50:02.0364 0x1db8  wlidsvc - ok
20:50:02.0370 0x1db8  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
20:50:02.0380 0x1db8  WmiAcpi - ok
20:50:02.0388 0x1db8  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
20:50:02.0405 0x1db8  wmiApSrv - ok
20:50:02.0407 0x1db8  WMPNetworkSvc - ok
20:50:02.0414 0x1db8  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
20:50:02.0427 0x1db8  Wof - ok
20:50:02.0464 0x1db8  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
20:50:02.0532 0x1db8  workfolderssvc - ok
20:50:02.0539 0x1db8  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
20:50:02.0554 0x1db8  WPDBusEnum - ok
20:50:02.0558 0x1db8  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
20:50:02.0567 0x1db8  WpdUpFltr - ok
20:50:02.0575 0x1db8  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
20:50:02.0595 0x1db8  WpnService - ok
20:50:02.0599 0x1db8  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
20:50:02.0613 0x1db8  WpnUserService - ok
20:50:02.0618 0x1db8  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
20:50:02.0630 0x1db8  ws2ifsl - ok
20:50:02.0636 0x1db8  [ FF190115CBA067F58C981F0A9F43ABDF, C90353C748C02DB38B561C250682E12C82985A6F7ED7D497AF5DE10EC243FCBA ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:50:02.0654 0x1db8  wscsvc - ok
20:50:02.0658 0x1db8  [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
20:50:02.0669 0x1db8  WSDPrintDevice - ok
20:50:02.0672 0x1db8  [ 46E4A69825A7554A5DB784A55F8AD203, 7F347054FCDD5DEF93083D420E56EBE5EEBBAE2BD2FED9B2E75E85149DE52780 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
20:50:02.0684 0x1db8  WSDScan - ok
20:50:02.0687 0x1db8  WSearch - ok
20:50:02.0733 0x1db8  [ 6BA66FE47BFAF223AEE6C98F28EB4D8E, 3B380329594DAD5BB50301F5A8A912BF6121788F395133C70C893879F68450FB ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
20:50:02.0817 0x1db8  wuauserv - ok
20:50:02.0823 0x1db8  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
20:50:02.0837 0x1db8  WudfPf - ok
20:50:02.0844 0x1db8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
20:50:02.0861 0x1db8  WUDFRd - ok
20:50:02.0866 0x1db8  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
20:50:02.0882 0x1db8  wudfsvc - ok
20:50:02.0888 0x1db8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:50:02.0905 0x1db8  WUDFWpdFs - ok
20:50:02.0911 0x1db8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:50:02.0927 0x1db8  WUDFWpdMtp - ok
20:50:02.0953 0x1db8  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
20:50:03.0006 0x1db8  WwanSvc - ok
20:50:03.0029 0x1db8  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
20:50:03.0071 0x1db8  XblAuthManager - ok
20:50:03.0096 0x1db8  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
20:50:03.0143 0x1db8  XblGameSave - ok
20:50:03.0152 0x1db8  [ C1E85B4FB08B4CCF16841B165910148B, AB33A6630BFC0E230BA464F721DD4ABB7DF79DF2D81C9C7366CC0BA2251F09F3 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
20:50:03.0171 0x1db8  xboxgip - ok
20:50:03.0194 0x1db8  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
20:50:03.0242 0x1db8  XboxNetApiSvc - ok
20:50:03.0247 0x1db8  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
20:50:03.0258 0x1db8  xinputhid - ok
20:50:03.0278 0x1db8  [ 40AE3438F06701318CCD097349B31260, A62E49826E2F579DBD3A7B552AFB1C21E81D19338848CFDF4C7449C3D9715C03 ] YandexBrowserService C:\Program Files (x86)\Yandex\YandexBrowser\16.10.1.1114\service_update.exe
20:50:03.0300 0x1db8  YandexBrowserService - ok
20:50:03.0302 0x1db8  ================ Scan global ===============================
20:50:03.0306 0x1db8  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
20:50:03.0313 0x1db8  [ C509CCD23B086DFC9EAF86E280043672, BF431DC1C618BAF0CB67976C5A8BCCDC3F3CB266F83C614D605BA559BA8EDFD8 ] C:\WINDOWS\system32\winsrv.dll
20:50:03.0319 0x1db8  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
20:50:03.0332 0x1db8  [ 133390D061D94917125DC666DA67ECD0, 69D6FFF3E0A0C4D77A62B4D71E1E3A8D10D93C46782A1B05F0EC4B8919C384B9 ] C:\WINDOWS\system32\services.exe
20:50:03.0340 0x1db8  [ Global ] - ok
20:50:03.0340 0x1db8  ================ Scan MBR ==================================
20:50:03.0342 0x1db8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:50:03.0370 0x1db8  \Device\Harddisk0\DR0 - ok
20:50:03.0372 0x1db8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:50:03.0778 0x1db8  \Device\Harddisk1\DR1 - ok
20:50:03.0778 0x1db8  ================ Scan VBR ==================================
20:50:03.0780 0x1db8  [ 2C278ED842E33AF532CB71340FD13987 ] \Device\Harddisk0\DR0\Partition1
20:50:03.0782 0x1db8  \Device\Harddisk0\DR0\Partition1 - ok
20:50:03.0784 0x1db8  [ 942D9219F5A696F2ACF4C41FF2CC8C43 ] \Device\Harddisk0\DR0\Partition2
20:50:03.0784 0x1db8  \Device\Harddisk0\DR0\Partition2 - ok
20:50:03.0787 0x1db8  [ D6E5E2BCFD1E5FD86D738587E76DBF61 ] \Device\Harddisk0\DR0\Partition3
20:50:03.0787 0x1db8  \Device\Harddisk0\DR0\Partition3 - ok
20:50:03.0790 0x1db8  [ B83A03F4AE0AB30DBAC41DF089ABE29A ] \Device\Harddisk0\DR0\Partition4
20:50:03.0791 0x1db8  \Device\Harddisk0\DR0\Partition4 - ok
20:50:03.0793 0x1db8  [ 4EB29602BCF95A1FD446486D980C2219 ] \Device\Harddisk0\DR0\Partition5
20:50:03.0794 0x1db8  \Device\Harddisk0\DR0\Partition5 - ok
20:50:03.0796 0x1db8  [ 30AF3AC5AB06325AD651CE963D6CA4CA ] \Device\Harddisk1\DR1\Partition1
20:50:03.0797 0x1db8  \Device\Harddisk1\DR1\Partition1 - ok
20:50:03.0798 0x1db8  ================ Scan generic autorun ======================
20:50:03.0799 0x1db8  ETDCtrl - ok
20:50:04.0028 0x1db8  [ 047D94A22B47AF83DDE4E32BB4E06D0A, CB9257995C67A1A44D6D316C36D3AAEF639BFD51A26C699D70FD047C45440CA5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:50:04.0266 0x1db8  RtHDVCpl - ok
20:50:04.0302 0x1db8  [ D8AB6AC4A2D30641C9544021373B47EB, A0553AFB3B186D8EA28CF056139FA5AA150D6BD31E36E5EB9D5DD5940A90CA55 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:50:04.0329 0x1db8  RtHDVBg_Dolby - ok
20:50:04.0334 0x1db8  [ FF7CB5344094510654C240486B4B1B3F, 2A50A3BC366D5293C61FEDC5639C0EB2BB3176933599B6C1533F06F9B6C5D2DF ] C:\Program Files (x86)\RadioController\RfBtnHelper.exe
20:50:04.0340 0x1db8  RadioController - ok
20:50:04.0412 0x1db8  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:50:04.0488 0x1db8  SDTray - ok
20:50:04.0497 0x1db8  [ 44E614FCBD7C4606D6E1FA24E2A8B26C, A6EE595A701A7351CFDE11F7376677766121762B101082F64F60C9EE1A8831B9 ] C:\Program Files (x86)\PDF24\pdf24.exe
20:50:04.0508 0x1db8  PDFPrint - ok
20:50:04.0512 0x1db8  [ D762FE9B3C105E77F93FEA02D41AF980, 279D52B42C7E3E2B97E3C79A13DDB7EC99E963E4667440D3BDBEFC61CC012AE3 ] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
20:50:04.0520 0x1db8  ProductUpdater - detected UnsignedFile.Multi.Generic ( 1 )
20:50:04.0647 0x1db8  ProductUpdater ( UnsignedFile.Multi.Generic ) - warning
20:50:04.0838 0x1db8  [ 3EB50B29BDED831C71CE3C47F32471E8, 5D0F6AF72968FD01BE8E85068436F7E977911C0F4C9AFE4D49680E2FF9380099 ] C:\Program Files (x86)\UtechSmart 16400DPI VENUS Gaming Mouse\ogmmon.exe
20:50:04.0945 0x1db8  OGMgmmouseRun - detected UnsignedFile.Multi.Generic ( 1 )
20:50:05.0016 0x1db8  OGMgmmouseRun ( UnsignedFile.Multi.Generic ) - warning
20:50:05.0261 0x1db8  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:50:05.0438 0x1db8  OneDriveSetup - ok
20:50:05.0593 0x1db8  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
20:50:05.0753 0x1db8  OneDriveSetup - ok
20:50:05.0775 0x1db8  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\OneDrive.exe
20:50:05.0794 0x1db8  OneDrive - ok
20:50:05.0847 0x1db8  [ D2CE6EA0E9F641D7153462D40C6B4193, 3AAE5239F951E29497D759326BDC23E19644B763DC5661CA4E4980418195C37D ] C:\Program Files (x86)\Steam\steam.exe
20:50:05.0912 0x1db8  Steam - ok
20:50:06.0063 0x1db8  [ 8AA4A3119B2DF4FFAAD39A98F4764E47, 412192A2261ED0BD82EE2418DF94A8B3BC41D2D40F5AB8DA0F99FB9F0525910E ] C:\Program Files\CCleaner\CCleaner64.exe
20:50:06.0240 0x1db8  CCleaner Monitoring - ok
20:50:06.0268 0x1db8  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
20:50:06.0305 0x1db8  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
20:50:06.0407 0x1db8  Detect skipped due to KSN trusted
20:50:06.0407 0x1db8  SpybotPostWindows10UpgradeReInstall - ok
20:50:06.0410 0x1db8  [ BB38581A13B7265CF4E62741955E7457, 103C028F6ED13FDF916B0B15138BDFE66CAC0D667D735D853FC8E45341FE8A3A ] C:\WINDOWS\system32\ctfmon.exe
20:50:06.0423 0x1db8  ctfmon - ok
20:50:06.0424 0x1db8  safe_urls768 - ok
20:50:06.0505 0x1db8  [ 0AB0068EB7C30DC4BA6FE0C0910FEE5D, FBE1E5004BB4389DA5E7F1E659195199C81859A509937F7F3B9F190F569975CC ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
20:50:06.0613 0x1db8  DAEMON Tools Lite Automount - ok
20:50:06.0619 0x1db8  Waiting for KSN requests completion. In queue: 271
20:50:07.0671 0x1db8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x62100 ( disabled : updated )
20:50:07.0674 0x1db8  Win FW state via NFP2: enabled ( trusted )
20:50:07.0755 0x1db8  
============================================================
20:50:07.0755 0x1db8  Scan finished
20:50:07.0755 0x1db8  ============================================================
20:50:07.0761 0x1370  Detected object count: 2
20:50:07.0761 0x1370  Actual detected object count: 2
20:50:54.0784 0x1370  ProductUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:54.0784 0x1370  ProductUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:50:54.0785 0x1370  OGMgmmouseRun ( UnsignedFile.Multi.Generic ) - skipped by user
20:50:54.0785 0x1370  OGMgmmouseRun ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:39.0955 0x0f40  Deinitialize success
         

Alt 02.12.2016, 22:58   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.12.2016, 23:19   #11
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.030 - Bericht erstellt am 02/12/2016 um 23:12:31
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Dienst Gefunden: Ronzap
Dienst Gefunden: backlh
Dienst Gefunden: Nettrans


***** [ Ordner ] *****

Ordner Gefunden: C:\Program Files (x86)\825B4291-1480630064-E311-AD5B-201A06114318
Ordner Gefunden: C:\Users\Patrick\AppData\Local\DriverToolkit
Ordner Gefunden: C:\Users\Patrick\AppData\Local\Hola
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\chportu
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\Hola
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\ProxyGate
Ordner Gefunden: C:\Users\Patrick\AppData\Roaming\Tencent
Ordner Gefunden: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\FreeRIP
Ordner Gefunden: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\Tencent
Ordner Gefunden: C:\ProgramData\Ronzap
Ordner Gefunden: C:\ProgramData\Ronzaps
Ordner Gefunden: C:\ProgramData\Logic Handler
Ordner Gefunden: C:\ProgramData\Tencent
Ordner Gefunden: C:\ProgramData\NetworkPacketManitor
Ordner Gefunden: C:\Users\Public\Documents\Tencent
Ordner Gefunden: C:\Program Files (x86)\DriverToolkit
Ordner Gefunden: C:\Program Files (x86)\FreeRIP
Ordner Gefunden: C:\Program Files (x86)\Tencent
Ordner Gefunden: C:\Program Files (x86)\Common Files\Tencent
Ordner Gefunden: C:\Program Files (x86)\Common Files\freemake shared
Ordner Gefunden: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\NUIns


***** [ Dateien ] *****

Datei Gefunden: C:\WINDOWS\SysWoW64\findit.xml
Datei Gefunden: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\extensions\firefox@browser-security.de.xpi
Datei Gefunden: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\searchplugins\yahoo! powered.xml
Datei Gefunden: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nhgknfkfipiflalfpihaicjijikenfoj_0.localstorage


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Classes\Tencent
Schlüssel Gefunden: HKCU\Software\Classes\Tencent
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\metnsd
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Tencent
Schlüssel Gefunden: [x64] HKCU\Software\Classes\Tencent
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\metnsd
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Tencent
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\DriverToolkit
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Hola
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\csastats
Schlüssel Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Schlüssel Gefunden: HKCU\Software\DriverToolkit
Schlüssel Gefunden: HKCU\Software\Hola
Schlüssel Gefunden: HKCU\Software\csastats
Schlüssel Gefunden: HKLM\SOFTWARE\mtRonzap
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
Schlüssel Gefunden: [x64] HKCU\Software\DriverToolkit
Schlüssel Gefunden: [x64] HKCU\Software\Hola
Schlüssel Gefunden: [x64] HKCU\Software\csastats
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\Kan-Lam.dll
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Ronzap\ZimCom.dll
Wert Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
Wert Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
Wert Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
Wert Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
Wert Gefunden: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [safe_urls768]
Wert Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
Wert Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
Schlüssel Gefunden: HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
Schlüssel Gefunden: HKCU\Software\MozillaPlugins\@hola.org/vlc
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
Schlüssel Gefunden: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Schlüssel Gefunden: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Wert Gefunden: HKCU\Environment [SNF]
Wert Gefunden: HKCU\Environment [SNP]
Schlüssel Gefunden: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
Schlüssel Gefunden: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Schlüssel Gefunden: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Schlüssel Gefunden: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
Schlüssel Gefunden: HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6653 Bytes] - [02/12/2016 23:12:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6726 Bytes] ##########
         
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by Patrick (Administrator) on 02.12.2016 at 23:16:11,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9 

Successfully deleted: C:\ProgramData\sogouinput (Folder) 
Successfully deleted: C:\Users\Patrick\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Patrick\AppData\Local\wandoujia (Folder) 
Successfully deleted: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} (Folder) 
Successfully deleted: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\user.js (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\SogouImeMgr (Task)
Successfully deleted: C:\Program Files (x86)\wandoujia (Folder) 
Successfully deleted: C:\Program Files\sogouinput (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-D3A84695.pf (File) 



Registry: 9 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2016 at 23:17:32,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 02.12.2016, 23:28   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Ähhh...die Funde mit adwCleaner auch entfernen. Logfile dazu posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.12.2016, 23:32   #13
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Sorry, habe nicht gesehen, dass es bei den Berichten einen Tab für alle Logfiles nur für die Suchläufe und einen für die Löschvorgänge gibt.

Code:
ATTFilter
# AdwCleaner v6.030 - Bericht erstellt am 02/12/2016 um 23:13:52
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Löschen
# Unterstützung : hxxps://www.malwarebytes.com/support



***** [ Dienste ] *****

[-] Dienst gelöscht: Ronzap
[-] Dienst gelöscht: backlh
[-] Dienst gelöscht: Nettrans


***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Program Files (x86)\825B4291-1480630064-E311-AD5B-201A06114318
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\DriverToolkit
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\Hola
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\chportu
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\Hola
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\ProxyGate
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Roaming\Tencent
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\FreeRIP
[-] Ordner gelöscht: C:\Users\Patrick\AppData\Local\VirtualStore\Program Files (x86)\Tencent
[-] Ordner gelöscht: C:\ProgramData\Ronzap
[-] Ordner gelöscht: C:\ProgramData\Ronzaps
[-] Ordner gelöscht: C:\ProgramData\Logic Handler
[-] Ordner gelöscht: C:\ProgramData\Tencent
[-] Ordner gelöscht: C:\ProgramData\NetworkPacketManitor
[-] Ordner gelöscht: C:\Users\Public\Documents\Tencent
[-] Ordner gelöscht: C:\Program Files (x86)\DriverToolkit
[-] Ordner gelöscht: C:\Program Files (x86)\FreeRIP
[-] Ordner gelöscht: C:\Program Files (x86)\Tencent
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\Tencent
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\freemake shared
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\NUIns


***** [ Dateien ] *****

[-] Datei gelöscht: C:\WINDOWS\SysWoW64\findit.xml
[-] Datei gelöscht: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\extensions\firefox@browser-security.de.xpi
[-] Datei gelöscht: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\5fqwv91p.default\searchplugins\yahoo! powered.xml
[-] Datei gelöscht: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nhgknfkfipiflalfpihaicjijikenfoj_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Classes\Tencent
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Classes\Tencent
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\metnsd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Tencent
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Tencent
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\metnsd
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Tencent
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\DriverToolkit
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Hola
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\csastats
[-] Schlüssel gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\DriverToolkit
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Hola
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\csastats
[-] Schlüssel gelöscht: HKLM\SOFTWARE\mtRonzap
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\DriverToolkit
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Hola
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\csastats
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] 
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] 
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ProxyGate]
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [safe_urls768]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [safe_urls768]
[-] Schlüssel gelöscht: HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
[-] Schlüssel gelöscht: HKCU\Software\MozillaPlugins\@hola.org/vlc
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[-] Schlüssel gelöscht: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Wert gelöscht: HKCU\Environment [SNF]
[-] Wert gelöscht: HKCU\Environment [SNP]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
[#] Schlüssel mit Neustart gelöscht: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7041 Bytes] - [02/12/2016 23:13:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6849 Bytes] - [02/12/2016 23:12:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7261 Bytes] ##########
         

Alt 02.12.2016, 23:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Und noch mal bitte zur KOntrolle
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.12.2016, 23:45   #15
Machalla666
 
Tr/dropper.gen - Herunterfahren nicht mehr möglich - Standard

Tr/dropper.gen - Herunterfahren nicht mehr möglich



Neues AdwCleaner Log:
Code:
ATTFilter
# AdwCleaner v6.030 - Bericht erstellt am 02/12/2016 um 23:41:24
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-12-02.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Patrick - DESKTOP-I54T4B7
# Gestartet von : C:\Users\Patrick\Desktop\AdwCleaner_6.030.exe
# Modus: Löschen
# Unterstützung : hxxps://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****



***** [ Dateien ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****

[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Verknüpfung desinfiziert: C:\Users\Patrick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yandex.lnk


***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Wert gelöscht: HKU\S-1-5-21-3097098544-2319845998-2187571786-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}


***** [ Browser ] *****

[-] Firefox Einstellungen bereinigt: "browser.newtab.url" -  "C:\\ProgramData\\Ronzaps\\ff.NT"
[-] Firefox Einstellungen bereinigt: "browser.search.defaultenginename" -  "Yahoo! Powered"
[-] Firefox Einstellungen bereinigt: "browser.search.selectedEngine" -  "Yahoo! Powered"
[-] Firefox Einstellungen bereinigt: "browser.startup.homepage" -  "C:\\ProgramData\\Ronzaps\\ff.HP"


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7384 Bytes] - [02/12/2016 23:13:52]
C:\AdwCleaner\AdwCleaner[C2].txt - [3043 Bytes] - [02/12/2016 23:41:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [13988 Bytes] - [02/12/2016 23:09:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [6849 Bytes] - [02/12/2016 23:12:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [3817 Bytes] - [02/12/2016 23:40:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3336 Bytes] ##########
         
Neues JRT Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by Patrick (Administrator) on 02.12.2016 at 23:42:42,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2016 at 23:44:01,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Antwort

Themen zu Tr/dropper.gen - Herunterfahren nicht mehr möglich
appdata, attacke, avira, browser-security, code, dateien, dauerhaft, funde, gen, guten, herunterfahren, laptop, log, löschen, meldungen, nicht mehr, quarantäne, sache, system, temp, tmp, tr/dropper.gen, users, verschoben, versucht, works, yandex



Ähnliche Themen: Tr/dropper.gen - Herunterfahren nicht mehr möglich


  1. Herunterfahren nicht möglich, Versuch über "ausführen" legt alles lahm, nun keine Aktionen mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (13)
  2. Win8.1 PC lässt sich nicht herunterfahren; Virenscan nicht möglich
    Log-Analyse und Auswertung - 29.09.2014 (3)
  3. herunterfahren nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 26.08.2014 (1)
  4. Windows Sicherheitscenter reagiert nicht mehr.Bereinigen nicht möglich
    Log-Analyse und Auswertung - 08.12.2013 (15)
  5. Windows 8 64 bit ein wichtiges Update nicht möglich und blockiert beim herunterfahren, Broserfenster Popups machen auf ..
    Alles rund um Windows - 12.11.2013 (0)
  6. UKASH-Trojaner | W7Pro |Systemwiederherstellung nicht möglich | Abgesicherter Modus -> Herunterfahren
    Log-Analyse und Auswertung - 10.04.2013 (9)
  7. Windows lässt sich nicht herunterfahren/Keine Installation möglich/Favoriten, etc. gelöscht
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (18)
  8. Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (13)
  9. Win7 herunterfahren Button reagiert nicht, strg+alt+entf geht nicht mehr & cmd.exe geht nicht auf
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (25)
  10. Anmeldung an Windows (7) nicht mehr möglich, Tastatur + Maus reagieren nicht
    Plagegeister aller Art und deren Bekämpfung - 23.01.2011 (1)
  11. Windows-Updates nicht möglich (Fehlercode 80072EFE) & Probleme beim Herunterfahren
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (3)
  12. Avira Antivir startet nicht mehr - Download von Dateien nicht mehr möglich
    Log-Analyse und Auswertung - 06.10.2010 (34)
  13. Windows 7 Task Manager startet nicht mehr - Regedit nicht möglich!
    Log-Analyse und Auswertung - 18.09.2010 (4)
  14. kein login nach dropper.gen mehr möglich, hat er mein Passwort geändert?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (1)
  15. PC stürzt ab und lässt sich nach reboot nicht mehr herunterfahren
    Log-Analyse und Auswertung - 13.11.2009 (5)
  16. kann windows nicht mehr herunterfahren
    Alles rund um Windows - 01.01.2004 (1)

Zum Thema Tr/dropper.gen - Herunterfahren nicht mehr möglich - Guten Abend. Seit vorgestern bekomme ich von Avira ständig Meldungen über Attacken, Funde und Dateien, die in die Quarantäne verschoben wurden. Ich habe bis jetzt lediglich versucht die in die - Tr/dropper.gen - Herunterfahren nicht mehr möglich...
Archiv
Du betrachtest: Tr/dropper.gen - Herunterfahren nicht mehr möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.