Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.02.2017, 18:00   #1
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Hallo liebe Experten,

Ich habe vorgestern die Email vom Beitragsservice bezueglich Umstellung auf SEPA geoffnet. File REF_ID-2378AD2810AJF.zip im Anhang oeffnete direkt ein Word Dokument. Leider aktivierte Ich die Option "Makro ausfuehren" um mir den Header der Email anzeigen zu lassen.

Gestern habe Ich erst einmal eine Sicherheitskopie meiner Daten auf eine externe Festplatte gespeichert, wohlwissend den Trojaner oder Schaedling mit abzuspeichern.

Anschliessend habe Ich im Internet nach Hilfe gesucht und dabei fiel mir auf, dass manche Webseiten nicht mehr angezeigt werden (z.B. reimageplus.com).

Vielen Dank fuer Ihre kostbare Zeit und Hilfe
Tobias

Alt 15.02.2017, 21:01   #2
M-K-D-B
/// TB-Ausbilder
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 16.02.2017, 03:16   #3
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Hallo Matthias,

vielen Dank fuer Deine Antwort. Scheint als wurde FRST nicht als Administrator ausgefuehrt. Ich wurde hier auf Win10 beim Aussfuehren leider nicht um das Admin Kennwort gefragt. TDS Killer hat beim Scan leider nichts gefunden. Ich hoffe die Logfiles koennen dennoch weiterhelfen. Aufgrund der Laenge muss Ich Logfiles splitten

Hier ist das FRST File

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
durchgeführt von MarkStrong (ACHTUNG: der Benutzer ist kein Administrator) auf MSI (15-02-2017 20:55:34)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

konnte nicht auf den Prozess zugreifen -> smss.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> wininit.exe
konnte nicht auf den Prozess zugreifen -> csrss.exe
konnte nicht auf den Prozess zugreifen -> services.exe
konnte nicht auf den Prozess zugreifen -> lsass.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> winlogon.exe
konnte nicht auf den Prozess zugreifen -> dwm.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> WUDFHost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> spoolsv.exe
konnte nicht auf den Prozess zugreifen -> AdminService.exe
konnte nicht auf den Prozess zugreifen -> nvwirelesscontroller.exe
konnte nicht auf den Prozess zugreifen -> MsiTrueColorService.exe
konnte nicht auf den Prozess zugreifen -> NVDisplay.Container.exe
konnte nicht auf den Prozess zugreifen -> nvcontainer.exe
konnte nicht auf den Prozess zugreifen -> OfficeClickToRun.exe
konnte nicht auf den Prozess zugreifen -> NvTelemetryContainer.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> MSIService.exe
konnte nicht auf den Prozess zugreifen -> MBAMService.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> SynTPEnhService.exe
konnte nicht auf den Prozess zugreifen -> MsMpEng.exe
konnte nicht auf den Prozess zugreifen -> KillerNetworkService.exe
konnte nicht auf den Prozess zugreifen -> nvxdsync.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
konnte nicht auf den Prozess zugreifen -> ICCProxy.exe
konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe
konnte nicht auf den Prozess zugreifen -> NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
konnte nicht auf den Prozess zugreifen -> MsiTrueColorHelper.exe
konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
konnte nicht auf den Prozess zugreifen -> svchost.exe
konnte nicht auf den Prozess zugreifen -> FABS.exe
konnte nicht auf den Prozess zugreifen -> IAStorDataMgrSvc.exe
konnte nicht auf den Prozess zugreifen -> jhi_service.exe
konnte nicht auf den Prozess zugreifen -> LMS.exe
konnte nicht auf den Prozess zugreifen -> XtuService.exe
konnte nicht auf den Prozess zugreifen -> SearchFilterHost.exe
konnte nicht auf den Prozess zugreifen -> MpCmdRun.exe
konnte nicht auf den Prozess zugreifen -> SearchProtocolHost.exe
konnte nicht auf den Prozess zugreifen -> WMIADAP.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\ADMINI~1\AppData\Local\Temp\DeleteOnReboot.bat <===== ACHTUNG
HKU\S-1-5-18\...\Run: [] => 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
URLSearchHook: [S-1-5-21-4218886898-41493801-728894-500] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Präsentationen) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-19]
CHR Extension: (Google Docs) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-19]
CHR Extension: (Google Drive) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-19]
CHR Extension: (YouTube) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-19]
CHR Extension: (Google Tabellen) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-13]
CHR Extension: (Google Mail) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-19]
CHR Extension: (Chrome Media Router) - C:\Users\MarkStrong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R3 lmhosts; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 lmhosts; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-15 20:55 - 2017-02-15 20:55 - 00019904 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-15 20:55 - 00000000 ____D C:\FRST
2017-02-15 20:54 - 2017-02-15 20:55 - 02422272 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-15 20:50 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-15 20:43 - 2017-02-15 20:43 - 00000000 ___HD C:\OneDriveTemp
2017-02-14 21:19 - 2017-02-14 21:20 - 00000000 ____D C:\rei
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-13 20:03 - 2017-02-15 20:51 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-18 06:37 - 2017-01-18 06:37 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Arrowhead
2017-01-18 06:28 - 2017-01-18 06:28 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Robot Entertainment
2017-01-17 05:54 - 2017-01-21 05:55 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-01-17 05:53 - 2017-01-20 11:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 01964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 01598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-15 20:52 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-15 20:52 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-15 20:51 - 2016-12-23 04:07 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-15 20:51 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-15 20:50 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-15 20:43 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 20:43 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-14 22:03 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-14 11:58 - 2016-08-01 18:06 - 00601888 _____ C:\Windows\system32\perfh019.dat
2017-02-14 11:58 - 2016-08-01 18:06 - 00207296 _____ C:\Windows\system32\perfc019.dat
2017-02-14 11:58 - 2016-08-01 18:02 - 00710092 _____ C:\Windows\system32\prfh0816.dat
2017-02-14 11:58 - 2016-08-01 18:02 - 00228634 _____ C:\Windows\system32\prfc0816.dat
2017-02-14 11:58 - 2016-08-01 17:58 - 00732952 _____ C:\Windows\system32\perfh013.dat
2017-02-14 11:58 - 2016-08-01 17:58 - 00235792 _____ C:\Windows\system32\perfc013.dat
2017-02-14 11:58 - 2016-08-01 17:50 - 00711348 _____ C:\Windows\system32\perfh010.dat
2017-02-14 11:58 - 2016-08-01 17:50 - 00223560 _____ C:\Windows\system32\perfc010.dat
2017-02-14 11:58 - 2016-08-01 17:47 - 00731196 _____ C:\Windows\system32\perfh00C.dat
2017-02-14 11:58 - 2016-08-01 17:47 - 00229714 _____ C:\Windows\system32\perfc00C.dat
2017-02-14 11:58 - 2016-08-01 17:42 - 00725400 _____ C:\Windows\system32\perfh00A.dat
2017-02-14 11:58 - 2016-08-01 17:42 - 00233766 _____ C:\Windows\system32\perfc00A.dat
2017-02-14 11:58 - 2016-08-01 17:40 - 00771712 _____ C:\Windows\system32\perfh008.dat
2017-02-14 11:58 - 2016-08-01 17:40 - 00238760 _____ C:\Windows\system32\perfc008.dat
2017-02-14 11:58 - 2016-08-01 17:37 - 01047212 _____ C:\Windows\system32\perfh007.dat
2017-02-14 11:58 - 2016-08-01 17:37 - 00243770 _____ C:\Windows\system32\perfc007.dat
2017-02-14 11:58 - 2016-08-01 17:33 - 09204488 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-13 21:49 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 19:01 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 17:13 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:36 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-20 11:38 - 2016-10-20 18:52 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00043556 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 11:25 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator
2017-01-20 10:17 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Packages
2017-01-20 10:13 - 2016-10-20 18:52 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 09:04 - 2016-12-23 04:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-18 07:57 - 2016-10-20 18:52 - 07755067 _____ C:\Windows\system32\nvcoproc.bin
2017-01-18 06:28 - 2016-12-25 09:54 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\NVIDIA

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-12-14 11:17 - 2016-12-14 11:17 - 0000017 _____ () C:\Users\MarkStrong\AppData\Local\resmon.resmoncfg
2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-15 20:51 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-15 20:51 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator

==================== Ende von FRST.txt ============================
         
--- --- ---

[/CODE].


und hier ist das Addition File
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
durchgeführt von MarkStrong (15-02-2017 20:55:54)
Gestartet von C:\Users\MarkStrong\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-14 15:08:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4218886898-41493801-728894-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4218886898-41493801-728894-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4218886898-41493801-728894-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-4218886898-41493801-728894-501 - Limited - Disabled)
MarkStrong (S-1-5-21-4218886898-41493801-728894-1001 - Limited - Enabled) => C:\Users\MarkStrong

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
ApoDispatchConfigurator (Version: 2.3.701 - Nahimic) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
AudioLaunchpadConfigurator (Version: 2.3.701 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.) Hidden
Beyond Gravity (HKLM\...\Steam App 317510) (Version:  - Qwiboo Ltd)
Bridge Constructor Medieval (HKLM\...\Steam App 319850) (Version:  - ClockStone)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
BurnRecovery (x32 Version: 5.0.1608.1201 - Application) Hidden
CheckDevicesConfigurator (Version: 2.3.701 - Nahimic) Hidden
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
DEFCON (HKLM\...\Steam App 1520) (Version:  - Introversion Software)
Defend Your Life (HKLM\...\Steam App 357780) (Version:  - Alda Games)
Defenders of Ardania (HKLM\...\Steam App 73060) (Version:  - Most Wanted Entertainment)
Demon Hunter: Chronicles from Beyond (HKLM\...\Steam App 330990) (Version:  - Brave Giant LTD)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.)
Dragon Center (x32 Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.) Hidden
Dwarfs!? (HKLM\...\Steam App 35480) (Version:  - Power of 2)
Evil Defenders (HKLM\...\Steam App 412520) (Version:  - CP Decision)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version:  - Day 1 Studios)
F1 Race Stars (HKLM\...\Steam App 203680) (Version:  - Codemasters Birmingham)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Final Exam (HKLM\...\Steam App 233190) (Version:  - Mighty Rocket Studio)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FORCED (HKLM\...\Steam App 249990) (Version:  - BetaDwarf)
Foul Play (HKLM\...\Steam App 244810) (Version:  - Mediatonic)
Go Home Dinosaurs! (HKLM\...\Steam App 216090) (Version:  - Fire Hose Games)
God Mode (HKLM\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grim Legends 2: Song of the Dark Swan (HKLM\...\Steam App 279800) (Version:  - Artifex Mundi)
Guns'N'Zombies (HKLM\...\Steam App 264300) (Version:  - Krealit)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.) Hidden
Hero Academy (HKLM\...\Steam App 209270) (Version:  - Robot Entertainment)
Hydrophobia: Prophecy (HKLM\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
iBomber Defense Pacific (HKLM\...\Steam App 206690) (Version:  - Cobra Mobile)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel XTU Library (HKLM-x32\...\{B48E71F0-769D-445D-9020-9E06FF1D51C8}) (Version: 10.015.08120 - Micro-Star INT'L CO., LTD.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Rivet Networks)
LauncherSetup (Version: 2.3.701 - Nahimic) Hidden
Leviathan: Warships (HKLM\...\Steam App 202270) (Version:  - Pieces Interactive)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
MAGIX Photo Manager 16 (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
Magnetis (HKLM\...\Steam App 37500) (Version:  - Yullaby)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Men of War: Assault Squad (HKLM\...\Steam App 64000) (Version:  - Digitalmindsoft)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Millie (HKLM\...\Steam App 294230) (Version:  - Forever Entertainment S. A.)
Mini Motor Racing EVO (HKLM\...\Steam App 209520) (Version:  - The Binary Mill)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{51d850bf-aca6-4eac-b215-2792260adafd}) (Version: 2.3.7 - Nahimic)
Nahimic2UISetup (Version: 2.3.701 - Nahimic) Hidden
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.6.0.12 - Symantec Corporation) Hidden
Not The Robots (HKLM\...\Steam App 257120) (Version:  - 2DArray)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Poly Bridge (HKLM\...\Steam App 367450) (Version:  - Dry Cactus)
Pool Nation (HKLM\...\Steam App 254440) (Version:  - Cherry Pop Games)
Port Royale 3 (HKLM\...\Steam App 205610) (Version:  - Gaming Minds)
ProductDaemonSetup (Version: 2.3.701 - Nahimic) Hidden
ProductNSConfigurator (Version: 2.3.701 - Nahimic) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
R.U.S.E (HKLM\...\Steam App 21970) (Version:  - Eugen Systems)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Rise: Battle Lines (HKLM\...\Steam App 386350) (Version:  - The Secret Games Company)
Sanctum 2 (HKLM\...\Steam App 210770) (Version:  - Coffee Stain Studios)
SCM (HKLM\...\{4D36BF08-839B-47C5-BEDF-79D54ED8D14B}) (Version: 13.016.08191 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Sizing Options (x32 Version: 3.0.1607.2201 - Application) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.3.701 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.57 - Synaptics Incorporated)
Time Mysteries: Inheritance - Remastered (HKLM\...\Steam App 350010) (Version:  - Artifex Mundi)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)
Tribloos 2 (HKLM\...\Steam App 271550) (Version:  - BumpkinBrothers)
UIInstallUpgrade (Version: 2.3.701 - Nahimic) Hidden
Unstoppable Gorg (HKLM\...\Steam App 18120) (Version:  - Futuremark)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
War in a Box: Paper Tanks (HKLM\...\Steam App 308460) (Version:  - DQ Team)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-02 10:55 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00200888 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00272568 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-12-14 13:19 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 04:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 04:23 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 04:23 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 20:22 - 2017-02-06 20:23 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-10-07 18:24 - 2016-10-07 18:24 - 00693432 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-10-07 18:25 - 2016-10-07 18:25 - 02024632 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-10-07 18:28 - 2016-10-07 18:28 - 00495288 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-12-23 04:07 - 2016-12-12 18:39 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 06:47 - 2016-07-16 06:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4218886898-41493801-728894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58A45F44-D5FA-487F-AD77-8EA4E487FD4E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{89F8FB89-D598-4E08-80D6-8469CF8BCCD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F723A05F-477E-41ED-AD42-B0F5A57E7748}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EF9FB57-32D8-4AA6-9025-B53BF06F2876}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62EAAD63-655F-45CE-93E0-1740285AA331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA4F4879-FC87-41FB-97AD-C257327594CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{02E8F509-35F2-4D24-A941-B4D58A841B2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{E32A40F4-3B0A-4C25-99DA-452827ACF658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D3AFBDE0-A702-4A4C-B126-D31DA5137213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{BC1867CA-8AC0-4981-969C-41ECCDE98505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{D0C7D77C-EE0C-4042-9E4A-29A3C7308CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{3B6E62BD-6040-419E-82BB-C4384057258B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{DC55DD35-FC5B-4BF2-A950-505A1E8B7ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{33E40C5E-3E3B-4D1B-AE50-7D58C259FE0A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7FF10783-2B91-44AE-A335-804A2030D4F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{321C6B0F-14D7-474F-941D-BEC9D3029F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F574291E-919E-4223-B0FC-6D2F332C26EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9042FFBF-3DEC-4BB7-A6B9-0743DABB434E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35859D71-FE2A-45FF-A627-917D8FB37C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E479FDB1-F61B-4350-A3D7-821B937A6D17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{FB6557CF-C8F3-42EA-ADD4-928E6BE29B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{F8769C68-A2D8-488D-BF65-4B7630F8D238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0485327C-A46F-45E3-A71C-D3A7143D8804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FAF6EEEC-4F01-49A8-AAC1-A7DD0D87F076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{E3AB1FCC-F2F4-454D-A55F-91EFC2A2EA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{39B57716-1C4B-4ED8-B200-8F1345124CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{5397A5F7-862C-4E14-9C6C-809620D47DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{32F88ECD-D735-43F3-986E-8BB3B1ED04EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{0FEE2CD4-9E9F-42B3-97C0-70742BBD675D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{19DDBA06-A30A-4025-8E96-444F15FD83C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{766BA255-C003-4E04-815C-B61727EBB917}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BE6EAB90-FC6B-48A1-AC77-7A3DDFDA24F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{F4A8FA06-3540-47AB-ACD5-57F2B896079A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{265B1327-59CB-4805-B6F1-AB70002D0F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{62783129-1185-45E8-B211-32AF9CD331CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{58CFAA9B-73E2-4533-B46D-2A55128329DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{55249A23-EB92-4FA3-8078-CFA74499739E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{C3979464-80AE-4644-9838-0AF3CCC78D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{2AF9B9B9-EA8F-4678-B4AF-019A0CA74691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{1F8CDCA3-8A82-4F93-86FF-39C651A778FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{12D4118A-6FB9-4FC8-A4BB-0E00D51A0664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{ECAD9605-7B7D-4218-BC47-1D2D77AD4197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{2E6A0096-95EB-4FF0-AA78-EB92975D0B94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{564CF656-D5EA-48B4-BB51-6388EED16405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{909CB892-BA48-4149-A311-5465AB5DAEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{380E392A-702D-4E2F-8C48-B5530C7721B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{4E91C6CF-9A99-4107-B725-39DF19646A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{960A768A-0031-4F48-A622-D34D08A1172D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{67CBF75F-AF81-4BC5-9E26-E8D37851C4EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{93A75816-103A-4968-ABDD-352927A87174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{FFAD9C2B-5BBA-48EC-BB0C-13B7D3DB4470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{A3FE6BD7-1F07-494C-A44B-27C318AD96A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{E5F32BE5-B629-477F-8F03-A373CB7E65D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{70A38E8E-11E3-4864-8AFD-B4490348E0DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{2008150F-53FB-4941-B8EB-89EAF7A11EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{94E5C3EA-1282-45B8-A8A1-275164C35370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3EB97BC5-0180-4717-87A0-0C868E946377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3B42174B-3B07-47FF-B71D-FDBBC9F07690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{A5FD5BFD-9BB3-4AD7-86AF-5F2991BB563C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{4F8AA047-AE30-478D-8CA0-532769A43861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A144D421-CD6D-47E1-91FD-07748FC8EB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{EA89CB5D-BF6B-4175-92EC-5CF8BB5A30AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{9E4631AF-86B3-41BF-AA91-ED4B709E45B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{6ABD3963-FCE1-4570-8448-08526E8326CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{08A9F07E-B989-4A49-A8D0-F05DE03EE1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{622F3114-BA9B-46D0-AC13-264949088297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{468D817F-46BE-4066-9BFB-E47C02692C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{C0D20874-D515-45C7-9735-F204329D29CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{5DA2F9A0-0A8C-4329-8287-8B455076E02E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{ABE851FC-1EA5-4984-8D09-07D45753E171}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{CEB2B999-5155-44CB-888C-1F2B16902B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{BD69AE83-356E-46D6-95E2-742A844856B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{D25B9354-2B67-43F6-B5CA-C10A54AF1D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{20EB6D39-A038-4D20-AF2F-D963268BD999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{6CEFEB45-4719-4981-9ECE-F976999C7486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{9A9C0EA1-6B87-4F3A-97CF-C683D686DFE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{2AA3EE71-3825-4A05-9863-825D14D27D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{AF821B65-0B71-4382-94EC-4DBDD4861D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{B2EEDCFA-D33D-47C9-B592-586769BF8BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{11B7E7BD-5DCF-4103-B25B-8EAC52BCF7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{ECE33A69-8722-459B-BEC5-6611B65D4B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{8C5D3807-F3D5-483C-BB62-E6A267E5AFEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{FB0512F7-1457-4F1D-9EFC-D6B6660E0E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{6C398AAF-FE8B-4462-88B4-9E2DF1C00AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{57D32252-4FDE-4554-8B8B-9776A775A016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{165372EC-7B50-4658-9E78-342B476F2C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{6F2C7093-AC74-4E0B-9273-1CC179BC0F63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{2FC48271-68C1-428A-9F7E-9200CEE11EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{4126F9AE-698D-4907-B2E2-381E2EAF21DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{DC8FF109-33E3-4A91-804E-97B5DDF019B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{BBE00BDA-5AC6-4643-9373-10B5AA8925D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{A61410B8-D910-4ED9-8BA2-7E406331D2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{1CB85A98-9A1A-4265-974E-BB984079EC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{508959C3-0A1F-4E29-8172-27C8F9B36D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{5778B0E3-37DC-4572-8C74-47D65D124816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{F66022D3-5320-45DC-9111-A3E373B824FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/15/2017 08:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 8626502a-dbf7-455d-9271-94008fa30783
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 08e39c26-98db-4602-9ec7-ea2374486f53
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/15/2017 08:51:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x888
Startzeit der fehlerhaften Anwendung: 0x01d287f730c5dfc4
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: d8b48d13-546b-47db-8618-fdeacedbd4c9
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:51:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_ActiveX_Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 70D92B10

Error: (02/15/2017 08:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Name des fehlerhaften Moduls: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000735a5
ID des fehlerhaften Prozesses: 0x2f64
Startzeit der fehlerhaften Anwendung: 0x01d287f6e134d4e5
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Berichtskennung: f66fe2aa-bd63-4149-ac8e-eb5ded2a796b
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (02/15/2017 08:48:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Name des fehlerhaften Moduls: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000735a5
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0x01d287f5f53d51b3
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Berichtskennung: 6ef283f7-24f3-47f4-abb9-a3f46ba42a10
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (02/14/2017 09:29:39 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\WinZip\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\WinZip\adxloader.dll.Manifest" in Zeile 2.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/14/2017 09:20:47 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\WinZip\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\WinZip\adxloader.dll.Manifest" in Zeile 2.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/14/2017 10:16:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x830
Startzeit der fehlerhaften Anwendung: 0x01d286d541b5f425
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: 5f3035d8-eff1-43f8-82ec-b8e2781dffcf
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (02/15/2017 08:51:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_ActiveX_Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/15/2017 08:51:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:50:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/15/2017 08:50:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/15/2017 08:50:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Killer Network Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/15/2017 08:50:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/15/2017 08:50:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-02-15 20:52:35.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:52:35.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:52:35.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:45:42.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:43:32.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:43:32.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:43:32.225
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:43:32.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:42:46.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-15 20:42:40.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 16%
Installierter physikalischer RAM: 16338.75 MB
Verfügbarer physikalischer RAM: 13705.8 MB
Summe virtueller Speicher: 18770.75 MB
Verfügbarer virtueller Speicher: 15893.55 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:36.65 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:933.66 GB) NTFS

==================== MBR & Partitionstabelle ==================

==================== Ende von Addition.txt ============================
         



Vielen herzlichen Dank und freundliche Gruesse!
Tobias
__________________

Alt 16.02.2017, 03:24   #4
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



zum Schluss anbei die Logdatei von TDS Killer Teil 1
Code:
ATTFilter
21:20:37.0830 0x2614  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
21:20:37.0830 0x2614  UEFI system
21:20:43.0599 0x2614  ============================================================
21:20:43.0599 0x2614  Current date / time: 2017/02/15 21:20:43.0599
21:20:43.0599 0x2614  SystemInfo:
21:20:43.0599 0x2614  
21:20:43.0599 0x2614  OS Version: 10.0.14393 ServicePack: 0.0
21:20:43.0599 0x2614  Product type: Workstation
21:20:43.0599 0x2614  ComputerName: MSI
21:20:43.0599 0x2614  UserName: Administrator
21:20:43.0599 0x2614  Windows directory: C:\Windows
21:20:43.0599 0x2614  System windows directory: C:\Windows
21:20:43.0599 0x2614  Running under WOW64
21:20:43.0599 0x2614  Processor architecture: Intel x64
21:20:43.0599 0x2614  Number of processors: 8
21:20:43.0599 0x2614  Page size: 0x1000
21:20:43.0599 0x2614  Boot type: Normal boot
21:20:43.0599 0x2614  CodeIntegrityOptions = 0x0000C001
21:20:43.0599 0x2614  ============================================================
21:20:43.0637 0x2614  KLMD registered as C:\Windows\system32\drivers\27449437.sys
21:20:43.0637 0x2614  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
21:20:44.0111 0x2614  System UUID: {95C063B1-AE28-3560-B413-BBD76645954D}
21:20:44.0466 0x2614  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:44.0467 0x2614  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:44.0474 0x2614  ============================================================
21:20:44.0474 0x2614  \Device\Harddisk0\DR0:
21:20:44.0474 0x2614  GPT partitions:
21:20:44.0475 0x2614  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {34EE33E8-E3FE-47F4-B640-6B9C9DDC1F2E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
21:20:44.0475 0x2614  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0CE8F9CB-7A77-40D9-B8D1-D17D92B221DE}, Name: Microsoft reserved partition, StartLBA 0x96800, BlocksNum 0x40000
21:20:44.0475 0x2614  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8FC95390-FE84-4365-A467-2C9BFB022A84}, Name: Basic data partition, StartLBA 0xD6800, BlocksNum 0x1DA5A800
21:20:44.0475 0x2614  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7276A231-BE28-44C0-9C09-D079FBCB4010}, Name: Basic data partition, StartLBA 0x1DB31000, BlocksNum 0x1C2000
21:20:44.0475 0x2614  MBR partitions:
21:20:44.0475 0x2614  \Device\Harddisk1\DR1:
21:20:44.0797 0x2614  GPT partitions:
21:20:44.0798 0x2614  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C100B9AA-6B59-40DD-80E8-78513D1D0C83}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
21:20:44.0798 0x2614  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {ED6DCC10-55F9-4199-9AF9-039B690E592E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
21:20:44.0798 0x2614  MBR partitions:
21:20:44.0798 0x2614  ============================================================
21:20:44.0800 0x2614  C: <-> \Device\Harddisk0\DR0\Partition3
21:20:44.0816 0x2614  D: <-> \Device\Harddisk1\DR1\Partition2
21:20:44.0816 0x2614  ============================================================
21:20:44.0816 0x2614  Initialize success
21:20:44.0816 0x2614  ============================================================
21:20:46.0802 0x25d0  ============================================================
21:20:46.0802 0x25d0  Scan started
21:20:46.0802 0x25d0  Mode: Manual; 
21:20:46.0802 0x25d0  ============================================================
21:20:46.0802 0x25d0  KSN ping started
21:20:47.0355 0x25d0  KSN ping finished: true
21:20:47.0642 0x25d0  ================ Scan system memory ========================
21:20:47.0642 0x25d0  System memory - ok
21:20:47.0642 0x25d0  ================ Scan services =============================
21:20:47.0680 0x25d0  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
21:20:47.0680 0x25d0  1394ohci - ok
21:20:47.0696 0x25d0  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\Windows\system32\drivers\3ware.sys
21:20:47.0696 0x25d0  3ware - ok
21:20:47.0711 0x25d0  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:20:47.0727 0x25d0  ACPI - ok
21:20:47.0727 0x25d0  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\Windows\System32\drivers\AcpiDev.sys
21:20:47.0727 0x25d0  AcpiDev - ok
21:20:47.0742 0x25d0  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
21:20:47.0742 0x25d0  acpiex - ok
21:20:47.0742 0x25d0  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
21:20:47.0742 0x25d0  acpipagr - ok
21:20:47.0742 0x25d0  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
21:20:47.0742 0x25d0  AcpiPmi - ok
21:20:47.0742 0x25d0  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
21:20:47.0742 0x25d0  acpitime - ok
21:20:47.0780 0x25d0  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
21:20:47.0796 0x25d0  ADP80XX - ok
21:20:47.0812 0x25d0  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\Windows\system32\drivers\afd.sys
21:20:47.0812 0x25d0  AFD - ok
21:20:47.0827 0x25d0  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
21:20:47.0827 0x25d0  ahcache - ok
21:20:47.0843 0x25d0  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\Windows\System32\AJRouter.dll
21:20:47.0843 0x25d0  AJRouter - ok
21:20:47.0843 0x25d0  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\Windows\System32\alg.exe
21:20:47.0843 0x25d0  ALG - ok
21:20:47.0843 0x25d0  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
21:20:47.0843 0x25d0  AmdK8 - ok
21:20:47.0858 0x25d0  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
21:20:47.0858 0x25d0  AmdPPM - ok
21:20:47.0858 0x25d0  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:20:47.0858 0x25d0  amdsata - ok
21:20:47.0879 0x25d0  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:20:47.0880 0x25d0  amdsbs - ok
21:20:47.0880 0x25d0  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:20:47.0880 0x25d0  amdxata - ok
21:20:47.0880 0x25d0  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\Windows\system32\drivers\appid.sys
21:20:47.0880 0x25d0  AppID - ok
21:20:47.0896 0x25d0  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:20:47.0896 0x25d0  AppIDSvc - ok
21:20:47.0896 0x25d0  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\Windows\System32\appinfo.dll
21:20:47.0896 0x25d0  Appinfo - ok
21:20:47.0911 0x25d0  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\Windows\system32\drivers\applockerfltr.sys
21:20:47.0911 0x25d0  applockerfltr - ok
21:20:47.0927 0x25d0  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
21:20:47.0927 0x25d0  AppReadiness - ok
21:20:47.0981 0x25d0  [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
21:20:48.0012 0x25d0  AppXSvc - ok
21:20:48.0012 0x25d0  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:20:48.0012 0x25d0  arcsas - ok
21:20:48.0028 0x25d0  [ F3EB0301BED3C4586CEF27A2BA1C50B3, 94AEB00F0B1F1A26E69EF6F14F03B35AF5F095C04D70122276053F3145EEFC33 ] asmthub3        C:\Windows\System32\drivers\asmthub3.sys
21:20:48.0028 0x25d0  asmthub3 - ok
21:20:48.0043 0x25d0  [ 3D1460D459048E469D4EE506833FF0DE, DAE4597746D9791A61BDAF231FABA7A5097693DD9C43B3B7582AEBBAE2110B50 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
21:20:48.0043 0x25d0  asmtxhci - ok
21:20:48.0043 0x25d0  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
21:20:48.0043 0x25d0  AsyncMac - ok
21:20:48.0059 0x25d0  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:20:48.0059 0x25d0  atapi - ok
21:20:48.0059 0x25d0  [ 344566D820BED968FA65F5F7F14D56D4, 9B483FF87EEA67D5A2FC233F4735D676777B7478929D5B30D439C81EC2D2B66C ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:20:48.0079 0x25d0  AtherosSvc - ok
21:20:48.0081 0x25d0  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:20:48.0081 0x25d0  AudioEndpointBuilder - ok
21:20:48.0097 0x25d0  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:20:48.0112 0x25d0  Audiosrv - ok
21:20:48.0128 0x25d0  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:20:48.0128 0x25d0  AxInstSV - ok
21:20:48.0144 0x25d0  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:20:48.0144 0x25d0  b06bdrv - ok
21:20:48.0144 0x25d0  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
21:20:48.0159 0x25d0  BasicDisplay - ok
21:20:48.0159 0x25d0  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
21:20:48.0159 0x25d0  BasicRender - ok
21:20:48.0159 0x25d0  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\Windows\System32\drivers\bcmfn.sys
21:20:48.0159 0x25d0  bcmfn - ok
21:20:48.0159 0x25d0  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
21:20:48.0159 0x25d0  bcmfn2 - ok
21:20:48.0181 0x25d0  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:20:48.0181 0x25d0  BDESVC - ok
21:20:48.0181 0x25d0  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\Windows\system32\drivers\Beep.sys
21:20:48.0181 0x25d0  Beep - ok
21:20:48.0197 0x25d0  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\Windows\System32\bfe.dll
21:20:48.0213 0x25d0  BFE - ok
21:20:48.0244 0x25d0  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\Windows\System32\qmgr.dll
21:20:48.0260 0x25d0  BITS - ok
21:20:48.0260 0x25d0  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:20:48.0260 0x25d0  bowser - ok
21:20:48.0281 0x25d0  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:20:48.0297 0x25d0  BrokerInfrastructure - ok
21:20:48.0297 0x25d0  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\Windows\System32\browser.dll
21:20:48.0297 0x25d0  Browser - ok
21:20:48.0313 0x25d0  [ 528C1166F873E1F5AE3D38748139036C, 4DB53DB42E7820D47DE15C41FD797BA0C0499C829CB7220700ACEECAD96B0EB0 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
21:20:48.0328 0x25d0  BtFilter - ok
21:20:48.0328 0x25d0  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
21:20:48.0328 0x25d0  BthAvrcpTg - ok
21:20:48.0328 0x25d0  [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
21:20:48.0328 0x25d0  BthEnum - ok
21:20:48.0344 0x25d0  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
21:20:48.0344 0x25d0  BthHFEnum - ok
21:20:48.0344 0x25d0  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
21:20:48.0344 0x25d0  bthhfhid - ok
21:20:48.0359 0x25d0  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
21:20:48.0359 0x25d0  BthHFSrv - ok
21:20:48.0378 0x25d0  [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
21:20:48.0382 0x25d0  BthLEEnum - ok
21:20:48.0382 0x25d0  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
21:20:48.0382 0x25d0  BTHMODEM - ok
21:20:48.0382 0x25d0  [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan          C:\Windows\System32\drivers\bthpan.sys
21:20:48.0382 0x25d0  BthPan - ok
21:20:48.0413 0x25d0  [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT         C:\Windows\System32\drivers\BTHport.sys
21:20:48.0429 0x25d0  BTHPORT - ok
21:20:48.0429 0x25d0  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\Windows\system32\bthserv.dll
21:20:48.0429 0x25d0  bthserv - ok
21:20:48.0444 0x25d0  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\Windows\System32\drivers\BTHUSB.sys
21:20:48.0444 0x25d0  BTHUSB - ok
21:20:48.0444 0x25d0  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
21:20:48.0444 0x25d0  buttonconverter - ok
21:20:48.0444 0x25d0  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\Windows\System32\drivers\capimg.sys
21:20:48.0444 0x25d0  CapImg - ok
21:20:48.0460 0x25d0  [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_NARA      C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys
21:20:48.0460 0x25d0  ccSet_NARA - ok
21:20:48.0460 0x25d0  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:20:48.0460 0x25d0  cdfs - ok
21:20:48.0480 0x25d0  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
21:20:48.0481 0x25d0  CDPSvc - ok
21:20:48.0481 0x25d0  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\Windows\System32\CDPUserSvc.dll
21:20:48.0497 0x25d0  CDPUserSvc - ok
21:20:48.0497 0x25d0  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\Windows\System32\drivers\cdrom.sys
21:20:48.0497 0x25d0  cdrom - ok
21:20:48.0513 0x25d0  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:20:48.0513 0x25d0  CertPropSvc - ok
21:20:48.0513 0x25d0  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\Windows\system32\drivers\cht4sx64.sys
21:20:48.0528 0x25d0  cht4iscsi - ok
21:20:48.0560 0x25d0  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\Windows\System32\drivers\cht4vx64.sys
21:20:48.0582 0x25d0  cht4vbd - ok
21:20:48.0597 0x25d0  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\Windows\System32\drivers\circlass.sys
21:20:48.0597 0x25d0  circlass - ok
21:20:48.0597 0x25d0  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
21:20:48.0613 0x25d0  CLFS - ok
21:20:48.0682 0x25d0  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:20:48.0713 0x25d0  ClickToRunSvc - ok
21:20:48.0745 0x25d0  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\Windows\System32\ClipSVC.dll
21:20:48.0745 0x25d0  ClipSVC - ok
21:20:48.0745 0x25d0  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\Windows\System32\drivers\registry.sys
21:20:48.0760 0x25d0  clreg - ok
21:20:48.0760 0x25d0  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
21:20:48.0760 0x25d0  CmBatt - ok
21:20:48.0781 0x25d0  [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:20:48.0782 0x25d0  CNG - ok
21:20:48.0782 0x25d0  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
21:20:48.0782 0x25d0  cnghwassist - ok
21:20:48.0798 0x25d0  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
21:20:48.0798 0x25d0  CompositeBus - ok
21:20:48.0798 0x25d0  COMSysApp - ok
21:20:48.0798 0x25d0  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\Windows\system32\drivers\condrv.sys
21:20:48.0798 0x25d0  condrv - ok
21:20:48.0813 0x25d0  [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
21:20:48.0829 0x25d0  CoreMessagingRegistrar - ok
21:20:48.0829 0x25d0  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:20:48.0829 0x25d0  CryptSvc - ok
21:20:48.0844 0x25d0  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\Windows\system32\drivers\dam.sys
21:20:48.0844 0x25d0  dam - ok
21:20:48.0860 0x25d0  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:20:48.0880 0x25d0  DcomLaunch - ok
21:20:48.0882 0x25d0  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\Windows\system32\dcpsvc.dll
21:20:48.0882 0x25d0  DcpSvc - ok
21:20:48.0898 0x25d0  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:20:48.0898 0x25d0  defragsvc - ok
21:20:48.0913 0x25d0  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\Windows\system32\das.dll
21:20:48.0913 0x25d0  DeviceAssociationService - ok
21:20:48.0913 0x25d0  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
21:20:48.0929 0x25d0  DeviceInstall - ok
21:20:48.0929 0x25d0  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
21:20:48.0929 0x25d0  DevQueryBroker - ok
21:20:48.0929 0x25d0  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
21:20:48.0929 0x25d0  Dfsc - ok
21:20:48.0945 0x25d0  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:20:48.0945 0x25d0  Dhcp - ok
21:20:48.0945 0x25d0  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
21:20:48.0960 0x25d0  diagnosticshub.standardcollector.service - ok
21:20:48.0983 0x25d0  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\Windows\system32\diagtrack.dll
21:20:49.0014 0x25d0  DiagTrack - ok
21:20:49.0014 0x25d0  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\Windows\system32\drivers\disk.sys
21:20:49.0014 0x25d0  disk - ok
21:20:49.0029 0x25d0  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
21:20:49.0029 0x25d0  DmEnrollmentSvc - ok
21:20:49.0045 0x25d0  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
21:20:49.0045 0x25d0  dmvsc - ok
21:20:49.0045 0x25d0  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
21:20:49.0045 0x25d0  dmwappushservice - ok
21:20:49.0045 0x25d0  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:20:49.0061 0x25d0  Dnscache - ok
21:20:49.0061 0x25d0  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\Windows\System32\dot3svc.dll
21:20:49.0061 0x25d0  dot3svc - ok
21:20:49.0078 0x25d0  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\Windows\system32\dps.dll
21:20:49.0081 0x25d0  DPS - ok
21:20:49.0085 0x25d0  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\Windows\system32\DRIVERS\drmkaud.sys
21:20:49.0085 0x25d0  drmkaud - ok
21:20:49.0092 0x25d0  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
21:20:49.0095 0x25d0  DsmSvc - ok
21:20:49.0100 0x25d0  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\Windows\System32\DsSvc.dll
21:20:49.0102 0x25d0  DsSvc - ok
21:20:49.0134 0x25d0  [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:20:49.0165 0x25d0  DXGKrnl - ok
21:20:49.0165 0x25d0  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:20:49.0165 0x25d0  EapHost - ok
21:20:49.0234 0x25d0  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:20:49.0265 0x25d0  ebdrv - ok
21:20:49.0281 0x25d0  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\Windows\System32\lsass.exe
21:20:49.0281 0x25d0  EFS - ok
21:20:49.0281 0x25d0  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
21:20:49.0281 0x25d0  EhStorClass - ok
21:20:49.0281 0x25d0  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:20:49.0281 0x25d0  EhStorTcgDrv - ok
21:20:49.0301 0x25d0  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
21:20:49.0303 0x25d0  embeddedmode - ok
21:20:49.0303 0x25d0  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\Windows\system32\EnterpriseAppMgmtSvc.dll
21:20:49.0303 0x25d0  EntAppSvc - ok
21:20:49.0303 0x25d0  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
21:20:49.0303 0x25d0  ErrDev - ok
21:20:49.0318 0x25d0  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\Windows\system32\es.dll
21:20:49.0334 0x25d0  EventSystem - ok
21:20:49.0334 0x25d0  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\Windows\system32\drivers\exfat.sys
21:20:49.0349 0x25d0  exfat - ok
21:20:49.0349 0x25d0  Fabs - ok
21:20:49.0349 0x25d0  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:20:49.0365 0x25d0  fastfat - ok
21:20:49.0365 0x25d0  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\Windows\system32\fxssvc.exe
21:20:49.0381 0x25d0  Fax - ok
21:20:49.0381 0x25d0  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\Windows\System32\drivers\fdc.sys
21:20:49.0381 0x25d0  fdc - ok
21:20:49.0397 0x25d0  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:20:49.0398 0x25d0  fdPHost - ok
21:20:49.0403 0x25d0  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\Windows\system32\fdrespub.dll
21:20:49.0403 0x25d0  FDResPub - ok
21:20:49.0403 0x25d0  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\Windows\system32\fhsvc.dll
21:20:49.0403 0x25d0  fhsvc - ok
21:20:49.0403 0x25d0  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\Windows\system32\drivers\filecrypt.sys
21:20:49.0403 0x25d0  FileCrypt - ok
21:20:49.0418 0x25d0  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:20:49.0418 0x25d0  FileInfo - ok
21:20:49.0418 0x25d0  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:20:49.0418 0x25d0  Filetrace - ok
21:20:49.0465 0x25d0  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:20:49.0498 0x25d0  FirebirdServerMAGIXInstance - ok
21:20:49.0503 0x25d0  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
21:20:49.0503 0x25d0  flpydisk - ok
21:20:49.0503 0x25d0  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:20:49.0503 0x25d0  FltMgr - ok
21:20:49.0550 0x25d0  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\Windows\system32\FntCache.dll
21:20:49.0566 0x25d0  FontCache - ok
21:20:49.0566 0x25d0  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:20:49.0566 0x25d0  FontCache3.0.0.0 - ok
21:20:49.0581 0x25d0  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\Windows\system32\FrameServer.dll
21:20:49.0603 0x25d0  FrameServer - ok
21:20:49.0603 0x25d0  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:20:49.0603 0x25d0  FsDepends - ok
21:20:49.0603 0x25d0  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:20:49.0603 0x25d0  Fs_Rec - ok
21:20:49.0619 0x25d0  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:20:49.0635 0x25d0  fvevol - ok
21:20:49.0635 0x25d0  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
21:20:49.0635 0x25d0  gencounter - ok
21:20:49.0635 0x25d0  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
21:20:49.0635 0x25d0  genericusbfn - ok
21:20:49.0650 0x25d0  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
21:20:49.0650 0x25d0  GPIOClx0101 - ok
21:20:49.0666 0x25d0  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:20:49.0682 0x25d0  gpsvc - ok
21:20:49.0682 0x25d0  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
21:20:49.0682 0x25d0  GpuEnergyDrv - ok
21:20:49.0699 0x25d0  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:20:49.0701 0x25d0  gupdate - ok
21:20:49.0704 0x25d0  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:20:49.0704 0x25d0  gupdatem - ok
21:20:49.0704 0x25d0  [ 217230B984AB2954E2FA5E36578D7B08, BB7B79EA7501A28EB2A0303FDF66FB9D59D567994C25A1523CD6D2081C403AF6 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
21:20:49.0719 0x25d0  HdAudAddService - ok
21:20:49.0719 0x25d0  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
21:20:49.0719 0x25d0  HDAudBus - ok
21:20:49.0719 0x25d0  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
21:20:49.0719 0x25d0  HidBatt - ok
21:20:49.0735 0x25d0  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\Windows\System32\drivers\hidbth.sys
21:20:49.0735 0x25d0  HidBth - ok
21:20:49.0735 0x25d0  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
21:20:49.0735 0x25d0  hidi2c - ok
21:20:49.0735 0x25d0  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
21:20:49.0735 0x25d0  hidinterrupt - ok
21:20:49.0735 0x25d0  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\Windows\System32\drivers\hidir.sys
21:20:49.0751 0x25d0  HidIr - ok
21:20:49.0751 0x25d0  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\Windows\system32\hidserv.dll
21:20:49.0751 0x25d0  hidserv - ok
21:20:49.0751 0x25d0  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
21:20:49.0751 0x25d0  HidUsb - ok
21:20:49.0766 0x25d0  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:20:49.0766 0x25d0  HomeGroupListener - ok
21:20:49.0782 0x25d0  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:20:49.0782 0x25d0  HomeGroupProvider - ok
21:20:49.0782 0x25d0  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:20:49.0782 0x25d0  HpSAMD - ok
21:20:49.0820 0x25d0  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:20:49.0835 0x25d0  HTTP - ok
21:20:49.0835 0x25d0  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\Windows\System32\hvhostsvc.dll
21:20:49.0835 0x25d0  HvHost - ok
21:20:49.0835 0x25d0  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\Windows\system32\drivers\hvservice.sys
21:20:49.0835 0x25d0  hvservice - ok
21:20:49.0851 0x25d0  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:20:49.0851 0x25d0  hwpolicy - ok
21:20:49.0851 0x25d0  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
21:20:49.0851 0x25d0  hyperkbd - ok
21:20:49.0851 0x25d0  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
21:20:49.0851 0x25d0  i8042prt - ok
21:20:49.0867 0x25d0  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\Windows\System32\drivers\iagpio.sys
21:20:49.0867 0x25d0  iagpio - ok
21:20:49.0867 0x25d0  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\Windows\System32\drivers\iai2c.sys
21:20:49.0867 0x25d0  iai2c - ok
21:20:49.0867 0x25d0  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys
21:20:49.0867 0x25d0  iaLPSS2i_GPIO2 - ok
21:20:49.0882 0x25d0  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
21:20:49.0882 0x25d0  iaLPSS2i_I2C - ok
21:20:49.0882 0x25d0  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
21:20:49.0882 0x25d0  iaLPSSi_GPIO - ok
21:20:49.0882 0x25d0  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
21:20:49.0898 0x25d0  iaLPSSi_I2C - ok
21:20:49.0904 0x25d0  [ 7675D8E247732F45F60AA450BA2C207D, DBB591E56BBF9A93BE66A993D143A97964CC628457CF47EB5231D0DF62B59ADE ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
21:20:49.0920 0x25d0  iaStorA - ok
21:20:49.0936 0x25d0  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
21:20:49.0951 0x25d0  iaStorAV - ok
21:20:49.0951 0x25d0  [ 138F6A3E13BF002852EDA02B2DEBDD19, CB535FA072CD4C7C3F52E5B0EC88A1443E4B6F92F50C602E38864E20DC3A4476 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:20:49.0951 0x25d0  IAStorDataMgrSvc - ok
21:20:49.0967 0x25d0  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:20:49.0967 0x25d0  iaStorV - ok
21:20:49.0982 0x25d0  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\Windows\System32\drivers\ibbus.sys
21:20:49.0982 0x25d0  ibbus - ok
21:20:49.0982 0x25d0  [ E54BFAB1679CCFBE2C28AD18BE9D0E5F, DAFFCFEBDADEE43FE657FFFFCFADA2F7AE62FCB29915540F620FDC0041A99CD1 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
21:20:50.0000 0x25d0  ICCS - ok
21:20:50.0004 0x25d0  [ 231ADCE77616144B8E3D29707B282C82, D2429E0CAABE3E3A50D62DEC6C9F8D13AC8786EB57D9075489425E623EC84165 ] ICCWDT          C:\Windows\System32\drivers\ICCWDT.sys
21:20:50.0004 0x25d0  ICCWDT - ok
21:20:50.0004 0x25d0  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\Windows\System32\tetheringservice.dll
21:20:50.0004 0x25d0  icssvc - ok
21:20:50.0020 0x25d0  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\Windows\System32\ikeext.dll
21:20:50.0036 0x25d0  IKEEXT - ok
21:20:50.0036 0x25d0  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\Windows\System32\drivers\IndirectKmd.sys
21:20:50.0036 0x25d0  IndirectKmd - ok
21:20:50.0120 0x25d0  [ 9D8D3EB75CC3F7928D0123DFD9C3688A, 4547F8A0709403363112C4508E0EC9D646FBDA8AB9DEAFA5A76630DFEE9A245B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:20:50.0183 0x25d0  IntcAzAudAddService - ok
21:20:50.0205 0x25d0  [ AEA02F1F43503A5E10C92246A0B70DBD, 9717788B0D3E69071042A6D3EFB431F7466F76805F762BF22A32314FF3C21D84 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:20:50.0221 0x25d0  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:20:50.0221 0x25d0  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\Windows\system32\drivers\intelide.sys
21:20:50.0221 0x25d0  intelide - ok
21:20:50.0236 0x25d0  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\Windows\system32\drivers\intelpep.sys
21:20:50.0236 0x25d0  intelpep - ok
21:20:50.0236 0x25d0  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
21:20:50.0236 0x25d0  intelppm - ok
21:20:50.0236 0x25d0  [ D9B56324C4A13F51A5B22238136C85D0, 52FCE05BF7427E95B3C9AFE0F2EB3A2A6F0BF910ECDC5F6B349DC5EACCDAAD39 ] iocbios2        C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
21:20:50.0236 0x25d0  iocbios2 - ok
21:20:50.0252 0x25d0  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\Windows\system32\drivers\iorate.sys
21:20:50.0252 0x25d0  iorate - ok
21:20:50.0252 0x25d0  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:20:50.0252 0x25d0  IpFilterDriver - ok
21:20:50.0268 0x25d0  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:20:50.0283 0x25d0  iphlpsvc - ok
21:20:50.0283 0x25d0  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
21:20:50.0283 0x25d0  IPMIDRV - ok
21:20:50.0299 0x25d0  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:20:50.0302 0x25d0  IPNAT - ok
21:20:50.0305 0x25d0  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\Windows\system32\drivers\irda.sys
21:20:50.0305 0x25d0  irda - ok
21:20:50.0305 0x25d0  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:20:50.0305 0x25d0  IRENUM - ok
21:20:50.0305 0x25d0  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\Windows\System32\irmon.dll
21:20:50.0305 0x25d0  irmon - ok
21:20:50.0305 0x25d0  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:20:50.0305 0x25d0  isapnp - ok
21:20:50.0321 0x25d0  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
21:20:50.0321 0x25d0  iScsiPrt - ok
21:20:50.0321 0x25d0  [ BD60AF5579A5B654AF39CE09EA39AB17, B53332968F21B2F97DD55C67620E86AAE41B8969DD60EC3B1B5FE88DE1B6C8B0 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:20:50.0337 0x25d0  jhi_service - ok
21:20:50.0337 0x25d0  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
21:20:50.0337 0x25d0  kbdclass - ok
21:20:50.0337 0x25d0  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
21:20:50.0337 0x25d0  kbdhid - ok
21:20:50.0337 0x25d0  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\Windows\System32\drivers\kdnic.sys
21:20:50.0337 0x25d0  kdnic - ok
21:20:50.0352 0x25d0  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\Windows\system32\lsass.exe
21:20:50.0352 0x25d0  KeyIso - ok
21:20:50.0384 0x25d0  [ 21F2BFE5C90556BFF4FD8DB65718F98A, EAEB76D84A68ADECA17D264C84F5225DB651EFF4EDCC32E2EB063E52AC2035D0 ] Killer Network Service C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
21:20:50.0406 0x25d0  Killer Network Service - ok
21:20:50.0406 0x25d0  [ 79FB15772614197065C6F8DF085125CA, 4CDE0690440915E75245A21A8671A82648BF7856774A4B3ED5C43B3424FB9199 ] KillerEth       C:\Windows\System32\drivers\e2xw10x64.sys
21:20:50.0406 0x25d0  KillerEth - ok
21:20:50.0421 0x25d0  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:20:50.0421 0x25d0  KSecDD - ok
21:20:50.0421 0x25d0  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:20:50.0421 0x25d0  KSecPkg - ok
21:20:50.0437 0x25d0  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:20:50.0437 0x25d0  ksthunk - ok
21:20:50.0437 0x25d0  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:20:50.0453 0x25d0  KtmRm - ok
21:20:50.0453 0x25d0  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:20:50.0453 0x25d0  LanmanServer - ok
21:20:50.0468 0x25d0  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:20:50.0468 0x25d0  LanmanWorkstation - ok
21:20:50.0484 0x25d0  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\Windows\System32\lfsvc.dll
21:20:50.0484 0x25d0  lfsvc - ok
21:20:50.0484 0x25d0  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
21:20:50.0484 0x25d0  LicenseManager - ok
21:20:50.0484 0x25d0  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\Windows\system32\drivers\lltdio.sys
21:20:50.0484 0x25d0  lltdio - ok
21:20:50.0503 0x25d0  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:20:50.0506 0x25d0  lltdsvc - ok
21:20:50.0506 0x25d0  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:20:50.0506 0x25d0  lmhosts - ok
21:20:50.0506 0x25d0  [ 926DD6435BD1F85DB937C1CA1CF2E819, F1E8919663F619726C2802202131D18287D7B2E8D3F9B869CB6D21F1D6DF9268 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:20:50.0522 0x25d0  LMS - ok
21:20:50.0522 0x25d0  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:20:50.0522 0x25d0  LSI_SAS - ok
21:20:50.0537 0x25d0  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\Windows\system32\drivers\lsi_sas2i.sys
21:20:50.0537 0x25d0  LSI_SAS2i - ok
21:20:50.0537 0x25d0  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\Windows\system32\drivers\lsi_sas3i.sys
21:20:50.0537 0x25d0  LSI_SAS3i - ok
21:20:50.0537 0x25d0  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
21:20:50.0537 0x25d0  LSI_SSS - ok
21:20:50.0553 0x25d0  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\Windows\System32\lsm.dll
21:20:50.0569 0x25d0  LSM - ok
21:20:50.0569 0x25d0  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:20:50.0569 0x25d0  luafv - ok
21:20:50.0584 0x25d0  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\Windows\System32\moshost.dll
21:20:50.0584 0x25d0  MapsBroker - ok
21:20:50.0653 0x25d0  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
21:20:50.0706 0x25d0  MBAMService - ok
21:20:50.0723 0x25d0  [ BDE2FC7213C0897524C1357BAAE30239, 1E1AB68145107429217E07A662477C86406E0188BE9F01CAC416AC13054D1A5E ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
21:20:50.0723 0x25d0  MBAMSwissArmy - ok
21:20:50.0723 0x25d0  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\Windows\system32\drivers\megasas.sys
21:20:50.0723 0x25d0  megasas - ok
21:20:50.0739 0x25d0  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\Windows\system32\drivers\MegaSas2i.sys
21:20:50.0739 0x25d0  megasas2i - ok
21:20:50.0755 0x25d0  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\Windows\system32\drivers\megasr.sys
21:20:50.0755 0x25d0  megasr - ok
21:20:50.0755 0x25d0  [ 552BCE17DF7FC306196F2325489CFFBE, C50720BFFAF5B78C9D0219023B7D18A2D94E70EA38526DE364FF5FBC5C98E208 ] MEIx64          C:\Windows\System32\drivers\TeeDriverW8x64.sys
21:20:50.0770 0x25d0  MEIx64 - ok
21:20:50.0770 0x25d0  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\Windows\System32\MessagingService.dll
21:20:50.0770 0x25d0  MessagingService - ok
21:20:50.0770 0x25d0  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files (x86)\SCM\MSIService.exe
21:20:50.0770 0x25d0  Micro Star SCM - ok
21:20:50.0802 0x25d0  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
21:20:50.0807 0x25d0  mlx4_bus - ok
21:20:50.0807 0x25d0  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\Windows\system32\drivers\mmcss.sys
21:20:50.0807 0x25d0  MMCSS - ok
21:20:50.0807 0x25d0  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\Windows\system32\drivers\modem.sys
21:20:50.0807 0x25d0  Modem - ok
21:20:50.0822 0x25d0  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\Windows\System32\drivers\monitor.sys
21:20:50.0822 0x25d0  monitor - ok
21:20:50.0822 0x25d0  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
21:20:50.0822 0x25d0  mouclass - ok
21:20:50.0822 0x25d0  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\Windows\System32\drivers\mouhid.sys
21:20:50.0822 0x25d0  mouhid - ok
21:20:50.0838 0x25d0  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:20:50.0838 0x25d0  mountmgr - ok
21:20:50.0838 0x25d0  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:20:50.0838 0x25d0  mpsdrv - ok
21:20:50.0854 0x25d0  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:20:50.0869 0x25d0  MpsSvc - ok
21:20:50.0869 0x25d0  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:20:50.0869 0x25d0  MRxDAV - ok
21:20:50.0885 0x25d0  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:20:50.0885 0x25d0  mrxsmb - ok
21:20:50.0906 0x25d0  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:20:50.0907 0x25d0  mrxsmb10 - ok
21:20:50.0907 0x25d0  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:20:50.0907 0x25d0  mrxsmb20 - ok
21:20:50.0923 0x25d0  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\Windows\system32\drivers\bridge.sys
21:20:50.0923 0x25d0  MsBridge - ok
21:20:50.0923 0x25d0  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\Windows\System32\msdtc.exe
21:20:50.0923 0x25d0  MSDTC - ok
21:20:50.0938 0x25d0  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:20:50.0938 0x25d0  Msfs - ok
21:20:50.0938 0x25d0  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
21:20:50.0938 0x25d0  msgpiowin32 - ok
21:20:50.0938 0x25d0  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:20:50.0938 0x25d0  mshidkmdf - ok
21:20:50.0938 0x25d0  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
21:20:50.0938 0x25d0  mshidumdf - ok
21:20:50.0954 0x25d0  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:20:50.0954 0x25d0  msisadrv - ok
21:20:50.0954 0x25d0  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:20:50.0954 0x25d0  MSiSCSI - ok
21:20:50.0954 0x25d0  msiserver - ok
21:20:50.0969 0x25d0  [ D836D32987A85D9E3955D2166A864885, 53096374A953B4CBD01BD23C17ADA9887D4F9B99712020DE46E98F5B2FBCC58E ] MSITrueColorService C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
21:20:50.0969 0x25d0  MSITrueColorService - ok
21:20:50.0969 0x25d0  [ E08F78FEF5310CF14EA6B9C9FA66BEC1, 8176F97B3A162F81C0D5DD9F4B868139ED76EE10192709F19C7ABE9BD813E8D7 ] MSI_ActiveX_Service C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
21:20:50.0969 0x25d0  MSI_ActiveX_Service - ok
21:20:50.0969 0x25d0  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\Windows\system32\DRIVERS\MSKSSRV.sys
21:20:50.0969 0x25d0  MSKSSRV - ok
21:20:50.0969 0x25d0  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
21:20:50.0985 0x25d0  MsLldp - ok
21:20:50.0985 0x25d0  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\Windows\system32\DRIVERS\MSPCLOCK.sys
21:20:50.0985 0x25d0  MSPCLOCK - ok
21:20:50.0985 0x25d0  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\Windows\system32\DRIVERS\MSPQM.sys
21:20:50.0985 0x25d0  MSPQM - ok
21:20:51.0002 0x25d0  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:20:51.0007 0x25d0  MsRPC - ok
21:20:51.0007 0x25d0  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
21:20:51.0007 0x25d0  mssmbios - ok
21:20:51.0007 0x25d0  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\Windows\system32\DRIVERS\MSTEE.sys
21:20:51.0007 0x25d0  MSTEE - ok
21:20:51.0007 0x25d0  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
21:20:51.0007 0x25d0  MTConfig - ok
21:20:51.0023 0x25d0  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:20:51.0023 0x25d0  Mup - ok
21:20:51.0023 0x25d0  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
21:20:51.0023 0x25d0  mvumis - ok
21:20:51.0038 0x25d0  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:20:51.0038 0x25d0  NativeWifiP - ok
21:20:51.0038 0x25d0  NAVENG - ok
21:20:51.0038 0x25d0  NAVEX15 - ok
21:20:51.0054 0x25d0  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\Windows\System32\ncasvc.dll
21:20:51.0054 0x25d0  NcaSvc - ok
21:20:51.0070 0x25d0  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\Windows\System32\ncbservice.dll
21:20:51.0070 0x25d0  NcbService - ok
21:20:51.0070 0x25d0  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
21:20:51.0070 0x25d0  NcdAutoSetup - ok
21:20:51.0085 0x25d0  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
21:20:51.0085 0x25d0  ndfltr - ok
21:20:51.0107 0x25d0  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:20:51.0123 0x25d0  NDIS - ok
21:20:51.0123 0x25d0  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
21:20:51.0123 0x25d0  NdisCap - ok
21:20:51.0123 0x25d0  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
21:20:51.0123 0x25d0  NdisImPlatform - ok
21:20:51.0139 0x25d0  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:20:51.0139 0x25d0  NdisTapi - ok
21:20:51.0139 0x25d0  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
21:20:51.0139 0x25d0  Ndisuio - ok
21:20:51.0139 0x25d0  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
21:20:51.0139 0x25d0  NdisVirtualBus - ok
21:20:51.0154 0x25d0  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
21:20:51.0154 0x25d0  NdisWan - ok
21:20:51.0154 0x25d0  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
21:20:51.0154 0x25d0  ndiswanlegacy - ok
21:20:51.0170 0x25d0  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
21:20:51.0170 0x25d0  ndproxy - ok
21:20:51.0170 0x25d0  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
21:20:51.0170 0x25d0  Ndu - ok
21:20:51.0170 0x25d0  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\Windows\system32\drivers\NetAdapterCx.sys
21:20:51.0170 0x25d0  NetAdapterCx - ok
21:20:51.0186 0x25d0  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
21:20:51.0186 0x25d0  NetBIOS - ok
21:20:51.0186 0x25d0  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:20:51.0201 0x25d0  NetBT - ok
21:20:51.0205 0x25d0  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\Windows\system32\lsass.exe
21:20:51.0206 0x25d0  Netlogon - ok
21:20:51.0208 0x25d0  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\Windows\System32\netman.dll
21:20:51.0208 0x25d0  Netman - ok
21:20:51.0223 0x25d0  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\Windows\System32\netprofmsvc.dll
21:20:51.0223 0x25d0  netprofm - ok
21:20:51.0239 0x25d0  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
21:20:51.0239 0x25d0  NetSetupSvc - ok
21:20:51.0255 0x25d0  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:20:51.0255 0x25d0  NetTcpPortSharing - ok
21:20:51.0255 0x25d0  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
21:20:51.0270 0x25d0  NgcCtnrSvc - ok
21:20:51.0286 0x25d0  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\Windows\system32\ngcsvc.dll
21:20:51.0306 0x25d0  NgcSvc - ok
21:20:51.0308 0x25d0  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:20:51.0324 0x25d0  NlaSvc - ok
21:20:51.0386 0x25d0  [ B13C5A66906C5C013C12A9E310B3F512, 477166DD956F96C167E992486B3CC80137EABC7BDCEE70BCE4A60B79939B5D9B ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:20:51.0440 0x25d0  NOBU - ok
21:20:51.0455 0x25d0  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:20:51.0455 0x25d0  Npfs - ok
21:20:51.0455 0x25d0  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
21:20:51.0455 0x25d0  npsvctrig - ok
21:20:51.0455 0x25d0  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\Windows\system32\nsisvc.dll
21:20:51.0455 0x25d0  nsi - ok
21:20:51.0471 0x25d0  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:20:51.0471 0x25d0  nsiproxy - ok
21:20:51.0509 0x25d0  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
21:20:51.0524 0x25d0  NTFS - ok
21:20:51.0540 0x25d0  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\Windows\system32\drivers\Null.sys
21:20:51.0540 0x25d0  Null - ok
21:20:51.0540 0x25d0  [ 14FF58450CB77E81E62A2CCFA29AAD5B, 484EA851B8AA51E9274009F01C8132BCD2B5FDF18F95FF0C8093D33D3FEFD26E ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
21:20:51.0556 0x25d0  NvContainerLocalSystem - ok
21:20:51.0556 0x25d0  [ 14FF58450CB77E81E62A2CCFA29AAD5B, 484EA851B8AA51E9274009F01C8132BCD2B5FDF18F95FF0C8093D33D3FEFD26E ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
21:20:51.0571 0x25d0  NvContainerNetworkService - ok
21:20:51.0571 0x25d0  [ 207A78939B7BBA0EFE8BFA947A35E71C, BB7DDFED575F81CAB958DDC7CFF2D798EB14DAE633F49FA2229D98BDC489C0EE ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:20:51.0587 0x25d0  NVHDA - ok
21:20:51.0608 0x25d0  [ 520A9ADAA30AA3EF5AB23725CCFEDBBE, 56078F97594D933E6123383CB20714D1EF43467DB8B46D737BA7DCD4148C1036 ] NVIDIA Wireless Controller Service C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
21:20:51.0609 0x25d0  NVIDIA Wireless Controller Service - ok
21:20:51.0844 0x25d0  [ B360CFC497FF8070E37AEEA92CEF14BC, 3172A296192640474E9B78A83C66079D916523F04D950AA56B65D570BED633FA ] nvlddmkm        C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys
21:20:52.0031 0x25d0  nvlddmkm - ok
21:20:52.0048 0x25d0  [ FEC294A2941AB6CA913D633C761B15CD, FFD90058A0CE6DA0338F3F9AA8531C232C1BF25A9BF7874154F8B96B8F07D50C ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
21:20:52.0049 0x25d0  nvpciflt - ok
21:20:52.0054 0x25d0  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:20:52.0056 0x25d0  nvraid - ok
21:20:52.0060 0x25d0  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:20:52.0060 0x25d0  nvstor - ok
21:20:52.0060 0x25d0  [ 31D4FAE2BAAD443419FC6D7079870BCD, 0A62785448EE10B335C4F869BA2A197F6AE09888C85E0D2AC80E757244A59A6C ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:20:52.0060 0x25d0  NvStreamKms - ok
21:20:52.0060 0x25d0  [ B8A220FE3CCDD6C029187AC813E4E674, AAC5E9C6D582444948AEB6EC2CF6D8AC27100FD4FE996CD727A0B68E04254CA5 ] NVSWCFilter     C:\Windows\System32\drivers\nvswcfilter.sys
21:20:52.0060 0x25d0  NVSWCFilter - ok
21:20:52.0075 0x25d0  [ CBB924C175EB4512F87AD7D6A0E55138, 75358B34E062A8AD26B2B353B3C517A14D31F257BF1D7D298E1ED0C875FDB0F1 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
21:20:52.0075 0x25d0  NvTelemetryContainer - ok
21:20:52.0091 0x25d0  [ 327832BEEB4DB34B418193BDA1BE4F10, C442642B1EF17CC0C382FE25231E33ECA580FC339B20AF222654FD8295ACA925 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
21:20:52.0091 0x25d0  nvvad_WaveExtensible - ok
21:20:52.0091 0x25d0  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
21:20:52.0107 0x25d0  OneSyncSvc - ok
21:20:52.0107 0x25d0  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:20:52.0107 0x25d0  ose - ok
21:20:52.0191 0x25d0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:20:52.0238 0x25d0  osppsvc - ok
21:20:52.0260 0x25d0  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:20:52.0260 0x25d0  p2pimsvc - ok
21:20:52.0275 0x25d0  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\Windows\system32\p2psvc.dll
21:20:52.0275 0x25d0  p2psvc - ok
21:20:52.0275 0x25d0  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\Windows\System32\drivers\parport.sys
21:20:52.0291 0x25d0  Parport - ok
21:20:52.0291 0x25d0  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:20:52.0291 0x25d0  partmgr - ok
21:20:52.0307 0x25d0  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:20:52.0307 0x25d0  PcaSvc - ok
21:20:52.0322 0x25d0  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\Windows\system32\drivers\pci.sys
21:20:52.0322 0x25d0  pci - ok
21:20:52.0322 0x25d0  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\Windows\system32\drivers\pciide.sys
21:20:52.0322 0x25d0  pciide - ok
21:20:52.0322 0x25d0  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:20:52.0338 0x25d0  pcmcia - ok
21:20:52.0338 0x25d0  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\Windows\system32\drivers\pcw.sys
         

Alt 16.02.2017, 03:25   #5
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



zum Schluss anbei die Logdatei von TDS Killer Teil 2

Code:
ATTFilter
21:20:52.0338 0x25d0  pcw - ok
21:20:52.0338 0x25d0  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\Windows\system32\drivers\pdc.sys
21:20:52.0338 0x25d0  pdc - ok
21:20:52.0360 0x25d0  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:20:52.0360 0x25d0  PEAUTH - ok
21:20:52.0376 0x25d0  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
21:20:52.0376 0x25d0  percsas2i - ok
21:20:52.0376 0x25d0  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
21:20:52.0376 0x25d0  percsas3i - ok
21:20:52.0391 0x25d0  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:20:52.0391 0x25d0  PerfHost - ok
21:20:52.0423 0x25d0  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\Windows\System32\PhoneService.dll
21:20:52.0423 0x25d0  PhoneSvc - ok
21:20:52.0438 0x25d0  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
21:20:52.0438 0x25d0  PimIndexMaintenanceSvc - ok
21:20:52.0460 0x25d0  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\Windows\system32\pla.dll
21:20:52.0476 0x25d0  pla - ok
21:20:52.0491 0x25d0  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:20:52.0491 0x25d0  PlugPlay - ok
21:20:52.0491 0x25d0  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:20:52.0491 0x25d0  PNRPAutoReg - ok
21:20:52.0507 0x25d0  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:20:52.0507 0x25d0  PNRPsvc - ok
21:20:52.0522 0x25d0  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:20:52.0522 0x25d0  PolicyAgent - ok
21:20:52.0522 0x25d0  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\Windows\system32\umpo.dll
21:20:52.0538 0x25d0  Power - ok
21:20:52.0538 0x25d0  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
21:20:52.0538 0x25d0  PptpMiniport - ok
21:20:52.0592 0x25d0  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
21:20:52.0638 0x25d0  PrintNotify - ok
21:20:52.0638 0x25d0  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\Windows\System32\drivers\processr.sys
21:20:52.0638 0x25d0  Processor - ok
21:20:52.0660 0x25d0  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:20:52.0661 0x25d0  ProfSvc - ok
21:20:52.0661 0x25d0  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\Windows\system32\drivers\pacer.sys
21:20:52.0661 0x25d0  Psched - ok
21:20:52.0707 0x25d0  [ 75FFEA6D90AE32FCFB618A8CE39BA151, ABB0CABF6F6A9B7EF0D39BCEEFBAAAB1DB79EDFECE3099803D96CAFAD4276A61 ] Qcamain10x64    C:\Windows\System32\drivers\Qcamain10x64.sys
21:20:52.0739 0x25d0  Qcamain10x64 - ok
21:20:52.0755 0x25d0  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\Windows\system32\qwave.dll
21:20:52.0761 0x25d0  QWAVE - ok
21:20:52.0761 0x25d0  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:20:52.0761 0x25d0  QWAVEdrv - ok
21:20:52.0761 0x25d0  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:20:52.0761 0x25d0  RasAcd - ok
21:20:52.0761 0x25d0  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
21:20:52.0761 0x25d0  RasAgileVpn - ok
21:20:52.0776 0x25d0  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\Windows\System32\rasauto.dll
21:20:52.0776 0x25d0  RasAuto - ok
21:20:52.0776 0x25d0  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
21:20:52.0776 0x25d0  Rasl2tp - ok
21:20:52.0792 0x25d0  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\Windows\System32\rasmans.dll
21:20:52.0808 0x25d0  RasMan - ok
21:20:52.0808 0x25d0  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\Windows\System32\drivers\raspppoe.sys
21:20:52.0808 0x25d0  RasPppoe - ok
21:20:52.0808 0x25d0  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
21:20:52.0823 0x25d0  RasSstp - ok
21:20:52.0823 0x25d0  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:20:52.0839 0x25d0  rdbss - ok
21:20:52.0839 0x25d0  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
21:20:52.0839 0x25d0  rdpbus - ok
21:20:52.0839 0x25d0  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:20:52.0856 0x25d0  RDPDR - ok
21:20:52.0861 0x25d0  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:20:52.0861 0x25d0  RdpVideoMiniport - ok
21:20:52.0861 0x25d0  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:20:52.0877 0x25d0  rdyboost - ok
21:20:52.0892 0x25d0  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
21:20:52.0908 0x25d0  ReFSv1 - ok
21:20:52.0908 0x25d0  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:20:52.0924 0x25d0  RemoteAccess - ok
21:20:52.0924 0x25d0  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:20:52.0924 0x25d0  RemoteRegistry - ok
21:20:52.0939 0x25d0  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\Windows\system32\RDXService.dll
21:20:52.0961 0x25d0  RetailDemo - ok
21:20:52.0961 0x25d0  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
21:20:52.0961 0x25d0  RFCOMM - ok
21:20:52.0961 0x25d0  [ 7ADF6A8AB2596FD91C08E8F387266FD0, CDC58ED2B15B7209A46E0523F8F061D5A638B19CEFFC4010E5D3E3A071221B51 ] RfeCoSvc        C:\Windows\system32\DRIVERS\RfeCo10X64.sys
21:20:52.0977 0x25d0  RfeCoSvc - ok
21:20:52.0977 0x25d0  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\Windows\System32\RMapi.dll
21:20:52.0977 0x25d0  RmSvc - ok
21:20:52.0977 0x25d0  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:20:52.0993 0x25d0  RpcEptMapper - ok
21:20:52.0993 0x25d0  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\Windows\system32\locator.exe
21:20:52.0993 0x25d0  RpcLocator - ok
21:20:53.0008 0x25d0  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\Windows\system32\rpcss.dll
21:20:53.0024 0x25d0  RpcSs - ok
21:20:53.0024 0x25d0  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\Windows\system32\drivers\rspndr.sys
21:20:53.0024 0x25d0  rspndr - ok
21:20:53.0040 0x25d0  [ 96CB7822C76EC1F24909D58350DA7DA7, 9F98CA000E24C40EBB2CE89D9547D05AF9D871E231BA30D6FD613D19F97A7355 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
21:20:53.0059 0x25d0  RTSPER - ok
21:20:53.0061 0x25d0  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
21:20:53.0061 0x25d0  s3cap - ok
21:20:53.0061 0x25d0  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\Windows\system32\lsass.exe
21:20:53.0061 0x25d0  SamSs - ok
21:20:53.0061 0x25d0  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:20:53.0061 0x25d0  sbp2port - ok
21:20:53.0077 0x25d0  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:20:53.0077 0x25d0  SCardSvr - ok
21:20:53.0077 0x25d0  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
21:20:53.0093 0x25d0  ScDeviceEnum - ok
21:20:53.0093 0x25d0  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:20:53.0093 0x25d0  scfilter - ok
21:20:53.0108 0x25d0  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\Windows\system32\schedsvc.dll
21:20:53.0124 0x25d0  Schedule - ok
21:20:53.0124 0x25d0  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\Windows\system32\drivers\scmbus.sys
21:20:53.0124 0x25d0  scmbus - ok
21:20:53.0140 0x25d0  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\Windows\System32\drivers\scmdisk0101.sys
21:20:53.0140 0x25d0  scmdisk0101 - ok
21:20:53.0140 0x25d0  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:20:53.0157 0x25d0  SCPolicySvc - ok
21:20:53.0162 0x25d0  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\Windows\System32\drivers\sdbus.sys
21:20:53.0162 0x25d0  sdbus - ok
21:20:53.0162 0x25d0  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:20:53.0177 0x25d0  SDRSVC - ok
21:20:53.0177 0x25d0  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
21:20:53.0177 0x25d0  sdstor - ok
21:20:53.0177 0x25d0  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\Windows\system32\seclogon.dll
21:20:53.0177 0x25d0  seclogon - ok
21:20:53.0193 0x25d0  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\Windows\System32\sens.dll
21:20:53.0193 0x25d0  SENS - ok
21:20:53.0224 0x25d0  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\Windows\System32\SensorDataService.exe
21:20:53.0240 0x25d0  SensorDataService - ok
21:20:53.0259 0x25d0  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\Windows\system32\SensorService.dll
21:20:53.0262 0x25d0  SensorService - ok
21:20:53.0262 0x25d0  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:20:53.0278 0x25d0  SensrSvc - ok
21:20:53.0278 0x25d0  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
21:20:53.0278 0x25d0  SerCx - ok
21:20:53.0278 0x25d0  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
21:20:53.0278 0x25d0  SerCx2 - ok
21:20:53.0293 0x25d0  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\Windows\System32\drivers\serenum.sys
21:20:53.0293 0x25d0  Serenum - ok
21:20:53.0293 0x25d0  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\Windows\System32\drivers\serial.sys
21:20:53.0378 0x25d0  Serial - ok
21:20:53.0378 0x25d0  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\Windows\System32\drivers\sermouse.sys
21:20:53.0378 0x25d0  sermouse - ok
21:20:53.0394 0x25d0  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\Windows\system32\sessenv.dll
21:20:53.0409 0x25d0  SessionEnv - ok
21:20:53.0409 0x25d0  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
21:20:53.0409 0x25d0  sfloppy - ok
21:20:53.0425 0x25d0  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:20:53.0425 0x25d0  SharedAccess - ok
21:20:53.0441 0x25d0  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:20:53.0460 0x25d0  ShellHWDetection - ok
21:20:53.0462 0x25d0  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\Windows\system32\Windows.SharedPC.AccountManager.dll
21:20:53.0462 0x25d0  shpamsvc - ok
21:20:53.0462 0x25d0  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:20:53.0462 0x25d0  SiSRaid2 - ok
21:20:53.0477 0x25d0  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:20:53.0477 0x25d0  SiSRaid4 - ok
21:20:53.0477 0x25d0  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:20:53.0493 0x25d0  SkypeUpdate - ok
21:20:53.0493 0x25d0  [ DDACBE2EFD5143E24EE59B0F460F25BA, 6637E0D664DA4BA2BFDB0B95545F902DC20527EE89D42C84579182A4553DD126 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
21:20:53.0493 0x25d0  SmbDrv - ok
21:20:53.0493 0x25d0  [ 6E8FFE699A6374DEE76056E907841EA4, 5C0098287251B91A38A1992E6FBCCA2540892D44E4A0D85CD7990E860531F35A ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:20:53.0493 0x25d0  SmbDrvI - ok
21:20:53.0493 0x25d0  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\Windows\System32\smphost.dll
21:20:53.0509 0x25d0  smphost - ok
21:20:53.0524 0x25d0  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
21:20:53.0524 0x25d0  SmsRouter - ok
21:20:53.0540 0x25d0  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:20:53.0540 0x25d0  SNMPTRAP - ok
21:20:53.0540 0x25d0  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\Windows\system32\drivers\spaceport.sys
21:20:53.0562 0x25d0  spaceport - ok
21:20:53.0562 0x25d0  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
21:20:53.0562 0x25d0  SpbCx - ok
21:20:53.0578 0x25d0  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\Windows\System32\spoolsv.exe
21:20:53.0593 0x25d0  Spooler - ok
21:20:53.0678 0x25d0  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:20:53.0762 0x25d0  sppsvc - ok
21:20:53.0777 0x25d0  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:20:53.0782 0x25d0  srv - ok
21:20:53.0782 0x25d0  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:20:53.0798 0x25d0  srv2 - ok
21:20:53.0814 0x25d0  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:20:53.0814 0x25d0  srvnet - ok
21:20:53.0814 0x25d0  [ AFC159BDB8CD5A804D015D8A3624ECC6, 863150170D7F84D793C7CECD40439A5B46D337A8B904183ED8C53FDA9FB71091 ] ssdevfactory    C:\Windows\System32\drivers\ssdevfactory.sys
21:20:53.0829 0x25d0  ssdevfactory - ok
21:20:53.0845 0x25d0  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:20:53.0845 0x25d0  SSDPSRV - ok
21:20:53.0845 0x25d0  [ EB6CA2EC412203040E8C4A1438FE06CA, DB11D1956B6D5AED66A1E7F98EF889529137714E6FE697FAEE50CFBA3BD4011A ] sshid           C:\Windows\System32\drivers\sshid.sys
21:20:53.0845 0x25d0  sshid - ok
21:20:53.0845 0x25d0  [ 7A99510EFC61C305CF61F44B6859E075, 7C97189B52A142E3EED7ED121D1629D4F1A015B04EFCB008FA822FDE14666468 ] ssps2           C:\Windows\System32\drivers\ssps2.sys
21:20:53.0845 0x25d0  ssps2 - ok
21:20:53.0860 0x25d0  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:20:53.0860 0x25d0  SstpSvc - ok
21:20:53.0929 0x25d0  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\Windows\system32\windows.staterepository.dll
21:20:53.0983 0x25d0  StateRepository - ok
21:20:54.0014 0x25d0  [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:20:54.0030 0x25d0  Steam Client Service - ok
21:20:54.0030 0x25d0  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:20:54.0030 0x25d0  stexstor - ok
21:20:54.0045 0x25d0  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\Windows\System32\wiaservc.dll
21:20:54.0045 0x25d0  stisvc - ok
21:20:54.0061 0x25d0  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\Windows\system32\drivers\storahci.sys
21:20:54.0061 0x25d0  storahci - ok
21:20:54.0061 0x25d0  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:20:54.0061 0x25d0  storflt - ok
21:20:54.0061 0x25d0  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\Windows\system32\drivers\stornvme.sys
21:20:54.0077 0x25d0  stornvme - ok
21:20:54.0082 0x25d0  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
21:20:54.0083 0x25d0  storqosflt - ok
21:20:54.0083 0x25d0  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\Windows\system32\storsvc.dll
21:20:54.0098 0x25d0  StorSvc - ok
21:20:54.0098 0x25d0  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\Windows\system32\drivers\storufs.sys
21:20:54.0098 0x25d0  storufs - ok
21:20:54.0098 0x25d0  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:20:54.0098 0x25d0  storvsc - ok
21:20:54.0098 0x25d0  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\Windows\system32\svsvc.dll
21:20:54.0098 0x25d0  svsvc - ok
21:20:54.0114 0x25d0  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\Windows\System32\drivers\swenum.sys
21:20:54.0114 0x25d0  swenum - ok
21:20:54.0114 0x25d0  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\Windows\System32\swprv.dll
21:20:54.0129 0x25d0  swprv - ok
21:20:54.0129 0x25d0  [ E542C084F75E441550FB5D27B3557E96, 61691BD0587CD11DBA674F1C48F4C50049D964DC1C8B949925EA51097B89AA14 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:20:54.0129 0x25d0  SymEvent - ok
21:20:54.0145 0x25d0  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
21:20:54.0145 0x25d0  Synth3dVsc - ok
21:20:54.0161 0x25d0  [ CF5FA695682D9C3305C67FD2A1B22478, DB8B28D569B9CE36A4816C3FC5E63BDCA1847C1CE061FC2AC37FCBCA6D2E036B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:20:54.0177 0x25d0  SynTP - ok
21:20:54.0182 0x25d0  [ 7C5A6BDF05A77BFB37FB0071E3810E65, E67A601405B77550547ABD4B6FB1A99ADFA956314BFF9A3C35B42945B00175A2 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
21:20:54.0182 0x25d0  SynTPEnhService - ok
21:20:54.0198 0x25d0  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\Windows\system32\sysmain.dll
21:20:54.0214 0x25d0  SysMain - ok
21:20:54.0214 0x25d0  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
21:20:54.0229 0x25d0  SystemEventsBroker - ok
21:20:54.0229 0x25d0  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:20:54.0229 0x25d0  TabletInputService - ok
21:20:54.0245 0x25d0  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:20:54.0245 0x25d0  TapiSrv - ok
21:20:54.0283 0x25d0  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:20:54.0314 0x25d0  Tcpip - ok
21:20:54.0361 0x25d0  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
21:20:54.0398 0x25d0  Tcpip6 - ok
21:20:54.0398 0x25d0  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:20:54.0398 0x25d0  tcpipreg - ok
21:20:54.0414 0x25d0  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:20:54.0414 0x25d0  tdx - ok
21:20:54.0414 0x25d0  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
21:20:54.0414 0x25d0  terminpt - ok
21:20:54.0430 0x25d0  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\Windows\System32\termsrv.dll
21:20:54.0445 0x25d0  TermService - ok
21:20:54.0445 0x25d0  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\Windows\system32\themeservice.dll
21:20:54.0445 0x25d0  Themes - ok
21:20:54.0461 0x25d0  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
21:20:54.0461 0x25d0  TieringEngineService - ok
21:20:54.0483 0x25d0  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
21:20:54.0483 0x25d0  tiledatamodelsvc - ok
21:20:54.0483 0x25d0  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\Windows\System32\TimeBrokerServer.dll
21:20:54.0499 0x25d0  TimeBrokerSvc - ok
21:20:54.0499 0x25d0  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\Windows\System32\drivers\tpm.sys
21:20:54.0499 0x25d0  TPM - ok
21:20:54.0514 0x25d0  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\Windows\System32\trkwks.dll
21:20:54.0514 0x25d0  TrkWks - ok
21:20:54.0514 0x25d0  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:20:54.0514 0x25d0  TrustedInstaller - ok
21:20:54.0514 0x25d0  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
21:20:54.0514 0x25d0  tsusbflt - ok
21:20:54.0530 0x25d0  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
21:20:54.0530 0x25d0  TsUsbGD - ok
21:20:54.0530 0x25d0  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\Windows\System32\drivers\tunnel.sys
21:20:54.0530 0x25d0  tunnel - ok
21:20:54.0546 0x25d0  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
21:20:54.0546 0x25d0  tzautoupdate - ok
21:20:54.0546 0x25d0  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
21:20:54.0546 0x25d0  UASPStor - ok
21:20:54.0546 0x25d0  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
21:20:54.0546 0x25d0  UcmCx0101 - ok
21:20:54.0561 0x25d0  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\Windows\system32\Drivers\UcmTcpciCx.sys
21:20:54.0561 0x25d0  UcmTcpciCx0101 - ok
21:20:54.0561 0x25d0  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
21:20:54.0561 0x25d0  UcmUcsi - ok
21:20:54.0561 0x25d0  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
21:20:54.0579 0x25d0  Ucx01000 - ok
21:20:54.0583 0x25d0  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
21:20:54.0583 0x25d0  UdeCx - ok
21:20:54.0583 0x25d0  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:20:54.0583 0x25d0  udfs - ok
21:20:54.0598 0x25d0  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
21:20:54.0598 0x25d0  UEFI - ok
21:20:54.0598 0x25d0  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
21:20:54.0598 0x25d0  Ufx01000 - ok
21:20:54.0598 0x25d0  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
21:20:54.0614 0x25d0  UfxChipidea - ok
21:20:54.0614 0x25d0  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
21:20:54.0614 0x25d0  ufxsynopsys - ok
21:20:54.0614 0x25d0  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:20:54.0614 0x25d0  UI0Detect - ok
21:20:54.0630 0x25d0  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\Windows\System32\drivers\umbus.sys
21:20:54.0630 0x25d0  umbus - ok
21:20:54.0630 0x25d0  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\Windows\System32\drivers\umpass.sys
21:20:54.0630 0x25d0  UmPass - ok
21:20:54.0630 0x25d0  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:20:54.0645 0x25d0  UmRdpService - ok
21:20:54.0661 0x25d0  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\Windows\System32\unistore.dll
21:20:54.0683 0x25d0  UnistoreSvc - ok
21:20:54.0698 0x25d0  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\Windows\System32\upnphost.dll
21:20:54.0698 0x25d0  upnphost - ok
21:20:54.0698 0x25d0  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
21:20:54.0698 0x25d0  UrsChipidea - ok
21:20:54.0698 0x25d0  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
21:20:54.0714 0x25d0  UrsCx01000 - ok
21:20:54.0714 0x25d0  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
21:20:54.0714 0x25d0  UrsSynopsys - ok
21:20:54.0714 0x25d0  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
21:20:54.0714 0x25d0  usbccgp - ok
21:20:54.0730 0x25d0  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\Windows\System32\drivers\usbcir.sys
21:20:54.0730 0x25d0  usbcir - ok
21:20:54.0730 0x25d0  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
21:20:54.0730 0x25d0  usbehci - ok
21:20:54.0745 0x25d0  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
21:20:54.0745 0x25d0  usbhub - ok
21:20:54.0761 0x25d0  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
21:20:54.0761 0x25d0  USBHUB3 - ok
21:20:54.0776 0x25d0  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
21:20:54.0778 0x25d0  usbohci - ok
21:20:54.0780 0x25d0  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
21:20:54.0781 0x25d0  usbprint - ok
21:20:54.0783 0x25d0  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\Windows\System32\drivers\usbser.sys
21:20:54.0783 0x25d0  usbser - ok
21:20:54.0783 0x25d0  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
21:20:54.0783 0x25d0  USBSTOR - ok
21:20:54.0783 0x25d0  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
21:20:54.0783 0x25d0  usbuhci - ok
21:20:54.0799 0x25d0  [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:20:54.0799 0x25d0  usbvideo - ok
21:20:54.0814 0x25d0  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
21:20:54.0814 0x25d0  USBXHCI - ok
21:20:54.0846 0x25d0  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\Windows\System32\userdataservice.dll
21:20:54.0861 0x25d0  UserDataSvc - ok
21:20:54.0883 0x25d0  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\Windows\System32\usermgr.dll
21:20:54.0899 0x25d0  UserManager - ok
21:20:54.0899 0x25d0  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\Windows\system32\usocore.dll
21:20:54.0914 0x25d0  UsoSvc - ok
21:20:54.0914 0x25d0  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\Windows\system32\lsass.exe
21:20:54.0914 0x25d0  VaultSvc - ok
21:20:54.0914 0x25d0  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:20:54.0930 0x25d0  vdrvroot - ok
21:20:54.0930 0x25d0  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\Windows\System32\vds.exe
21:20:54.0945 0x25d0  vds - ok
21:20:54.0945 0x25d0  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
21:20:54.0961 0x25d0  VerifierExt - ok
21:20:54.0961 0x25d0  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
21:20:54.0983 0x25d0  vhdmp - ok
21:20:54.0983 0x25d0  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\Windows\System32\drivers\vhf.sys
21:20:54.0983 0x25d0  vhf - ok
21:20:54.0983 0x25d0  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:20:54.0983 0x25d0  vmbus - ok
21:20:54.0998 0x25d0  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
21:20:54.0998 0x25d0  VMBusHID - ok
21:20:54.0998 0x25d0  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\Windows\System32\drivers\vmgid.sys
21:20:54.0998 0x25d0  vmgid - ok
21:20:54.0998 0x25d0  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\Windows\System32\icsvc.dll
21:20:55.0014 0x25d0  vmicguestinterface - ok
21:20:55.0014 0x25d0  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\Windows\System32\icsvc.dll
21:20:55.0014 0x25d0  vmicheartbeat - ok
21:20:55.0030 0x25d0  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\Windows\System32\icsvc.dll
21:20:55.0030 0x25d0  vmickvpexchange - ok
21:20:55.0030 0x25d0  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\Windows\System32\icsvcext.dll
21:20:55.0045 0x25d0  vmicrdv - ok
21:20:55.0045 0x25d0  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\Windows\System32\icsvc.dll
21:20:55.0061 0x25d0  vmicshutdown - ok
21:20:55.0061 0x25d0  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\Windows\System32\icsvc.dll
21:20:55.0061 0x25d0  vmictimesync - ok
21:20:55.0079 0x25d0  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\Windows\System32\icsvc.dll
21:20:55.0083 0x25d0  vmicvmsession - ok
21:20:55.0083 0x25d0  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\Windows\System32\icsvcext.dll
21:20:55.0083 0x25d0  vmicvss - ok
21:20:55.0099 0x25d0  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:20:55.0099 0x25d0  volmgr - ok
21:20:55.0099 0x25d0  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:20:55.0114 0x25d0  volmgrx - ok
21:20:55.0114 0x25d0  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:20:55.0130 0x25d0  volsnap - ok
21:20:55.0130 0x25d0  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\Windows\system32\drivers\volume.sys
21:20:55.0130 0x25d0  volume - ok
21:20:55.0130 0x25d0  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\Windows\System32\drivers\vpci.sys
21:20:55.0130 0x25d0  vpci - ok
21:20:55.0130 0x25d0  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:20:55.0146 0x25d0  vsmraid - ok
21:20:55.0161 0x25d0  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\Windows\system32\vssvc.exe
21:20:55.0183 0x25d0  VSS - ok
21:20:55.0198 0x25d0  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
21:20:55.0198 0x25d0  VSTXRAID - ok
21:20:55.0198 0x25d0  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:20:55.0198 0x25d0  vwifibus - ok
21:20:55.0198 0x25d0  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
21:20:55.0198 0x25d0  vwififlt - ok
21:20:55.0214 0x25d0  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\Windows\System32\drivers\vwifimp.sys
21:20:55.0214 0x25d0  vwifimp - ok
21:20:55.0214 0x25d0  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\Windows\system32\w32time.dll
21:20:55.0230 0x25d0  W32Time - ok
21:20:55.0230 0x25d0  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
21:20:55.0230 0x25d0  WacomPen - ok
21:20:55.0245 0x25d0  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\Windows\system32\WalletService.dll
21:20:55.0245 0x25d0  WalletService - ok
21:20:55.0261 0x25d0  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:20:55.0261 0x25d0  wanarp - ok
21:20:55.0261 0x25d0  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:20:55.0261 0x25d0  wanarpv6 - ok
21:20:55.0283 0x25d0  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\Windows\system32\wbengine.exe
21:20:55.0298 0x25d0  wbengine - ok
21:20:55.0314 0x25d0  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:20:55.0330 0x25d0  WbioSrvc - ok
21:20:55.0330 0x25d0  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\Windows\system32\drivers\wcifs.sys
21:20:55.0345 0x25d0  wcifs - ok
21:20:55.0361 0x25d0  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
21:20:55.0361 0x25d0  Wcmsvc - ok
21:20:55.0383 0x25d0  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:20:55.0383 0x25d0  wcncsvc - ok
21:20:55.0383 0x25d0  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\Windows\system32\drivers\wcnfs.sys
21:20:55.0383 0x25d0  wcnfs - ok
21:20:55.0399 0x25d0  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
21:20:55.0399 0x25d0  WdBoot - ok
21:20:55.0414 0x25d0  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:20:55.0414 0x25d0  Wdf01000 - ok
21:20:55.0430 0x25d0  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
21:20:55.0430 0x25d0  WdFilter - ok
21:20:55.0430 0x25d0  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:20:55.0430 0x25d0  WdiServiceHost - ok
21:20:55.0446 0x25d0  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:20:55.0446 0x25d0  WdiSystemHost - ok
21:20:55.0461 0x25d0  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
21:20:55.0477 0x25d0  wdiwifi - ok
21:20:55.0482 0x25d0  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
21:20:55.0483 0x25d0  WdNisDrv - ok
21:20:55.0483 0x25d0  WdNisSvc - ok
21:20:55.0483 0x25d0  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\Windows\System32\webclnt.dll
21:20:55.0483 0x25d0  WebClient - ok
21:20:55.0499 0x25d0  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:20:55.0499 0x25d0  Wecsvc - ok
21:20:55.0499 0x25d0  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
21:20:55.0499 0x25d0  WEPHOSTSVC - ok
21:20:55.0515 0x25d0  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:20:55.0515 0x25d0  wercplsupport - ok
21:20:55.0515 0x25d0  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:20:55.0515 0x25d0  WerSvc - ok
21:20:55.0530 0x25d0  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
21:20:55.0530 0x25d0  WFPLWFS - ok
21:20:55.0530 0x25d0  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\Windows\System32\wiarpc.dll
21:20:55.0530 0x25d0  WiaRpc - ok
21:20:55.0546 0x25d0  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:20:55.0546 0x25d0  WIMMount - ok
21:20:55.0546 0x25d0  WinDefend - ok
21:20:55.0546 0x25d0  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
21:20:55.0561 0x25d0  WindowsTrustedRT - ok
21:20:55.0561 0x25d0  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
21:20:55.0561 0x25d0  WindowsTrustedRTProxy - ok
21:20:55.0582 0x25d0  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
21:20:55.0583 0x25d0  WinHttpAutoProxySvc - ok
21:20:55.0583 0x25d0  [ E815503BDE35026051EB701ACA72B296, 5541FBDA961B403F88BAF720840AB8DF2C96A382CDF97132A5C6A05A5F105E70 ] WINIO           C:\Program Files (x86)\MSI\Dragon Center\winio64.sys
21:20:55.0583 0x25d0  WINIO - ok
21:20:55.0599 0x25d0  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\Windows\System32\drivers\winmad.sys
21:20:55.0599 0x25d0  WinMad - ok
21:20:55.0599 0x25d0  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:20:55.0614 0x25d0  Winmgmt - ok
21:20:55.0646 0x25d0  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:20:55.0683 0x25d0  WinRM - ok
21:20:55.0699 0x25d0  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
21:20:55.0699 0x25d0  WINUSB - ok
21:20:55.0699 0x25d0  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
21:20:55.0699 0x25d0  WinVerbs - ok
21:20:55.0716 0x25d0  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\Windows\system32\flightsettings.dll
21:20:55.0716 0x25d0  wisvc - ok
21:20:55.0763 0x25d0  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\Windows\System32\wlansvc.dll
21:20:55.0799 0x25d0  WlanSvc - ok
21:20:55.0830 0x25d0  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
21:20:55.0861 0x25d0  wlidsvc - ok
21:20:55.0861 0x25d0  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
21:20:55.0861 0x25d0  WmiAcpi - ok
21:20:55.0861 0x25d0  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:20:55.0861 0x25d0  wmiApSrv - ok
21:20:55.0879 0x25d0  WMPNetworkSvc - ok
21:20:55.0884 0x25d0  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\Windows\system32\drivers\Wof.sys
21:20:55.0884 0x25d0  Wof - ok
21:20:55.0915 0x25d0  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
21:20:55.0930 0x25d0  workfolderssvc - ok
21:20:55.0946 0x25d0  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:20:55.0946 0x25d0  WPDBusEnum - ok
21:20:55.0946 0x25d0  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
21:20:55.0946 0x25d0  WpdUpFltr - ok
21:20:55.0962 0x25d0  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\Windows\system32\WpnService.dll
21:20:55.0962 0x25d0  WpnService - ok
21:20:55.0962 0x25d0  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\Windows\System32\WpnUserService.dll
21:20:55.0962 0x25d0  WpnUserService - ok
21:20:55.0982 0x25d0  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:20:55.0982 0x25d0  ws2ifsl - ok
21:20:55.0984 0x25d0  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:20:55.0984 0x25d0  wscsvc - ok
21:20:55.0984 0x25d0  WSearch - ok
21:20:56.0000 0x25d0  [ 89DCE82232B4C03A7E0ED75CD663B653, D1996163EB971E6A10583E7D97097AE514702DBEDCEC0F76C3A3758BBA7C8034 ] WtfEngineDrv    C:\Windows\system32\DRIVERS\WtfEngineDrv.sys
21:20:56.0000 0x25d0  WtfEngineDrv - ok
21:20:56.0031 0x25d0  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\Windows\system32\wuaueng.dll
21:20:56.0062 0x25d0  wuauserv - ok
21:20:56.0062 0x25d0  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:20:56.0062 0x25d0  WudfPf - ok
21:20:56.0084 0x25d0  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
21:20:56.0084 0x25d0  WUDFRd - ok
21:20:56.0084 0x25d0  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:20:56.0084 0x25d0  wudfsvc - ok
21:20:56.0100 0x25d0  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
21:20:56.0100 0x25d0  WUDFWpdFs - ok
21:20:56.0115 0x25d0  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:20:56.0131 0x25d0  WwanSvc - ok
21:20:56.0162 0x25d0  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
21:20:56.0178 0x25d0  XblAuthManager - ok
21:20:56.0199 0x25d0  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
21:20:56.0215 0x25d0  XblGameSave - ok
21:20:56.0215 0x25d0  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
21:20:56.0215 0x25d0  xboxgip - ok
21:20:56.0246 0x25d0  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
21:20:56.0262 0x25d0  XboxNetApiSvc - ok
21:20:56.0262 0x25d0  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
21:20:56.0262 0x25d0  xinputhid - ok
21:20:56.0262 0x25d0  [ C1D83317310C9470DF3CD7BB22AA874E, 33BABFB957363DA1D333745033F655DD8EAA1DABEBCA09FC728FF1A87622BE52 ] XTU3SERVICE     C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
21:20:56.0262 0x25d0  XTU3SERVICE - ok
21:20:56.0278 0x25d0  [ 127702D90B07657E8421817D2D50A097, 3969817D67C21D7D4E146BC137557C62AB22FEC2FA55D36177D781BE83D3573B ] XtuAcpiDriver   C:\Windows\System32\drivers\XtuAcpiDriver.sys
21:20:56.0280 0x25d0  XtuAcpiDriver - ok
21:20:56.0280 0x25d0  ================ Scan global ===============================
21:20:56.0284 0x25d0  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\Windows\system32\basesrv.dll
21:20:56.0284 0x25d0  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\Windows\system32\winsrv.dll
21:20:56.0284 0x25d0  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\Windows\system32\sxssrv.dll
21:20:56.0300 0x25d0  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\Windows\system32\services.exe
21:20:56.0300 0x25d0  [ Global ] - ok
21:20:56.0300 0x25d0  ================ Scan MBR ==================================
21:20:56.0300 0x25d0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:20:56.0315 0x25d0  \Device\Harddisk0\DR0 - ok
21:20:56.0315 0x25d0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:20:56.0415 0x25d0  \Device\Harddisk1\DR1 - ok
21:20:56.0415 0x25d0  ================ Scan VBR ==================================
21:20:56.0415 0x25d0  [ 98342AEFBE984560E273C31CA4A17042 ] \Device\Harddisk0\DR0\Partition1
21:20:56.0415 0x25d0  \Device\Harddisk0\DR0\Partition1 - ok
21:20:56.0415 0x25d0  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
21:20:56.0415 0x25d0  \Device\Harddisk0\DR0\Partition2 - ok
21:20:56.0415 0x25d0  [ 372D49346D46FEA56E7B008861927C81 ] \Device\Harddisk0\DR0\Partition3
21:20:56.0415 0x25d0  \Device\Harddisk0\DR0\Partition3 - ok
21:20:56.0415 0x25d0  [ F03D8EEFBE7274A51D94BAA027679D58 ] \Device\Harddisk0\DR0\Partition4
21:20:56.0415 0x25d0  \Device\Harddisk0\DR0\Partition4 - ok
21:20:56.0415 0x25d0  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
21:20:56.0415 0x25d0  \Device\Harddisk1\DR1\Partition1 - ok
21:20:56.0430 0x25d0  [ 82E26109428D2ED80F754B25D729DD0C ] \Device\Harddisk1\DR1\Partition2
21:20:56.0430 0x25d0  \Device\Harddisk1\DR1\Partition2 - ok
21:20:56.0430 0x25d0  ================ Scan generic autorun ======================
21:20:56.0562 0x25d0  [ 5F50B8C8BF2C8F50A819086F1EBB4CAD, BDD9D1B02EC909DD84890ADF0759D395CB06EF9FB7C2F81D1C5304837355F538 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:20:56.0646 0x25d0  RTHDVCPL - ok
21:20:56.0662 0x25d0  [ 6A20A9BFDCCF75CC83514B431E97C3F9, 5C0A232C44231DFC02B4E6E3D442A65B860209C8FF3C795D2D54830F19793CBD ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:20:56.0662 0x25d0  IAStorIcon - ok
21:20:56.0684 0x25d0  [ 7964BF8D70539ABAEE812C26B308F4C3, 70E5CCF22F501B414CAC5D9C2F014BA8AAC5E6727E52D2AE920F26955B6E9E06 ] C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
21:20:56.0684 0x25d0  Nahimic2UILauncher - ok
21:20:56.0762 0x25d0  [ 1034796691CCBC39F4F4413497AA82D8, 390B33324108E3340B0C9B073DDAB78EC253CB3B0BAA0FBDD2A58BA6B4D81640 ] C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
21:20:56.0815 0x25d0  MsiTrueColor - ok
21:20:56.0815 0x25d0  [ 7C037BA077E9783C26E89544674927D9, 248406171AA6F53A91918A30A4DAD4D38979087B220CDC1AC0632ED2A19D0F1E ] C:\Program Files (x86)\SCM\SCM.exe
21:20:56.0831 0x25d0  SCM - ok
21:20:56.0831 0x25d0  [ C7645D43451C6D94D87F4D07BDE59C89, 495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3 ] C:\Windows\system32\rundll32.exe
21:20:56.0831 0x25d0  ShadowPlay - ok
21:20:56.0831 0x25d0  WindowsDefender - ok
21:20:56.0879 0x25d0  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
21:20:56.0900 0x25d0  Malwarebytes TrayApp - ok
21:20:56.0900 0x25d0  [ 98BF3BE28076A0ACEE2082C4C9080D6D, 576D4BE0533F0ED491206722A36D4E8F01E900ADB545FAE9A65D669B512A2A39 ] C:\Users\ADMINI~1\AppData\Local\Temp\DeleteOnReboot.bat
21:20:56.0900 0x25d0  DeleteOnReboot - ok
21:20:57.0047 0x25d0  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
21:20:57.0158 0x25d0  OneDriveSetup - ok
21:20:57.0284 0x25d0  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
21:20:57.0384 0x25d0  OneDriveSetup - ok
21:20:57.0515 0x25d0  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
21:20:57.0622 0x25d0  OneDriveSetup - ok
21:20:57.0644 0x25d0  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\OneDrive.exe
21:20:57.0659 0x25d0  OneDrive - ok
21:20:57.0691 0x25d0  [ 44348495F9D6ED21F4EFB3FF80677D99, 05B76248764B2BF7F9229626D7EFAFF96B724D38A82969EBE376CBE879E30450 ] C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
21:20:57.0706 0x25d0  OneDrive - ok
21:20:57.0706 0x25d0  Skype - ok
21:20:57.0706 0x25d0  [ D246A5F3AC19B579D432D5CD88FAC845, 42976C6797A8426107B428E64309466EF32F438B459432D5FFB310F1F6D7DD42 ] C:\AdwCleaner\AdwCleaner[C0].txt
21:20:57.0706 0x25d0  Report - ok
21:20:57.0706 0x25d0  Waiting for KSN requests completion. In queue: 218
21:20:58.0722 0x25d0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
21:20:58.0722 0x25d0  Win FW state via NFP2: enabled ( trusted )
21:20:59.0460 0x25d0  ============================================================
21:20:59.0460 0x25d0  Scan finished
21:20:59.0460 0x25d0  ============================================================
21:20:59.0460 0x2118  Detected object count: 0
21:20:59.0460 0x2118  Actual detected object count: 0
21:21:04.0481 0x2210  Deinitialize success
         


Alt 16.02.2017, 17:35   #6
M-K-D-B
/// TB-Ausbilder
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Servus,


ohne Adminrechte wird das nichts.

Bitte in einem Adminkonto einloggen und von dort FRST und TDSS-Killer mit Rechtsklick "Als Administrator ausführen".
__________________
--> GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen

Alt 17.02.2017, 01:52   #7
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Hallo Matthias,

hier das FRST File
FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
durchgeführt von Administrator (Administrator) auf MSI (16-02-2017 19:42:36)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\SCM\SCM_Notice.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat [480 2017-02-15] () <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-16 19:33 - 2017-02-16 19:33 - 00000000 ___HD C:\OneDriveTemp
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-16 19:42 - 00017699 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-16 19:42 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-15 20:56 - 00049494 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-15 20:55 - 02422272 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-15 20:50 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 21:19 - 2017-02-14 21:20 - 00000000 ____D C:\rei
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-15 20:51 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-18 06:37 - 2017-01-18 06:37 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Arrowhead
2017-01-18 06:28 - 2017-01-18 06:28 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Robot Entertainment
2017-01-17 05:54 - 2017-01-21 05:55 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-01-17 05:53 - 2017-01-20 11:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 01964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 01598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-16 19:38 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 19:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-16 19:36 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-16 19:33 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-16 19:33 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-16 08:36 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-15 20:58 - 2016-08-01 18:06 - 00606350 _____ C:\Windows\system32\perfh019.dat
2017-02-15 20:58 - 2016-08-01 18:06 - 00211566 _____ C:\Windows\system32\perfc019.dat
2017-02-15 20:58 - 2016-08-01 18:02 - 00714554 _____ C:\Windows\system32\prfh0816.dat
2017-02-15 20:58 - 2016-08-01 18:02 - 00232904 _____ C:\Windows\system32\prfc0816.dat
2017-02-15 20:58 - 2016-08-01 17:58 - 00737414 _____ C:\Windows\system32\perfh013.dat
2017-02-15 20:58 - 2016-08-01 17:58 - 00240062 _____ C:\Windows\system32\perfc013.dat
2017-02-15 20:58 - 2016-08-01 17:50 - 00715810 _____ C:\Windows\system32\perfh010.dat
2017-02-15 20:58 - 2016-08-01 17:50 - 00227830 _____ C:\Windows\system32\perfc010.dat
2017-02-15 20:58 - 2016-08-01 17:47 - 00735658 _____ C:\Windows\system32\perfh00C.dat
2017-02-15 20:58 - 2016-08-01 17:47 - 00233984 _____ C:\Windows\system32\perfc00C.dat
2017-02-15 20:58 - 2016-08-01 17:42 - 00729862 _____ C:\Windows\system32\perfh00A.dat
2017-02-15 20:58 - 2016-08-01 17:42 - 00238036 _____ C:\Windows\system32\perfc00A.dat
2017-02-15 20:58 - 2016-08-01 17:40 - 00776174 _____ C:\Windows\system32\perfh008.dat
2017-02-15 20:58 - 2016-08-01 17:40 - 00243030 _____ C:\Windows\system32\perfc008.dat
2017-02-15 20:58 - 2016-08-01 17:37 - 01064154 _____ C:\Windows\system32\perfh007.dat
2017-02-15 20:58 - 2016-08-01 17:37 - 00248506 _____ C:\Windows\system32\perfc007.dat
2017-02-15 20:58 - 2016-08-01 17:33 - 09299262 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 20:52 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 20:51 - 2016-12-23 04:07 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-15 20:51 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-15 20:51 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-15 20:50 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-13 21:49 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 19:01 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 17:13 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:36 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-20 11:38 - 2016-10-20 18:52 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00043556 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 11:25 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator
2017-01-20 10:17 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Packages
2017-01-20 10:13 - 2016-10-20 18:52 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 09:04 - 2016-12-23 04:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-18 07:57 - 2016-10-20 18:52 - 07755067 _____ C:\Windows\system32\nvcoproc.bin
2017-01-18 06:28 - 2016-12-25 09:54 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\NVIDIA

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-16 19:32 - 0003771 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-15 20:51 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat


Einige Dateien in TEMP:
====================
2017-02-10 09:22 - 2016-12-29 07:29 - 0860960 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-10 14:34 - 2016-12-29 07:28 - 0351680 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-07 18:09

==================== Ende von FRST.txt ============================
         
--- --- ---


... entschuldige bitte vielmals,
hier das FRST File


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
durchgeführt von Administrator (Administrator) auf MSI (16-02-2017 19:50:38)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat [480 2017-02-15] () <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-15] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-16 19:33 - 2017-02-16 19:33 - 00000000 ___HD C:\OneDriveTemp
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-16 19:50 - 00017756 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-16 19:50 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-16 19:48 - 00051358 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-15 20:55 - 02422272 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-15 20:50 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-15 20:51 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-18 06:37 - 2017-01-18 06:37 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Arrowhead
2017-01-18 06:28 - 2017-01-18 06:28 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Robot Entertainment
2017-01-17 05:54 - 2017-01-21 05:55 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-01-17 05:53 - 2017-01-20 11:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 01964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2017-01-17 05:52 - 2017-01-17 05:52 - 01598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-16 19:38 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 19:38 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-16 19:36 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-16 19:33 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-16 19:33 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-16 08:36 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-15 20:58 - 2016-08-01 18:06 - 00606350 _____ C:\Windows\system32\perfh019.dat
2017-02-15 20:58 - 2016-08-01 18:06 - 00211566 _____ C:\Windows\system32\perfc019.dat
2017-02-15 20:58 - 2016-08-01 18:02 - 00714554 _____ C:\Windows\system32\prfh0816.dat
2017-02-15 20:58 - 2016-08-01 18:02 - 00232904 _____ C:\Windows\system32\prfc0816.dat
2017-02-15 20:58 - 2016-08-01 17:58 - 00737414 _____ C:\Windows\system32\perfh013.dat
2017-02-15 20:58 - 2016-08-01 17:58 - 00240062 _____ C:\Windows\system32\perfc013.dat
2017-02-15 20:58 - 2016-08-01 17:50 - 00715810 _____ C:\Windows\system32\perfh010.dat
2017-02-15 20:58 - 2016-08-01 17:50 - 00227830 _____ C:\Windows\system32\perfc010.dat
2017-02-15 20:58 - 2016-08-01 17:47 - 00735658 _____ C:\Windows\system32\perfh00C.dat
2017-02-15 20:58 - 2016-08-01 17:47 - 00233984 _____ C:\Windows\system32\perfc00C.dat
2017-02-15 20:58 - 2016-08-01 17:42 - 00729862 _____ C:\Windows\system32\perfh00A.dat
2017-02-15 20:58 - 2016-08-01 17:42 - 00238036 _____ C:\Windows\system32\perfc00A.dat
2017-02-15 20:58 - 2016-08-01 17:40 - 00776174 _____ C:\Windows\system32\perfh008.dat
2017-02-15 20:58 - 2016-08-01 17:40 - 00243030 _____ C:\Windows\system32\perfc008.dat
2017-02-15 20:58 - 2016-08-01 17:37 - 01064154 _____ C:\Windows\system32\perfh007.dat
2017-02-15 20:58 - 2016-08-01 17:37 - 00248506 _____ C:\Windows\system32\perfc007.dat
2017-02-15 20:58 - 2016-08-01 17:33 - 09299262 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 20:52 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 20:51 - 2016-12-23 04:07 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-15 20:51 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-15 20:51 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-15 20:50 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-13 21:49 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 19:01 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 17:13 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:36 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-20 11:38 - 2016-10-20 18:52 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00043556 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 11:25 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator
2017-01-20 10:17 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Packages
2017-01-20 10:13 - 2016-10-20 18:52 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 09:04 - 2016-12-23 04:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-18 07:57 - 2016-10-20 18:52 - 07755067 _____ C:\Windows\system32\nvcoproc.bin
2017-01-18 06:28 - 2016-12-25 09:54 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\NVIDIA

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-16 19:32 - 0003771 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-15 20:51 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat


Einige Dateien in TEMP:
====================
2017-02-10 09:22 - 2016-12-29 07:29 - 0860960 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-10 14:34 - 2016-12-29 07:28 - 0351680 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-07 18:09

==================== Ende von FRST.txt ============================
         
--- --- ---

[/CODE]

Alt 17.02.2017, 01:54   #8
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



... und hier ist das Addition File

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
durchgeführt von Administrator (16-02-2017 19:50:57)
Gestartet von C:\Users\MarkStrong\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-14 15:08:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4218886898-41493801-728894-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4218886898-41493801-728894-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4218886898-41493801-728894-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-4218886898-41493801-728894-501 - Limited - Disabled)
MarkStrong (S-1-5-21-4218886898-41493801-728894-1001 - Limited - Enabled) => C:\Users\MarkStrong

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
ApoDispatchConfigurator (Version: 2.3.701 - Nahimic) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
AudioLaunchpadConfigurator (Version: 2.3.701 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.) Hidden
Beyond Gravity (HKLM\...\Steam App 317510) (Version:  - Qwiboo Ltd)
Bridge Constructor Medieval (HKLM\...\Steam App 319850) (Version:  - ClockStone)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
BurnRecovery (x32 Version: 5.0.1608.1201 - Application) Hidden
CheckDevicesConfigurator (Version: 2.3.701 - Nahimic) Hidden
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
DEFCON (HKLM\...\Steam App 1520) (Version:  - Introversion Software)
Defend Your Life (HKLM\...\Steam App 357780) (Version:  - Alda Games)
Defenders of Ardania (HKLM\...\Steam App 73060) (Version:  - Most Wanted Entertainment)
Demon Hunter: Chronicles from Beyond (HKLM\...\Steam App 330990) (Version:  - Brave Giant LTD)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.)
Dragon Center (x32 Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.) Hidden
Dwarfs!? (HKLM\...\Steam App 35480) (Version:  - Power of 2)
Evil Defenders (HKLM\...\Steam App 412520) (Version:  - CP Decision)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version:  - Day 1 Studios)
F1 Race Stars (HKLM\...\Steam App 203680) (Version:  - Codemasters Birmingham)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Final Exam (HKLM\...\Steam App 233190) (Version:  - Mighty Rocket Studio)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FORCED (HKLM\...\Steam App 249990) (Version:  - BetaDwarf)
Foul Play (HKLM\...\Steam App 244810) (Version:  - Mediatonic)
Go Home Dinosaurs! (HKLM\...\Steam App 216090) (Version:  - Fire Hose Games)
God Mode (HKLM\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grim Legends 2: Song of the Dark Swan (HKLM\...\Steam App 279800) (Version:  - Artifex Mundi)
Guns'N'Zombies (HKLM\...\Steam App 264300) (Version:  - Krealit)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.) Hidden
Hero Academy (HKLM\...\Steam App 209270) (Version:  - Robot Entertainment)
Hydrophobia: Prophecy (HKLM\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
iBomber Defense Pacific (HKLM\...\Steam App 206690) (Version:  - Cobra Mobile)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel XTU Library (HKLM-x32\...\{B48E71F0-769D-445D-9020-9E06FF1D51C8}) (Version: 10.015.08120 - Micro-Star INT'L CO., LTD.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Rivet Networks)
LauncherSetup (Version: 2.3.701 - Nahimic) Hidden
Leviathan: Warships (HKLM\...\Steam App 202270) (Version:  - Pieces Interactive)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
MAGIX Photo Manager 16 (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
Magnetis (HKLM\...\Steam App 37500) (Version:  - Yullaby)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Men of War: Assault Squad (HKLM\...\Steam App 64000) (Version:  - Digitalmindsoft)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-500\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Millie (HKLM\...\Steam App 294230) (Version:  - Forever Entertainment S. A.)
Mini Motor Racing EVO (HKLM\...\Steam App 209520) (Version:  - The Binary Mill)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{51d850bf-aca6-4eac-b215-2792260adafd}) (Version: 2.3.7 - Nahimic)
Nahimic2UISetup (Version: 2.3.701 - Nahimic) Hidden
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.6.0.12 - Symantec Corporation) Hidden
Not The Robots (HKLM\...\Steam App 257120) (Version:  - 2DArray)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Poly Bridge (HKLM\...\Steam App 367450) (Version:  - Dry Cactus)
Pool Nation (HKLM\...\Steam App 254440) (Version:  - Cherry Pop Games)
Port Royale 3 (HKLM\...\Steam App 205610) (Version:  - Gaming Minds)
ProductDaemonSetup (Version: 2.3.701 - Nahimic) Hidden
ProductNSConfigurator (Version: 2.3.701 - Nahimic) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
R.U.S.E (HKLM\...\Steam App 21970) (Version:  - Eugen Systems)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Rise: Battle Lines (HKLM\...\Steam App 386350) (Version:  - The Secret Games Company)
Sanctum 2 (HKLM\...\Steam App 210770) (Version:  - Coffee Stain Studios)
SCM (HKLM\...\{4D36BF08-839B-47C5-BEDF-79D54ED8D14B}) (Version: 13.016.08191 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Sizing Options (x32 Version: 3.0.1607.2201 - Application) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.3.701 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.57 - Synaptics Incorporated)
Time Mysteries: Inheritance - Remastered (HKLM\...\Steam App 350010) (Version:  - Artifex Mundi)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)
Tribloos 2 (HKLM\...\Steam App 271550) (Version:  - BumpkinBrothers)
UIInstallUpgrade (Version: 2.3.701 - Nahimic) Hidden
Unstoppable Gorg (HKLM\...\Steam App 18120) (Version:  - Futuremark)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
War in a Box: Paper Tanks (HKLM\...\Steam App 308460) (Version:  - DQ Team)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02564E8D-AB43-4419-AC00-79101D2756E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {064B5CAB-52A2-430F-A5B4-FF0E09673D4C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {1B8AC99F-030B-42C2-888C-B3F837BA66FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {257D9A76-B695-4959-AA17-319E71BB6F15} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {28C0F686-7B46-4FAF-B9A2-6DCBF9A5CA3C} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-09-05] (Micro-Star International Co., Ltd.)
Task: {31E593A3-4183-4FC8-8087-D1EE9A51F5E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {35EFF172-9233-45BA-A2E7-E350289A2BF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {3C5D7129-9885-4F33-BF1C-C04D91F6BBC8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {7E3D5826-1D24-49E4-9741-EF3C05B040E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {89529DF8-9E20-4066-A0D4-2B9EB847F3FF} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)
Task: {8A08E4AC-099F-42DC-BE7C-B06AB22253D4} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2016-10-27] (Micro-Star International Co., Ltd.)
Task: {8A97CC49-5245-4C9F-B8DB-46B621F734B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {8CB5DDE8-AB4B-42CB-B90E-2FBC77043E55} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 
Task: {B6FCEBAE-82E1-4AEA-A479-399511227EC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B7B85536-A000-4D01-A206-B8A3780D7D35} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {BBB71FBF-7E02-40FE-8B65-22AA4C39C066} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BEA217F2-54BA-427B-83A4-59512D5FB5E6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {D1E97528-3DD9-413E-8EAB-7CF9309086DE} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-10-07] ()
Task: {D9AA3C2E-8022-4CE2-B49C-39DB1039825E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {DFDC6E38-8F85-4CAD-A646-1567A0F2FE91} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {F2C83940-15BC-41F3-9722-EEC6E17D6591} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-10-07] ()
Task: {F90F41F6-90C5-4AFF-A161-596051EEB978} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-10-07] ()
Task: {FE346F69-9C45-4426-A556-DB2838A4C62B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-12-23 04:07 - 2016-12-12 18:39 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-13 20:03 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-29 13:55 - 2016-09-29 13:55 - 00560128 _____ () C:\Program Files\Killer Networking\Killer Control Center\SpeedTestDLL.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-10-20 18:52 - 2017-01-20 10:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00200888 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00272568 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-02 10:55 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-14 13:19 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 04:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 04:24 - 2016-12-21 02:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 04:23 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 04:23 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 20:22 - 2017-02-06 20:23 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-10-07 18:24 - 2016-10-07 18:24 - 00693432 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-10-07 18:25 - 2016-10-07 18:25 - 02024632 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-10-07 18:28 - 2016-10-07 18:28 - 00495288 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-10-27 12:58 - 2016-10-27 12:58 - 00018712 _____ () C:\Program Files (x86)\MSI\Dragon Center\GInf.dll
2016-12-16 10:01 - 2016-12-16 10:07 - 00123384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-08-30 02:19 - 2016-08-30 02:19 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 18:23 - 2016-10-07 18:23 - 00175800 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-10-07 18:21 - 2016-10-07 18:21 - 00250552 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-12-23 04:07 - 2016-12-12 18:38 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-23 04:07 - 2016-12-12 09:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-23 04:07 - 2016-12-12 09:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 06:47 - 2016-07-16 06:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4218886898-41493801-728894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-4218886898-41493801-728894-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58A45F44-D5FA-487F-AD77-8EA4E487FD4E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{89F8FB89-D598-4E08-80D6-8469CF8BCCD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F723A05F-477E-41ED-AD42-B0F5A57E7748}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EF9FB57-32D8-4AA6-9025-B53BF06F2876}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62EAAD63-655F-45CE-93E0-1740285AA331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA4F4879-FC87-41FB-97AD-C257327594CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{02E8F509-35F2-4D24-A941-B4D58A841B2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{E32A40F4-3B0A-4C25-99DA-452827ACF658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D3AFBDE0-A702-4A4C-B126-D31DA5137213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{BC1867CA-8AC0-4981-969C-41ECCDE98505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{D0C7D77C-EE0C-4042-9E4A-29A3C7308CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{3B6E62BD-6040-419E-82BB-C4384057258B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{DC55DD35-FC5B-4BF2-A950-505A1E8B7ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{33E40C5E-3E3B-4D1B-AE50-7D58C259FE0A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7FF10783-2B91-44AE-A335-804A2030D4F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{321C6B0F-14D7-474F-941D-BEC9D3029F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F574291E-919E-4223-B0FC-6D2F332C26EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9042FFBF-3DEC-4BB7-A6B9-0743DABB434E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35859D71-FE2A-45FF-A627-917D8FB37C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E479FDB1-F61B-4350-A3D7-821B937A6D17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{FB6557CF-C8F3-42EA-ADD4-928E6BE29B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{F8769C68-A2D8-488D-BF65-4B7630F8D238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0485327C-A46F-45E3-A71C-D3A7143D8804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FAF6EEEC-4F01-49A8-AAC1-A7DD0D87F076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{E3AB1FCC-F2F4-454D-A55F-91EFC2A2EA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{39B57716-1C4B-4ED8-B200-8F1345124CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{5397A5F7-862C-4E14-9C6C-809620D47DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{32F88ECD-D735-43F3-986E-8BB3B1ED04EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{0FEE2CD4-9E9F-42B3-97C0-70742BBD675D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{19DDBA06-A30A-4025-8E96-444F15FD83C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{766BA255-C003-4E04-815C-B61727EBB917}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BE6EAB90-FC6B-48A1-AC77-7A3DDFDA24F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{F4A8FA06-3540-47AB-ACD5-57F2B896079A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{265B1327-59CB-4805-B6F1-AB70002D0F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{62783129-1185-45E8-B211-32AF9CD331CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{58CFAA9B-73E2-4533-B46D-2A55128329DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{55249A23-EB92-4FA3-8078-CFA74499739E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{C3979464-80AE-4644-9838-0AF3CCC78D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{2AF9B9B9-EA8F-4678-B4AF-019A0CA74691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{1F8CDCA3-8A82-4F93-86FF-39C651A778FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{12D4118A-6FB9-4FC8-A4BB-0E00D51A0664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{ECAD9605-7B7D-4218-BC47-1D2D77AD4197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{2E6A0096-95EB-4FF0-AA78-EB92975D0B94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{564CF656-D5EA-48B4-BB51-6388EED16405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{909CB892-BA48-4149-A311-5465AB5DAEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{380E392A-702D-4E2F-8C48-B5530C7721B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{4E91C6CF-9A99-4107-B725-39DF19646A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{960A768A-0031-4F48-A622-D34D08A1172D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{67CBF75F-AF81-4BC5-9E26-E8D37851C4EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{93A75816-103A-4968-ABDD-352927A87174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{FFAD9C2B-5BBA-48EC-BB0C-13B7D3DB4470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{A3FE6BD7-1F07-494C-A44B-27C318AD96A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{E5F32BE5-B629-477F-8F03-A373CB7E65D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{70A38E8E-11E3-4864-8AFD-B4490348E0DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{2008150F-53FB-4941-B8EB-89EAF7A11EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{94E5C3EA-1282-45B8-A8A1-275164C35370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3EB97BC5-0180-4717-87A0-0C868E946377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3B42174B-3B07-47FF-B71D-FDBBC9F07690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{A5FD5BFD-9BB3-4AD7-86AF-5F2991BB563C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{4F8AA047-AE30-478D-8CA0-532769A43861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A144D421-CD6D-47E1-91FD-07748FC8EB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{EA89CB5D-BF6B-4175-92EC-5CF8BB5A30AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{9E4631AF-86B3-41BF-AA91-ED4B709E45B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{6ABD3963-FCE1-4570-8448-08526E8326CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{08A9F07E-B989-4A49-A8D0-F05DE03EE1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{622F3114-BA9B-46D0-AC13-264949088297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{468D817F-46BE-4066-9BFB-E47C02692C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{C0D20874-D515-45C7-9735-F204329D29CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{5DA2F9A0-0A8C-4329-8287-8B455076E02E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{ABE851FC-1EA5-4984-8D09-07D45753E171}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{CEB2B999-5155-44CB-888C-1F2B16902B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{BD69AE83-356E-46D6-95E2-742A844856B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{D25B9354-2B67-43F6-B5CA-C10A54AF1D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{20EB6D39-A038-4D20-AF2F-D963268BD999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{6CEFEB45-4719-4981-9ECE-F976999C7486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{9A9C0EA1-6B87-4F3A-97CF-C683D686DFE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{2AA3EE71-3825-4A05-9863-825D14D27D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{AF821B65-0B71-4382-94EC-4DBDD4861D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{B2EEDCFA-D33D-47C9-B592-586769BF8BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{11B7E7BD-5DCF-4103-B25B-8EAC52BCF7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{ECE33A69-8722-459B-BEC5-6611B65D4B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{8C5D3807-F3D5-483C-BB62-E6A267E5AFEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{FB0512F7-1457-4F1D-9EFC-D6B6660E0E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{6C398AAF-FE8B-4462-88B4-9E2DF1C00AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{57D32252-4FDE-4554-8B8B-9776A775A016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{165372EC-7B50-4658-9E78-342B476F2C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{6F2C7093-AC74-4E0B-9273-1CC179BC0F63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{2FC48271-68C1-428A-9F7E-9200CEE11EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{4126F9AE-698D-4907-B2E2-381E2EAF21DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{DC8FF109-33E3-4A91-804E-97B5DDF019B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{BBE00BDA-5AC6-4643-9373-10B5AA8925D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{A61410B8-D910-4ED9-8BA2-7E406331D2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{1CB85A98-9A1A-4265-974E-BB984079EC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{508959C3-0A1F-4E29-8172-27C8F9B36D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{5778B0E3-37DC-4572-8C74-47D65D124816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{F66022D3-5320-45DC-9111-A3E373B824FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/15/2017 08:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 8626502a-dbf7-455d-9271-94008fa30783
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 08e39c26-98db-4602-9ec7-ea2374486f53
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/15/2017 08:51:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x888
Startzeit der fehlerhaften Anwendung: 0x01d287f730c5dfc4
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: d8b48d13-546b-47db-8618-fdeacedbd4c9
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:51:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_ActiveX_Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 70D92B10

Error: (02/15/2017 08:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Name des fehlerhaften Moduls: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000735a5
ID des fehlerhaften Prozesses: 0x2f64
Startzeit der fehlerhaften Anwendung: 0x01d287f6e134d4e5
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Berichtskennung: f66fe2aa-bd63-4149-ac8e-eb5ded2a796b
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (02/15/2017 08:48:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Name des fehlerhaften Moduls: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000735a5
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0x01d287f5f53d51b3
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Berichtskennung: 6ef283f7-24f3-47f4-abb9-a3f46ba42a10
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (02/14/2017 09:29:39 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\WinZip\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\WinZip\adxloader.dll.Manifest" in Zeile 2.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/14/2017 09:20:47 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\WinZip\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\WinZip\adxloader.dll.Manifest" in Zeile 2.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (02/14/2017 10:16:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x830
Startzeit der fehlerhaften Anwendung: 0x01d286d541b5f425
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: 5f3035d8-eff1-43f8-82ec-b8e2781dffcf
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (02/16/2017 07:33:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/16/2017 07:33:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/16/2017 07:33:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/16/2017 08:36:46 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:51:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_ActiveX_Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/15/2017 08:51:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/15/2017 08:50:57 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.


CodeIntegrity:
===================================
  Date: 2017-02-16 19:40:56.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:35:11.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:35:11.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:35:11.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:35:11.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:34:34.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:34:34.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:34:34.263
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:33:17.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-16 19:33:17.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16338.75 MB
Verfügbarer physikalischer RAM: 13278.32 MB
Summe virtueller Speicher: 18770.75 MB
Verfügbarer virtueller Speicher: 15509.83 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:35.95 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:933.66 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6DDB4527)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 17.02.2017, 02:05   #9
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



... und hier der erste Teil vom TDS Killer

Vielen Dank fuer die schnelle Antwort und nochmals sorry fuer den ersten Post ohne Code Tags .....


Code:
ATTFilter
19:56:31.0721 0x2310  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
19:56:31.0721 0x2310  UEFI system
19:56:38.0603 0x2310  ============================================================
19:56:38.0603 0x2310  Current date / time: 2017/02/16 19:56:38.0603
19:56:38.0603 0x2310  SystemInfo:
19:56:38.0603 0x2310  
19:56:38.0603 0x2310  OS Version: 10.0.14393 ServicePack: 0.0
19:56:38.0603 0x2310  Product type: Workstation
19:56:38.0603 0x2310  ComputerName: MSI
19:56:38.0604 0x2310  UserName: Administrator
19:56:38.0604 0x2310  Windows directory: C:\Windows
19:56:38.0604 0x2310  System windows directory: C:\Windows
19:56:38.0604 0x2310  Running under WOW64
19:56:38.0604 0x2310  Processor architecture: Intel x64
19:56:38.0604 0x2310  Number of processors: 8
19:56:38.0604 0x2310  Page size: 0x1000
19:56:38.0604 0x2310  Boot type: Normal boot
19:56:38.0604 0x2310  CodeIntegrityOptions = 0x0000C001
19:56:38.0604 0x2310  ============================================================
19:56:38.0647 0x2310  KLMD registered as C:\Windows\system32\drivers\64435266.sys
19:56:38.0647 0x2310  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
19:56:39.0126 0x2310  System UUID: {95C063B1-AE28-3560-B413-BBD76645954D}
19:56:39.0510 0x2310  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:39.0511 0x2310  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:39.0516 0x2310  ============================================================
19:56:39.0516 0x2310  \Device\Harddisk0\DR0:
19:56:39.0516 0x2310  GPT partitions:
19:56:39.0517 0x2310  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {34EE33E8-E3FE-47F4-B640-6B9C9DDC1F2E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
19:56:39.0517 0x2310  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {0CE8F9CB-7A77-40D9-B8D1-D17D92B221DE}, Name: Microsoft reserved partition, StartLBA 0x96800, BlocksNum 0x40000
19:56:39.0517 0x2310  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8FC95390-FE84-4365-A467-2C9BFB022A84}, Name: Basic data partition, StartLBA 0xD6800, BlocksNum 0x1DA5A800
19:56:39.0517 0x2310  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7276A231-BE28-44C0-9C09-D079FBCB4010}, Name: Basic data partition, StartLBA 0x1DB31000, BlocksNum 0x1C2000
19:56:39.0517 0x2310  MBR partitions:
19:56:39.0517 0x2310  \Device\Harddisk1\DR1:
19:56:39.0826 0x2310  GPT partitions:
19:56:39.0837 0x2310  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C100B9AA-6B59-40DD-80E8-78513D1D0C83}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
19:56:39.0837 0x2310  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {ED6DCC10-55F9-4199-9AF9-039B690E592E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
19:56:39.0837 0x2310  MBR partitions:
19:56:39.0837 0x2310  ============================================================
19:56:39.0839 0x2310  C: <-> \Device\Harddisk0\DR0\Partition3
19:56:40.0119 0x2310  D: <-> \Device\Harddisk1\DR1\Partition2
19:56:40.0119 0x2310  ============================================================
19:56:40.0119 0x2310  Initialize success
19:56:40.0119 0x2310  ============================================================
19:58:31.0736 0x1d8c  ============================================================
19:58:31.0736 0x1d8c  Scan started
19:58:31.0736 0x1d8c  Mode: Manual; SigCheck; TDLFS; 
19:58:31.0736 0x1d8c  ============================================================
19:58:31.0736 0x1d8c  KSN ping started
19:58:32.0344 0x1d8c  KSN ping finished: true
19:58:33.0086 0x1d8c  ================ Scan system memory ========================
19:58:33.0086 0x1d8c  System memory - ok
19:58:33.0086 0x1d8c  ================ Scan services =============================
19:58:33.0121 0x1d8c  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
19:58:33.0156 0x1d8c  1394ohci - ok
19:58:33.0163 0x1d8c  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\Windows\system32\drivers\3ware.sys
19:58:33.0173 0x1d8c  3ware - ok
19:58:33.0189 0x1d8c  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:58:33.0209 0x1d8c  ACPI - ok
19:58:33.0213 0x1d8c  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\Windows\System32\drivers\AcpiDev.sys
19:58:33.0223 0x1d8c  AcpiDev - ok
19:58:33.0227 0x1d8c  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
19:58:33.0238 0x1d8c  acpiex - ok
19:58:33.0241 0x1d8c  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
19:58:33.0248 0x1d8c  acpipagr - ok
19:58:33.0252 0x1d8c  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
19:58:33.0260 0x1d8c  AcpiPmi - ok
19:58:33.0263 0x1d8c  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
19:58:33.0272 0x1d8c  acpitime - ok
19:58:33.0294 0x1d8c  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
19:58:33.0323 0x1d8c  ADP80XX - ok
19:58:33.0336 0x1d8c  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\Windows\system32\drivers\afd.sys
19:58:33.0355 0x1d8c  AFD - ok
19:58:33.0363 0x1d8c  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
19:58:33.0378 0x1d8c  ahcache - ok
19:58:33.0382 0x1d8c  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\Windows\System32\AJRouter.dll
19:58:33.0391 0x1d8c  AJRouter - ok
19:58:33.0395 0x1d8c  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\Windows\System32\alg.exe
19:58:33.0406 0x1d8c  ALG - ok
19:58:33.0410 0x1d8c  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
19:58:33.0421 0x1d8c  AmdK8 - ok
19:58:33.0426 0x1d8c  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
19:58:33.0437 0x1d8c  AmdPPM - ok
19:58:33.0441 0x1d8c  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:58:33.0449 0x1d8c  amdsata - ok
19:58:33.0457 0x1d8c  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:58:33.0469 0x1d8c  amdsbs - ok
19:58:33.0472 0x1d8c  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:58:33.0479 0x1d8c  amdxata - ok
19:58:33.0485 0x1d8c  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\Windows\system32\drivers\appid.sys
19:58:33.0496 0x1d8c  AppID - ok
19:58:33.0500 0x1d8c  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:58:33.0513 0x1d8c  AppIDSvc - ok
19:58:33.0518 0x1d8c  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\Windows\System32\appinfo.dll
19:58:33.0530 0x1d8c  Appinfo - ok
19:58:33.0533 0x1d8c  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\Windows\system32\drivers\applockerfltr.sys
19:58:33.0545 0x1d8c  applockerfltr - ok
19:58:33.0557 0x1d8c  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
19:58:33.0579 0x1d8c  AppReadiness - ok
19:58:33.0619 0x1d8c  [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
19:58:33.0681 0x1d8c  AppXSvc - ok
19:58:33.0689 0x1d8c  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:58:33.0698 0x1d8c  arcsas - ok
19:58:33.0703 0x1d8c  [ F3EB0301BED3C4586CEF27A2BA1C50B3, 94AEB00F0B1F1A26E69EF6F14F03B35AF5F095C04D70122276053F3145EEFC33 ] asmthub3        C:\Windows\System32\drivers\asmthub3.sys
19:58:33.0714 0x1d8c  asmthub3 - ok
19:58:33.0724 0x1d8c  [ 3D1460D459048E469D4EE506833FF0DE, DAE4597746D9791A61BDAF231FABA7A5097693DD9C43B3B7582AEBBAE2110B50 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
19:58:33.0736 0x1d8c  asmtxhci - ok
19:58:33.0740 0x1d8c  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
19:58:33.0749 0x1d8c  AsyncMac - ok
19:58:33.0754 0x1d8c  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:58:33.0762 0x1d8c  atapi - ok
19:58:33.0771 0x1d8c  [ 344566D820BED968FA65F5F7F14D56D4, 9B483FF87EEA67D5A2FC233F4735D676777B7478929D5B30D439C81EC2D2B66C ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:58:33.0783 0x1d8c  AtherosSvc - ok
19:58:33.0792 0x1d8c  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:58:33.0809 0x1d8c  AudioEndpointBuilder - ok
19:58:33.0827 0x1d8c  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:58:33.0858 0x1d8c  Audiosrv - ok
19:58:33.0863 0x1d8c  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:58:33.0876 0x1d8c  AxInstSV - ok
19:58:33.0888 0x1d8c  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:58:33.0904 0x1d8c  b06bdrv - ok
19:58:33.0908 0x1d8c  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
19:58:33.0918 0x1d8c  BasicDisplay - ok
19:58:33.0922 0x1d8c  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
19:58:33.0931 0x1d8c  BasicRender - ok
19:58:33.0935 0x1d8c  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\Windows\System32\drivers\bcmfn.sys
19:58:33.0944 0x1d8c  bcmfn - ok
19:58:33.0946 0x1d8c  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
19:58:33.0955 0x1d8c  bcmfn2 - ok
19:58:33.0964 0x1d8c  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:58:33.0981 0x1d8c  BDESVC - ok
19:58:33.0983 0x1d8c  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\Windows\system32\drivers\Beep.sys
19:58:33.0992 0x1d8c  Beep - ok
19:58:34.0007 0x1d8c  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\Windows\System32\bfe.dll
19:58:34.0034 0x1d8c  BFE - ok
19:58:34.0055 0x1d8c  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\Windows\System32\qmgr.dll
19:58:34.0090 0x1d8c  BITS - ok
19:58:34.0095 0x1d8c  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:58:34.0105 0x1d8c  bowser - ok
19:58:34.0122 0x1d8c  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:58:34.0148 0x1d8c  BrokerInfrastructure - ok
19:58:34.0155 0x1d8c  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\Windows\System32\browser.dll
19:58:34.0166 0x1d8c  Browser - ok
19:58:34.0178 0x1d8c  [ 528C1166F873E1F5AE3D38748139036C, 4DB53DB42E7820D47DE15C41FD797BA0C0499C829CB7220700ACEECAD96B0EB0 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
19:58:34.0195 0x1d8c  BtFilter - ok
19:58:34.0198 0x1d8c  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
19:58:34.0208 0x1d8c  BthAvrcpTg - ok
19:58:34.0212 0x1d8c  [ 77630A51FAF6A07922FEE835F4DED8F6, E096A9DC12885FD19575346A9693A66D0DDFF96C3155AD2040F2BF4249D1D609 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
19:58:34.0223 0x1d8c  BthEnum - ok
19:58:34.0227 0x1d8c  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
19:58:34.0237 0x1d8c  BthHFEnum - ok
19:58:34.0240 0x1d8c  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
19:58:34.0249 0x1d8c  bthhfhid - ok
19:58:34.0257 0x1d8c  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
19:58:34.0274 0x1d8c  BthHFSrv - ok
19:58:34.0280 0x1d8c  [ 0AB691736D4D4029444AF62DE59CFD37, C1C22EFBF67331B87AB261BBF9813009257437BA02F728EC2DFA1A49ECC5FABF ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
19:58:34.0295 0x1d8c  BthLEEnum - ok
19:58:34.0298 0x1d8c  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
19:58:34.0309 0x1d8c  BTHMODEM - ok
19:58:34.0313 0x1d8c  [ 224BA1CB1F3C702F0D001D2AFC9793B1, F139F6F78C716E1167E16530AE31E4A26C2A69467BCB08A9A52A101B31DF7771 ] BthPan          C:\Windows\System32\drivers\bthpan.sys
19:58:34.0324 0x1d8c  BthPan - ok
19:58:34.0343 0x1d8c  [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT         C:\Windows\System32\drivers\BTHport.sys
19:58:34.0375 0x1d8c  BTHPORT - ok
19:58:34.0381 0x1d8c  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\Windows\system32\bthserv.dll
19:58:34.0393 0x1d8c  bthserv - ok
19:58:34.0397 0x1d8c  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\Windows\System32\drivers\BTHUSB.sys
19:58:34.0407 0x1d8c  BTHUSB - ok
19:58:34.0410 0x1d8c  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
19:58:34.0419 0x1d8c  buttonconverter - ok
19:58:34.0423 0x1d8c  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\Windows\System32\drivers\capimg.sys
19:58:34.0435 0x1d8c  CapImg - ok
19:58:34.0441 0x1d8c  [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_NARA      C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys
19:58:34.0448 0x1d8c  ccSet_NARA - ok
19:58:34.0452 0x1d8c  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:58:34.0463 0x1d8c  cdfs - ok
19:58:34.0473 0x1d8c  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
19:58:34.0492 0x1d8c  CDPSvc - ok
19:58:34.0500 0x1d8c  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\Windows\System32\CDPUserSvc.dll
19:58:34.0517 0x1d8c  CDPUserSvc - ok
19:58:34.0525 0x1d8c  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\Windows\System32\drivers\cdrom.sys
19:58:34.0537 0x1d8c  cdrom - ok
19:58:34.0542 0x1d8c  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:58:34.0555 0x1d8c  CertPropSvc - ok
19:58:34.0564 0x1d8c  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\Windows\system32\drivers\cht4sx64.sys
19:58:34.0577 0x1d8c  cht4iscsi - ok
19:58:34.0614 0x1d8c  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\Windows\System32\drivers\cht4vx64.sys
19:58:34.0660 0x1d8c  cht4vbd - ok
19:58:34.0666 0x1d8c  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\Windows\System32\drivers\circlass.sys
19:58:34.0676 0x1d8c  circlass - ok
19:58:34.0686 0x1d8c  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
19:58:34.0699 0x1d8c  CLFS - ok
19:58:34.0768 0x1d8c  [ ACFB2A62301C6A903FA6A97DB84E9C31, 7A3089812330B605D2F545374A1A916B6DBA188186EC88DA3348814A95C791F0 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
19:58:34.0837 0x1d8c  ClickToRunSvc - ok
19:58:34.0856 0x1d8c  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\Windows\System32\ClipSVC.dll
19:58:34.0877 0x1d8c  ClipSVC - ok
19:58:34.0881 0x1d8c  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\Windows\System32\drivers\registry.sys
19:58:34.0891 0x1d8c  clreg - ok
19:58:34.0897 0x1d8c  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
19:58:34.0906 0x1d8c  CmBatt - ok
19:58:34.0920 0x1d8c  [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:58:34.0939 0x1d8c  CNG - ok
19:58:34.0943 0x1d8c  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
19:58:34.0950 0x1d8c  cnghwassist - ok
19:58:34.0959 0x1d8c  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
19:58:34.0967 0x1d8c  CompositeBus - ok
19:58:34.0970 0x1d8c  COMSysApp - ok
19:58:34.0973 0x1d8c  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\Windows\system32\drivers\condrv.sys
19:58:34.0981 0x1d8c  condrv - ok
19:58:34.0996 0x1d8c  [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
19:58:35.0019 0x1d8c  CoreMessagingRegistrar - ok
19:58:35.0025 0x1d8c  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:58:35.0036 0x1d8c  CryptSvc - ok
19:58:35.0040 0x1d8c  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\Windows\system32\drivers\dam.sys
19:58:35.0048 0x1d8c  dam - ok
19:58:35.0068 0x1d8c  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:58:35.0100 0x1d8c  DcomLaunch - ok
19:58:35.0106 0x1d8c  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\Windows\system32\dcpsvc.dll
19:58:35.0122 0x1d8c  DcpSvc - ok
19:58:35.0133 0x1d8c  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:58:35.0157 0x1d8c  defragsvc - ok
19:58:35.0168 0x1d8c  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\Windows\system32\das.dll
19:58:35.0187 0x1d8c  DeviceAssociationService - ok
19:58:35.0191 0x1d8c  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
19:58:35.0207 0x1d8c  DeviceInstall - ok
19:58:35.0211 0x1d8c  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
19:58:35.0220 0x1d8c  DevQueryBroker - ok
19:58:35.0225 0x1d8c  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
19:58:35.0238 0x1d8c  Dfsc - ok
19:58:35.0246 0x1d8c  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:58:35.0263 0x1d8c  Dhcp - ok
19:58:35.0268 0x1d8c  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
19:58:35.0278 0x1d8c  diagnosticshub.standardcollector.service - ok
19:58:35.0312 0x1d8c  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\Windows\system32\diagtrack.dll
19:58:35.0369 0x1d8c  DiagTrack - ok
19:58:35.0376 0x1d8c  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\Windows\system32\drivers\disk.sys
19:58:35.0385 0x1d8c  disk - ok
19:58:35.0394 0x1d8c  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
19:58:35.0414 0x1d8c  DmEnrollmentSvc - ok
19:58:35.0417 0x1d8c  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
19:58:35.0426 0x1d8c  dmvsc - ok
19:58:35.0429 0x1d8c  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
19:58:35.0445 0x1d8c  dmwappushservice - ok
19:58:35.0452 0x1d8c  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:58:35.0467 0x1d8c  Dnscache - ok
19:58:35.0475 0x1d8c  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\Windows\System32\dot3svc.dll
19:58:35.0490 0x1d8c  dot3svc - ok
19:58:35.0495 0x1d8c  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\Windows\system32\dps.dll
19:58:35.0508 0x1d8c  DPS - ok
19:58:35.0511 0x1d8c  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\Windows\system32\DRIVERS\drmkaud.sys
19:58:35.0520 0x1d8c  drmkaud - ok
19:58:35.0526 0x1d8c  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
19:58:35.0541 0x1d8c  DsmSvc - ok
19:58:35.0547 0x1d8c  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\Windows\System32\DsSvc.dll
19:58:35.0561 0x1d8c  DsSvc - ok
19:58:35.0599 0x1d8c  [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:58:35.0647 0x1d8c  DXGKrnl - ok
19:58:35.0654 0x1d8c  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\Windows\System32\eapsvc.dll
19:58:35.0671 0x1d8c  EapHost - ok
19:58:35.0727 0x1d8c  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:58:35.0797 0x1d8c  ebdrv - ok
19:58:35.0805 0x1d8c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\Windows\System32\lsass.exe
19:58:35.0814 0x1d8c  EFS - ok
19:58:35.0818 0x1d8c  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
19:58:35.0826 0x1d8c  EhStorClass - ok
19:58:35.0831 0x1d8c  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:58:35.0840 0x1d8c  EhStorTcgDrv - ok
19:58:35.0846 0x1d8c  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
19:58:35.0860 0x1d8c  embeddedmode - ok
19:58:35.0868 0x1d8c  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\Windows\system32\EnterpriseAppMgmtSvc.dll
19:58:35.0883 0x1d8c  EntAppSvc - ok
19:58:35.0888 0x1d8c  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
19:58:35.0896 0x1d8c  ErrDev - ok
19:58:35.0911 0x1d8c  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\Windows\system32\es.dll
19:58:35.0931 0x1d8c  EventSystem - ok
19:58:35.0939 0x1d8c  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\Windows\system32\drivers\exfat.sys
19:58:35.0957 0x1d8c  exfat - ok
19:58:35.0959 0x1d8c  Fabs - ok
19:58:35.0968 0x1d8c  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:58:35.0981 0x1d8c  fastfat - ok
19:58:35.0997 0x1d8c  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\Windows\system32\fxssvc.exe
19:58:36.0022 0x1d8c  Fax - ok
19:58:36.0026 0x1d8c  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\Windows\System32\drivers\fdc.sys
19:58:36.0037 0x1d8c  fdc - ok
19:58:36.0039 0x1d8c  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:58:36.0052 0x1d8c  fdPHost - ok
19:58:36.0055 0x1d8c  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\Windows\system32\fdrespub.dll
19:58:36.0066 0x1d8c  FDResPub - ok
19:58:36.0072 0x1d8c  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\Windows\system32\fhsvc.dll
19:58:36.0083 0x1d8c  fhsvc - ok
19:58:36.0087 0x1d8c  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\Windows\system32\drivers\filecrypt.sys
19:58:36.0097 0x1d8c  FileCrypt - ok
19:58:36.0102 0x1d8c  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:58:36.0110 0x1d8c  FileInfo - ok
19:58:36.0113 0x1d8c  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:58:36.0124 0x1d8c  Filetrace - ok
19:58:36.0168 0x1d8c  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:58:36.0239 0x1d8c  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
19:58:36.0817 0x1d8c  Detect skipped due to KSN trusted
19:58:36.0817 0x1d8c  FirebirdServerMAGIXInstance - ok
19:58:36.0822 0x1d8c  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
19:58:36.0831 0x1d8c  flpydisk - ok
19:58:36.0843 0x1d8c  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:58:36.0857 0x1d8c  FltMgr - ok
19:58:36.0890 0x1d8c  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\Windows\system32\FntCache.dll
19:58:36.0946 0x1d8c  FontCache - ok
19:58:36.0954 0x1d8c  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:58:36.0963 0x1d8c  FontCache3.0.0.0 - ok
19:58:36.0979 0x1d8c  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\Windows\system32\FrameServer.dll
19:58:37.0007 0x1d8c  FrameServer - ok
19:58:37.0012 0x1d8c  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:58:37.0020 0x1d8c  FsDepends - ok
19:58:37.0023 0x1d8c  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:58:37.0029 0x1d8c  Fs_Rec - ok
19:58:37.0043 0x1d8c  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:58:37.0062 0x1d8c  fvevol - ok
19:58:37.0066 0x1d8c  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
19:58:37.0075 0x1d8c  gencounter - ok
19:58:37.0077 0x1d8c  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
19:58:37.0086 0x1d8c  genericusbfn - ok
19:58:37.0091 0x1d8c  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
19:58:37.0101 0x1d8c  GPIOClx0101 - ok
19:58:37.0123 0x1d8c  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:58:37.0161 0x1d8c  gpsvc - ok
19:58:37.0165 0x1d8c  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
19:58:37.0174 0x1d8c  GpuEnergyDrv - ok
19:58:37.0178 0x1d8c  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:37.0186 0x1d8c  gupdate - ok
19:58:37.0190 0x1d8c  [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:58:37.0196 0x1d8c  gupdatem - ok
19:58:37.0206 0x1d8c  [ 217230B984AB2954E2FA5E36578D7B08, BB7B79EA7501A28EB2A0303FDF66FB9D59D567994C25A1523CD6D2081C403AF6 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
19:58:37.0225 0x1d8c  HdAudAddService - ok
19:58:37.0228 0x1d8c  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
19:58:37.0239 0x1d8c  HDAudBus - ok
19:58:37.0242 0x1d8c  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
19:58:37.0250 0x1d8c  HidBatt - ok
19:58:37.0254 0x1d8c  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\Windows\System32\drivers\hidbth.sys
19:58:37.0265 0x1d8c  HidBth - ok
19:58:37.0269 0x1d8c  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
19:58:37.0277 0x1d8c  hidi2c - ok
19:58:37.0281 0x1d8c  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
19:58:37.0288 0x1d8c  hidinterrupt - ok
19:58:37.0291 0x1d8c  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\Windows\System32\drivers\hidir.sys
19:58:37.0301 0x1d8c  HidIr - ok
19:58:37.0304 0x1d8c  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\Windows\system32\hidserv.dll
19:58:37.0313 0x1d8c  hidserv - ok
19:58:37.0316 0x1d8c  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
19:58:37.0325 0x1d8c  HidUsb - ok
19:58:37.0331 0x1d8c  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:58:37.0347 0x1d8c  HomeGroupListener - ok
19:58:37.0358 0x1d8c  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:58:37.0378 0x1d8c  HomeGroupProvider - ok
19:58:37.0381 0x1d8c  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:58:37.0389 0x1d8c  HpSAMD - ok
19:58:37.0410 0x1d8c  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:58:37.0437 0x1d8c  HTTP - ok
19:58:37.0442 0x1d8c  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\Windows\System32\hvhostsvc.dll
19:58:37.0451 0x1d8c  HvHost - ok
19:58:37.0455 0x1d8c  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\Windows\system32\drivers\hvservice.sys
19:58:37.0463 0x1d8c  hvservice - ok
19:58:37.0466 0x1d8c  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:58:37.0473 0x1d8c  hwpolicy - ok
19:58:37.0476 0x1d8c  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
19:58:37.0485 0x1d8c  hyperkbd - ok
19:58:37.0489 0x1d8c  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
19:58:37.0499 0x1d8c  i8042prt - ok
19:58:37.0503 0x1d8c  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\Windows\System32\drivers\iagpio.sys
19:58:37.0511 0x1d8c  iagpio - ok
19:58:37.0516 0x1d8c  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\Windows\System32\drivers\iai2c.sys
19:58:37.0527 0x1d8c  iai2c - ok
19:58:37.0530 0x1d8c  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys
19:58:37.0540 0x1d8c  iaLPSS2i_GPIO2 - ok
19:58:37.0545 0x1d8c  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
19:58:37.0554 0x1d8c  iaLPSS2i_I2C - ok
19:58:37.0557 0x1d8c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
19:58:37.0563 0x1d8c  iaLPSSi_GPIO - ok
19:58:37.0568 0x1d8c  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
19:58:37.0579 0x1d8c  iaLPSSi_I2C - ok
19:58:37.0595 0x1d8c  [ 7675D8E247732F45F60AA450BA2C207D, DBB591E56BBF9A93BE66A993D143A97964CC628457CF47EB5231D0DF62B59ADE ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
19:58:37.0615 0x1d8c  iaStorA - ok
19:58:37.0630 0x1d8c  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
19:58:37.0651 0x1d8c  iaStorAV - ok
19:58:37.0655 0x1d8c  [ 138F6A3E13BF002852EDA02B2DEBDD19, CB535FA072CD4C7C3F52E5B0EC88A1443E4B6F92F50C602E38864E20DC3A4476 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:58:37.0664 0x1d8c  IAStorDataMgrSvc - ok
19:58:37.0673 0x1d8c  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:58:37.0688 0x1d8c  iaStorV - ok
19:58:37.0700 0x1d8c  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\Windows\System32\drivers\ibbus.sys
19:58:37.0716 0x1d8c  ibbus - ok
19:58:37.0722 0x1d8c  [ E54BFAB1679CCFBE2C28AD18BE9D0E5F, DAFFCFEBDADEE43FE657FFFFCFADA2F7AE62FCB29915540F620FDC0041A99CD1 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:58:37.0730 0x1d8c  ICCS - ok
19:58:37.0735 0x1d8c  [ 231ADCE77616144B8E3D29707B282C82, D2429E0CAABE3E3A50D62DEC6C9F8D13AC8786EB57D9075489425E623EC84165 ] ICCWDT          C:\Windows\System32\drivers\ICCWDT.sys
19:58:37.0741 0x1d8c  ICCWDT - ok
19:58:37.0748 0x1d8c  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\Windows\System32\tetheringservice.dll
19:58:37.0761 0x1d8c  icssvc - ok
19:58:37.0778 0x1d8c  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:58:37.0811 0x1d8c  IKEEXT - ok
19:58:37.0815 0x1d8c  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\Windows\System32\drivers\IndirectKmd.sys
19:58:37.0824 0x1d8c  IndirectKmd - ok
19:58:37.0908 0x1d8c  [ 9D8D3EB75CC3F7928D0123DFD9C3688A, 4547F8A0709403363112C4508E0EC9D646FBDA8AB9DEAFA5A76630DFEE9A245B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:58:37.0998 0x1d8c  IntcAzAudAddService - ok
19:58:38.0022 0x1d8c  [ AEA02F1F43503A5E10C92246A0B70DBD, 9717788B0D3E69071042A6D3EFB431F7466F76805F762BF22A32314FF3C21D84 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:58:38.0047 0x1d8c  Intel(R) Capability Licensing Service TCP IP Interface - ok
19:58:38.0051 0x1d8c  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\Windows\system32\drivers\intelide.sys
19:58:38.0059 0x1d8c  intelide - ok
19:58:38.0062 0x1d8c  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\Windows\system32\drivers\intelpep.sys
19:58:38.0071 0x1d8c  intelpep - ok
19:58:38.0076 0x1d8c  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
19:58:38.0088 0x1d8c  intelppm - ok
19:58:38.0091 0x1d8c  [ D9B56324C4A13F51A5B22238136C85D0, 52FCE05BF7427E95B3C9AFE0F2EB3A2A6F0BF910ECDC5F6B349DC5EACCDAAD39 ] iocbios2        C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
19:58:38.0098 0x1d8c  iocbios2 - ok
19:58:38.0102 0x1d8c  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\Windows\system32\drivers\iorate.sys
19:58:38.0110 0x1d8c  iorate - ok
19:58:38.0115 0x1d8c  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:38.0125 0x1d8c  IpFilterDriver - ok
19:58:38.0143 0x1d8c  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:58:38.0174 0x1d8c  iphlpsvc - ok
19:58:38.0179 0x1d8c  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
19:58:38.0188 0x1d8c  IPMIDRV - ok
19:58:38.0194 0x1d8c  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:58:38.0208 0x1d8c  IPNAT - ok
19:58:38.0214 0x1d8c  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\Windows\system32\drivers\irda.sys
19:58:38.0226 0x1d8c  irda - ok
19:58:38.0229 0x1d8c  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:58:38.0239 0x1d8c  IRENUM - ok
19:58:38.0242 0x1d8c  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\Windows\System32\irmon.dll
19:58:38.0253 0x1d8c  irmon - ok
19:58:38.0256 0x1d8c  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:58:38.0263 0x1d8c  isapnp - ok
19:58:38.0271 0x1d8c  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
19:58:38.0283 0x1d8c  iScsiPrt - ok
19:58:38.0288 0x1d8c  [ BD60AF5579A5B654AF39CE09EA39AB17, B53332968F21B2F97DD55C67620E86AAE41B8969DD60EC3B1B5FE88DE1B6C8B0 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:58:38.0296 0x1d8c  jhi_service - ok
19:58:38.0300 0x1d8c  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
19:58:38.0308 0x1d8c  kbdclass - ok
19:58:38.0311 0x1d8c  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
19:58:38.0320 0x1d8c  kbdhid - ok
19:58:38.0324 0x1d8c  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\Windows\System32\drivers\kdnic.sys
19:58:38.0334 0x1d8c  kdnic - ok
19:58:38.0338 0x1d8c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\Windows\system32\lsass.exe
19:58:38.0346 0x1d8c  KeyIso - ok
19:58:38.0378 0x1d8c  [ 21F2BFE5C90556BFF4FD8DB65718F98A, EAEB76D84A68ADECA17D264C84F5225DB651EFF4EDCC32E2EB063E52AC2035D0 ] Killer Network Service C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
19:58:38.0420 0x1d8c  Killer Network Service - ok
19:58:38.0428 0x1d8c  [ 79FB15772614197065C6F8DF085125CA, 4CDE0690440915E75245A21A8671A82648BF7856774A4B3ED5C43B3424FB9199 ] KillerEth       C:\Windows\System32\drivers\e2xw10x64.sys
19:58:38.0435 0x1d8c  KillerEth - ok
19:58:38.0440 0x1d8c  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:58:38.0449 0x1d8c  KSecDD - ok
19:58:38.0455 0x1d8c  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:58:38.0464 0x1d8c  KSecPkg - ok
19:58:38.0468 0x1d8c  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:58:38.0481 0x1d8c  ksthunk - ok
19:58:38.0491 0x1d8c  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:58:38.0509 0x1d8c  KtmRm - ok
19:58:38.0516 0x1d8c  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:58:38.0534 0x1d8c  LanmanServer - ok
19:58:38.0542 0x1d8c  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:58:38.0557 0x1d8c  LanmanWorkstation - ok
19:58:38.0561 0x1d8c  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\Windows\System32\lfsvc.dll
19:58:38.0571 0x1d8c  lfsvc - ok
19:58:38.0574 0x1d8c  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
19:58:38.0584 0x1d8c  LicenseManager - ok
19:58:38.0588 0x1d8c  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\Windows\system32\drivers\lltdio.sys
19:58:38.0597 0x1d8c  lltdio - ok
19:58:38.0604 0x1d8c  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:58:38.0618 0x1d8c  lltdsvc - ok
19:58:38.0621 0x1d8c  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:58:38.0632 0x1d8c  lmhosts - ok
19:58:38.0641 0x1d8c  [ 926DD6435BD1F85DB937C1CA1CF2E819, F1E8919663F619726C2802202131D18287D7B2E8D3F9B869CB6D21F1D6DF9268 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:58:38.0653 0x1d8c  LMS - ok
19:58:38.0659 0x1d8c  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:58:38.0668 0x1d8c  LSI_SAS - ok
19:58:38.0672 0x1d8c  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\Windows\system32\drivers\lsi_sas2i.sys
19:58:38.0680 0x1d8c  LSI_SAS2i - ok
19:58:38.0685 0x1d8c  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\Windows\system32\drivers\lsi_sas3i.sys
19:58:38.0693 0x1d8c  LSI_SAS3i - ok
19:58:38.0697 0x1d8c  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
19:58:38.0706 0x1d8c  LSI_SSS - ok
19:58:38.0720 0x1d8c  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\Windows\System32\lsm.dll
19:58:38.0745 0x1d8c  LSM - ok
19:58:38.0751 0x1d8c  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:58:38.0765 0x1d8c  luafv - ok
19:58:38.0769 0x1d8c  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\Windows\System32\moshost.dll
19:58:38.0779 0x1d8c  MapsBroker - ok
19:58:38.0847 0x1d8c  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
19:58:38.0921 0x1d8c  MBAMService - ok
19:58:38.0931 0x1d8c  [ BDE2FC7213C0897524C1357BAAE30239, 1E1AB68145107429217E07A662477C86406E0188BE9F01CAC416AC13054D1A5E ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:58:38.0940 0x1d8c  MBAMSwissArmy - ok
19:58:38.0944 0x1d8c  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\Windows\system32\drivers\megasas.sys
19:58:38.0952 0x1d8c  megasas - ok
19:58:38.0956 0x1d8c  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\Windows\system32\drivers\MegaSas2i.sys
19:58:38.0964 0x1d8c  megasas2i - ok
19:58:38.0977 0x1d8c  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\Windows\system32\drivers\megasr.sys
19:58:38.0996 0x1d8c  megasr - ok
19:58:39.0002 0x1d8c  [ 552BCE17DF7FC306196F2325489CFFBE, C50720BFFAF5B78C9D0219023B7D18A2D94E70EA38526DE364FF5FBC5C98E208 ] MEIx64          C:\Windows\System32\drivers\TeeDriverW8x64.sys
19:58:39.0014 0x1d8c  MEIx64 - ok
19:58:39.0020 0x1d8c  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\Windows\System32\MessagingService.dll
19:58:39.0030 0x1d8c  MessagingService - ok
19:58:39.0036 0x1d8c  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files (x86)\SCM\MSIService.exe
19:58:39.0044 0x1d8c  Micro Star SCM - detected UnsignedFile.Multi.Generic ( 1 )
19:58:39.0810 0x1d8c  Detect skipped due to KSN trusted
19:58:39.0810 0x1d8c  Micro Star SCM - ok
19:58:39.0829 0x1d8c  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
19:58:39.0852 0x1d8c  mlx4_bus - ok
19:58:39.0856 0x1d8c  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\Windows\system32\drivers\mmcss.sys
19:58:39.0865 0x1d8c  MMCSS - ok
19:58:39.0870 0x1d8c  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\Windows\system32\drivers\modem.sys
19:58:39.0879 0x1d8c  Modem - ok
19:58:39.0883 0x1d8c  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\Windows\System32\drivers\monitor.sys
19:58:39.0892 0x1d8c  monitor - ok
19:58:39.0895 0x1d8c  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
19:58:39.0903 0x1d8c  mouclass - ok
19:58:39.0907 0x1d8c  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\Windows\System32\drivers\mouhid.sys
19:58:39.0916 0x1d8c  mouhid - ok
19:58:39.0920 0x1d8c  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:58:39.0928 0x1d8c  mountmgr - ok
19:58:39.0933 0x1d8c  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:58:39.0944 0x1d8c  mpsdrv - ok
19:58:39.0961 0x1d8c  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:58:39.0993 0x1d8c  MpsSvc - ok
19:58:39.0999 0x1d8c  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:58:40.0010 0x1d8c  MRxDAV - ok
19:58:40.0022 0x1d8c  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:40.0037 0x1d8c  mrxsmb - ok
19:58:40.0044 0x1d8c  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:40.0059 0x1d8c  mrxsmb10 - ok
19:58:40.0066 0x1d8c  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:40.0076 0x1d8c  mrxsmb20 - ok
19:58:40.0081 0x1d8c  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\Windows\system32\drivers\bridge.sys
19:58:40.0093 0x1d8c  MsBridge - ok
19:58:40.0097 0x1d8c  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\Windows\System32\msdtc.exe
19:58:40.0109 0x1d8c  MSDTC - ok
19:58:40.0115 0x1d8c  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:58:40.0125 0x1d8c  Msfs - ok
19:58:40.0129 0x1d8c  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
19:58:40.0136 0x1d8c  msgpiowin32 - ok
19:58:40.0140 0x1d8c  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:58:40.0147 0x1d8c  mshidkmdf - ok
19:58:40.0151 0x1d8c  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
19:58:40.0159 0x1d8c  mshidumdf - ok
19:58:40.0162 0x1d8c  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:58:40.0171 0x1d8c  msisadrv - ok
19:58:40.0176 0x1d8c  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:58:40.0188 0x1d8c  MSiSCSI - ok
19:58:40.0191 0x1d8c  msiserver - ok
19:58:40.0196 0x1d8c  [ D836D32987A85D9E3955D2166A864885, 53096374A953B4CBD01BD23C17ADA9887D4F9B99712020DE46E98F5B2FBCC58E ] MSITrueColorService C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
19:58:40.0203 0x1d8c  MSITrueColorService - ok
19:58:40.0207 0x1d8c  [ E08F78FEF5310CF14EA6B9C9FA66BEC1, 8176F97B3A162F81C0D5DD9F4B868139ED76EE10192709F19C7ABE9BD813E8D7 ] MSI_ActiveX_Service C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
19:58:40.0213 0x1d8c  MSI_ActiveX_Service - ok
19:58:40.0217 0x1d8c  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\Windows\system32\DRIVERS\MSKSSRV.sys
19:58:40.0230 0x1d8c  MSKSSRV - ok
19:58:40.0235 0x1d8c  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
19:58:40.0244 0x1d8c  MsLldp - ok
19:58:40.0247 0x1d8c  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\Windows\system32\DRIVERS\MSPCLOCK.sys
19:58:40.0260 0x1d8c  MSPCLOCK - ok
19:58:40.0263 0x1d8c  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\Windows\system32\DRIVERS\MSPQM.sys
19:58:40.0275 0x1d8c  MSPQM - ok
19:58:40.0284 0x1d8c  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:58:40.0297 0x1d8c  MsRPC - ok
19:58:40.0302 0x1d8c  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
19:58:40.0309 0x1d8c  mssmbios - ok
19:58:40.0314 0x1d8c  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\Windows\system32\DRIVERS\MSTEE.sys
19:58:40.0326 0x1d8c  MSTEE - ok
19:58:40.0329 0x1d8c  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
19:58:40.0338 0x1d8c  MTConfig - ok
19:58:40.0343 0x1d8c  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:58:40.0353 0x1d8c  Mup - ok
19:58:40.0357 0x1d8c  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
19:58:40.0364 0x1d8c  mvumis - ok
19:58:40.0377 0x1d8c  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:58:40.0400 0x1d8c  NativeWifiP - ok
19:58:40.0402 0x1d8c  NAVENG - ok
19:58:40.0404 0x1d8c  NAVEX15 - ok
19:58:40.0410 0x1d8c  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\Windows\System32\ncasvc.dll
19:58:40.0423 0x1d8c  NcaSvc - ok
19:58:40.0431 0x1d8c  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\Windows\System32\ncbservice.dll
19:58:40.0449 0x1d8c  NcbService - ok
19:58:40.0454 0x1d8c  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
19:58:40.0470 0x1d8c  NcdAutoSetup - ok
19:58:40.0474 0x1d8c  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
19:58:40.0483 0x1d8c  ndfltr - ok
19:58:40.0505 0x1d8c  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:58:40.0535 0x1d8c  NDIS - ok
19:58:40.0539 0x1d8c  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
19:58:40.0550 0x1d8c  NdisCap - ok
19:58:40.0554 0x1d8c  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
19:58:40.0565 0x1d8c  NdisImPlatform - ok
19:58:40.0570 0x1d8c  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:40.0583 0x1d8c  NdisTapi - ok
19:58:40.0587 0x1d8c  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
19:58:40.0596 0x1d8c  Ndisuio - ok
19:58:40.0599 0x1d8c  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
19:58:40.0608 0x1d8c  NdisVirtualBus - ok
19:58:40.0614 0x1d8c  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
19:58:40.0631 0x1d8c  NdisWan - ok
19:58:40.0638 0x1d8c  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:40.0655 0x1d8c  ndiswanlegacy - ok
19:58:40.0658 0x1d8c  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
19:58:40.0673 0x1d8c  ndproxy - ok
19:58:40.0677 0x1d8c  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
19:58:40.0693 0x1d8c  Ndu - ok
19:58:40.0697 0x1d8c  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\Windows\system32\drivers\NetAdapterCx.sys
19:58:40.0707 0x1d8c  NetAdapterCx - ok
19:58:40.0710 0x1d8c  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
19:58:40.0718 0x1d8c  NetBIOS - ok
19:58:40.0727 0x1d8c  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:58:40.0742 0x1d8c  NetBT - ok
19:58:40.0746 0x1d8c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\Windows\system32\lsass.exe
19:58:40.0754 0x1d8c  Netlogon - ok
19:58:40.0761 0x1d8c  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\Windows\System32\netman.dll
19:58:40.0778 0x1d8c  Netman - ok
19:58:40.0789 0x1d8c  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\Windows\System32\netprofmsvc.dll
19:58:40.0811 0x1d8c  netprofm - ok
19:58:40.0818 0x1d8c  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
19:58:40.0834 0x1d8c  NetSetupSvc - ok
19:58:40.0842 0x1d8c  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:58:40.0851 0x1d8c  NetTcpPortSharing - ok
19:58:40.0860 0x1d8c  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
19:58:40.0877 0x1d8c  NgcCtnrSvc - ok
19:58:40.0896 0x1d8c  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\Windows\system32\ngcsvc.dll
19:58:40.0930 0x1d8c  NgcSvc - ok
19:58:40.0940 0x1d8c  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:58:40.0958 0x1d8c  NlaSvc - ok
19:58:41.0028 0x1d8c  [ B13C5A66906C5C013C12A9E310B3F512, 477166DD956F96C167E992486B3CC80137EABC7BDCEE70BCE4A60B79939B5D9B ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:58:41.0101 0x1d8c  NOBU - ok
19:58:41.0109 0x1d8c  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:58:41.0119 0x1d8c  Npfs - ok
19:58:41.0122 0x1d8c  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
19:58:41.0130 0x1d8c  npsvctrig - ok
19:58:41.0134 0x1d8c  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\Windows\system32\nsisvc.dll
19:58:41.0143 0x1d8c  nsi - ok
19:58:41.0146 0x1d8c  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:58:41.0156 0x1d8c  nsiproxy - ok
19:58:41.0197 0x1d8c  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
19:58:41.0253 0x1d8c  NTFS - ok
19:58:41.0257 0x1d8c  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\Windows\system32\drivers\Null.sys
19:58:41.0266 0x1d8c  Null - ok
19:58:41.0276 0x1d8c  [ 14FF58450CB77E81E62A2CCFA29AAD5B, 484EA851B8AA51E9274009F01C8132BCD2B5FDF18F95FF0C8093D33D3FEFD26E ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
19:58:41.0290 0x1d8c  NvContainerLocalSystem - ok
19:58:41.0299 0x1d8c  [ 14FF58450CB77E81E62A2CCFA29AAD5B, 484EA851B8AA51E9274009F01C8132BCD2B5FDF18F95FF0C8093D33D3FEFD26E ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
19:58:41.0311 0x1d8c  NvContainerNetworkService - ok
19:58:41.0326 0x1d8c  [ 207A78939B7BBA0EFE8BFA947A35E71C, BB7DDFED575F81CAB958DDC7CFF2D798EB14DAE633F49FA2229D98BDC489C0EE ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:58:41.0337 0x1d8c  NVHDA - ok
19:58:41.0359 0x1d8c  [ 520A9ADAA30AA3EF5AB23725CCFEDBBE, 56078F97594D933E6123383CB20714D1EF43467DB8B46D737BA7DCD4148C1036 ] NVIDIA Wireless Controller Service C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
19:58:41.0391 0x1d8c  NVIDIA Wireless Controller Service - ok
19:58:41.0620 0x1d8c  [ B360CFC497FF8070E37AEEA92CEF14BC, 3172A296192640474E9B78A83C66079D916523F04D950AA56B65D570BED633FA ] nvlddmkm        C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys
19:58:41.0861 0x1d8c  nvlddmkm - ok
19:58:41.0876 0x1d8c  [ FEC294A2941AB6CA913D633C761B15CD, FFD90058A0CE6DA0338F3F9AA8531C232C1BF25A9BF7874154F8B96B8F07D50C ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:58:41.0882 0x1d8c  nvpciflt - ok
19:58:41.0887 0x1d8c  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:58:41.0896 0x1d8c  nvraid - ok
19:58:41.0903 0x1d8c  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:58:41.0913 0x1d8c  nvstor - ok
19:58:41.0917 0x1d8c  [ 31D4FAE2BAAD443419FC6D7079870BCD, 0A62785448EE10B335C4F869BA2A197F6AE09888C85E0D2AC80E757244A59A6C ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
19:58:41.0923 0x1d8c  NvStreamKms - ok
19:58:41.0927 0x1d8c  [ B8A220FE3CCDD6C029187AC813E4E674, AAC5E9C6D582444948AEB6EC2CF6D8AC27100FD4FE996CD727A0B68E04254CA5 ] NVSWCFilter     C:\Windows\System32\drivers\nvswcfilter.sys
19:58:41.0932 0x1d8c  NVSWCFilter - ok
19:58:41.0942 0x1d8c  [ CBB924C175EB4512F87AD7D6A0E55138, 75358B34E062A8AD26B2B353B3C517A14D31F257BF1D7D298E1ED0C875FDB0F1 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
19:58:41.0954 0x1d8c  NvTelemetryContainer - ok
19:58:41.0957 0x1d8c  [ 327832BEEB4DB34B418193BDA1BE4F10, C442642B1EF17CC0C382FE25231E33ECA580FC339B20AF222654FD8295ACA925 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
19:58:41.0962 0x1d8c  nvvad_WaveExtensible - ok
19:58:41.0971 0x1d8c  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
19:58:41.0987 0x1d8c  OneSyncSvc - ok
19:58:41.0994 0x1d8c  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:58:42.0004 0x1d8c  ose - ok
19:58:42.0081 0x1d8c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:58:42.0167 0x1d8c  osppsvc - ok
19:58:42.0179 0x1d8c  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:58:42.0197 0x1d8c  p2pimsvc - ok
19:58:42.0207 0x1d8c  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\Windows\system32\p2psvc.dll
19:58:42.0227 0x1d8c  p2psvc - ok
19:58:42.0233 0x1d8c  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\Windows\System32\drivers\parport.sys
19:58:42.0243 0x1d8c  Parport - ok
19:58:42.0248 0x1d8c  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:58:42.0257 0x1d8c  partmgr - ok
19:58:42.0268 0x1d8c  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:58:42.0285 0x1d8c  PcaSvc - ok
19:58:42.0293 0x1d8c  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\Windows\system32\drivers\pci.sys
19:58:42.0307 0x1d8c  pci - ok
19:58:42.0311 0x1d8c  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\Windows\system32\drivers\pciide.sys
19:58:42.0318 0x1d8c  pciide - ok
19:58:42.0322 0x1d8c  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:58:42.0331 0x1d8c  pcmcia - ok
19:58:42.0335 0x1d8c  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:58:42.0343 0x1d8c  pcw - ok
19:58:42.0347 0x1d8c  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\Windows\system32\drivers\pdc.sys
19:58:42.0355 0x1d8c  pdc - ok
19:58:42.0376 0x1d8c  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:58:42.0406 0x1d8c  PEAUTH - ok
19:58:42.0410 0x1d8c  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
19:58:42.0419 0x1d8c  percsas2i - ok
19:58:42.0423 0x1d8c  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
19:58:42.0430 0x1d8c  percsas3i - ok
19:58:42.0450 0x1d8c  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:58:42.0459 0x1d8c  PerfHost - ok
19:58:42.0477 0x1d8c  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\Windows\System32\PhoneService.dll
19:58:42.0507 0x1d8c  PhoneSvc - ok
19:58:42.0513 0x1d8c  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
19:58:42.0527 0x1d8c  PimIndexMaintenanceSvc - ok
19:58:42.0556 0x1d8c  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\Windows\system32\pla.dll
19:58:42.0602 0x1d8c  pla - ok
19:58:42.0608 0x1d8c  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:58:42.0624 0x1d8c  PlugPlay - ok
19:58:42.0627 0x1d8c  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:58:42.0637 0x1d8c  PNRPAutoReg - ok
19:58:42.0646 0x1d8c  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
         

Alt 17.02.2017, 02:07   #10
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



und hier der zweite Teil von TDS Killer

Code:
ATTFilter
19:58:42.0663 0x1d8c  PNRPsvc - ok
19:58:42.0673 0x1d8c  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:58:42.0693 0x1d8c  PolicyAgent - ok
19:58:42.0699 0x1d8c  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\Windows\system32\umpo.dll
19:58:42.0711 0x1d8c  Power - ok
19:58:42.0716 0x1d8c  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
19:58:42.0730 0x1d8c  PptpMiniport - ok
19:58:42.0787 0x1d8c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
19:58:42.0877 0x1d8c  PrintNotify - ok
19:58:42.0886 0x1d8c  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\Windows\System32\drivers\processr.sys
19:58:42.0897 0x1d8c  Processor - ok
19:58:42.0908 0x1d8c  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:58:42.0927 0x1d8c  ProfSvc - ok
19:58:42.0932 0x1d8c  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\Windows\system32\drivers\pacer.sys
19:58:42.0942 0x1d8c  Psched - ok
19:58:42.0983 0x1d8c  [ 75FFEA6D90AE32FCFB618A8CE39BA151, ABB0CABF6F6A9B7EF0D39BCEEFBAAAB1DB79EDFECE3099803D96CAFAD4276A61 ] Qcamain10x64    C:\Windows\System32\drivers\Qcamain10x64.sys
19:58:43.0040 0x1d8c  Qcamain10x64 - ok
19:58:43.0051 0x1d8c  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\Windows\system32\qwave.dll
19:58:43.0072 0x1d8c  QWAVE - ok
19:58:43.0077 0x1d8c  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:58:43.0089 0x1d8c  QWAVEdrv - ok
19:58:43.0094 0x1d8c  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:58:43.0106 0x1d8c  RasAcd - ok
19:58:43.0117 0x1d8c  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
19:58:43.0131 0x1d8c  RasAgileVpn - ok
19:58:43.0137 0x1d8c  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\Windows\System32\rasauto.dll
19:58:43.0151 0x1d8c  RasAuto - ok
19:58:43.0156 0x1d8c  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
19:58:43.0171 0x1d8c  Rasl2tp - ok
19:58:43.0188 0x1d8c  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\Windows\System32\rasmans.dll
19:58:43.0214 0x1d8c  RasMan - ok
19:58:43.0219 0x1d8c  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\Windows\System32\drivers\raspppoe.sys
19:58:43.0230 0x1d8c  RasPppoe - ok
19:58:43.0237 0x1d8c  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
19:58:43.0254 0x1d8c  RasSstp - ok
19:58:43.0267 0x1d8c  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:58:43.0285 0x1d8c  rdbss - ok
19:58:43.0290 0x1d8c  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
19:58:43.0300 0x1d8c  rdpbus - ok
19:58:43.0309 0x1d8c  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:58:43.0323 0x1d8c  RDPDR - ok
19:58:43.0332 0x1d8c  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:58:43.0342 0x1d8c  RdpVideoMiniport - ok
19:58:43.0351 0x1d8c  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:58:43.0366 0x1d8c  rdyboost - ok
19:58:43.0388 0x1d8c  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
19:58:43.0416 0x1d8c  ReFSv1 - ok
19:58:43.0428 0x1d8c  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:58:43.0449 0x1d8c  RemoteAccess - ok
19:58:43.0455 0x1d8c  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:58:43.0472 0x1d8c  RemoteRegistry - ok
19:58:43.0486 0x1d8c  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\Windows\system32\RDXService.dll
19:58:43.0512 0x1d8c  RetailDemo - ok
19:58:43.0520 0x1d8c  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
19:58:43.0535 0x1d8c  RFCOMM - ok
19:58:43.0542 0x1d8c  [ 7ADF6A8AB2596FD91C08E8F387266FD0, CDC58ED2B15B7209A46E0523F8F061D5A638B19CEFFC4010E5D3E3A071221B51 ] RfeCoSvc        C:\Windows\system32\DRIVERS\RfeCo10X64.sys
19:58:43.0548 0x1d8c  RfeCoSvc - ok
19:58:43.0558 0x1d8c  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\Windows\System32\RMapi.dll
19:58:43.0574 0x1d8c  RmSvc - ok
19:58:43.0581 0x1d8c  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:58:43.0597 0x1d8c  RpcEptMapper - ok
19:58:43.0602 0x1d8c  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\Windows\system32\locator.exe
19:58:43.0615 0x1d8c  RpcLocator - ok
19:58:43.0634 0x1d8c  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\Windows\system32\rpcss.dll
19:58:43.0668 0x1d8c  RpcSs - ok
19:58:43.0674 0x1d8c  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\Windows\system32\drivers\rspndr.sys
19:58:43.0685 0x1d8c  rspndr - ok
19:58:43.0701 0x1d8c  [ 96CB7822C76EC1F24909D58350DA7DA7, 9F98CA000E24C40EBB2CE89D9547D05AF9D871E231BA30D6FD613D19F97A7355 ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
19:58:43.0720 0x1d8c  RTSPER - ok
19:58:43.0724 0x1d8c  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
19:58:43.0733 0x1d8c  s3cap - ok
19:58:43.0736 0x1d8c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\Windows\system32\lsass.exe
19:58:43.0745 0x1d8c  SamSs - ok
19:58:43.0751 0x1d8c  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:58:43.0759 0x1d8c  sbp2port - ok
19:58:43.0768 0x1d8c  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:58:43.0784 0x1d8c  SCardSvr - ok
19:58:43.0790 0x1d8c  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
19:58:43.0805 0x1d8c  ScDeviceEnum - ok
19:58:43.0808 0x1d8c  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:58:43.0818 0x1d8c  scfilter - ok
19:58:43.0837 0x1d8c  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\Windows\system32\schedsvc.dll
19:58:43.0874 0x1d8c  Schedule - ok
19:58:43.0879 0x1d8c  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\Windows\system32\drivers\scmbus.sys
19:58:43.0888 0x1d8c  scmbus - ok
19:58:43.0894 0x1d8c  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\Windows\System32\drivers\scmdisk0101.sys
19:58:43.0905 0x1d8c  scmdisk0101 - ok
19:58:43.0911 0x1d8c  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:58:43.0925 0x1d8c  SCPolicySvc - ok
19:58:43.0933 0x1d8c  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\Windows\System32\drivers\sdbus.sys
19:58:43.0945 0x1d8c  sdbus - ok
19:58:43.0952 0x1d8c  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:58:43.0966 0x1d8c  SDRSVC - ok
19:58:43.0970 0x1d8c  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
19:58:43.0981 0x1d8c  sdstor - ok
19:58:43.0984 0x1d8c  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\Windows\system32\seclogon.dll
19:58:43.0994 0x1d8c  seclogon - ok
19:58:43.0998 0x1d8c  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\Windows\System32\sens.dll
19:58:44.0017 0x1d8c  SENS - ok
19:58:44.0052 0x1d8c  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\Windows\System32\SensorDataService.exe
19:58:44.0096 0x1d8c  SensorDataService - ok
19:58:44.0110 0x1d8c  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\Windows\system32\SensorService.dll
19:58:44.0129 0x1d8c  SensorService - ok
19:58:44.0136 0x1d8c  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:58:44.0149 0x1d8c  SensrSvc - ok
19:58:44.0154 0x1d8c  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
19:58:44.0161 0x1d8c  SerCx - ok
19:58:44.0167 0x1d8c  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
19:58:44.0176 0x1d8c  SerCx2 - ok
19:58:44.0179 0x1d8c  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\Windows\System32\drivers\serenum.sys
19:58:44.0188 0x1d8c  Serenum - ok
19:58:44.0192 0x1d8c  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\Windows\System32\drivers\serial.sys
19:58:44.0203 0x1d8c  Serial - ok
19:58:44.0206 0x1d8c  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\Windows\System32\drivers\sermouse.sys
19:58:44.0214 0x1d8c  sermouse - ok
19:58:44.0228 0x1d8c  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\Windows\system32\sessenv.dll
19:58:44.0246 0x1d8c  SessionEnv - ok
19:58:44.0251 0x1d8c  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
19:58:44.0260 0x1d8c  sfloppy - ok
19:58:44.0271 0x1d8c  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:58:44.0293 0x1d8c  SharedAccess - ok
19:58:44.0308 0x1d8c  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:58:44.0337 0x1d8c  ShellHWDetection - ok
19:58:44.0343 0x1d8c  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\Windows\system32\Windows.SharedPC.AccountManager.dll
19:58:44.0357 0x1d8c  shpamsvc - ok
19:58:44.0361 0x1d8c  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:58:44.0369 0x1d8c  SiSRaid2 - ok
19:58:44.0372 0x1d8c  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:58:44.0382 0x1d8c  SiSRaid4 - ok
19:58:44.0390 0x1d8c  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:58:44.0402 0x1d8c  SkypeUpdate - ok
19:58:44.0409 0x1d8c  [ DDACBE2EFD5143E24EE59B0F460F25BA, 6637E0D664DA4BA2BFDB0B95545F902DC20527EE89D42C84579182A4553DD126 ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
19:58:44.0415 0x1d8c  SmbDrv - ok
19:58:44.0418 0x1d8c  [ 6E8FFE699A6374DEE76056E907841EA4, 5C0098287251B91A38A1992E6FBCCA2540892D44E4A0D85CD7990E860531F35A ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
19:58:44.0423 0x1d8c  SmbDrvI - ok
19:58:44.0427 0x1d8c  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\Windows\System32\smphost.dll
19:58:44.0437 0x1d8c  smphost - ok
19:58:44.0451 0x1d8c  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
19:58:44.0476 0x1d8c  SmsRouter - ok
19:58:44.0481 0x1d8c  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:58:44.0491 0x1d8c  SNMPTRAP - ok
19:58:44.0503 0x1d8c  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\Windows\system32\drivers\spaceport.sys
19:58:44.0521 0x1d8c  spaceport - ok
19:58:44.0527 0x1d8c  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
19:58:44.0536 0x1d8c  SpbCx - ok
19:58:44.0552 0x1d8c  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\Windows\System32\spoolsv.exe
19:58:44.0581 0x1d8c  Spooler - ok
19:58:44.0673 0x1d8c  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:58:44.0786 0x1d8c  sppsvc - ok
19:58:44.0802 0x1d8c  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:58:44.0820 0x1d8c  srv - ok
19:58:44.0836 0x1d8c  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:58:44.0862 0x1d8c  srv2 - ok
19:58:44.0870 0x1d8c  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:58:44.0886 0x1d8c  srvnet - ok
19:58:44.0890 0x1d8c  [ AFC159BDB8CD5A804D015D8A3624ECC6, 863150170D7F84D793C7CECD40439A5B46D337A8B904183ED8C53FDA9FB71091 ] ssdevfactory    C:\Windows\System32\drivers\ssdevfactory.sys
19:58:44.0895 0x1d8c  ssdevfactory - ok
19:58:44.0904 0x1d8c  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:58:44.0919 0x1d8c  SSDPSRV - ok
19:58:44.0923 0x1d8c  [ EB6CA2EC412203040E8C4A1438FE06CA, DB11D1956B6D5AED66A1E7F98EF889529137714E6FE697FAEE50CFBA3BD4011A ] sshid           C:\Windows\System32\drivers\sshid.sys
19:58:44.0928 0x1d8c  sshid - ok
19:58:44.0933 0x1d8c  [ 7A99510EFC61C305CF61F44B6859E075, 7C97189B52A142E3EED7ED121D1629D4F1A015B04EFCB008FA822FDE14666468 ] ssps2           C:\Windows\System32\drivers\ssps2.sys
19:58:44.0938 0x1d8c  ssps2 - ok
19:58:44.0944 0x1d8c  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:58:44.0959 0x1d8c  SstpSvc - ok
19:58:45.0030 0x1d8c  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\Windows\system32\windows.staterepository.dll
19:58:45.0142 0x1d8c  StateRepository - ok
19:58:45.0176 0x1d8c  [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:58:45.0203 0x1d8c  Steam Client Service - ok
19:58:45.0207 0x1d8c  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:58:45.0216 0x1d8c  stexstor - ok
19:58:45.0230 0x1d8c  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\Windows\System32\wiaservc.dll
19:58:45.0256 0x1d8c  stisvc - ok
19:58:45.0262 0x1d8c  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\Windows\system32\drivers\storahci.sys
19:58:45.0271 0x1d8c  storahci - ok
19:58:45.0275 0x1d8c  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:58:45.0284 0x1d8c  storflt - ok
19:58:45.0288 0x1d8c  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\Windows\system32\drivers\stornvme.sys
19:58:45.0297 0x1d8c  stornvme - ok
19:58:45.0301 0x1d8c  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
19:58:45.0311 0x1d8c  storqosflt - ok
19:58:45.0322 0x1d8c  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\Windows\system32\storsvc.dll
19:58:45.0341 0x1d8c  StorSvc - ok
19:58:45.0344 0x1d8c  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\Windows\system32\drivers\storufs.sys
19:58:45.0352 0x1d8c  storufs - ok
19:58:45.0355 0x1d8c  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:58:45.0362 0x1d8c  storvsc - ok
19:58:45.0366 0x1d8c  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\Windows\system32\svsvc.dll
19:58:45.0378 0x1d8c  svsvc - ok
19:58:45.0381 0x1d8c  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\Windows\System32\drivers\swenum.sys
19:58:45.0389 0x1d8c  swenum - ok
19:58:45.0400 0x1d8c  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\Windows\System32\swprv.dll
19:58:45.0423 0x1d8c  swprv - ok
19:58:45.0427 0x1d8c  [ E542C084F75E441550FB5D27B3557E96, 61691BD0587CD11DBA674F1C48F4C50049D964DC1C8B949925EA51097B89AA14 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:58:45.0434 0x1d8c  SymEvent - ok
19:58:45.0438 0x1d8c  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
19:58:45.0448 0x1d8c  Synth3dVsc - ok
19:58:45.0466 0x1d8c  [ CF5FA695682D9C3305C67FD2A1B22478, DB8B28D569B9CE36A4816C3FC5E63BDCA1847C1CE061FC2AC37FCBCA6D2E036B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:58:45.0486 0x1d8c  SynTP - ok
19:58:45.0494 0x1d8c  [ 7C5A6BDF05A77BFB37FB0071E3810E65, E67A601405B77550547ABD4B6FB1A99ADFA956314BFF9A3C35B42945B00175A2 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
19:58:45.0503 0x1d8c  SynTPEnhService - ok
19:58:45.0522 0x1d8c  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\Windows\system32\sysmain.dll
19:58:45.0559 0x1d8c  SysMain - ok
19:58:45.0569 0x1d8c  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:58:45.0589 0x1d8c  SystemEventsBroker - ok
19:58:45.0594 0x1d8c  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:58:45.0607 0x1d8c  TabletInputService - ok
19:58:45.0615 0x1d8c  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:58:45.0633 0x1d8c  TapiSrv - ok
19:58:45.0674 0x1d8c  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:58:45.0729 0x1d8c  Tcpip - ok
19:58:45.0774 0x1d8c  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
19:58:45.0827 0x1d8c  Tcpip6 - ok
19:58:45.0835 0x1d8c  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:58:45.0845 0x1d8c  tcpipreg - ok
19:58:45.0852 0x1d8c  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:58:45.0864 0x1d8c  tdx - ok
19:58:45.0868 0x1d8c  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
19:58:45.0876 0x1d8c  terminpt - ok
19:58:45.0894 0x1d8c  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\Windows\System32\termsrv.dll
19:58:45.0929 0x1d8c  TermService - ok
19:58:45.0935 0x1d8c  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\Windows\system32\themeservice.dll
19:58:45.0951 0x1d8c  Themes - ok
19:58:45.0959 0x1d8c  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
19:58:45.0979 0x1d8c  TieringEngineService - ok
19:58:45.0991 0x1d8c  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
19:58:46.0015 0x1d8c  tiledatamodelsvc - ok
19:58:46.0021 0x1d8c  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\Windows\System32\TimeBrokerServer.dll
19:58:46.0034 0x1d8c  TimeBrokerSvc - ok
19:58:46.0040 0x1d8c  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\Windows\System32\drivers\tpm.sys
19:58:46.0053 0x1d8c  TPM - ok
19:58:46.0057 0x1d8c  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\Windows\System32\trkwks.dll
19:58:46.0070 0x1d8c  TrkWks - ok
19:58:46.0074 0x1d8c  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:58:46.0085 0x1d8c  TrustedInstaller - ok
19:58:46.0091 0x1d8c  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
19:58:46.0100 0x1d8c  tsusbflt - ok
19:58:46.0103 0x1d8c  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
19:58:46.0112 0x1d8c  TsUsbGD - ok
19:58:46.0117 0x1d8c  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\Windows\System32\drivers\tunnel.sys
19:58:46.0129 0x1d8c  tunnel - ok
19:58:46.0134 0x1d8c  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
19:58:46.0145 0x1d8c  tzautoupdate - ok
19:58:46.0150 0x1d8c  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
19:58:46.0158 0x1d8c  UASPStor - ok
19:58:46.0162 0x1d8c  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
19:58:46.0172 0x1d8c  UcmCx0101 - ok
19:58:46.0176 0x1d8c  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\Windows\system32\Drivers\UcmTcpciCx.sys
19:58:46.0187 0x1d8c  UcmTcpciCx0101 - ok
19:58:46.0190 0x1d8c  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
19:58:46.0200 0x1d8c  UcmUcsi - ok
19:58:46.0206 0x1d8c  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
19:58:46.0217 0x1d8c  Ucx01000 - ok
19:58:46.0220 0x1d8c  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
19:58:46.0229 0x1d8c  UdeCx - ok
19:58:46.0238 0x1d8c  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:58:46.0257 0x1d8c  udfs - ok
19:58:46.0260 0x1d8c  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
19:58:46.0268 0x1d8c  UEFI - ok
19:58:46.0275 0x1d8c  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
19:58:46.0287 0x1d8c  Ufx01000 - ok
19:58:46.0291 0x1d8c  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
19:58:46.0300 0x1d8c  UfxChipidea - ok
19:58:46.0305 0x1d8c  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
19:58:46.0314 0x1d8c  ufxsynopsys - ok
19:58:46.0320 0x1d8c  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:58:46.0332 0x1d8c  UI0Detect - ok
19:58:46.0335 0x1d8c  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\Windows\System32\drivers\umbus.sys
19:58:46.0345 0x1d8c  umbus - ok
19:58:46.0348 0x1d8c  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\Windows\System32\drivers\umpass.sys
19:58:46.0357 0x1d8c  UmPass - ok
19:58:46.0365 0x1d8c  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:58:46.0380 0x1d8c  UmRdpService - ok
19:58:46.0408 0x1d8c  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\Windows\System32\unistore.dll
19:58:46.0451 0x1d8c  UnistoreSvc - ok
19:58:46.0464 0x1d8c  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\Windows\System32\upnphost.dll
19:58:46.0489 0x1d8c  upnphost - ok
19:58:46.0494 0x1d8c  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
19:58:46.0501 0x1d8c  UrsChipidea - ok
19:58:46.0505 0x1d8c  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
19:58:46.0514 0x1d8c  UrsCx01000 - ok
19:58:46.0517 0x1d8c  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
19:58:46.0524 0x1d8c  UrsSynopsys - ok
19:58:46.0530 0x1d8c  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
19:58:46.0539 0x1d8c  usbccgp - ok
19:58:46.0544 0x1d8c  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\Windows\System32\drivers\usbcir.sys
19:58:46.0555 0x1d8c  usbcir - ok
19:58:46.0559 0x1d8c  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
19:58:46.0568 0x1d8c  usbehci - ok
19:58:46.0579 0x1d8c  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
19:58:46.0595 0x1d8c  usbhub - ok
19:58:46.0608 0x1d8c  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
19:58:46.0628 0x1d8c  USBHUB3 - ok
19:58:46.0633 0x1d8c  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
19:58:46.0641 0x1d8c  usbohci - ok
19:58:46.0644 0x1d8c  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
19:58:46.0653 0x1d8c  usbprint - ok
19:58:46.0657 0x1d8c  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\Windows\System32\drivers\usbser.sys
19:58:46.0667 0x1d8c  usbser - ok
19:58:46.0671 0x1d8c  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
19:58:46.0681 0x1d8c  USBSTOR - ok
19:58:46.0685 0x1d8c  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
19:58:46.0693 0x1d8c  usbuhci - ok
19:58:46.0700 0x1d8c  [ B4F448F2424492F99F83D3676A453553, 42F1396616EA93BF91EA847B185C321B189F1A5138CA19D22397E8DB6D576973 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:58:46.0716 0x1d8c  usbvideo - ok
19:58:46.0725 0x1d8c  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
19:58:46.0740 0x1d8c  USBXHCI - ok
19:58:46.0766 0x1d8c  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\Windows\System32\userdataservice.dll
19:58:46.0812 0x1d8c  UserDataSvc - ok
19:58:46.0834 0x1d8c  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\Windows\System32\usermgr.dll
19:58:46.0870 0x1d8c  UserManager - ok
19:58:46.0882 0x1d8c  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\Windows\system32\usocore.dll
19:58:46.0906 0x1d8c  UsoSvc - ok
19:58:46.0910 0x1d8c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\Windows\system32\lsass.exe
19:58:46.0918 0x1d8c  VaultSvc - ok
19:58:46.0922 0x1d8c  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:58:46.0930 0x1d8c  vdrvroot - ok
19:58:46.0944 0x1d8c  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\Windows\System32\vds.exe
19:58:46.0972 0x1d8c  vds - ok
19:58:46.0981 0x1d8c  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
19:58:46.0991 0x1d8c  VerifierExt - ok
19:58:47.0006 0x1d8c  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
19:58:47.0027 0x1d8c  vhdmp - ok
19:58:47.0031 0x1d8c  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\Windows\System32\drivers\vhf.sys
19:58:47.0040 0x1d8c  vhf - ok
19:58:47.0044 0x1d8c  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:58:47.0053 0x1d8c  vmbus - ok
19:58:47.0056 0x1d8c  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
19:58:47.0065 0x1d8c  VMBusHID - ok
19:58:47.0068 0x1d8c  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\Windows\System32\drivers\vmgid.sys
19:58:47.0076 0x1d8c  vmgid - ok
19:58:47.0084 0x1d8c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\Windows\System32\icsvc.dll
19:58:47.0104 0x1d8c  vmicguestinterface - ok
19:58:47.0115 0x1d8c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\Windows\System32\icsvc.dll
19:58:47.0133 0x1d8c  vmicheartbeat - ok
19:58:47.0141 0x1d8c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\Windows\System32\icsvc.dll
19:58:47.0158 0x1d8c  vmickvpexchange - ok
19:58:47.0168 0x1d8c  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\Windows\System32\icsvcext.dll
19:58:47.0190 0x1d8c  vmicrdv - ok
19:58:47.0200 0x1d8c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\Windows\System32\icsvc.dll
19:58:47.0218 0x1d8c  vmicshutdown - ok
19:58:47.0226 0x1d8c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\Windows\System32\icsvc.dll
19:58:47.0242 0x1d8c  vmictimesync - ok
19:58:47.0249 0x1d8c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\Windows\System32\icsvc.dll
19:58:47.0265 0x1d8c  vmicvmsession - ok
19:58:47.0273 0x1d8c  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\Windows\System32\icsvcext.dll
19:58:47.0291 0x1d8c  vmicvss - ok
19:58:47.0297 0x1d8c  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:58:47.0306 0x1d8c  volmgr - ok
19:58:47.0316 0x1d8c  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:58:47.0329 0x1d8c  volmgrx - ok
19:58:47.0338 0x1d8c  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:58:47.0352 0x1d8c  volsnap - ok
19:58:47.0355 0x1d8c  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\Windows\system32\drivers\volume.sys
19:58:47.0362 0x1d8c  volume - ok
19:58:47.0367 0x1d8c  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\Windows\System32\drivers\vpci.sys
19:58:47.0377 0x1d8c  vpci - ok
19:58:47.0384 0x1d8c  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:58:47.0394 0x1d8c  vsmraid - ok
19:58:47.0420 0x1d8c  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\Windows\system32\vssvc.exe
19:58:47.0467 0x1d8c  VSS - ok
19:58:47.0477 0x1d8c  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
19:58:47.0490 0x1d8c  VSTXRAID - ok
19:58:47.0493 0x1d8c  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:58:47.0503 0x1d8c  vwifibus - ok
19:58:47.0507 0x1d8c  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
19:58:47.0517 0x1d8c  vwififlt - ok
19:58:47.0521 0x1d8c  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\Windows\System32\drivers\vwifimp.sys
19:58:47.0530 0x1d8c  vwifimp - ok
19:58:47.0541 0x1d8c  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\Windows\system32\w32time.dll
19:58:47.0564 0x1d8c  W32Time - ok
19:58:47.0568 0x1d8c  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
19:58:47.0577 0x1d8c  WacomPen - ok
19:58:47.0587 0x1d8c  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\Windows\system32\WalletService.dll
19:58:47.0606 0x1d8c  WalletService - ok
19:58:47.0610 0x1d8c  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:58:47.0626 0x1d8c  wanarp - ok
19:58:47.0629 0x1d8c  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:58:47.0644 0x1d8c  wanarpv6 - ok
19:58:47.0674 0x1d8c  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\Windows\system32\wbengine.exe
19:58:47.0720 0x1d8c  wbengine - ok
19:58:47.0740 0x1d8c  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:58:47.0770 0x1d8c  WbioSrvc - ok
19:58:47.0775 0x1d8c  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\Windows\system32\drivers\wcifs.sys
19:58:47.0784 0x1d8c  wcifs - ok
19:58:47.0799 0x1d8c  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
19:58:47.0830 0x1d8c  Wcmsvc - ok
19:58:47.0842 0x1d8c  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:58:47.0861 0x1d8c  wcncsvc - ok
19:58:47.0866 0x1d8c  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\Windows\system32\drivers\wcnfs.sys
19:58:47.0876 0x1d8c  wcnfs - ok
19:58:47.0879 0x1d8c  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
19:58:47.0888 0x1d8c  WdBoot - ok
19:58:47.0905 0x1d8c  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:58:47.0925 0x1d8c  Wdf01000 - ok
19:58:47.0933 0x1d8c  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
19:58:47.0945 0x1d8c  WdFilter - ok
19:58:47.0952 0x1d8c  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:58:47.0966 0x1d8c  WdiServiceHost - ok
19:58:47.0970 0x1d8c  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:58:47.0984 0x1d8c  WdiSystemHost - ok
19:58:48.0000 0x1d8c  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
19:58:48.0026 0x1d8c  wdiwifi - ok
19:58:48.0033 0x1d8c  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
19:58:48.0042 0x1d8c  WdNisDrv - ok
19:58:48.0044 0x1d8c  WdNisSvc - ok
19:58:48.0051 0x1d8c  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\Windows\System32\webclnt.dll
19:58:48.0070 0x1d8c  WebClient - ok
19:58:48.0076 0x1d8c  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:58:48.0093 0x1d8c  Wecsvc - ok
19:58:48.0096 0x1d8c  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
19:58:48.0108 0x1d8c  WEPHOSTSVC - ok
19:58:48.0112 0x1d8c  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:58:48.0127 0x1d8c  wercplsupport - ok
19:58:48.0132 0x1d8c  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:58:48.0147 0x1d8c  WerSvc - ok
19:58:48.0153 0x1d8c  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
19:58:48.0163 0x1d8c  WFPLWFS - ok
19:58:48.0168 0x1d8c  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\Windows\System32\wiarpc.dll
19:58:48.0180 0x1d8c  WiaRpc - ok
19:58:48.0184 0x1d8c  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:58:48.0192 0x1d8c  WIMMount - ok
19:58:48.0194 0x1d8c  WinDefend - ok
19:58:48.0204 0x1d8c  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
19:58:48.0213 0x1d8c  WindowsTrustedRT - ok
19:58:48.0216 0x1d8c  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
19:58:48.0224 0x1d8c  WindowsTrustedRTProxy - ok
19:58:48.0241 0x1d8c  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:58:48.0272 0x1d8c  WinHttpAutoProxySvc - ok
19:58:48.0277 0x1d8c  [ E815503BDE35026051EB701ACA72B296, 5541FBDA961B403F88BAF720840AB8DF2C96A382CDF97132A5C6A05A5F105E70 ] WINIO           C:\Program Files (x86)\MSI\Dragon Center\winio64.sys
19:58:48.0282 0x1d8c  WINIO - ok
19:58:48.0285 0x1d8c  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\Windows\System32\drivers\winmad.sys
19:58:48.0292 0x1d8c  WinMad - ok
19:58:48.0303 0x1d8c  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:58:48.0318 0x1d8c  Winmgmt - ok
19:58:48.0365 0x1d8c  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:58:48.0443 0x1d8c  WinRM - ok
19:58:48.0455 0x1d8c  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
19:58:48.0466 0x1d8c  WINUSB - ok
19:58:48.0470 0x1d8c  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
19:58:48.0477 0x1d8c  WinVerbs - ok
19:58:48.0492 0x1d8c  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\Windows\system32\flightsettings.dll
19:58:48.0517 0x1d8c  wisvc - ok
19:58:48.0557 0x1d8c  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\Windows\System32\wlansvc.dll
19:58:48.0627 0x1d8c  WlanSvc - ok
19:58:48.0667 0x1d8c  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
19:58:48.0727 0x1d8c  wlidsvc - ok
19:58:48.0734 0x1d8c  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
19:58:48.0743 0x1d8c  WmiAcpi - ok
19:58:48.0751 0x1d8c  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:58:48.0765 0x1d8c  wmiApSrv - ok
19:58:48.0767 0x1d8c  WMPNetworkSvc - ok
19:58:48.0773 0x1d8c  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\Windows\system32\drivers\Wof.sys
19:58:48.0785 0x1d8c  Wof - ok
19:58:48.0819 0x1d8c  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
19:58:48.0873 0x1d8c  workfolderssvc - ok
19:58:48.0880 0x1d8c  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:58:48.0892 0x1d8c  WPDBusEnum - ok
19:58:48.0895 0x1d8c  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
19:58:48.0904 0x1d8c  WpdUpFltr - ok
19:58:48.0911 0x1d8c  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\Windows\system32\WpnService.dll
19:58:48.0926 0x1d8c  WpnService - ok
19:58:48.0930 0x1d8c  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\Windows\System32\WpnUserService.dll
19:58:48.0942 0x1d8c  WpnUserService - ok
19:58:48.0948 0x1d8c  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:58:48.0956 0x1d8c  ws2ifsl - ok
19:58:48.0963 0x1d8c  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:58:48.0976 0x1d8c  wscsvc - ok
19:58:48.0979 0x1d8c  WSearch - ok
19:58:48.0984 0x1d8c  [ 89DCE82232B4C03A7E0ED75CD663B653, D1996163EB971E6A10583E7D97097AE514702DBEDCEC0F76C3A3758BBA7C8034 ] WtfEngineDrv    C:\Windows\system32\DRIVERS\WtfEngineDrv.sys
19:58:48.0989 0x1d8c  WtfEngineDrv - ok
19:58:49.0030 0x1d8c  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\Windows\system32\wuaueng.dll
19:58:49.0098 0x1d8c  wuauserv - ok
19:58:49.0106 0x1d8c  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:58:49.0118 0x1d8c  WudfPf - ok
19:58:49.0126 0x1d8c  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
19:58:49.0140 0x1d8c  WUDFRd - ok
19:58:49.0145 0x1d8c  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:58:49.0159 0x1d8c  wudfsvc - ok
19:58:49.0165 0x1d8c  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:49.0180 0x1d8c  WUDFWpdFs - ok
19:58:49.0204 0x1d8c  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:58:49.0246 0x1d8c  WwanSvc - ok
19:58:49.0270 0x1d8c  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
19:58:49.0305 0x1d8c  XblAuthManager - ok
19:58:49.0328 0x1d8c  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
19:58:49.0367 0x1d8c  XblGameSave - ok
19:58:49.0376 0x1d8c  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
19:58:49.0390 0x1d8c  xboxgip - ok
19:58:49.0409 0x1d8c  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
19:58:49.0450 0x1d8c  XboxNetApiSvc - ok
19:58:49.0454 0x1d8c  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
19:58:49.0464 0x1d8c  xinputhid - ok
19:58:49.0469 0x1d8c  [ C1D83317310C9470DF3CD7BB22AA874E, 33BABFB957363DA1D333745033F655DD8EAA1DABEBCA09FC728FF1A87622BE52 ] XTU3SERVICE     C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
19:58:49.0474 0x1d8c  XTU3SERVICE - ok
19:58:49.0479 0x1d8c  [ 127702D90B07657E8421817D2D50A097, 3969817D67C21D7D4E146BC137557C62AB22FEC2FA55D36177D781BE83D3573B ] XtuAcpiDriver   C:\Windows\System32\drivers\XtuAcpiDriver.sys
19:58:49.0490 0x1d8c  XtuAcpiDriver - ok
19:58:49.0491 0x1d8c  ================ Scan global ===============================
19:58:49.0496 0x1d8c  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\Windows\system32\basesrv.dll
19:58:49.0502 0x1d8c  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\Windows\system32\winsrv.dll
19:58:49.0509 0x1d8c  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\Windows\system32\sxssrv.dll
19:58:49.0520 0x1d8c  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\Windows\system32\services.exe
19:58:49.0528 0x1d8c  [ Global ] - ok
19:58:49.0528 0x1d8c  ================ Scan MBR ==================================
19:58:49.0530 0x1d8c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:58:49.0554 0x1d8c  \Device\Harddisk0\DR0 - ok
19:58:49.0568 0x1d8c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:58:50.0663 0x1d8c  \Device\Harddisk1\DR1 - ok
19:58:50.0663 0x1d8c  ================ Scan VBR ==================================
19:58:50.0666 0x1d8c  [ 98342AEFBE984560E273C31CA4A17042 ] \Device\Harddisk0\DR0\Partition1
19:58:50.0667 0x1d8c  \Device\Harddisk0\DR0\Partition1 - ok
19:58:50.0668 0x1d8c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:58:50.0668 0x1d8c  \Device\Harddisk0\DR0\Partition2 - ok
19:58:50.0670 0x1d8c  [ 372D49346D46FEA56E7B008861927C81 ] \Device\Harddisk0\DR0\Partition3
19:58:50.0671 0x1d8c  \Device\Harddisk0\DR0\Partition3 - ok
19:58:50.0673 0x1d8c  [ F03D8EEFBE7274A51D94BAA027679D58 ] \Device\Harddisk0\DR0\Partition4
19:58:50.0674 0x1d8c  \Device\Harddisk0\DR0\Partition4 - ok
19:58:50.0689 0x1d8c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
19:58:50.0695 0x1d8c  \Device\Harddisk1\DR1\Partition1 - ok
19:58:50.0720 0x1d8c  [ 82E26109428D2ED80F754B25D729DD0C ] \Device\Harddisk1\DR1\Partition2
19:58:50.0766 0x1d8c  \Device\Harddisk1\DR1\Partition2 - ok
19:58:50.0766 0x1d8c  ================ Scan generic autorun ======================
19:58:50.0907 0x1d8c  [ 5F50B8C8BF2C8F50A819086F1EBB4CAD, BDD9D1B02EC909DD84890ADF0759D395CB06EF9FB7C2F81D1C5304837355F538 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:58:51.0052 0x1d8c  RTHDVCPL - ok
19:58:51.0064 0x1d8c  [ 6A20A9BFDCCF75CC83514B431E97C3F9, 5C0A232C44231DFC02B4E6E3D442A65B860209C8FF3C795D2D54830F19793CBD ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
19:58:51.0071 0x1d8c  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
19:58:51.0864 0x1d8c  Detect skipped due to KSN trusted
19:58:51.0864 0x1d8c  IAStorIcon - ok
19:58:51.0880 0x1d8c  [ 7964BF8D70539ABAEE812C26B308F4C3, 70E5CCF22F501B414CAC5D9C2F014BA8AAC5E6727E52D2AE920F26955B6E9E06 ] C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
19:58:51.0896 0x1d8c  Nahimic2UILauncher - ok
19:58:51.0971 0x1d8c  [ 1034796691CCBC39F4F4413497AA82D8, 390B33324108E3340B0C9B073DDAB78EC253CB3B0BAA0FBDD2A58BA6B4D81640 ] C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
19:58:52.0047 0x1d8c  MsiTrueColor - ok
19:58:52.0057 0x1d8c  [ 7C037BA077E9783C26E89544674927D9, 248406171AA6F53A91918A30A4DAD4D38979087B220CDC1AC0632ED2A19D0F1E ] C:\Program Files (x86)\SCM\SCM.exe
19:58:52.0066 0x1d8c  SCM - ok
19:58:52.0069 0x1d8c  [ C7645D43451C6D94D87F4D07BDE59C89, 495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3 ] C:\Windows\system32\rundll32.exe
19:58:52.0085 0x1d8c  ShadowPlay - ok
19:58:52.0085 0x1d8c  WindowsDefender - ok
19:58:52.0129 0x1d8c  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
19:58:52.0174 0x1d8c  Malwarebytes TrayApp - ok
19:58:52.0181 0x1d8c  [ 98BF3BE28076A0ACEE2082C4C9080D6D, 576D4BE0533F0ED491206722A36D4E8F01E900ADB545FAE9A65D669B512A2A39 ] C:\Users\ADMINI~1\AppData\Local\Temp\DeleteOnReboot.bat
19:58:52.0196 0x1d8c  DeleteOnReboot - detected UnsignedFile.Multi.Generic ( 1 )
19:58:52.0987 0x1d8c  DeleteOnReboot ( UnsignedFile.Multi.Generic ) - warning
19:58:54.0136 0x1d8c  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:58:54.0276 0x1d8c  OneDriveSetup - ok
19:58:54.0421 0x1d8c  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:58:54.0563 0x1d8c  OneDriveSetup - ok
19:58:54.0709 0x1d8c  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
19:58:54.0854 0x1d8c  OneDriveSetup - ok
19:58:54.0889 0x1d8c  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\MarkStrong\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:58:54.0920 0x1d8c  OneDrive - ok
19:58:54.0947 0x1d8c  [ 44348495F9D6ED21F4EFB3FF80677D99, 05B76248764B2BF7F9229626D7EFAFF96B724D38A82969EBE376CBE879E30450 ] C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
19:58:54.0975 0x1d8c  OneDrive - ok
19:58:54.0980 0x1d8c  Skype - ok
19:58:54.0982 0x1d8c  [ D246A5F3AC19B579D432D5CD88FAC845, 42976C6797A8426107B428E64309466EF32F438B459432D5FFB310F1F6D7DD42 ] C:\AdwCleaner\AdwCleaner[C0].txt
19:58:54.0985 0x1d8c  Report - detected UnsignedFile.Multi.Generic ( 1 )
19:58:56.0392 0x1d8c  Report ( UnsignedFile.Multi.Generic ) - warning
19:58:57.0141 0x1d8c  Waiting for KSN requests completion. In queue: 240
19:58:58.0154 0x1d8c  Waiting for KSN requests completion. In queue: 240
19:58:59.0178 0x1d8c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
19:58:59.0184 0x1d8c  Win FW state via NFP2: enabled ( trusted )
19:58:59.0655 0x1d8c  ============================================================
19:58:59.0655 0x1d8c  Scan finished
19:58:59.0655 0x1d8c  ============================================================
19:58:59.0665 0x1a98  Detected object count: 2
19:58:59.0665 0x1a98  Actual detected object count: 2
20:02:22.0102 0x1a98  DeleteOnReboot ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:22.0102 0x1a98  DeleteOnReboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:02:22.0102 0x1a98  Report ( UnsignedFile.Multi.Generic ) - skipped by user
20:02:22.0102 0x1a98  Report ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.02.2017, 20:46   #11
M-K-D-B
/// TB-Ausbilder
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Servus,



wenn du schon Tools wie AdwCleaner und MBAM ausführst, dann solltest du das
  • in deinem 1. Post erwähnen und
  • die dazugehörigen Logdateien posten

Bitte nachreichen.


Welche aktuellen Probleme hast du?
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 18.02.2017, 14:07   #12
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Hallo,

Adw Cleaner hat nichts gefunden. Hier unten ein aktueller Suchlauf.

Ich habe einen neuen MSI Laptop auf dem alle meine seit 20 Jahren eingescannten und gesammelten Bilder und Dokumente (1,2TB) sind die mir extrem viel bedeuten. Auf diesem neuen MSI habe Ich den Anhang der GEZ Email geöffnet und das Makro aktiviert. Man spuert bislang aber nichts vom Trojaner oder Virus.

Nach dem Oeffnen der GEZ-Mail habe Ich die 1,2TB Daten auf eine externe Festplatte kopiert und von da an meinen alten ASUS Laptop angeschlossen um auf Viren zu pruefen. Der Rechner war dabei ca. 18 Std ans Internet angeschlossen. Anschliessend liessen sich bestimmte hilfreiche Internet Seiten nicht mehr Oeffnen und er ist jetzt extrem langsam.

Die Dateien die Ich Dir geschickt habe stammen vom MSI Laptop, denn dieser ist fuer mich sehr wichtig wegen der Daten. Nach der Heilung des MSI wollte Ich den ASUS Laptop komplett neu aufsetzen und auch die externe Festplatte formatieren um eine saubere Umgebung zu haben.


Soll Ich FRST und TDS Killer auf dem ASUS ausfuehren und darf ich Dir die Ergebnisse hier posten?

Gruesse
Tobias


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 18/02/2017 um 07:57:40
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Lokal]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Administrator - MSI
# Gestartet von : C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

\AdwCleaner\AdwCleaner[C0].txt - [3554 Bytes] - [15/02/2017 20:50:54]
\AdwCleaner\AdwCleaner[S0].txt - [3324 Bytes] - [15/02/2017 20:49:09]
\AdwCleaner\AdwCleaner[S1].txt - [1484 Bytes] - [18/02/2017 07:41:48]
\AdwCleaner\AdwCleaner[S2].txt - [1407 Bytes] - [18/02/2017 07:57:40]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [1478 Bytes] ##########
         
--- --- ---

Alt 18.02.2017, 14:58   #13
M-K-D-B
/// TB-Ausbilder
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Servus,

wir beschränken uns jetzt auf den MSI Laptop, von dem du bereits die FRST Logdateien geschickt hast.

Wieso führst du AdwCleaner nochmal aus?
Zitat:
# AdwCleaner v6.043 - Bericht erstellt am 18/02/2017 um 07:57:40
Ich habe in meiner letzten Antwort nicht gesagt, dass du AdwCleaner jetzt/heute (18.02.) ausführen sollst, bitte genau lesen.



Du hast AdwCleaner bereits am 15.02. und MBAM am 13.02. selbst ausgeführt. Von diesen Suchläufen möchte ich gerne die Logdateien mit den Funden sehen... denn dort wurde bestimmt etwas gefunden (bei AdwCleaner wurde am 15.02. auf jeden Fall etwas gefunden, weil dein Rechner dabei neugestartet wurde).

Da du sowohl AdwCleaner als auch MBAM noch installiert hast, solltest du mir die Logdateien vom 15.02. (Adw) bzw. 13.02. (MBAM) ohne Probleme nachreichen können.




Außerdem bitte ich dich, MBAM und FRST nochmal auszuführen:


Schritt 1
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die alten Logdateien von AdwCleaner (15.02.) und MBAM (13.02.),
  • die neue/aktuelle Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 18.02.2017, 23:22   #14
Tobias1972
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Hallo,

vielen Dank fuer die schnelle Antwort. Hier ist das ADW-Cleaner File vom 15.02 ...

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 15/02/2017 um 20:49:09
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Administrator - MSI
# Gestartet von : C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Program Files\Reimage
Ordner Gefunden: C:\Program Files\reimage
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair


***** [ Dateien ] *****

Datei Gefunden: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
Datei Gefunden: C:\Windows\Reimage.ini
Datei Gefunden: C:\Users\ADMINI~1\AppData\Local\Temp\reimage.log
Datei Gefunden: C:\Users\ADMINI~1\AppData\Local\Temp\ReimagePackage.exe


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Aufgabe Gefunden: Reimage Reminder
Aufgabe Gefunden: Reimage Reminder
Aufgabe Gefunden: reimage reminder


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden: HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Reimage
Schlüssel Gefunden: HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: HKCU\Software\Reimage
Schlüssel Gefunden: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: [x64] HKCU\Software\Reimage
Schlüssel Gefunden: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

\AdwCleaner\AdwCleaner[S0].txt - [3152 Bytes] - [15/02/2017 20:49:09]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3223 Bytes] ##########
         
--- --- ---

[/CODE]

Hallo,

hier ist der Bericht von Malwarebytes vom 13.02.


Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 13.02.17
Scan-Zeit: 20:04
Protokolldatei: 
Administrator: Nein

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1064
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI\MarkStrong

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 444463
Abgelaufene Zeit: 1 Min., 7 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.DownloadSponsor, C:\USERS\MARKSTRONG\DOWNLOADS\STEAM - CHIP-INSTALLER.EXE, In Quarantäne, [643], [349501],1.0.1064

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
Hallo,

es war mir nicht moeglich die Malwarebytes-Datei als .txt auf dem Desktop zu Speichern. Ich erhalte beim Speichern zwar keine Fehlermeldung aber die Datei ist im Desktop nicht auffindbar. Ich kann das Protokoll nur als Zwischenablage hier einfuegen. Hier der aktuelle Malwarebytes Scan


Code:
ATTFilter
 

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 18.02.17
Scan-Zeit: 17:10
Protokolldatei: 
Administrator: Nein

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1295
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI\MarkStrong

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 449123
Abgelaufene Zeit: 2 Min., 11 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
Hallo,

hier das aktuelle FRST File ...


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
durchgeführt von Administrator (Administrator) auf MSI (18-02-2017 17:19:11)
Gestartet von C:\Users\MarkStrong\Desktop
Geladene Profile: MarkStrong & Administrator (Verfügbare Profile: defaultuser0 & MarkStrong & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16122.10271.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [693432 2016-10-07] ()
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [4811048 2016-09-09] (Portrait Displays, Inc.)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2016-08-19] (MSI)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat [480 2017-02-15] () <===== ACHTUNG
HKU\S-1-5-21-4218886898-41493801-728894-500\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2016-10-20]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-10-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{44c729b7-3a09-4761-bb9e-6fb3853c3b3d}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-4218886898-41493801-728894-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-4218886898-41493801-728894-1001 -> DefaultScope {FFD7DB1D-3F65-4AC8-A7C6-562077F48108} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation)
R2 Killer Network Service; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [1951456 2016-09-29] (Rivet Networks)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-08-19] (Micro-Star International Co., Ltd.) [Datei ist nicht signiert]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [180520 2016-09-09] (Portrait Displays, Inc.)
S2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [58296 2016-08-12] (Micro-Star INT'L CO., LTD.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2016-12-12] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [162120 2016-09-16] (Qualcomm Atheros, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_85330ff976332cdb\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-12-12] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [35272 2016-10-20] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-12-12] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2403248 2016-09-06] (Qualcomm Atheros, Inc.)
R2 RfeCoSvc; C:\Windows\system32\DRIVERS\RfeCo10X64.sys [87904 2016-09-29] (Rivet Networks, LLC.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [779232 2016-10-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-10-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-10-20] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2016-06-14] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52960 2016-10-04] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [33896 2016-06-14] (SteelSeries ApS)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-14] (Symantec Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()
R2 WtfEngineDrv; C:\Windows\system32\DRIVERS\WtfEngineDrv.sys [27904 2016-02-01] (AAA Internet Publishing, Inc.)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20161214.002\EX64.SYS [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-18 17:18 - 2017-02-18 17:18 - 00000000 ____D C:\Users\MarkStrong\Desktop\FRST-OlderVersion
2017-02-18 17:13 - 2017-02-18 17:13 - 00001234 _____ C:\Users\Administrator\Desktop\mbam.txt
2017-02-18 17:07 - 2017-02-18 17:07 - 00001339 _____ C:\Users\Administrator\Desktop\Malwarebytes 13.02.txt
2017-02-18 14:52 - 2017-02-18 14:52 - 00000000 ___HD C:\OneDriveTemp
2017-02-16 19:56 - 2017-02-16 20:18 - 00272742 _____ C:\TDSSKiller.3.1.0.12_16.02.2017_19.56.31_log.txt
2017-02-15 21:20 - 2017-02-15 21:21 - 00270548 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_21.20.37_log.txt
2017-02-15 20:56 - 2017-02-15 20:57 - 04747704 _____ (AO Kaspersky Lab) C:\Users\MarkStrong\Desktop\tdsskiller.exe
2017-02-15 20:55 - 2017-02-18 17:19 - 00018108 _____ C:\Users\MarkStrong\Desktop\FRST.txt
2017-02-15 20:55 - 2017-02-18 17:19 - 00000000 ____D C:\FRST
2017-02-15 20:55 - 2017-02-16 19:51 - 00059140 _____ C:\Users\MarkStrong\Desktop\Addition.txt
2017-02-15 20:54 - 2017-02-18 17:18 - 02422784 _____ (Farbar) C:\Users\MarkStrong\Desktop\FRST64.exe
2017-02-15 20:46 - 2017-02-18 07:57 - 00000000 ____D C:\AdwCleaner
2017-02-15 20:46 - 2017-02-15 20:46 - 04015056 _____ C:\Users\MarkStrong\Desktop\AdwCleaner_6.043.exe
2017-02-14 00:51 - 2017-02-14 00:52 - 00000000 ____D C:\ProgramData\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2017-02-14 00:51 - 2017-02-14 00:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2017-02-13 20:03 - 2017-02-17 09:38 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:03 - 2017-02-13 20:03 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 20:03 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:03 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-13 18:58 - 2017-02-13 18:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-13 18:00 - 2017-02-13 18:00 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\WinZip
2017-02-10 14:35 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 14:35 - 2017-01-20 09:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 14:35 - 2016-12-15 19:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 14:35 - 2016-12-15 19:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 14:35 - 2016-12-15 19:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 14:33 - 2017-01-23 19:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00946456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00944224 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00721952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00719160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00618232 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00573120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00483384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00447800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-10 14:33 - 2017-01-20 11:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-10 09:21 - 2017-02-10 09:23 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-03 15:55 - 2017-02-03 15:55 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Microsoft Help
2017-01-25 08:59 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-25 08:59 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-18 16:53 - 2016-08-01 17:28 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-18 16:39 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Skype
2017-02-18 16:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-18 14:56 - 2016-12-14 12:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-18 14:56 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 14:54 - 2016-12-20 18:36 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5ECB8719-0C45-4D0B-9E23-341326ED26A6}
2017-02-18 14:52 - 2016-12-14 10:14 - 00000000 ___RD C:\Users\MarkStrong\OneDrive
2017-02-18 14:52 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-18 14:51 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong
2017-02-18 09:59 - 2016-08-01 18:06 - 00615274 _____ C:\Windows\system32\perfh019.dat
2017-02-18 09:59 - 2016-08-01 18:06 - 00220106 _____ C:\Windows\system32\perfc019.dat
2017-02-18 09:59 - 2016-08-01 18:02 - 00723478 _____ C:\Windows\system32\prfh0816.dat
2017-02-18 09:59 - 2016-08-01 18:02 - 00241444 _____ C:\Windows\system32\prfc0816.dat
2017-02-18 09:59 - 2016-08-01 17:58 - 00746338 _____ C:\Windows\system32\perfh013.dat
2017-02-18 09:59 - 2016-08-01 17:58 - 00248602 _____ C:\Windows\system32\perfc013.dat
2017-02-18 09:59 - 2016-08-01 17:50 - 00724734 _____ C:\Windows\system32\perfh010.dat
2017-02-18 09:59 - 2016-08-01 17:50 - 00236370 _____ C:\Windows\system32\perfc010.dat
2017-02-18 09:59 - 2016-08-01 17:47 - 00744582 _____ C:\Windows\system32\perfh00C.dat
2017-02-18 09:59 - 2016-08-01 17:47 - 00242524 _____ C:\Windows\system32\perfc00C.dat
2017-02-18 09:59 - 2016-08-01 17:42 - 00738786 _____ C:\Windows\system32\perfh00A.dat
2017-02-18 09:59 - 2016-08-01 17:42 - 00246576 _____ C:\Windows\system32\perfc00A.dat
2017-02-18 09:59 - 2016-08-01 17:40 - 00785098 _____ C:\Windows\system32\perfh008.dat
2017-02-18 09:59 - 2016-08-01 17:40 - 00251570 _____ C:\Windows\system32\perfc008.dat
2017-02-18 09:59 - 2016-08-01 17:37 - 01098038 _____ C:\Windows\system32\perfh007.dat
2017-02-18 09:59 - 2016-08-01 17:37 - 00257978 _____ C:\Windows\system32\perfc007.dat
2017-02-18 09:59 - 2016-08-01 17:33 - 09488810 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-17 14:46 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-02-17 09:38 - 2016-08-01 17:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 09:37 - 2016-12-23 04:07 - 00006776 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-17 09:37 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-02-15 20:52 - 2016-12-23 04:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 20:50 - 2016-12-14 10:15 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\CrashDumps
2017-02-13 21:49 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-13 18:52 - 2016-12-14 10:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-13 18:52 - 2016-07-16 06:47 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-13 18:52 - 2016-07-16 01:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-02-13 18:00 - 2016-10-20 19:29 - 00000000 ____D C:\ProgramData\WinZip
2017-02-13 00:15 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 14:36 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:13 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA Corporation
2017-02-10 14:09 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\NVIDIA
2017-02-10 14:02 - 2016-12-14 12:21 - 00000000 ____D C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-10 09:22 - 2016-10-20 18:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-03 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-02 13:14 - 2016-12-14 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2017-02-02 13:13 - 2016-12-20 09:14 - 00000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2017-02-02 13:13 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-02-02 13:13 - 2016-08-01 17:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-01 21:25 - 2016-12-19 00:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 21:25 - 2016-12-19 00:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-25 09:17 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 19:02 - 2016-12-14 10:14 - 00002397 _____ C:\Users\MarkStrong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:00 - 2016-10-20 18:52 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-23 19:00 - 2016-10-20 18:52 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-21 05:55 - 2017-01-17 05:54 - 00048696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-01-20 11:38 - 2017-01-17 05:53 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-01-20 11:38 - 2016-10-20 18:52 - 00043556 _____ C:\Windows\system32\nvinfo.pb
2017-01-20 11:25 - 2016-12-14 22:03 - 00000000 ____D C:\Users\Administrator
2017-01-20 10:17 - 2016-12-14 10:12 - 00000000 ____D C:\Users\MarkStrong\AppData\Local\Packages
2017-01-20 10:13 - 2016-10-20 18:52 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-01-20 10:13 - 2016-10-20 18:52 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-20 09:04 - 2016-12-23 04:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-10-20 18:53 - 2016-10-20 18:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-23 04:07 - 2017-02-18 16:53 - 0008769 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 04:07 - 2017-02-17 09:37 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Administrator\AppData\Local\Temp\DeleteOnReboot.bat


Einige Dateien in TEMP:
====================
2017-02-10 09:22 - 2016-12-29 07:29 - 0860960 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-10 14:34 - 2016-12-29 07:28 - 0351680 _____ (NVIDIA Corporation) C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
2017-02-17 14:44 - 2017-02-17 16:39 - 44048864 _____ (Skype Technologies S.A.) C:\Users\MarkStrong\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-17 17:28

==================== Ende von FRST.txt ============================
         
--- --- ---

[/CODE]

Hallo,
hier ist das Addition File ..... VIELEN DANK

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
durchgeführt von Administrator (18-02-2017 17:19:30)
Gestartet von C:\Users\MarkStrong\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-14 15:08:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4218886898-41493801-728894-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4218886898-41493801-728894-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4218886898-41493801-728894-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gast (S-1-5-21-4218886898-41493801-728894-501 - Limited - Disabled)
MarkStrong (S-1-5-21-4218886898-41493801-728894-1001 - Limited - Enabled) => C:\Users\MarkStrong

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
ApoDispatchConfigurator (Version: 2.3.701 - Nahimic) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.38.1 - Asmedia Technology)
AudioLaunchpadConfigurator (Version: 2.3.701 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.)
Battery Calibration (x32 Version: 1.0.1608.0901 - Micro-Star International Co., Ltd.) Hidden
Beyond Gravity (HKLM\...\Steam App 317510) (Version:  - Qwiboo Ltd)
Bridge Constructor Medieval (HKLM\...\Steam App 319850) (Version:  - ClockStone)
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1608.1201 - Application)
BurnRecovery (x32 Version: 5.0.1608.1201 - Application) Hidden
CheckDevicesConfigurator (Version: 2.3.701 - Nahimic) Hidden
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
DEFCON (HKLM\...\Steam App 1520) (Version:  - Introversion Software)
Defend Your Life (HKLM\...\Steam App 357780) (Version:  - Alda Games)
Defenders of Ardania (HKLM\...\Steam App 73060) (Version:  - Most Wanted Entertainment)
Demon Hunter: Chronicles from Beyond (HKLM\...\Steam App 330990) (Version:  - Brave Giant LTD)
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.)
Dragon Center (x32 Version: 1.2.1610.2701 - Micro-Star International Co., Ltd.) Hidden
Dwarfs!? (HKLM\...\Steam App 35480) (Version:  - Power of 2)
Evil Defenders (HKLM\...\Steam App 412520) (Version:  - CP Decision)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version:  - Day 1 Studios)
F1 Race Stars (HKLM\...\Steam App 203680) (Version:  - Codemasters Birmingham)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Final Exam (HKLM\...\Steam App 233190) (Version:  - Mighty Rocket Studio)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FORCED (HKLM\...\Steam App 249990) (Version:  - BetaDwarf)
Foul Play (HKLM\...\Steam App 244810) (Version:  - Mediatonic)
Go Home Dinosaurs! (HKLM\...\Steam App 216090) (Version:  - Fire Hose Games)
God Mode (HKLM\...\Steam App 227480) (Version:  - Old School Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grim Legends 2: Song of the Dark Swan (HKLM\...\Steam App 279800) (Version:  - Artifex Mundi)
Guns'N'Zombies (HKLM\...\Steam App 264300) (Version:  - Krealit)
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.)
Help Desk (x32 Version: 1.0.1609.0501 - Micro-Star International Co., Ltd.) Hidden
Hero Academy (HKLM\...\Steam App 209270) (Version:  - Robot Entertainment)
Hydrophobia: Prophecy (HKLM\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
iBomber Defense Pacific (HKLM\...\Steam App 206690) (Version:  - Cobra Mobile)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
Intel XTU Library (HKLM-x32\...\{B48E71F0-769D-445D-9020-9E06FF1D51C8}) (Version: 10.015.08120 - Micro-Star INT'L CO., LTD.)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
Killer Performance Suite (HKLM\...\{0B988985-38C9-4DD4-9835-5AC17EEC26F7}) (Version: 1.0.762 - Rivet Networks)
LauncherSetup (Version: 2.3.701 - Nahimic) Hidden
Leviathan: Warships (HKLM\...\Steam App 202270) (Version:  - Pieces Interactive)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 16 (HKLM-x32\...\MX.{B33D219F-2504-45A7-863B-999ED3E38B01}) (Version: 12.0.0.26 - MAGIX Software GmbH)
MAGIX Photo Manager 16 (Version: 12.0.0.26 - MAGIX Software GmbH) Hidden
Magnetis (HKLM\...\Steam App 37500) (Version:  - Yullaby)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Men of War: Assault Squad (HKLM\...\Steam App 64000) (Version:  - Digitalmindsoft)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4218886898-41493801-728894-500\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Millie (HKLM\...\Steam App 294230) (Version:  - Forever Entertainment S. A.)
Mini Motor Racing EVO (HKLM\...\Steam App 209520) (Version:  - The Binary Mill)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1608.1001 - Micro-Star International Co., Ltd.) Hidden
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 1.6.3.005 - Portrait Displays, Inc.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 (HKLM-x32\...\{51d850bf-aca6-4eac-b215-2792260adafd}) (Version: 2.3.7 - Nahimic)
Nahimic2UISetup (Version: 2.3.701 - Nahimic) Hidden
Norton Online Backup (HKLM-x32\...\{652C1CDF-C61D-4525-9348-8C272CC2DB24}) (Version: 2.10.2.7 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.6.0.12 - Symantec Corporation) Hidden
Not The Robots (HKLM\...\Steam App 257120) (Version:  - 2DArray)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Poly Bridge (HKLM\...\Steam App 367450) (Version:  - Dry Cactus)
Pool Nation (HKLM\...\Steam App 254440) (Version:  - Cherry Pop Games)
Port Royale 3 (HKLM\...\Steam App 205610) (Version:  - Gaming Minds)
ProductDaemonSetup (Version: 2.3.701 - Nahimic) Hidden
ProductNSConfigurator (Version: 2.3.701 - Nahimic) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.279 - Qualcomm Atheros)
R.U.S.E (HKLM\...\Steam App 21970) (Version:  - Eugen Systems)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Rise: Battle Lines (HKLM\...\Steam App 386350) (Version:  - The Secret Games Company)
Sanctum 2 (HKLM\...\Steam App 210770) (Version:  - Coffee Stain Studios)
SCM (HKLM\...\{4D36BF08-839B-47C5-BEDF-79D54ED8D14B}) (Version: 13.016.08191 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
Sizing Options (x32 Version: 3.0.1607.2201 - Application) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SonicMapperConfigurator (Version: 2.3.701 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.1 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.57 - Synaptics Incorporated)
Time Mysteries: Inheritance - Remastered (HKLM\...\Steam App 350010) (Version:  - Artifex Mundi)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version:  - Nadeo)
Tribloos 2 (HKLM\...\Steam App 271550) (Version:  - BumpkinBrothers)
UIInstallUpgrade (Version: 2.3.701 - Nahimic) Hidden
Unstoppable Gorg (HKLM\...\Steam App 18120) (Version:  - Futuremark)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
War in a Box: Paper Tanks (HKLM\...\Steam App 308460) (Version:  - DQ Team)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02564E8D-AB43-4419-AC00-79101D2756E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {064B5CAB-52A2-430F-A5B4-FF0E09673D4C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {1B8AC99F-030B-42C2-888C-B3F837BA66FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {257D9A76-B695-4959-AA17-319E71BB6F15} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation)
Task: {28C0F686-7B46-4FAF-B9A2-6DCBF9A5CA3C} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-09-05] (Micro-Star International Co., Ltd.)
Task: {31E593A3-4183-4FC8-8087-D1EE9A51F5E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {35EFF172-9233-45BA-A2E7-E350289A2BF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-19] (Google Inc.)
Task: {3C5D7129-9885-4F33-BF1C-C04D91F6BBC8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {7E3D5826-1D24-49E4-9741-EF3C05B040E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {89529DF8-9E20-4066-A0D4-2B9EB847F3FF} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)
Task: {8A08E4AC-099F-42DC-BE7C-B06AB22253D4} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2016-10-27] (Micro-Star International Co., Ltd.)
Task: {8A97CC49-5245-4C9F-B8DB-46B621F734B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {8CB5DDE8-AB4B-42CB-B90E-2FBC77043E55} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 
Task: {B6FCEBAE-82E1-4AEA-A479-399511227EC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B7B85536-A000-4D01-A206-B8A3780D7D35} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation)
Task: {BBB71FBF-7E02-40FE-8B65-22AA4C39C066} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BEA217F2-54BA-427B-83A4-59512D5FB5E6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation)
Task: {D1E97528-3DD9-413E-8EAB-7CF9309086DE} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2016-10-07] ()
Task: {D9AA3C2E-8022-4CE2-B49C-39DB1039825E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation)
Task: {DFDC6E38-8F85-4CAD-A646-1567A0F2FE91} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation)
Task: {F2C83940-15BC-41F3-9722-EEC6E17D6591} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2016-10-07] ()
Task: {F90F41F6-90C5-4AFF-A161-596051EEB978} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2016-10-07] ()
Task: {FE346F69-9C45-4426-A556-DB2838A4C62B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-12-23 04:07 - 2016-12-12 18:39 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-13 20:03 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-29 13:55 - 2016-09-29 13:55 - 00560128 _____ () C:\Program Files\Killer Networking\Killer Control Center\SpeedTestDLL.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-10-20 18:52 - 2017-01-20 10:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00200888 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2016-10-07 18:27 - 2016-10-07 18:27 - 00272568 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-14 13:17 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-02 10:55 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-12-14 13:19 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 04:24 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 04:24 - 2016-12-21 02:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 04:23 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 04:23 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 04:23 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-07 18:24 - 2016-10-07 18:24 - 00693432 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
2016-10-07 18:25 - 2016-10-07 18:25 - 02024632 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2016-10-07 18:28 - 2016-10-07 18:28 - 00495288 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2016-10-27 12:58 - 2016-10-27 12:58 - 00018712 _____ () C:\Program Files (x86)\MSI\Dragon Center\GInf.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 14:54 - 2017-02-18 14:56 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 20:22 - 2017-02-06 20:23 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00132608 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-14 10:46 - 2016-12-14 10:47 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-14 10:46 - 2016-12-14 10:47 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 09:34 - 2016-07-16 09:34 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-01-31 21:21 - 2017-01-31 21:23 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00181248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2017-02-18 14:54 - 2017-02-18 14:56 - 00040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2016-08-30 02:19 - 2016-08-30 02:19 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-23 04:07 - 2016-12-12 18:39 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-07 18:23 - 2016-10-07 18:23 - 00175800 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2016-10-07 18:21 - 2016-10-07 18:21 - 00250552 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll
2016-12-14 12:10 - 2016-12-23 13:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-14 12:10 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-14 12:10 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-14 12:10 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-14 12:11 - 2017-01-04 22:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-14 12:10 - 2017-01-18 20:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-23 04:07 - 2016-12-12 18:38 - 64246840 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-23 04:07 - 2016-12-12 09:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-23 04:07 - 2016-12-12 09:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 04:07 - 2016-12-12 09:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-12-14 12:10 - 2015-09-24 18:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 06:47 - 2016-07-16 06:45 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4218886898-41493801-728894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-4218886898-41493801-728894-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{58A45F44-D5FA-487F-AD77-8EA4E487FD4E}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{89F8FB89-D598-4E08-80D6-8469CF8BCCD4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F723A05F-477E-41ED-AD42-B0F5A57E7748}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EF9FB57-32D8-4AA6-9025-B53BF06F2876}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{62EAAD63-655F-45CE-93E0-1740285AA331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AA4F4879-FC87-41FB-97AD-C257327594CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{02E8F509-35F2-4D24-A941-B4D58A841B2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\R.U.S.E\Ruse.exe
FirewallRules: [{E32A40F4-3B0A-4C25-99DA-452827ACF658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D3AFBDE0-A702-4A4C-B126-D31DA5137213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{BC1867CA-8AC0-4981-969C-41ECCDE98505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{D0C7D77C-EE0C-4042-9E4A-29A3C7308CAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pool Nation\Pool.exe
FirewallRules: [{3B6E62BD-6040-419E-82BB-C4384057258B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{DC55DD35-FC5B-4BF2-A950-505A1E8B7ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DYL\dyl.exe
FirewallRules: [{33E40C5E-3E3B-4D1B-AE50-7D58C259FE0A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7FF10783-2B91-44AE-A335-804A2030D4F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{321C6B0F-14D7-474F-941D-BEC9D3029F7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F574291E-919E-4223-B0FC-6D2F332C26EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9042FFBF-3DEC-4BB7-A6B9-0743DABB434E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{35859D71-FE2A-45FF-A627-917D8FB37C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E479FDB1-F61B-4350-A3D7-821B937A6D17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{FB6557CF-C8F3-42EA-ADD4-928E6BE29B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{F8769C68-A2D8-488D-BF65-4B7630F8D238}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{0485327C-A46F-45E3-A71C-D3A7143D8804}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{FAF6EEEC-4F01-49A8-AAC1-A7DD0D87F076}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{E3AB1FCC-F2F4-454D-A55F-91EFC2A2EA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\War in a Box - Paper Tanks\War in a Box - Paper Tanks.exe
FirewallRules: [{39B57716-1C4B-4ED8-B200-8F1345124CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{5397A5F7-862C-4E14-9C6C-809620D47DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unstoppable Gorg\unstoppable_gorg.exe
FirewallRules: [{32F88ECD-D735-43F3-986E-8BB3B1ED04EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{0FEE2CD4-9E9F-42B3-97C0-70742BBD675D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tribloos 2\TheTribloos2.exe
FirewallRules: [{19DDBA06-A30A-4025-8E96-444F15FD83C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{766BA255-C003-4E04-815C-B61727EBB917}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BE6EAB90-FC6B-48A1-AC77-7A3DDFDA24F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{F4A8FA06-3540-47AB-ACD5-57F2B896079A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Time Mysteries Inheritance Remastered\TimeMysteries_Inheritance.exe
FirewallRules: [{265B1327-59CB-4805-B6F1-AB70002D0F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{62783129-1185-45E8-B211-32AF9CD331CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise\Rise.exe
FirewallRules: [{58CFAA9B-73E2-4533-B46D-2A55128329DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{55249A23-EB92-4FA3-8078-CFA74499739E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge\polybridge.exe
FirewallRules: [{C3979464-80AE-4644-9838-0AF3CCC78D31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{2AF9B9B9-EA8F-4678-B4AF-019A0CA74691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mini Motor Racing\Mini Motor Evo.exe
FirewallRules: [{1F8CDCA3-8A82-4F93-86FF-39C651A778FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{12D4118A-6FB9-4FC8-A4BB-0E00D51A0664}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe
FirewallRules: [{ECAD9605-7B7D-4218-BC47-1D2D77AD4197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{2E6A0096-95EB-4FF0-AA78-EB92975D0B94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bridge Constructor Medieval\Bridge_Constructor_Medieval.exe
FirewallRules: [{564CF656-D5EA-48B4-BB51-6388EED16405}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{909CB892-BA48-4149-A311-5465AB5DAEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beyond Gravity\BeyondGravity.exe
FirewallRules: [{380E392A-702D-4E2F-8C48-B5530C7721B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{4E91C6CF-9A99-4107-B725-39DF19646A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{960A768A-0031-4F48-A622-D34D08A1172D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{67CBF75F-AF81-4BC5-9E26-E8D37851C4EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Port Royale 3\PortRoyale3.exe
FirewallRules: [{93A75816-103A-4968-ABDD-352927A87174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{FFAD9C2B-5BBA-48EC-BB0C-13B7D3DB4470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millie\Millie.exe
FirewallRules: [{A3FE6BD7-1F07-494C-A44B-27C318AD96A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{E5F32BE5-B629-477F-8F03-A373CB7E65D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Not The Robots\Not the Robots.exe
FirewallRules: [{70A38E8E-11E3-4864-8AFD-B4490348E0DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{2008150F-53FB-4941-B8EB-89EAF7A11EBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{94E5C3EA-1282-45B8-A8A1-275164C35370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3EB97BC5-0180-4717-87A0-0C868E946377}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan Warships\Leviathan.exe
FirewallRules: [{3B42174B-3B07-47FF-B71D-FDBBC9F07690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{A5FD5BFD-9BB3-4AD7-86AF-5F2991BB563C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defenders of Ardania\DOA.exe
FirewallRules: [{4F8AA047-AE30-478D-8CA0-532769A43861}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{A144D421-CD6D-47E1-91FD-07748FC8EB7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe
FirewallRules: [{EA89CB5D-BF6B-4175-92EC-5CF8BB5A30AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{9E4631AF-86B3-41BF-AA91-ED4B709E45B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Evil Defenders\Evil Defenders.exe
FirewallRules: [{6ABD3963-FCE1-4570-8448-08526E8326CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{08A9F07E-B989-4A49-A8D0-F05DE03EE1D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demon Hunter Chronicles from Beyond\DemonHunter.exe
FirewallRules: [{622F3114-BA9B-46D0-AC13-264949088297}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{468D817F-46BE-4066-9BFB-E47C02692C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{C0D20874-D515-45C7-9735-F204329D29CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{5DA2F9A0-0A8C-4329-8287-8B455076E02E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Legends Song of the Dark Swan\GrimLegends_SongOfTheDarkSwan.exe
FirewallRules: [{ABE851FC-1EA5-4984-8D09-07D45753E171}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{CEB2B999-5155-44CB-888C-1F2B16902B10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunsNZombies\GNZ.exe
FirewallRules: [{BD69AE83-356E-46D6-95E2-742A844856B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{D25B9354-2B67-43F6-B5CA-C10A54AF1D88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FORCED\FORCED.exe
FirewallRules: [{20EB6D39-A038-4D20-AF2F-D963268BD999}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{6CEFEB45-4719-4981-9ECE-F976999C7486}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foul Play\foul_play.exe
FirewallRules: [{9A9C0EA1-6B87-4F3A-97CF-C683D686DFE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{2AA3EE71-3825-4A05-9863-825D14D27D6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Exam\final_exam.exe
FirewallRules: [{AF821B65-0B71-4382-94EC-4DBDD4861D94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{B2EEDCFA-D33D-47C9-B592-586769BF8BC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Go Home Dinosaurs\Eastgate.exe
FirewallRules: [{11B7E7BD-5DCF-4103-B25B-8EAC52BCF7DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{ECE33A69-8722-459B-BEC5-6611B65D4B1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero Academy\HeroAcademy.exe
FirewallRules: [{8C5D3807-F3D5-483C-BB62-E6A267E5AFEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{FB0512F7-1457-4F1D-9EFC-D6B6660E0E86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ibomber defense pacific\iBomberDefensePacific.exe
FirewallRules: [{6C398AAF-FE8B-4462-88B4-9E2DF1C00AE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{57D32252-4FDE-4554-8B8B-9776A775A016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\f1 race stars\F1RaceStars.exe
FirewallRules: [{165372EC-7B50-4658-9E78-342B476F2C19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{6F2C7093-AC74-4E0B-9273-1CC179BC0F63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hydrophobia\HydroPC.exe
FirewallRules: [{2FC48271-68C1-428A-9F7E-9200CEE11EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{4126F9AE-698D-4907-B2E2-381E2EAF21DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magnetis\Magnetis.exe
FirewallRules: [{DC8FF109-33E3-4A91-804E-97B5DDF019B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{BBE00BDA-5AC6-4643-9373-10B5AA8925D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dwarfs\Dwarfs.exe
FirewallRules: [{A61410B8-D910-4ED9-8BA2-7E406331D2E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{1CB85A98-9A1A-4265-974E-BB984079EC8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Men of War Assault Squad\mow_assault_squad.exe
FirewallRules: [{508959C3-0A1F-4E29-8172-27C8F9B36D1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{5778B0E3-37DC-4572-8C74-47D65D124816}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{F66022D3-5320-45DC-9111-A3E373B824FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/18/2017 10:30:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x2118
Startzeit der fehlerhaften Anwendung: 0x01d289fa819ec9fd
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 8a6c2577-62d8-41ab-ab94-808e21e8af13
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/18/2017 10:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x29f8
Startzeit der fehlerhaften Anwendung: 0x01d2899c42dad826
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 42a9a945-39fa-4543-9997-11ff55464ed5
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 11:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0x01d2892b77fe7daf
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 0128791a-1bf7-4e15-aa93-4ad7b9245d96
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 09:38:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MSI_ActiveX_Service.exe, Version: 1.0.0.8, Zeitstempel: 0x57ad265a
Name des fehlerhaften Moduls: ActiveX_Resource_Monitor.dll, Version: 1.0.0.8, Zeitstempel: 0x57ad265d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002b10
ID des fehlerhaften Prozesses: 0x8b0
Startzeit der fehlerhaften Anwendung: 0x01d2892b77fb6d69
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\MSI\Dragon Center\ActiveX_Resource_Monitor.dll
Berichtskennung: 1106cdcb-0bd5-40bd-b189-8e206ef00621
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 09:38:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MSI_ActiveX_Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 71162B10

Error: (02/17/2017 09:37:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Dragon Center.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Win32Exception
   bei System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)
   bei MSI_Command_Center.App..ctor()
   bei MSI_Command_Center.App.Main()

Error: (02/17/2017 09:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Name des fehlerhaften Moduls: KillerNetworkService.exe, Version: 1.0.762.0, Zeitstempel: 0x57ed47b9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x00000000000760c6
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0x01d287f730d17a25
Pfad der fehlerhaften Anwendung: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
Berichtskennung: 6014af8a-851a-4464-b25a-dc772aa52313
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 8626502a-dbf7-455d-9271-94008fa30783
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DragonCenter_Updaer.exe, Version: 1.0.1608.1101, Zeitstempel: 0x57ac76fb
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x582588e6
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0x01d287f7492e0cdb
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\MSI\DragonCenter_Updaer.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 08e39c26-98db-4602-9ec7-ea2374486f53
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/15/2017 08:52:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (02/18/2017 04:44:50 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 02:51:45 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 10:50:18 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 10:30:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Killer Network Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/18/2017 10:20:15 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Killer Network Service" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/18/2017 10:20:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Killer Network Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/18/2017 10:05:11 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/18/2017 08:35:23 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


CodeIntegrity:
===================================
  Date: 2017-02-18 16:18:55.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:55.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:55.396
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:55.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:22.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:16.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:16.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:16.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:15.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

  Date: 2017-02-18 16:18:15.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16338.75 MB
Verfügbarer physikalischer RAM: 12586.04 MB
Summe virtueller Speicher: 18770.75 MB
Verfügbarer virtueller Speicher: 14988.83 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:32.9 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:933.57 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6DDB4527)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 19.02.2017, 14:17   #15
M-K-D-B
/// TB-Ausbilder
 
GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Standard

GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen



Servus,


weiter auf dem MSI-Rechner:




wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKU\S-1-5-21-4218886898-41493801-728894-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-18\...\Run: [] => [X]
BHO: Kein Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Keine Datei
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Antwort

Themen zu GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen
angezeigt, anhang, anzeige, anzeigen, daten, direkt, email, experten, externe, externe festplatte, festplatte, file, gespeichert, gesuch, gesucht, hilfe gesucht, interne, internet, mail, nicht mehr, platte, trojaner, webseite, webseiten, zeichen



Ähnliche Themen: GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen


  1. iphone 6 iOS 10.1.1 ".doc" Datei aus Spam Mail geöffnet "Western Union Award 2017"
    Smartphone, Tablet & Handy Security - 03.01.2017 (0)
  2. [android-handy] ZIP-file aus "Amazon"-Spam-Mail angeklickt
    Smartphone, Tablet & Handy Security - 04.08.2016 (2)
  3. pEp: Erste Anwendungen von "Pretty Easy Privacy" für Windows und Android
    Nachrichten - 04.07.2016 (0)
  4. Unzählige "Undelivered Mail Retuned to Sender" ohne zuvor eine Mail gesendet zu haben.
    Alles rund um Mac OSX & Linux - 01.01.2016 (2)
  5. Windows 7: zip-File aus Mail von DirectPay mit Betreff "Offener Rechnung ..." geöffnet. Trojaner?
    Log-Analyse und Auswertung - 07.09.2015 (13)
  6. Trojaner durch gefakte Amazon Mail "eingefangen"
    Log-Analyse und Auswertung - 13.06.2015 (17)
  7. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  8. Visual Studio "14": Erste Vorschau auf die kommende Version
    Nachrichten - 04.06.2014 (0)
  9. Trojaner-Warnung: Vodafone E-Mail mit "Ihre neue Rechnung als PDF"
    Diskussionsforum - 03.06.2014 (0)
  10. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  11. Trojaner nach E-Mail von T-Mobile (Betreff: "MMS-Nachricht")
    Log-Analyse und Auswertung - 04.02.2013 (12)
  12. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. GEMA Trojaner aus Link in E-Mail erworben;Bildschirm zeigt "PC ist gesperrt" an "lt.Gema"
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  14. Bundespolizei Trojaner - "Erste Rep erfolgt", Recovery möglich ?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (1)
  15. heise Security bietet jetzt "Erste Hilfe"
    Nachrichten - 13.10.2010 (0)
  16. Nach erste Seite ist Inet im "Arsch"
    Alles rund um Windows - 22.01.2005 (3)

Zum Thema GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen - Hallo liebe Experten, Ich habe vorgestern die Email vom Beitragsservice bezueglich Umstellung auf SEPA geoffnet. File REF_ID-2378AD2810AJF.zip im Anhang oeffnete direkt ein Word Dokument. Leider aktivierte Ich die Option "Makro - GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen...
Archiv
Du betrachtest: GEZ Mail geoffnet ... File "REF_ID-2378AD2810AJF.zip" ... Nun erste Trojaner Anzeichen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.