Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.03.2017, 19:26   #1
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Hi, unter Win7 ist mir folgendes passiert...

- keine AV
- Firewall Windows mit Glasswire
- Malewarebytes ist aktuell und drüber gelaufen Log vorhanden
- CCleaner auch durchlaufen gelassen
- Registry per Hand nach AppTrailer und NSBlock gesucht und entfernt

Audiodatenaustausch über Filedropper sowie Fileupload.
Bei einem der beiden gab es beim Download unten die Cockiemeldung wie auf allen Seiten, drückt man da vorher dem Download rauf kommt man auf eine andere Seite, welche die Audiodatei in eine EXE packt - dies ist nur eine Vermutung - so dass eine EXE geladen wird mit dem Namen der Audiofile. Öffnet man diese erfolgt eine Install-Routine, jedoch kann man eine WAV nicht installieren, und somit wurde das von mir unterbrochen.

2 Tage später fiel mir ein Icon in der Taskbar und eine Process-Explorer Eintrag auf.
Icon: "NSBlock"
Eintrag: 5 mal "Online-Guardian V2.0.9"
In der Firewall ebenso Online Guardian und auch "downloadprotect" und "apptrailers.exe"

Malewarebytes fand insgesamt 2000 Fehler. Nach demm ich zusätzlich beim SCAN im Process-Explorer die Process-Tree´s von "Online-Guardian" und "app-trailer.exe" gekillt habe.

Später kommt hinzu aus der Firewall:
- "adb0.exe"
- "ic-0.1c7b1aa03a5b14.exe"
- "ic-0.720b2d344740ec.exe"
- "online application updater.exe"
- "traffic exchange updater.exe"

--> welche je zu den genannten Begriffen passen.

Maleware-Bytes startet 1x neu, bastelt an der Connectivity herum und startet ein zweites mal neu. Jetzt kann ich zwar ins Internet aber Blizzard´s-Starcraft will nicht connecten. Bin per WLAN im Netz.

Ich hatte vor meine Passwörter zu erneuern sowie diese in KeePass zu sichern.
Allerdings ist das jetzt etwas blöd.

Daher jetzt der Schritt ins Board.

Hat die Maleware Schaden an der Internet-Connection verursacht?
Habe ich noch was auf dem Rechner?
Was braucht ihr an Logs?

Danke Grüße
-AH, ihr müsst das wohl verschieben :/

Edit: Heute nach einem Reboot:
Langes Login mit "Willkommen" und Ladekreis ca. 30 Sekunden.
Danach Blackscreen mit Mouse in der Mitte ca. 15 Sekunden, dann Desktop mit falschen Kontrast/ Gammawerten, WLAN Stick nicht aktiviert., also kein Internet und keine Accesspoints aus der Umgebung.
Windwos Systemwiederherstellung auf den 23.03.2017. Alles wieder gut. Die Fragen vor dem EDIT gelten trotzdem.

Danke Grüße

Geändert von construct (28.03.2017 um 20:12 Uhr) Grund: Edit, Systemwiederherstellung.

Alt 28.03.2017, 22:25   #2
M-K-D-B
/// TB-Ausbilder
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?









Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.



Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
  1. Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  2. Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  3. Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  4. Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
    Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
    Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.

  5. Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  6. Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
  7. Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
  8. Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
    Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.

  9. Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
  10. In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
    Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.





Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!







Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)







Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 29.03.2017, 09:03   #3
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (29-03-2017 07:31:50)
Gestartet von ?:\Folder\Downloads
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Realtek) C:\Windows\SwUSB.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\process-explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(wyDay) C:\Program Files\CyberGhost 6\wyUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

FireFox:
========
FF DefaultProfile: e54leqok.default
FF DefaultProfile: xc458lqu.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24reqok.default [2017-03-29]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default [2017-03-29]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\foxyproxy@eric.h.jung [2017-03-28]
FF Extension: (Kein Name) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\extensions\https-everywhere@eff.org.xpi [nicht gefunden]
FF Extension: (Kein Name) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [nicht gefunden]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2016-03-04] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation                           )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-27 18:40 - 2017-03-28 20:04 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-25 18:10 - 2017-03-28 08:29 - 00000000 ____D C:\ProgramData\Microleaves <==
2017-03-25 18:07 - 2017-03-25 18:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Microleaves  <==
2017-03-25 18:06 - 2017-03-28 20:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files\{572656F2-7906-4D07-BDBD-0CC44146CD48} <== ?
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files (x86)\{A1306F56-8B03-428B-84AD-2F932D81774C} <== ?
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:54 - 2017-03-28 21:05 - 00000022 _____ C:\Windows\S.dirmngr
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-20 20:59 - 2017-03-20 20:59 - 00106786 ____N C:\Users\user\Documents\Mitgliedsantrag-V2.0-v.-08.03.2017.pdf
2017-03-19 06:01 - 2017-03-19 06:01 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-15 01:35 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 01:35 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 01:35 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 01:35 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 01:35 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 01:35 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 01:35 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 01:35 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 01:35 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 01:35 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 01:35 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 01:35 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 01:35 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 01:35 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 01:35 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 01:35 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 01:35 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 01:35 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 01:35 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 01:35 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 01:35 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 01:35 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 01:35 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 01:35 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 01:35 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 01:35 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 01:35 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 01:35 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 01:35 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 01:35 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 01:35 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 01:35 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 01:35 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 01:35 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 01:35 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 01:35 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 01:35 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 01:35 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 01:35 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 01:35 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 01:35 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 01:35 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 01:35 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 01:35 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 01:35 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 01:35 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 01:35 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 01:35 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 01:35 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 01:35 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 01:35 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 01:35 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 01:35 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 01:35 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 01:35 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 01:35 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 01:35 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 01:35 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 01:35 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 01:35 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 01:35 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 01:35 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 01:35 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 01:35 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 01:35 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 01:35 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 01:35 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 01:35 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 01:35 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 01:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 01:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 07:11 - 2017-03-12 07:11 - 00325806 ____N C:\Users\user\Desktop\rendersound.wav
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-29 07:31 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-03-29 04:45 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-29 04:45 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-28 21:12 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-03-28 21:12 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-03-28 21:12 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-28 21:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-28 21:05 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-03-28 21:05 - 2015-10-23 20:28 - 00000000 ____D C:\Users\user
2017-03-28 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 20:23 - 2016-10-30 16:51 - 00925386 _____ C:\Windows\ntbtlog.txt
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-28 20:05 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\PersBackup5
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 19:07 - 2016-11-21 12:54 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-03-28 08:13 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-19 06:01 - 2017-03-19 06:01 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc

Einige Dateien in TEMP:
====================
2017-01-03 18:26 - 2017-03-28 21:05 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
2017-03-20 08:41 - 2017-03-20 08:41 - 0637440 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-24 16:52

==================== Ende von FRST.txt ============================
         
FRST Addition:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (29-03-2017 07:32:02)
Gestartet von ?:\Folder\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.4.4 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.4 - Plogue Art et Technologie, Inc)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
ConfrontaPDF (HKLM-x32\...\ConfrontaPDF) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID ROG CPU-Z 1.75 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.75 - CPUID, Inc.)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version:  - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version:  - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-User001100-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => \Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => \AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => \Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a V:\Folder\Downloads\jxpiinstall.exe -d X:\Folder\Downloads
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a R:\Folder\Production\grizzly-v1.1b-se1.160.exe -d T:\My-Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a Ü:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d T:\My-Folder\Downloads
Task: {606DF2D9-0BC4-41F6-AA98-54D020707610} - System32\Tasks\Opera scheduled Autoupdate 1454056698 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-10-24 00:23 - 2017-03-28 21:05 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CyberGhost => "CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: f.lux => "flux.exe" /noshow
MSCONFIG\startupreg: FreeAC => FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN -"RadeonSettings.exe" atlogon
MSCONFIG\startupreg: Steam  -silent

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{C3A6188C-8842-4337-8196-6554C4770664}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE7D3F1-ED42-47BF-96C3-4A1F15CE7A12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2DA271D6-F2A9-4367-BCDC-2CB0F40E254B}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [UDP Query User{D23A57CF-BEF7-4C7F-ABBB-FD70367F66BC}C:\program files (x86)\bitwig studio\bitwig studio.exe] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [{493D06BA-205E-4192-AAA4-4CDC43C3BAD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{39577B13-C2BF-42F6-8DD1-626ABA61A103}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A19DBD2B-2346-45F9-AC47-B6290D634603}] => (Block) c:\program files (x86)\teamviewer\teamviewer_service.exe
FirewallRules: [{EC50B221-6994-49F6-87EA-B58302480FAF}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{92BA41E0-BDF1-4F98-9890-AA84AC8139E8}] => (Block) c:\windows\explorer.exe
FirewallRules: [TCP Query User{596502F1-B727-4D89-8B89-C18804B4CC8C}C:\program files\oracle\virtualbox\virtualbox.exe] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{045D30C3-D3D2-4989-B17B-A77E1D1E92F6}] => (Block) c:\windows\explorer.exe
FirewallRules: [{C46567DF-BAF2-42CB-9BC4-4EF77F9EC6A0}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{68E770B0-2D19-4ACF-B321-CAC68B5781A9}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4C90B2D8-113C-449B-B827-DC969F3150A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E39CF006-6FAE-4E84-9FC8-7981EF9FF660}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{657BC9BB-6239-4FC9-AB10-A306A0E5A6FD}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{B20877F0-7C4B-458F-BF59-A595E168446E}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{DABF5E7A-C07C-4E73-88CD-7CAE58449412}] => (Allow) C:\program files (x86)\bitwig studio\bitwig studio.exe
FirewallRules: [{88433252-BE13-4CD9-A2A1-2AD1B6059648}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{1CCEBFB9-AC2E-4310-9A49-5C2F2B5E7DBA}] => (Allow) D:\Portal\SteamApps\common\Endless Sky\EndlessSky.exe
FirewallRules: [{E0697F28-0AE5-4434-A117-6D44DC7490AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7DB09F01-E0F3-4D3F-B686-C57EB2F894AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0911A94-E92A-4167-93D0-4696CAA2E23E}] => (Allow) D:\Portal\Steam.exe
FirewallRules: [{CC9679C3-9CB5-4D4B-8D34-D4D8CE628CE6}] => (Allow) D:\Portal\bin\steamwebhelper.exe
FirewallRules: [{017548E2-9991-43C7-9990-D60AEC41A61E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0DFC248-C299-43B7-BB3C-D908320963D7}] => (Block) c:\windows\system32\msiexec.exe
FirewallRules: [{9EED2BA0-29BE-45C7-A115-13A90DB3FA19}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{14A92DD3-04A0-4496-BA4D-B8306FB47243}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{A3AE046F-4844-4DEA-B9B2-51B437A4A518}] => (Block) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{486B1671-98F0-4AD5-AF00-5FAF79EB535C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEF6512F-B1D4-4FB7-A979-BA1A60F4ABBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{FA87F2CE-9CFD-42BD-9192-E3F338006BCA}C:\program files (x86)\jack\jackd.exe] => (Block) C:\program files (x86)\jack\jackd.exe
FirewallRules: [TCP Query User{ED7F5783-3085-4C19-899F-6C9AE4418E83}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{5A4E8E57-8DEE-4A9C-BD14-B8731AD1A4BD}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{014FDA46-CF4B-4D8B-B49D-8C2BAADE0BDD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{1CFAC638-F0F2-4789-AFB2-6404BF3E88DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E8A96067-F7D3-4658-99A9-0AD56A7B7A5D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{3587A4AB-3920-4A36-A6F6-463FAF3E91EA}D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{A4134721-0B5B-4D0D-AF7D-F3AB80EB6BF3}D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{F39A3CBE-679E-483A-A82C-C86D5E3DEEAB}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [UDP Query User{ADBC0FD8-795F-42D9-8229-C4B48A494A89}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [{8DE85F2C-7FCE-4626-BD2A-98682153A2DD}] => (Block) D:\battle.net\starcraft\starcraft ii\versions\base46154\sc2_x64.exe
FirewallRules: [{6DDEA35B-6D8D-4332-801B-B7B685C1F99F}] => (Block) c:\windows\system32\gwx\gwxux.exe
FirewallRules: [{C2FE1182-8FD1-4167-9D52-BBDB32C28056}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{CD1EC1E3-B016-4B55-A2C9-B3779BC427F1}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{840AF8CE-2DDE-47F8-8B04-4885E0D611F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6AFF3A2A-E89E-4E56-AA70-FA0D2C9A7C2D}] => (Allow) C:\Program Files\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{BFCF23D5-F0EC-4750-99AE-7179067C7218}] => (Allow) C:\Program Files\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{8F24DA1F-1CBF-4793-90FD-EF9950CDDFB9}] => (Allow) C:\Program Files\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{57ADCFCA-1460-45CD-8834-325C1DA31F04}] => (Allow) C:\Program Files\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{3AED76FB-9BC3-4A88-8D39-47CC5052AF4F}] => (Allow) C:\Program Files\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{6AAF9014-E299-4B18-90B9-80EF2D6A9BE4}] => (Allow) C:\Program Files\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{74A142BB-B2EE-42E4-8A8F-FE6718D6AD81}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{3BCAF9D9-DC8B-4F12-9EC8-0616D8113074}C:\program files\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\davinci resolve\dpdecoder.exe
FirewallRules: [UDP Query User{9D9A4E60-9A57-41EC-AA33-FA768960F3C6}C:\program files\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\davinci resolve\dpdecoder.exe
FirewallRules: [{B23381AC-00E9-4188-9239-5FB60ADAB2BE}] => (Allow) LPort=21
FirewallRules: [{9C30ED18-2E49-43ED-9FB8-1B3D810764B6}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{25A05D70-09FC-4707-9527-A8FCB9737A00}C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe
FirewallRules: [{16E488C9-B953-43E8-B4B2-B590BAB6CA69}] => (Block) c:\windows\syswow64\macromed\flash\flashplayerplugin_23_0_0_207.exe
FirewallRules: [{0ADCDFD8-F706-42ED-BEA7-92358C8007B2}] => (Block) c:\windows\explorer.exe
FirewallRules: [{550B6BE4-CE38-4B16-944D-630437AF62D6}] => (Block) t:\my-folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{F6692C00-2803-4D2F-87ED-232A82AD37C8}] => (Block) t:\my-folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{4842CFC0-CE91-4B43-9F55-C1AE06256A56}] => (Block) c:\users\user\appdata\local\adobe\c4d73211-ecab-46f7-874b-e2da4fc0aa7d\3b64c024-d7c1-42cd-84ab-f8a1a3c6ec06\57073c20-0a7a-4ca6-933b-4dc45ae951ee
FirewallRules: [{F5265B4B-7E5A-4D8F-B050-09A46DA77F9E}] => (Block) c:\program files\cyberghost 6\cyberghost.exe
FirewallRules: [{F16767DF-9A4F-41BC-A7BC-52AFAC445B0E}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{7D006F94-DD72-4AAD-A6F3-860B57DF5E03}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe

==================== Wiederherstellungspunkte =========================

22-03-2017 09:41:23 Installed TightVNC
22-03-2017 09:52:42 Installed Intel(R) Network Connections.
22-03-2017 19:20:16 Installed PuTTY release 0.68 (64-bit)
23-03-2017 15:17:18 Installed Bitwig Studio
25-03-2017 02:18:25 Windows Update
28-03-2017 09:16:50 Windows-Sicherung
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/28/2017 09:07:53 PM) (Source: CyberGhost 6 Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht beendet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei CyberGhost.VPNServices.OpenVpn.DisconnectFromVpnServer(Boolean sendDisconnectEvent) in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.VPNServices\OpenVPN.cs:Zeile 348.
   bei Service.ServiceController.OnStop() in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.Service\ServiceController.cs:Zeile 170.
   bei System.ServiceProcess.ServiceBase.DeferredStop()

Error: (03/28/2017 09:06:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 09:05:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/28/2017 08:41:19 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.

Error: (03/28/2017 08:31:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/28/2017 08:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 11:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Name des fehlerhaften Moduls: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000002e628
ID des fehlerhaften Prozesses: 0x19d4
Startzeit der fehlerhaften Anwendung: 0x01d2a5aea0b595a0
Pfad der fehlerhaften Anwendung: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Berichtskennung: de9771c1-11a1-11e7-bb9a-40167ea5eebf

Error: (03/25/2017 11:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Name des fehlerhaften Moduls: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000002e628
ID des fehlerhaften Prozesses: 0xe04
Startzeit der fehlerhaften Anwendung: 0x01d2a5adf086e837
Pfad der fehlerhaften Anwendung: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Berichtskennung: 2f5b8c56-11a1-11e7-bb9a-40167ea5eebf

Error: (03/25/2017 02:35:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Battle.net.exe, Version 1.8.0.8554 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a8

Startzeit: 01d2a4e4e07a8955

Endzeit: 22

Anwendungspfad: C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe

Berichts-ID: 81e0478e-1157-11e7-bb9a-60e32713d0cb

Error: (03/24/2017 10:36:59 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.


Systemfehler:
=============
Error: (03/28/2017 09:05:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (03/28/2017 09:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.

Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem Fehler beendet: Beim Datenbankaufruf ist ein nicht behebbarer Fehler aufgetreten.
.

Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Vorgang wurde erfolgreich beendet.

Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.

Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Vorgang wurde erfolgreich beendet.

Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.

Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Vorgang wurde erfolgreich beendet.

Error: (03/28/2017 08:03:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 13315.45 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 28811.54 MB

==================== Laufwerke ================================

Drive 1: (C:) (Fixed) (Total:238.47 GB) (Free:98.05 GB) NTFS
Drive 2: (x) (Fixed) (Total:232.88 GB) (Free:146.13 GB) NTFS
Drive 3: (x) (Fixed) (Total:465.76 GB) (Free:237.62 GB) NTFS
Drive 4: (x) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive 5: (x) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive 6: (x) (Fixed) (Total:931.51 GB) (Free:637.26 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)

Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
"Hi-Rez" gehört zu Blender bzw. 3D Grafikanwendungen.
__________________

Geändert von construct (29.03.2017 um 09:09 Uhr)

Alt 29.03.2017, 09:06   #4
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



TDSSKill:

#1/2

Code:
ATTFilter
08:31:29.0742 0x1054  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
08:31:34.0438 0x1054  ============================================================
08:31:34.0438 0x1054  Current date / time: 2017/03/29 08:31:34.0438
08:31:34.0438 0x1054  SystemInfo:
08:31:34.0438 0x1054  
08:31:34.0438 0x1054  OS Version: 6.1.7601 ServicePack: 1.0
08:31:34.0438 0x1054  Product type: Workstation
08:31:34.0438 0x1054  ComputerName: ???
08:31:34.0438 0x1054  UserName: ???
08:31:34.0438 0x1054  Windows directory: C:\Windows
08:31:34.0438 0x1054  System windows directory: C:\Windows
08:31:34.0438 0x1054  Running under WOW64
08:31:34.0438 0x1054  Processor architecture: Intel x64
08:31:34.0438 0x1054  Number of processors: 5
08:31:34.0438 0x1054  Page size: 0x1000
08:31:34.0438 0x1054  Boot type: Normal boot
08:31:34.0438 0x1054  CodeIntegrityOptions = 0x00000001
08:31:34.0438 0x1054  ============================================================
08:31:34.0641 0x1054  KLMD registered as C:\Windows\system32\drivers\32266118.sys
08:31:34.0641 0x1054  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23677, osProperties = 0x1
08:31:34.0672 0x1054  System UUID: {2B1FF162-E8A8-F17D-EAAE-D6C27730F928}
08:31:38.0416 0x1054  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:38.0416 0x1054  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:42.0558 0x1054  Drive \Device\Harddisk3\DR3 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:47.0613 0x1054  Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:47.0613 0x1054  Drive \Device\Harddisk2\DR2 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:47.0613 0x1054  Drive \Device\Harddisk6\DR6 - Size: 0xE8E0B00000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:31:52.0792 0x1054  ============================================================
08:31:52.0792 0x1054  \Device\Harddisk0\DR0:
08:31:52.0808 0x1054  MBR partitions:
08:31:52.0808 0x1054  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4269
08:31:52.0808 0x1054  \Device\Harddisk1\DR1:
08:31:52.0808 0x1054  MBR partitions:
08:31:52.0808 0x1054  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
08:31:52.0808 0x1054  \Device\Harddisk3\DR3:
08:31:52.0808 0x1054  MBR partitions:
08:31:52.0808 0x1054  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
08:31:52.0808 0x1054  \Device\Harddisk4\DR4:
08:31:52.0855 0x1054  MBR partitions:
08:31:52.0855 0x1054  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
08:31:52.0855 0x1054  \Device\Harddisk2\DR2:
08:31:52.0855 0x1054  MBR partitions:
08:31:52.0855 0x1054  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
08:31:52.0855 0x1054  \Device\Harddisk6\DR6:
08:31:52.0855 0x1054  GPT partitions:
08:31:52.0855 0x1054  \Device\Harddisk6\DR6\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3357F6D4-5E69-412F-A106-7383080A9D1C}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
08:31:52.0855 0x1054  \Device\Harddisk6\DR6\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {915211A4-1AFA-491C-A468-1EDD370BB039}, Name: Ohne Titel, StartLBA 0x64800, BlocksNum 0x746A0800
08:31:52.0855 0x1054  MBR partitions:
08:31:52.0855 0x1054  \Device\Harddisk6\DR6\Partition3: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x746A0800
08:31:52.0855 0x1054  ============================================================
08:31:52.0855 0x1054  z: <-> \Device\Harddisk2\DR2\Partition1
08:31:52.0870 0x1054  t: <-> \Device\Harddisk0\DR0\Partition1
08:31:52.0886 0x1054  r: <-> \Device\Harddisk4\DR4\Partition1
08:31:52.0901 0x1054  e: <-> \Device\Harddisk6\DR6\Partition3
08:31:52.0933 0x1054  w: <-> \Device\Harddisk1\DR1\Partition1
08:31:52.0964 0x1054  q: <-> \Device\Harddisk3\DR3\Partition1
08:31:52.0964 0x1054  ============================================================
08:31:52.0964 0x1054  Initialize success
08:31:52.0964 0x1054  ============================================================
08:32:17.0877 0x1204  ============================================================
08:32:17.0877 0x1204  Scan started
08:32:17.0877 0x1204  Mode: Manual; 
08:32:17.0877 0x1204  ============================================================
08:32:17.0877 0x1204  KSN ping started
08:33:32.0695 0x1204  KSN ping finished: true
08:33:34.0021 0x1204  ================ Scan system memory ========================
08:33:34.0021 0x1204  System memory - ok
08:33:34.0021 0x1204  ================ Scan services =============================
08:33:34.0052 0x1204  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:33:34.0052 0x1204  1394ohci - ok
08:33:34.0052 0x1204  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:33:34.0068 0x1204  ACPI - ok
08:33:34.0068 0x1204  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:33:34.0068 0x1204  AcpiPmi - ok
08:33:34.0068 0x1204  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:33:34.0068 0x1204  Adobe LM Service - ok
08:33:34.0083 0x1204  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:33:34.0083 0x1204  adp94xx - ok
08:33:34.0083 0x1204  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:33:34.0099 0x1204  adpahci - ok
08:33:34.0099 0x1204  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:33:34.0099 0x1204  adpu320 - ok
08:33:34.0099 0x1204  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:33:34.0099 0x1204  AeLookupSvc - ok
08:33:34.0114 0x1204  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
08:33:34.0114 0x1204  AFD - ok
08:33:34.0114 0x1204  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
08:33:34.0114 0x1204  agp440 - ok
08:33:34.0114 0x1204  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
08:33:34.0130 0x1204  ALG - ok
08:33:34.0130 0x1204  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:33:34.0130 0x1204  aliide - ok
08:33:34.0130 0x1204  [ C2C6576BD76BDBD5D29555440C0F147B, EB92CCF0670493B63D073976F5026C0F5954733CBC20812118F13716503C249B ] amdacpksd       C:\Windows\system32\drivers\amdacpksd.sys
08:33:34.0130 0x1204  amdacpksd - ok
08:33:34.0130 0x1204  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:33:34.0130 0x1204  amdide - ok
08:33:34.0146 0x1204  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:33:34.0146 0x1204  AmdK8 - ok
08:33:34.0146 0x1204  amdkmdag - ok
08:33:34.0146 0x1204  [ 6489E58445DC4E53EE1446EC0CB04842, 13449C7B0BBDC1F2D0B5C9A0299BED47475D2D249BD5E24F68F9E06C4DC601BF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:33:34.0161 0x1204  amdkmdap - ok
08:33:34.0161 0x1204  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
08:33:34.0161 0x1204  AmdPPM - ok
08:33:34.0161 0x1204  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:33:34.0161 0x1204  amdsata - ok
08:33:34.0161 0x1204  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
08:33:34.0177 0x1204  amdsbs - ok
08:33:34.0177 0x1204  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:33:34.0177 0x1204  amdxata - ok
08:33:34.0177 0x1204  [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID           C:\Windows\system32\drivers\appid.sys
08:33:34.0177 0x1204  AppID - ok
08:33:34.0177 0x1204  [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:33:34.0177 0x1204  AppIDSvc - ok
08:33:34.0177 0x1204  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
08:33:34.0177 0x1204  Appinfo - ok
08:33:34.0177 0x1204  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
08:33:34.0177 0x1204  arc - ok
08:33:34.0192 0x1204  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:33:34.0192 0x1204  arcsas - ok
08:33:34.0208 0x1204  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
08:33:34.0208 0x1204  asComSvc - ok
08:33:34.0224 0x1204  [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
08:33:34.0239 0x1204  asHmComSvc - ok
08:33:34.0239 0x1204  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
08:33:34.0239 0x1204  AsIO - ok
08:33:34.0255 0x1204  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:33:34.0255 0x1204  aspnet_state - ok
08:33:34.0255 0x1204  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
08:33:34.0255 0x1204  AsUpIO - ok
08:33:34.0255 0x1204  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:33:34.0255 0x1204  AsyncMac - ok
08:33:34.0255 0x1204  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:33:34.0255 0x1204  atapi - ok
08:33:34.0270 0x1204  [ F9DB31BC5CD3700D37DB136BA56E5E9D, 9AB7421975500EE7FE583CCF86914F94E697606A9199DC4F27D5609554C5D3F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:33:34.0270 0x1204  AtiHDAudioService - ok
08:33:34.0270 0x1204  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:33:34.0286 0x1204  AudioEndpointBuilder - ok
08:33:34.0286 0x1204  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:33:34.0302 0x1204  AudioSrv - ok
08:33:34.0302 0x1204  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:33:34.0302 0x1204  AxInstSV - ok
08:33:34.0317 0x1204  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
08:33:34.0317 0x1204  b06bdrv - ok
08:33:34.0333 0x1204  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:33:34.0333 0x1204  b57nd60a - ok
08:33:34.0333 0x1204  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:33:34.0333 0x1204  BDESVC - ok
08:33:34.0333 0x1204  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:33:34.0333 0x1204  Beep - ok
08:33:34.0348 0x1204  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
08:33:34.0348 0x1204  BFE - ok
08:33:34.0364 0x1204  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
08:33:34.0380 0x1204  BITS - ok
08:33:34.0380 0x1204  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:33:34.0380 0x1204  blbdrive - ok
08:33:34.0395 0x1204  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:33:34.0395 0x1204  Bonjour Service - ok
08:33:34.0395 0x1204  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:33:34.0395 0x1204  bowser - ok
08:33:34.0395 0x1204  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
08:33:34.0395 0x1204  BrFiltLo - ok
08:33:34.0395 0x1204  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
08:33:34.0395 0x1204  BrFiltUp - ok
08:33:34.0411 0x1204  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
08:33:34.0411 0x1204  Browser - ok
08:33:34.0411 0x1204  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:33:34.0411 0x1204  Brserid - ok
08:33:34.0426 0x1204  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:33:34.0426 0x1204  BrSerWdm - ok
08:33:34.0426 0x1204  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:33:34.0426 0x1204  BrUsbMdm - ok
08:33:34.0426 0x1204  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:33:34.0426 0x1204  BrUsbSer - ok
08:33:34.0426 0x1204  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:33:34.0426 0x1204  BTHMODEM - ok
08:33:34.0426 0x1204  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
08:33:34.0426 0x1204  bthserv - ok
08:33:34.0442 0x1204  [ 95C2FEB994798596F0E2CB2BB2C7F45A, 78A39A6EF8E29620F22970AF4AE37404FC33D308BF83F8CDF16F0A79C5561AAF ] cbdisk3         C:\Windows\system32\drivers\cbdisk3.sys
08:33:34.0442 0x1204  cbdisk3 - ok
08:33:34.0442 0x1204  [ 6C1506E58A2A0F1FC6756D322C576C5F, FBAE9597A594956AD6677DB0FB7FC2483DA6450E66BEB9B2D2D4F2C1373B7AA8 ] cbfs4           C:\Windows\system32\drivers\cbfs4.sys
08:33:34.0442 0x1204  cbfs4 - ok
08:33:34.0458 0x1204  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:33:34.0458 0x1204  cdfs - ok
08:33:34.0458 0x1204  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:33:34.0458 0x1204  cdrom - ok
08:33:34.0458 0x1204  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:33:34.0458 0x1204  CertPropSvc - ok
08:33:34.0458 0x1204  [ 2B2559146B072EB183DA1AB57E38E886, CAAE41158C3D5EA55834085C9161DB1EFF173CDF2FD0340B5289F541C294C5CC ] CG6Service      C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
08:33:34.0473 0x1204  CG6Service - ok
08:33:34.0473 0x1204  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:33:34.0473 0x1204  circlass - ok
08:33:34.0473 0x1204  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
08:33:34.0473 0x1204  CLFS - ok
08:33:34.0489 0x1204  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:33:34.0489 0x1204  clr_optimization_v2.0.50727_32 - ok
08:33:34.0489 0x1204  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:33:34.0489 0x1204  clr_optimization_v2.0.50727_64 - ok
08:33:34.0489 0x1204  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:33:34.0489 0x1204  clr_optimization_v4.0.30319_32 - ok
08:33:34.0504 0x1204  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:33:34.0504 0x1204  clr_optimization_v4.0.30319_64 - ok
08:33:34.0504 0x1204  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
08:33:34.0504 0x1204  CmBatt - ok
08:33:34.0504 0x1204  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:33:34.0504 0x1204  cmdide - ok
08:33:34.0504 0x1204  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:33:34.0520 0x1204  CNG - ok
08:33:34.0520 0x1204  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:33:34.0520 0x1204  Compbatt - ok
08:33:34.0520 0x1204  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:33:34.0520 0x1204  CompositeBus - ok
08:33:34.0520 0x1204  COMSysApp - ok
08:33:34.0536 0x1204  [ E20D73654A05670BD21F7876A3A0F747, A1708A4291641D8D17A6A4A7CE80A2B26046D3C35D5F718B008F0D3B290953DC ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:33:34.0536 0x1204  cphs - ok
08:33:34.0536 0x1204  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:33:34.0536 0x1204  crcdisk - ok
08:33:34.0551 0x1204  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:33:34.0551 0x1204  CryptSvc - ok
08:33:34.0551 0x1204  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:33:34.0567 0x1204  DcomLaunch - ok
08:33:34.0567 0x1204  [ 5DE1DB1FD27B0486292C881E1D94437E, D2D824CE9F7B57A3659B2249531DBA85C114E65D4EEBA3A159607B2104FF704B ] debutfilter     C:\Windows\system32\DRIVERS\debutfilterx64.sys
08:33:34.0567 0x1204  debutfilter - ok
08:33:34.0567 0x1204  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:33:34.0582 0x1204  defragsvc - ok
08:33:34.0582 0x1204  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:33:34.0582 0x1204  DfsC - ok
08:33:34.0582 0x1204  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:33:34.0582 0x1204  Dhcp - ok
08:33:34.0614 0x1204  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
08:33:34.0629 0x1204  DiagTrack - ok
08:33:34.0629 0x1204  [ F81460DB0644F0E825109F2E0E9F5D06, 21F26663CE22412BC9E6F4CD0F7FC536ED8844DE7C2C104616ACADBF4F47A839 ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
08:33:34.0629 0x1204  DirMngr - ok
08:33:34.0629 0x1204  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
08:33:34.0629 0x1204  discache - ok
08:33:34.0645 0x1204  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
08:33:34.0645 0x1204  Disk - ok
08:33:34.0645 0x1204  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:33:34.0645 0x1204  Dnscache - ok
08:33:34.0645 0x1204  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:33:34.0660 0x1204  dot3svc - ok
08:33:34.0660 0x1204  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
08:33:34.0660 0x1204  DPS - ok
08:33:34.0660 0x1204  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:33:34.0660 0x1204  drmkaud - ok
08:33:34.0676 0x1204  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:33:34.0692 0x1204  DXGKrnl - ok
08:33:34.0692 0x1204  [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
08:33:34.0707 0x1204  e1dexpress - ok
08:33:34.0707 0x1204  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
08:33:34.0707 0x1204  EapHost - ok
08:33:34.0754 0x1204  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
08:33:34.0785 0x1204  ebdrv - ok
08:33:34.0785 0x1204  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS             C:\Windows\System32\lsass.exe
08:33:34.0801 0x1204  EFS - ok
08:33:34.0801 0x1204  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:33:34.0801 0x1204  elxstor - ok
08:33:34.0816 0x1204  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:33:34.0816 0x1204  ErrDev - ok
08:33:34.0816 0x1204  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
08:33:34.0816 0x1204  EventSystem - ok
08:33:34.0832 0x1204  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:33:34.0832 0x1204  exfat - ok
08:33:34.0832 0x1204  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:33:34.0832 0x1204  fastfat - ok
08:33:34.0832 0x1204  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
08:33:34.0832 0x1204  fdc - ok
08:33:34.0848 0x1204  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
08:33:34.0848 0x1204  fdPHost - ok
08:33:34.0848 0x1204  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:33:34.0848 0x1204  FDResPub - ok
08:33:34.0848 0x1204  [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio     C:\Windows\system32\DRIVERS\ffusb2audio.sys
08:33:34.0848 0x1204  ffusb2audio - ok
08:33:34.0848 0x1204  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:33:34.0848 0x1204  FileInfo - ok
08:33:34.0848 0x1204  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:33:34.0848 0x1204  Filetrace - ok
08:33:34.0863 0x1204  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
08:33:34.0863 0x1204  flpydisk - ok
08:33:34.0863 0x1204  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:33:34.0863 0x1204  FltMgr - ok
08:33:34.0879 0x1204  [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache       C:\Windows\system32\FntCache.dll
08:33:34.0894 0x1204  FontCache - ok
08:33:34.0894 0x1204  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:33:34.0894 0x1204  FontCache3.0.0.0 - ok
08:33:34.0910 0x1204  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:33:34.0910 0x1204  FsDepends - ok
08:33:34.0910 0x1204  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:33:34.0910 0x1204  Fs_Rec - ok
08:33:34.0910 0x1204  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:33:34.0910 0x1204  fvevol - ok
08:33:34.0910 0x1204  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:33:34.0910 0x1204  gagp30kx - ok
08:33:34.0972 0x1204  [ 25BBECC7C72D4A1A021FA34534C1C822, F03164CB1624B2E4F6CCDF78562620DD81A3A985D5A6CFF7298B781D924F2F19 ] GlassWire       C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
08:33:35.0019 0x1204  GlassWire - ok
08:33:35.0035 0x1204  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
08:33:35.0050 0x1204  gpsvc - ok
08:33:35.0050 0x1204  [ 3CF2C2F026B06D3F6B9A402DD50D5C9B, EEC63C73D54BC6F9AA53F6A248A041E3A0F1CE39386DA6243B42D1C14A322B2B ] gwdrv           C:\Windows\system32\DRIVERS\gwdrv.sys
08:33:35.0050 0x1204  gwdrv - ok
08:33:35.0050 0x1204  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:33:35.0050 0x1204  hcw85cir - ok
08:33:35.0066 0x1204  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:33:35.0066 0x1204  HdAudAddService - ok
08:33:35.0066 0x1204  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:33:35.0066 0x1204  HDAudBus - ok
08:33:35.0082 0x1204  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
08:33:35.0082 0x1204  HidBatt - ok
08:33:35.0082 0x1204  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:33:35.0082 0x1204  HidBth - ok
08:33:35.0082 0x1204  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:33:35.0082 0x1204  HidIr - ok
08:33:35.0082 0x1204  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
08:33:35.0082 0x1204  hidserv - ok
08:33:35.0082 0x1204  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:33:35.0082 0x1204  HidUsb - ok
08:33:35.0082 0x1204  [ BBCC44D677183BEFED776C1ED6B138D1, A219E3C834550FA70E3D3986BFB31C40249B8A43F13BA023B21341C08249A65C ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe <== Blender
08:33:35.0082 0x1204  HiPatchService - ok
08:33:35.0097 0x1204  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:33:35.0097 0x1204  hkmsvc - ok
08:33:35.0097 0x1204  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:33:35.0097 0x1204  HomeGroupListener - ok
08:33:35.0097 0x1204  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:33:35.0113 0x1204  HomeGroupProvider - ok
08:33:35.0113 0x1204  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:33:35.0113 0x1204  HpSAMD - ok
08:33:35.0128 0x1204  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:33:35.0128 0x1204  HTTP - ok
08:33:35.0128 0x1204  [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
08:33:35.0128 0x1204  HWiNFO32 - ok
08:33:35.0128 0x1204  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:33:35.0128 0x1204  hwpolicy - ok
08:33:35.0144 0x1204  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:33:35.0144 0x1204  i8042prt - ok
08:33:35.0144 0x1204  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:33:35.0160 0x1204  iaStorV - ok
08:33:35.0160 0x1204  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:33:35.0175 0x1204  idsvc - ok
08:33:35.0175 0x1204  IEEtwCollectorService - ok
08:33:35.0238 0x1204  [ 4AA0CEDCA2DCCD38B6F0AA56BC7B80BB, B4D88292CD95DB1DC9BE7A721D3886889D9761F48BCA5ABA8EB8492B53FCC007 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:33:35.0300 0x1204  igfx - ok
08:33:35.0300 0x1204  [ 486F05A5B011EA206AD5F6BB9A032A6B, 77A9113C6A8C0C096CA2B4A4A70C33A75C3DF14B36BCD10605DC34F39EBABA76 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
08:33:35.0316 0x1204  igfxCUIService1.0.0.0 - ok
08:33:35.0316 0x1204  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:33:35.0316 0x1204  iirsp - ok
08:33:35.0331 0x1204  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
08:33:35.0331 0x1204  IKEEXT - ok
08:33:35.0347 0x1204  [ 9D01DDF5EA8494BBCBB73FF385E35D35, C575DC65275BEA8558A855C7DC6CFA84BD7F48D24BB0C522084E89DDC5CB02A7 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
08:33:35.0347 0x1204  IntcDAud - ok
08:33:35.0362 0x1204  [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:33:35.0378 0x1204  Intel(R) Capability Licensing Service Interface - ok
08:33:35.0378 0x1204  [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
08:33:35.0394 0x1204  Intel(R) Capability Licensing Service TCP IP Interface - ok
08:33:35.0394 0x1204  [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
08:33:35.0394 0x1204  Intel(R) PROSet Monitoring Service - ok
08:33:35.0409 0x1204  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:33:35.0409 0x1204  intelide - ok
08:33:35.0409 0x1204  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:33:35.0409 0x1204  intelppm - ok
08:33:35.0409 0x1204  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:33:35.0409 0x1204  IPBusEnum - ok
08:33:35.0409 0x1204  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:33:35.0409 0x1204  IpFilterDriver - ok
08:33:35.0425 0x1204  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:33:35.0425 0x1204  iphlpsvc - ok
08:33:35.0425 0x1204  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:33:35.0440 0x1204  IPMIDRV - ok
08:33:35.0440 0x1204  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:33:35.0440 0x1204  IPNAT - ok
08:33:35.0440 0x1204  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:33:35.0440 0x1204  IRENUM - ok
08:33:35.0440 0x1204  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:33:35.0440 0x1204  isapnp - ok
08:33:35.0440 0x1204  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:33:35.0456 0x1204  iScsiPrt - ok
08:33:35.0456 0x1204  [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
08:33:35.0456 0x1204  jhi_service - ok
08:33:35.0456 0x1204  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:33:35.0456 0x1204  kbdclass - ok
08:33:35.0456 0x1204  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:33:35.0456 0x1204  kbdhid - ok
08:33:35.0456 0x1204  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso          C:\Windows\system32\lsass.exe
08:33:35.0472 0x1204  KeyIso - ok
08:33:35.0472 0x1204  [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:33:35.0472 0x1204  KSecDD - ok
08:33:35.0472 0x1204  [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:33:35.0472 0x1204  KSecPkg - ok
08:33:35.0472 0x1204  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:33:35.0472 0x1204  ksthunk - ok
08:33:35.0487 0x1204  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:33:35.0487 0x1204  KtmRm - ok
08:33:35.0487 0x1204  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:33:35.0503 0x1204  LanmanServer - ok
08:33:35.0503 0x1204  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:33:35.0503 0x1204  LanmanWorkstation - ok
08:33:35.0503 0x1204  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:33:35.0503 0x1204  lltdio - ok
08:33:35.0503 0x1204  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:33:35.0518 0x1204  lltdsvc - ok
08:33:35.0518 0x1204  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:33:35.0518 0x1204  lmhosts - ok
08:33:35.0518 0x1204  [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:33:35.0534 0x1204  LMS - ok
08:33:35.0534 0x1204  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:33:35.0534 0x1204  LSI_FC - ok
08:33:35.0534 0x1204  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:33:35.0534 0x1204  LSI_SAS - ok
08:33:35.0534 0x1204  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
08:33:35.0534 0x1204  LSI_SAS2 - ok
08:33:35.0550 0x1204  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:33:35.0550 0x1204  LSI_SCSI - ok
08:33:35.0550 0x1204  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:33:35.0550 0x1204  luafv - ok
08:33:35.0550 0x1204  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:33:35.0550 0x1204  megasas - ok
08:33:35.0550 0x1204  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
08:33:35.0565 0x1204  MegaSR - ok
08:33:35.0565 0x1204  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
08:33:35.0565 0x1204  MEIx64 - ok
08:33:35.0565 0x1204  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
08:33:35.0565 0x1204  MMCSS - ok
08:33:35.0565 0x1204  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
08:33:35.0565 0x1204  Modem - ok
08:33:35.0565 0x1204  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:33:35.0565 0x1204  monitor - ok
08:33:35.0565 0x1204  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:33:35.0581 0x1204  mouclass - ok
08:33:35.0581 0x1204  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:33:35.0581 0x1204  mouhid - ok
08:33:35.0581 0x1204  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:33:35.0581 0x1204  mountmgr - ok
08:33:35.0581 0x1204  [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:33:35.0581 0x1204  MozillaMaintenance - ok
08:33:35.0596 0x1204  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:33:35.0596 0x1204  mpio - ok
08:33:35.0596 0x1204  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:33:35.0596 0x1204  mpsdrv - ok
08:33:35.0612 0x1204  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:33:35.0612 0x1204  MpsSvc - ok
08:33:35.0628 0x1204  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:33:35.0628 0x1204  MRxDAV - ok
08:33:35.0628 0x1204  [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:33:35.0628 0x1204  mrxsmb - ok
08:33:35.0628 0x1204  [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:33:35.0643 0x1204  mrxsmb10 - ok
08:33:35.0643 0x1204  [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:33:35.0643 0x1204  mrxsmb20 - ok
08:33:35.0643 0x1204  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:33:35.0643 0x1204  msahci - ok
08:33:35.0643 0x1204  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:33:35.0643 0x1204  MSCamSvc - ok
08:33:35.0659 0x1204  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:33:35.0659 0x1204  msdsm - ok
08:33:35.0659 0x1204  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
08:33:35.0659 0x1204  MSDTC - ok
08:33:35.0659 0x1204  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:33:35.0659 0x1204  Msfs - ok
08:33:35.0674 0x1204  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:33:35.0674 0x1204  mshidkmdf - ok
08:33:35.0674 0x1204  [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
08:33:35.0674 0x1204  MSHUSBVideo - ok
08:33:35.0674 0x1204  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:33:35.0674 0x1204  msisadrv - ok
08:33:35.0674 0x1204  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:33:35.0674 0x1204  MSiSCSI - ok
08:33:35.0674 0x1204  msiserver - ok
08:33:35.0674 0x1204  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:33:35.0674 0x1204  MSKSSRV - ok
08:33:35.0674 0x1204  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:33:35.0690 0x1204  MSPCLOCK - ok
08:33:35.0690 0x1204  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:33:35.0690 0x1204  MSPQM - ok
08:33:35.0690 0x1204  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:33:35.0690 0x1204  MsRPC - ok
08:33:35.0690 0x1204  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:33:35.0706 0x1204  mssmbios - ok
08:33:35.0706 0x1204  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:33:35.0706 0x1204  MSTEE - ok
08:33:35.0706 0x1204  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
08:33:35.0706 0x1204  MTConfig - ok
08:33:35.0706 0x1204  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:33:35.0706 0x1204  Mup - ok
08:33:35.0706 0x1204  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
08:33:35.0721 0x1204  napagent - ok
08:33:35.0721 0x1204  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:33:35.0721 0x1204  NativeWifiP - ok
08:33:35.0737 0x1204  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:33:35.0752 0x1204  NDIS - ok
08:33:35.0752 0x1204  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:33:35.0752 0x1204  NdisCap - ok
08:33:35.0752 0x1204  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:33:35.0752 0x1204  NdisTapi - ok
08:33:35.0768 0x1204  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:33:35.0768 0x1204  Ndisuio - ok
08:33:35.0768 0x1204  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:33:35.0768 0x1204  NdisWan - ok
08:33:35.0768 0x1204  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:33:35.0768 0x1204  NDProxy - ok
08:33:35.0768 0x1204  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:33:35.0768 0x1204  NetBIOS - ok
08:33:35.0784 0x1204  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:33:35.0784 0x1204  NetBT - ok
08:33:35.0784 0x1204  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon        C:\Windows\system32\lsass.exe
08:33:35.0784 0x1204  Netlogon - ok
08:33:35.0784 0x1204  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
08:33:35.0799 0x1204  Netman - ok
08:33:35.0799 0x1204  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0799 0x1204  NetMsmqActivator - ok
08:33:35.0799 0x1204  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0799 0x1204  NetPipeActivator - ok
08:33:35.0815 0x1204  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
08:33:35.0815 0x1204  netprofm - ok
08:33:35.0830 0x1204  [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
08:33:35.0846 0x1204  netr28ux - ok
08:33:35.0846 0x1204  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0846 0x1204  NetTcpActivator - ok
08:33:35.0846 0x1204  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:33:35.0846 0x1204  NetTcpPortSharing - ok
08:33:35.0862 0x1204  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:33:35.0862 0x1204  nfrd960 - ok
08:33:36.0049 0x1204  [ 51863664507D84D42DCDA30EE6F284FB, 655DFB2E019E3E5EEF69C90B796F40D74986951BA4A6EA7CDDAE73DAE420FCE9 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
08:33:36.0205 0x1204  NIHardwareService - ok
08:33:36.0361 0x1204  [ F3B089833C4D3B7238C687F2B92FFB95, 2E593CB336ADBB0911AB0150B92E6E9B2A215666F9987BCD7F48A445DB3E2164 ] NIHostIntegrationAgent C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
08:33:36.0486 0x1204  NIHostIntegrationAgent - ok
08:33:36.0501 0x1204  [ EEECC4C67144A39BA5B9B6E351932606, C3CB9042D00559893EA37969898840D3D437703E6B13BCF21253AB40F6071446 ] NIWinCDEmu      C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
08:33:36.0501 0x1204  NIWinCDEmu - ok
08:33:36.0501 0x1204  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:33:36.0517 0x1204  NlaSvc - ok
08:33:36.0517 0x1204  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
08:33:36.0517 0x1204  NPF - ok
08:33:36.0517 0x1204  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:33:36.0517 0x1204  Npfs - ok
08:33:36.0517 0x1204  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
08:33:36.0517 0x1204  nsi - ok
08:33:36.0517 0x1204  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:33:36.0517 0x1204  nsiproxy - ok
08:33:36.0548 0x1204  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:33:36.0564 0x1204  Ntfs - ok
08:33:36.0564 0x1204  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
08:33:36.0564 0x1204  Null - ok
08:33:36.0579 0x1204  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:33:36.0579 0x1204  nvraid - ok
08:33:36.0579 0x1204  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:33:36.0579 0x1204  nvstor - ok
08:33:36.0579 0x1204  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:33:36.0579 0x1204  nv_agp - ok
08:33:36.0579 0x1204  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:33:36.0595 0x1204  ohci1394 - ok
08:33:36.0657 0x1204  [ AEE92DF50D5ADF81FC5709ABF7DFF8A5, 655C2FC05FFF3095D4EBC5A88638D1FF9228FE54154431CBC4F2A34197869A90 ] OSFMount        T:\FTK\OSForensics\OSFMount64\OSFMount.sys
08:33:36.0673 0x1204  OSFMount - ok
08:33:36.0688 0x1204  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:33:36.0688 0x1204  p2pimsvc - ok
08:33:36.0688 0x1204  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
08:33:36.0704 0x1204  p2psvc - ok
08:33:36.0954 0x1204  [ C8DB2CA854F8D544B634AE73AB3BC344, 50D242599FA45FA4790DC3672C9EFF1ACA5B79FBBC323E750DD079A7C1CD5A38 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
08:33:37.0172 0x1204  PaceLicenseDServices - ok
08:33:37.0188 0x1204  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
08:33:37.0188 0x1204  Parport - ok
08:33:37.0203 0x1204  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:33:37.0203 0x1204  partmgr - ok
08:33:37.0203 0x1204  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:33:37.0203 0x1204  PcaSvc - ok
08:33:37.0203 0x1204  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
08:33:37.0203 0x1204  pci - ok
08:33:37.0219 0x1204  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:33:37.0219 0x1204  pciide - ok
08:33:37.0219 0x1204  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:33:37.0219 0x1204  pcmcia - ok
08:33:37.0219 0x1204  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:33:37.0219 0x1204  pcw - ok
08:33:37.0234 0x1204  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:33:37.0234 0x1204  PEAUTH - ok
08:33:37.0250 0x1204  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:33:37.0250 0x1204  PerfHost - ok
08:33:37.0266 0x1204  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
08:33:37.0281 0x1204  pla - ok
08:33:37.0297 0x1204  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:33:37.0297 0x1204  PlugPlay - ok
08:33:37.0312 0x1204  [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
08:33:37.0312 0x1204  PMBDeviceInfoProvider - ok
08:33:37.0312 0x1204  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:33:37.0312 0x1204  PNRPAutoReg - ok
08:33:37.0328 0x1204  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:33:37.0328 0x1204  PNRPsvc - ok
08:33:37.0328 0x1204  [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
08:33:37.0328 0x1204  Point64 - ok
08:33:37.0344 0x1204  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:33:37.0344 0x1204  PolicyAgent - ok
08:33:37.0344 0x1204  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
08:33:37.0359 0x1204  Power - ok
08:33:37.0359 0x1204  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:33:37.0359 0x1204  PptpMiniport - ok
08:33:37.0359 0x1204  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
08:33:37.0359 0x1204  Processor - ok
08:33:37.0359 0x1204  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:33:37.0375 0x1204  ProfSvc - ok
08:33:37.0375 0x1204  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:33:37.0375 0x1204  ProtectedStorage - ok
08:33:37.0375 0x1204  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:33:37.0375 0x1204  Psched - ok
08:33:37.0390 0x1204  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:33:37.0422 0x1204  ql2300 - ok
08:33:37.0422 0x1204  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:33:37.0422 0x1204  ql40xx - ok
08:33:37.0422 0x1204  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
08:33:37.0422 0x1204  QWAVE - ok
08:33:37.0437 0x1204  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:33:37.0437 0x1204  QWAVEdrv - ok
08:33:37.0437 0x1204  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:33:37.0437 0x1204  RasAcd - ok
08:33:37.0437 0x1204  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:33:37.0437 0x1204  RasAgileVpn - ok
08:33:37.0437 0x1204  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
08:33:37.0437 0x1204  RasAuto - ok
08:33:37.0437 0x1204  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:33:37.0453 0x1204  Rasl2tp - ok
08:33:37.0453 0x1204  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
08:33:37.0453 0x1204  RasMan - ok
08:33:37.0453 0x1204  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:33:37.0453 0x1204  RasPppoe - ok
08:33:37.0468 0x1204  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:33:37.0468 0x1204  RasSstp - ok
08:33:37.0468 0x1204  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:33:37.0468 0x1204  rdbss - ok
08:33:37.0468 0x1204  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
08:33:37.0468 0x1204  rdpbus - ok
08:33:37.0484 0x1204  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:33:37.0484 0x1204  RDPCDD - ok
08:33:37.0484 0x1204  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:33:37.0484 0x1204  RDPENCDD - ok
08:33:37.0484 0x1204  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:33:37.0484 0x1204  RDPREFMP - ok
08:33:37.0484 0x1204  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:33:37.0484 0x1204  RDPWD - ok
08:33:37.0500 0x1204  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:33:37.0500 0x1204  rdyboost - ok
08:33:37.0500 0x1204  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:33:37.0500 0x1204  RemoteAccess - ok
08:33:37.0500 0x1204  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:33:37.0500 0x1204  RemoteRegistry - ok
08:33:37.0515 0x1204  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
08:33:37.0515 0x1204  rpcapd - ok
08:33:37.0515 0x1204  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:33:37.0515 0x1204  RpcEptMapper - ok
08:33:37.0515 0x1204  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
08:33:37.0515 0x1204  RpcLocator - ok
08:33:37.0531 0x1204  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
08:33:37.0531 0x1204  RpcSs - ok
08:33:37.0531 0x1204  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:33:37.0531 0x1204  rspndr - ok
08:33:37.0531 0x1204  [ 24061B0958874C1CB2A5A8E9D25482D4, F84F8173242B95F9F3C4FEA99B5555B33F9CE37CA8188B643871D261CB081496 ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
08:33:37.0531 0x1204  RTCore64 - ok
08:33:37.0578 0x1204  [ CB1D6D163F1FA16571F4E01B12BD3A77, 9D3125DD74B3C4924F39805B62069F9B4B78D6EA5BB769D7DAC7D0AD3FC7D5BC ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
08:33:37.0609 0x1204  RtlWlanu - ok
08:33:37.0609 0x1204  [ E5DCAF3BA52C18B8C267B8525393750E, 874B78270C60FE426C3B35C0B5FD00EA35D88C081BB94E03F9B71E4479FE46A7 ] RunSwUSB        C:\Windows\runSW.exe
08:33:37.0609 0x1204  RunSwUSB - ok
08:33:37.0624 0x1204  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] SamSs           C:\Windows\system32\lsass.exe
08:33:37.0624 0x1204  SamSs - ok
08:33:37.0624 0x1204  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:33:37.0624 0x1204  sbp2port - ok
08:33:37.0624 0x1204  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:33:37.0624 0x1204  SCardSvr - ok
08:33:37.0624 0x1204  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:33:37.0624 0x1204  scfilter - ok
08:33:37.0640 0x1204  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
08:33:37.0656 0x1204  Schedule - ok
08:33:37.0656 0x1204  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:33:37.0671 0x1204  SCPolicySvc - ok
08:33:37.0671 0x1204  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:33:37.0671 0x1204  SDRSVC - ok
08:33:37.0671 0x1204  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:33:37.0671 0x1204  secdrv - ok
08:33:37.0671 0x1204  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
08:33:37.0671 0x1204  seclogon - ok
08:33:37.0671 0x1204  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
08:33:37.0687 0x1204  SENS - ok
08:33:37.0687 0x1204  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:33:37.0687 0x1204  SensrSvc - ok
08:33:37.0687 0x1204  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:33:37.0687 0x1204  Serenum - ok
08:33:37.0687 0x1204  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
08:33:37.0687 0x1204  Serial - ok
08:33:37.0687 0x1204  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:33:37.0687 0x1204  sermouse - ok
08:33:37.0702 0x1204  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
08:33:37.0702 0x1204  SessionEnv - ok
08:33:37.0702 0x1204  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:33:37.0702 0x1204  sffdisk - ok
08:33:37.0702 0x1204  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:33:37.0702 0x1204  sffp_mmc - ok
08:33:37.0702 0x1204  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:33:37.0702 0x1204  sffp_sd - ok
08:33:37.0702 0x1204  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:33:37.0702 0x1204  sfloppy - ok
08:33:37.0718 0x1204  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:33:37.0718 0x1204  SharedAccess - ok
08:33:37.0718 0x1204  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:33:37.0734 0x1204  ShellHWDetection - ok
08:33:37.0734 0x1204  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
08:33:37.0734 0x1204  SiSRaid2 - ok
08:33:37.0734 0x1204  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:33:37.0734 0x1204  SiSRaid4 - ok
08:33:37.0734 0x1204  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:33:37.0734 0x1204  Smb - ok
08:33:37.0749 0x1204  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:33:37.0749 0x1204  SNMPTRAP - ok
08:33:37.0749 0x1204  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
08:33:37.0749 0x1204  speedfan - ok
08:33:37.0749 0x1204  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:33:37.0749 0x1204  spldr - ok
08:33:37.0765 0x1204  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
08:33:37.0765 0x1204  Spooler - ok
08:33:37.0812 0x1204  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:33:37.0858 0x1204  sppsvc - ok
08:33:37.0858 0x1204  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:33:37.0858 0x1204  sppuinotify - ok
08:33:37.0858 0x1204  [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:33:37.0874 0x1204  srv - ok
08:33:37.0874 0x1204  [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:33:37.0890 0x1204  srv2 - ok
08:33:37.0890 0x1204  [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:33:37.0890 0x1204  srvnet - ok
08:33:37.0890 0x1204  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:33:37.0890 0x1204  SSDPSRV - ok
08:33:37.0905 0x1204  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:33:37.0905 0x1204  SstpSvc - ok
08:33:37.0921 0x1204  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:33:37.0936 0x1204  Steam Client Service - ok
08:33:37.0936 0x1204  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
08:33:37.0936 0x1204  stexstor - ok
08:33:37.0952 0x1204  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
08:33:37.0952 0x1204  stisvc - ok
08:33:37.0968 0x1204  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:33:37.0968 0x1204  swenum - ok
08:33:37.0968 0x1204  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
08:33:37.0983 0x1204  swprv - ok
08:33:37.0999 0x1204  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
08:33:38.0014 0x1204  SysMain - ok
08:33:38.0030 0x1204  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:33:38.0030 0x1204  TabletInputService - ok
08:33:38.0030 0x1204  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
08:33:38.0030 0x1204  tap0901 - ok
08:33:38.0030 0x1204  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:33:38.0046 0x1204  TapiSrv - ok
08:33:38.0061 0x1204  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:33:38.0092 0x1204  Tcpip - ok
08:33:38.0108 0x1204  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:33:38.0139 0x1204  TCPIP6 - ok
08:33:38.0139 0x1204  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:33:38.0139 0x1204  tcpipreg - ok
08:33:38.0139 0x1204  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:33:38.0139 0x1204  TDPIPE - ok
08:33:38.0139 0x1204  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:33:38.0139 0x1204  TDTCP - ok
08:33:38.0155 0x1204  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:33:38.0155 0x1204  tdx - ok
08:33:38.0295 0x1204  [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
08:33:38.0404 0x1204  TeamViewer - ok
08:33:38.0420 0x1204  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
08:33:38.0420 0x1204  teamviewervpn - ok
08:33:38.0420 0x1204  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:33:38.0420 0x1204  TermDD - ok
08:33:38.0436 0x1204  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
08:33:38.0436 0x1204  TermService - ok
08:33:38.0451 0x1204  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
08:33:38.0451 0x1204  Themes - ok
08:33:38.0451 0x1204  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
08:33:38.0451 0x1204  THREADORDER - ok
08:33:38.0451 0x1204  [ D154DD00C8F12D94C9CC94027356B6E4, 501026564147DC43D0764521816B8D20576DA8F5D9DB0D2D8D3A16AA48A534A3 ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
08:33:38.0451 0x1204  Tpkd - ok
08:33:38.0467 0x1204  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
08:33:38.0467 0x1204  TrkWks - ok
08:33:38.0467 0x1204  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:33:38.0467 0x1204  TrustedInstaller - ok
08:33:38.0467 0x1204  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:33:38.0467 0x1204  tssecsrv - ok
08:33:38.0467 0x1204  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:33:38.0467 0x1204  TsUsbFlt - ok
08:33:38.0482 0x1204  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
08:33:38.0482 0x1204  TsUsbGD - ok
08:33:38.0482 0x1204  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:33:38.0482 0x1204  tunnel - ok
08:33:38.0482 0x1204  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:33:38.0482 0x1204  uagp35 - ok
08:33:38.0498 0x1204  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:33:38.0498 0x1204  udfs - ok
08:33:38.0498 0x1204  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:33:38.0498 0x1204  UI0Detect - ok
08:33:38.0498 0x1204  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:33:38.0498 0x1204  uliagpkx - ok
08:33:38.0498 0x1204  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:33:38.0498 0x1204  umbus - ok
08:33:38.0514 0x1204  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:33:38.0514 0x1204  UmPass - ok
08:33:38.0514 0x1204  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
08:33:38.0514 0x1204  upnphost - ok
08:33:38.0514 0x1204  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
08:33:38.0529 0x1204  usbaudio - ok
08:33:38.0529 0x1204  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:33:38.0529 0x1204  usbccgp - ok
08:33:38.0529 0x1204  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:33:38.0529 0x1204  usbcir - ok
08:33:38.0529 0x1204  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:33:38.0529 0x1204  usbehci - ok
08:33:38.0545 0x1204  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
08:33:38.0545 0x1204  usbhub - ok
08:33:38.0545 0x1204  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:33:38.0545 0x1204  usbohci - ok
08:33:38.0545 0x1204  [ E657C5CEA6B8EF318FEA1BCF971EE32D, B97314C2E82E2D942BE22D59DA8703EBF6631EF82ED34EDCD210CC37E206DE37 ] USBPcap         C:\Windows\system32\DRIVERS\USBPcap.sys
08:33:38.0545 0x1204  USBPcap - ok
08:33:38.0545 0x1204  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
08:33:38.0545 0x1204  usbprint - ok
08:33:38.0560 0x1204  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:33:38.0560 0x1204  USBSTOR - ok
08:33:38.0560 0x1204  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:33:38.0560 0x1204  usbuhci - ok
08:33:38.0560 0x1204  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:33:38.0560 0x1204  usbvideo - ok
08:33:38.0560 0x1204  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
08:33:38.0560 0x1204  UxSms - ok
08:33:38.0576 0x1204  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] VaultSvc        C:\Windows\system32\lsass.exe
08:33:38.0576 0x1204  VaultSvc - ok
08:33:38.0576 0x1204  [ B9762134953EF28EC04286AA4B35863E, 032C3CCA358E3AEA18FEAD374223544C69287B7380892BB266573D9BEB571B4E ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
08:33:38.0592 0x1204  VBoxDrv - ok
08:33:38.0592 0x1204  [ 6DFE5B5F1E614E2088139D4A0C11AB15, 4347577D3E913EED1A094026B6898875B0DA7C5D57182DF77762EDDC3C0AF63F ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
08:33:38.0592 0x1204  VBoxNetAdp - ok
08:33:38.0607 0x1204  [ E4DCFB40B687F565CD8261EB558586BD, 7B961F069850653DDB9EA68A67A5129845B6F735EB99F6591E109AEF425B84F9 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
08:33:38.0607 0x1204  VBoxNetLwf - ok
08:33:38.0607 0x1204  [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
08:33:38.0607 0x1204  VBoxUSB - ok
08:33:38.0607 0x1204  [ 312FB8707B51E327DFFBD7DD08BE9E2E, 02E0A4FCA3560B993209C6F2BF4C4056162FE8F6B9560C142E8263DCFBE7BE90 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
08:33:38.0623 0x1204  VBoxUSBMon - ok
08:33:38.0623 0x1204  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:33:38.0623 0x1204  vdrvroot - ok
08:33:38.0623 0x1204  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
08:33:38.0638 0x1204  vds - ok
08:33:38.0638 0x1204  [ C0BB7F0C789AC778549DCC20B18A8DC0, 6C985B008488EB9766C4CE6709C37AF6ECCEDA7A69EB45627B1871D891D925DF ] veracrypt       C:\Windows\system32\drivers\veracrypt.sys
08:33:38.0638 0x1204  veracrypt - ok
08:33:38.0638 0x1204  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:33:38.0638 0x1204  vga - ok
08:33:38.0638 0x1204  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:33:38.0638 0x1204  VgaSave - ok
08:33:38.0654 0x1204  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:33:38.0654 0x1204  vhdmp - ok
08:33:38.0654 0x1204  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:33:38.0654 0x1204  viaide - ok
08:33:38.0654 0x1204  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:33:38.0654 0x1204  volmgr - ok
08:33:38.0670 0x1204  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:33:38.0670 0x1204  volmgrx - ok
08:33:38.0670 0x1204  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:33:38.0670 0x1204  volsnap - ok
08:33:38.0685 0x1204  [ 0804B6E024B4A3116E8BF39B65933329, B6A816FAD170E16D03D0F1293B937B600D393331011A8DF66CC3D1EE6569922C ] vpnpbus         C:\Windows\system32\DRIVERS\vpnpbus.sys
08:33:38.0685 0x1204  vpnpbus - ok
08:33:38.0685 0x1204  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:33:38.0685 0x1204  vsmraid - ok
08:33:38.0701 0x1204  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
08:33:38.0732 0x1204  VSS - ok
08:33:38.0732 0x1204  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:33:38.0732 0x1204  vwifibus - ok
08:33:38.0732 0x1204  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:33:38.0732 0x1204  vwififlt - ok
08:33:38.0732 0x1204  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:33:38.0732 0x1204  vwifimp - ok
08:33:38.0748 0x1204  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
08:33:38.0748 0x1204  W32Time - ok
08:33:38.0748 0x1204  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:33:38.0748 0x1204  WacomPen - ok
08:33:38.0748 0x1204  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:33:38.0748 0x1204  WANARP - ok
08:33:38.0748 0x1204  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:33:38.0763 0x1204  Wanarpv6 - ok
08:33:38.0779 0x1204  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
08:33:38.0794 0x1204  wbengine - ok
08:33:38.0794 0x1204  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:33:38.0810 0x1204  WbioSrvc - ok
08:33:38.0810 0x1204  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:33:38.0810 0x1204  wcncsvc - ok
08:33:38.0810 0x1204  [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:33:38.0826 0x1204  WcsPlugInService - ok
08:33:38.0826 0x1204  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
08:33:38.0826 0x1204  Wd - ok
08:33:38.0826 0x1204  [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
08:33:38.0826 0x1204  WDC_SAM - ok
08:33:38.0841 0x1204  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:33:38.0841 0x1204  Wdf01000 - ok
08:33:38.0841 0x1204  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:33:38.0841 0x1204  WdiServiceHost - ok
08:33:38.0857 0x1204  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:33:38.0857 0x1204  WdiSystemHost - ok
08:33:38.0857 0x1204  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
08:33:38.0857 0x1204  WebClient - ok
08:33:38.0872 0x1204  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:33:38.0872 0x1204  Wecsvc - ok
08:33:38.0872 0x1204  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:33:38.0872 0x1204  wercplsupport - ok
08:33:38.0872 0x1204  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:33:38.0872 0x1204  WerSvc - ok
08:33:38.0872 0x1204  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:33:38.0888 0x1204  WfpLwf - ok
08:33:38.0888 0x1204  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:33:38.0888 0x1204  WIMMount - ok
08:33:38.0888 0x1204  WinDefend - ok
08:33:38.0888 0x1204  WinHttpAutoProxySvc - ok
08:33:38.0888 0x1204  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:33:38.0888 0x1204  Winmgmt - ok
08:33:38.0919 0x1204  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:33:38.0950 0x1204  WinRM - ok
08:33:38.0950 0x1204  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:33:38.0950 0x1204  WinUsb - ok
08:33:38.0966 0x1204  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:33:38.0982 0x1204  Wlansvc - ok
08:33:38.0982 0x1204  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:33:38.0982 0x1204  WmiAcpi - ok
08:33:38.0982 0x1204  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:33:38.0982 0x1204  wmiApSrv - ok
08:33:38.0982 0x1204  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:33:38.0982 0x1204  WPCSvc - ok
08:33:38.0997 0x1204  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:33:38.0997 0x1204  WPDBusEnum - ok
08:33:38.0997 0x1204  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:33:38.0997 0x1204  ws2ifsl - ok
08:33:38.0997 0x1204  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
08:33:38.0997 0x1204  wscsvc - ok
08:33:38.0997 0x1204  WSearch - ok
08:33:39.0044 0x1204  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:33:39.0060 0x1204  wuauserv - ok
08:33:39.0075 0x1204  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:33:39.0075 0x1204  WudfPf - ok
08:33:39.0075 0x1204  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:33:39.0075 0x1204  WUDFRd - ok
08:33:39.0075 0x1204  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:33:39.0091 0x1204  wudfsvc - ok
08:33:39.0091 0x1204  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:33:39.0091 0x1204  WwanSvc - ok
08:33:39.0091 0x1204  ================ Scan global ===============================
08:33:39.0106 0x1204  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
08:33:39.0106 0x1204  [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:33:39.0106 0x1204  [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:33:39.0122 0x1204  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:33:39.0122 0x1204  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
08:33:39.0122 0x1204  [ Global ] - ok
         

Alt 29.03.2017, 09:07   #5
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



#2/2

Code:
ATTFilter
08:33:39.0122 0x1204  ================ Scan MBR ==================================
08:33:39.0138 0x1204  [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk0\DR0
08:33:39.0200 0x1204  \Device\Harddisk0\DR0 - ok
08:33:39.0231 0x1204  [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk1\DR1
08:33:39.0231 0x1204  \Device\Harddisk1\DR1 - ok
08:33:39.0231 0x1204  [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk3\DR3
08:33:39.0418 0x1204  \Device\Harddisk3\DR3 - ok
08:33:39.0465 0x1204  [ 5FB38429D5D77768867C76DCBDB351 ] \Device\Harddisk4\DR4
08:33:39.0465 0x1204  \Device\Harddisk4\DR4 - ok
08:33:39.0465 0x1204  [ A36C5E4F47E84449FF07ED3517B43A ] \Device\Harddisk2\DR2
08:33:39.0465 0x1204  \Device\Harddisk2\DR2 - ok
08:33:39.0465 0x1204  [ 5FB38429D5D77768867C76DCBDB351 ] \Device\Harddisk6\DR6
08:33:39.0481 0x1204  \Device\Harddisk6\DR6 - ok
08:33:39.0481 0x1204  ================ Scan VBR ==================================
08:33:39.0481 0x1204  [ 74332BDD85CCD319ACAC8835903D3F ] \Device\Harddisk0\DR0\Partition1
08:33:39.0481 0x1204  \Device\Harddisk0\DR0\Partition1 - ok
08:33:39.0481 0x1204  [ E6418B4AB1CA8DAC3AFA50FAF4D751 ] \Device\Harddisk1\DR1\Partition1
08:33:39.0481 0x1204  \Device\Harddisk1\DR1\Partition1 - ok
08:33:39.0481 0x1204  [ 284DD4A4C34F1A4011505DCAEAE5F1 ] \Device\Harddisk3\DR3\Partition1
08:33:39.0481 0x1204  \Device\Harddisk3\DR3\Partition1 - ok
08:33:39.0481 0x1204  [ 5452882DF8BC2948CEFE9BADBA7E1E ] \Device\Harddisk4\DR4\Partition1
08:33:39.0481 0x1204  \Device\Harddisk4\DR4\Partition1 - ok
08:33:39.0481 0x1204  [ 968005344DE1B36D36991B76FAD2D247 ] \Device\Harddisk2\DR2\Partition1
08:33:39.0496 0x1204  \Device\Harddisk2\DR2\Partition1 - ok
08:33:39.0496 0x1204  [ 7D307B81C9F87F79DB5EEF5803D40BC8 ] \Device\Harddisk6\DR6\Partition1
08:33:39.0496 0x1204  \Device\Harddisk6\DR6\Partition1 - ok
08:33:39.0496 0x1204  [ 2E2A8533E883D1A42F990AA85BA383 ] \Device\Harddisk6\DR6\Partition2
08:33:39.0496 0x1204  \Device\Harddisk6\DR6\Partition2 - ok
08:33:39.0496 0x1204  [ 2E2A853883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition3
08:33:39.0496 0x1204  \Device\Harddisk6\DR6\Partition3 - ok
08:33:39.0496 0x1204  ================ Scan generic autorun ======================
08:33:39.0528 0x1204  [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
08:33:39.0559 0x1204  IntelliPoint - ok
08:33:39.0559 0x1204  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
08:33:39.0559 0x1204  amd_dc_opt - ok
08:33:39.0559 0x1204  Sidebar - ok
08:33:39.0574 0x1204  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:33:39.0574 0x1204  mctadmin - ok
08:33:39.0574 0x1204  Sidebar - ok
08:33:39.0574 0x1204  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:33:39.0574 0x1204  mctadmin - ok
08:33:39.0606 0x1204  [ B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
08:33:39.0621 0x1204  Process Hacker 2 - ok
08:33:39.0730 0x1204  [ 52F5D651B8E39F258C1C34272FEB1AB2, C13AD8762A4474D8246DE7BC023244BD74456D45348F74F77373CC61C238A0F3 ] C:\Program Files\CCleaner\CCleaner64.exe
08:33:39.0824 0x1204  CCleaner Monitoring - ok
08:33:39.0902 0x1204  [ D03053F72A74801A32F41EFD088FA30E, 3F6E9AD19139F9A5881DB475EC3FD817C1F8CA1622B97E8864A7C59A7F7A2DA2 ] C:\Program Files (x86)\GlassWire\glasswire.exe
08:33:39.0964 0x1204  GlassWire - ok
08:33:39.0980 0x1204  Waiting for KSN requests completion. In queue: 97
08:33:40.0994 0x1204  Win FW state via NFP2: enabled ( trusted )
08:33:41.0150 0x1204  ============================================================
08:33:41.0150 0x1204  Scan finished
08:33:41.0150 0x1204  ============================================================
08:33:41.0150 0x0a0c  Detected object count: 0
08:33:41.0150 0x0a0c  Actual detected object count: 0
08:34:55.0233 0x0a00  ============================================================
08:34:55.0233 0x0a00  Scan started
08:34:55.0233 0x0a00  Mode: Manual; SigCheck; TDLFS; 
08:34:55.0233 0x0a00  ============================================================
08:34:55.0233 0x0a00  KSN ping started
08:34:55.0345 0x0a00  KSN ping finished: true
08:34:56.0650 0x0a00  ================ Scan system memory ========================
08:34:56.0650 0x0a00  System memory - ok
08:34:56.0650 0x0a00  ================ Scan services =============================
08:34:56.0667 0x0a00  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:34:56.0685 0x0a00  1394ohci - ok
08:34:56.0691 0x0a00  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:34:56.0700 0x0a00  ACPI - ok
08:34:56.0702 0x0a00  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:34:56.0709 0x0a00  AcpiPmi - ok
08:34:56.0713 0x0a00  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:34:56.0715 0x0a00  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
08:34:56.0715 0x0a00  Detect skipped due to KSN trusted
08:34:56.0715 0x0a00  Adobe LM Service - ok
08:34:56.0723 0x0a00  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:34:56.0734 0x0a00  adp94xx - ok
08:34:56.0741 0x0a00  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:34:56.0749 0x0a00  adpahci - ok
08:34:56.0754 0x0a00  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:34:56.0760 0x0a00  adpu320 - ok
08:34:56.0764 0x0a00  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:34:56.0769 0x0a00  AeLookupSvc - ok
08:34:56.0778 0x0a00  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
08:34:56.0788 0x0a00  AFD - ok
08:34:56.0791 0x0a00  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
08:34:56.0796 0x0a00  agp440 - ok
08:34:56.0799 0x0a00  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
08:34:56.0805 0x0a00  ALG - ok
08:34:56.0807 0x0a00  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:34:56.0811 0x0a00  aliide - ok
08:34:56.0816 0x0a00  [ C2C6576BD76BDBD5D29555440C0F147B, EB92CCF0670493B63D073976F5026C0F5954733CBC20812118F13716503C249B ] amdacpksd       C:\Windows\system32\drivers\amdacpksd.sys
08:34:56.0829 0x0a00  amdacpksd - ok
08:34:56.0831 0x0a00  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:34:56.0835 0x0a00  amdide - ok
08:34:56.0838 0x0a00  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:34:56.0843 0x0a00  AmdK8 - ok
08:34:56.0845 0x0a00  amdkmdag - ok
08:34:56.0853 0x0a00  [ 6489E58445DC4E53EE1446EC0CB04842, 13449C7B0BBDC1F2D0B5C9A0299BED47475D2D249BD5E24F68F9E06C4DC601BF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:34:56.0868 0x0a00  amdkmdap - ok
08:34:56.0871 0x0a00  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
08:34:56.0876 0x0a00  AmdPPM - ok
08:34:56.0879 0x0a00  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:34:56.0885 0x0a00  amdsata - ok
08:34:56.0889 0x0a00  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
08:34:56.0895 0x0a00  amdsbs - ok
08:34:56.0898 0x0a00  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:34:56.0902 0x0a00  amdxata - ok
08:34:56.0904 0x0a00  [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID           C:\Windows\system32\drivers\appid.sys
08:34:56.0910 0x0a00  AppID - ok
08:34:56.0912 0x0a00  [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:34:56.0917 0x0a00  AppIDSvc - ok
08:34:56.0919 0x0a00  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
08:34:56.0925 0x0a00  Appinfo - ok
08:34:56.0927 0x0a00  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
08:34:56.0933 0x0a00  arc - ok
08:34:56.0936 0x0a00  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:34:56.0941 0x0a00  arcsas - ok
08:34:56.0956 0x0a00  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
08:34:56.0972 0x0a00  asComSvc - ok
08:34:56.0987 0x0a00  [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
08:34:57.0003 0x0a00  asHmComSvc - ok
08:34:57.0012 0x0a00  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
08:34:57.0016 0x0a00  AsIO - ok
08:34:57.0022 0x0a00  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:34:57.0028 0x0a00  aspnet_state - ok
08:34:57.0030 0x0a00  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
08:34:57.0033 0x0a00  AsUpIO - ok
08:34:57.0035 0x0a00  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:34:57.0052 0x0a00  AsyncMac - ok
08:34:57.0055 0x0a00  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:34:57.0059 0x0a00  atapi - ok
08:34:57.0063 0x0a00  [ F9DB31BC5CD3700D37DB136BA56E5E9D, 9AB7421975500EE7FE583CCF86914F94E697606A9199DC4F27D5609554C5D3F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:34:57.0068 0x0a00  AtiHDAudioService - ok
08:34:57.0079 0x0a00  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:34:57.0093 0x0a00  AudioEndpointBuilder - ok
08:34:57.0104 0x0a00  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:34:57.0117 0x0a00  AudioSrv - ok
08:34:57.0121 0x0a00  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:34:57.0130 0x0a00  AxInstSV - ok
08:34:57.0138 0x0a00  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
08:34:57.0149 0x0a00  b06bdrv - ok
08:34:57.0155 0x0a00  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:34:57.0163 0x0a00  b57nd60a - ok
08:34:57.0167 0x0a00  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:34:57.0173 0x0a00  BDESVC - ok
08:34:57.0175 0x0a00  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:34:57.0191 0x0a00  Beep - ok
08:34:57.0203 0x0a00  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
08:34:57.0217 0x0a00  BFE - ok
08:34:57.0230 0x0a00  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
08:34:57.0258 0x0a00  BITS - ok
08:34:57.0262 0x0a00  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:34:57.0267 0x0a00  blbdrive - ok
08:34:57.0275 0x0a00  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:34:57.0284 0x0a00  Bonjour Service - ok
08:34:57.0288 0x0a00  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:34:57.0294 0x0a00  bowser - ok
08:34:57.0296 0x0a00  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
08:34:57.0301 0x0a00  BrFiltLo - ok
08:34:57.0303 0x0a00  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
08:34:57.0309 0x0a00  BrFiltUp - ok
08:34:57.0313 0x0a00  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
08:34:57.0319 0x0a00  Browser - ok
08:34:57.0325 0x0a00  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:34:57.0333 0x0a00  Brserid - ok
08:34:57.0336 0x0a00  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:34:57.0342 0x0a00  BrSerWdm - ok
08:34:57.0344 0x0a00  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:34:57.0350 0x0a00  BrUsbMdm - ok
08:34:57.0352 0x0a00  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:34:57.0356 0x0a00  BrUsbSer - ok
08:34:57.0359 0x0a00  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:34:57.0365 0x0a00  BTHMODEM - ok
08:34:57.0369 0x0a00  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
08:34:57.0386 0x0a00  bthserv - ok
08:34:57.0391 0x0a00  [ 95C2FEB994798596F0E2CB2BB2C7F45A, 78A39A6EF8E29620F22970AF4AE37404FC33D308BF83F8CDF16F0A79C5561AAF ] cbdisk3         C:\Windows\system32\drivers\cbdisk3.sys
08:34:57.0398 0x0a00  cbdisk3 - ok
08:34:57.0405 0x0a00  [ 6C1506E58A2A0F1FC6756D322C576C5F, FBAE9597A594956AD6677DB0FB7FC2483DA6450E66BEB9B2D2D4F2C1373B7AA8 ] cbfs4           C:\Windows\system32\drivers\cbfs4.sys
08:34:57.0413 0x0a00  cbfs4 - ok
08:34:57.0417 0x0a00  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:34:57.0435 0x0a00  cdfs - ok
08:34:57.0439 0x0a00  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:34:57.0445 0x0a00  cdrom - ok
08:34:57.0448 0x0a00  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:34:57.0465 0x0a00  CertPropSvc - ok
08:34:57.0469 0x0a00  [ 2B2559146B072EB183DA1AB57E38E886, CAAE41158C3D5EA55834085C9161DB1EFF173CDF2FD0340B5289F541C294C5CC ] CG6Service      C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
08:34:57.0475 0x0a00  CG6Service - ok
08:34:57.0478 0x0a00  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:34:57.0484 0x0a00  circlass - ok
08:34:57.0490 0x0a00  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
08:34:57.0500 0x0a00  CLFS - ok
08:34:57.0504 0x0a00  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:57.0509 0x0a00  clr_optimization_v2.0.50727_32 - ok
08:34:57.0512 0x0a00  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:57.0517 0x0a00  clr_optimization_v2.0.50727_64 - ok
08:34:57.0522 0x0a00  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:57.0528 0x0a00  clr_optimization_v4.0.30319_32 - ok
08:34:57.0534 0x0a00  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:57.0540 0x0a00  clr_optimization_v4.0.30319_64 - ok
08:34:57.0542 0x0a00  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
08:34:57.0547 0x0a00  CmBatt - ok
08:34:57.0549 0x0a00  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:34:57.0553 0x0a00  cmdide - ok
08:34:57.0561 0x0a00  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:34:57.0574 0x0a00  CNG - ok
08:34:57.0576 0x0a00  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:34:57.0581 0x0a00  Compbatt - ok
08:34:57.0583 0x0a00  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:34:57.0589 0x0a00  CompositeBus - ok
08:34:57.0591 0x0a00  COMSysApp - ok
08:34:57.0603 0x0a00  [ E20D73654A05670BD21F7876A3A0F747, A1708A4291641D8D17A6A4A7CE80A2B26046D3C35D5F718B008F0D3B290953DC ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
08:34:57.0612 0x0a00  cphs - ok
08:34:57.0614 0x0a00  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:34:57.0618 0x0a00  crcdisk - ok
08:34:57.0623 0x0a00  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:34:57.0631 0x0a00  CryptSvc - ok
08:34:57.0641 0x0a00  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:34:57.0653 0x0a00  DcomLaunch - ok
08:34:57.0655 0x0a00  [ 5DE1DB1FD27B0486292C881E1D94437E, D2D824CE9F7B57A3659B2249531DBA85C114E65D4EEBA3A159607B2104FF704B ] debutfilter     C:\Windows\system32\DRIVERS\debutfilterx64.sys
08:34:57.0659 0x0a00  debutfilter - ok
08:34:57.0665 0x0a00  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:34:57.0686 0x0a00  defragsvc - ok
08:34:57.0689 0x0a00  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:34:57.0696 0x0a00  DfsC - ok
08:34:57.0702 0x0a00  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:34:57.0712 0x0a00  Dhcp - ok
08:34:57.0737 0x0a00  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
08:34:57.0760 0x0a00  DiagTrack - ok
08:34:57.0767 0x0a00  [ F81460DB0644F0E825109F2E0E9F5D06, 21F26663CE22412BC9E6F4CD0F7FC536ED8844DE7C2C104616ACADBF4F47A839 ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
08:34:57.0772 0x0a00  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
08:34:57.0772 0x0a00  Detect skipped due to KSN trusted
08:34:57.0772 0x0a00  DirMngr - ok
08:34:57.0774 0x0a00  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
08:34:57.0792 0x0a00  discache - ok
08:34:57.0795 0x0a00  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
08:34:57.0800 0x0a00  Disk - ok
08:34:57.0805 0x0a00  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:34:57.0812 0x0a00  Dnscache - ok
08:34:57.0818 0x0a00  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:34:57.0837 0x0a00  dot3svc - ok
08:34:57.0841 0x0a00  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
08:34:57.0860 0x0a00  DPS - ok
08:34:57.0862 0x0a00  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:34:57.0866 0x0a00  drmkaud - ok
08:34:57.0881 0x0a00  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:34:57.0898 0x0a00  DXGKrnl - ok
08:34:57.0908 0x0a00  [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
08:34:57.0918 0x0a00  e1dexpress - ok
08:34:57.0921 0x0a00  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
08:34:57.0940 0x0a00  EapHost - ok
08:34:57.0985 0x0a00  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
08:34:58.0033 0x0a00  ebdrv - ok
08:34:58.0039 0x0a00  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS             C:\Windows\System32\lsass.exe
08:34:58.0045 0x0a00  EFS - ok
08:34:58.0054 0x0a00  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:34:58.0065 0x0a00  elxstor - ok
08:34:58.0067 0x0a00  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:34:58.0072 0x0a00  ErrDev - ok
08:34:58.0081 0x0a00  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
08:34:58.0103 0x0a00  EventSystem - ok
08:34:58.0108 0x0a00  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:34:58.0127 0x0a00  exfat - ok
08:34:58.0132 0x0a00  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:34:58.0151 0x0a00  fastfat - ok
08:34:58.0153 0x0a00  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
08:34:58.0158 0x0a00  fdc - ok
08:34:58.0160 0x0a00  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
08:34:58.0177 0x0a00  fdPHost - ok
08:34:58.0179 0x0a00  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:34:58.0197 0x0a00  FDResPub - ok
08:34:58.0200 0x0a00  [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio     C:\Windows\system32\DRIVERS\ffusb2audio.sys
08:34:58.0206 0x0a00  ffusb2audio - ok
08:34:58.0208 0x0a00  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:34:58.0213 0x0a00  FileInfo - ok
08:34:58.0215 0x0a00  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:34:58.0232 0x0a00  Filetrace - ok
08:34:58.0234 0x0a00  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
08:34:58.0239 0x0a00  flpydisk - ok
08:34:58.0245 0x0a00  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:34:58.0252 0x0a00  FltMgr - ok
08:34:58.0270 0x0a00  [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache       C:\Windows\system32\FntCache.dll
08:34:58.0290 0x0a00  FontCache - ok
08:34:58.0294 0x0a00  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:34:58.0298 0x0a00  FontCache3.0.0.0 - ok
08:34:58.0300 0x0a00  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:34:58.0305 0x0a00  FsDepends - ok
08:34:58.0307 0x0a00  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:34:58.0312 0x0a00  Fs_Rec - ok
08:34:58.0316 0x0a00  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:34:58.0325 0x0a00  fvevol - ok
08:34:58.0328 0x0a00  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:34:58.0333 0x0a00  gagp30kx - ok
08:34:58.0396 0x0a00  [ 25BBECC7C72D4A1A021FA34534C1C822, F03164CB1624B2E4F6CCDF78562620DD81A3A985D5A6CFF7298B781D924F2F19 ] GlassWire       C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
08:34:58.0479 0x0a00  GlassWire - ok
08:34:58.0497 0x0a00  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
08:34:58.0512 0x0a00  gpsvc - ok
08:34:58.0515 0x0a00  [ 3CF2C2F026B06D3F6B9A402DD50D5C9B, EEC63C73D54BC6F9AA53F6A248A041E3A0F1CE39386DA6243B42D1C14A322B2B ] gwdrv           C:\Windows\system32\DRIVERS\gwdrv.sys
08:34:58.0519 0x0a00  gwdrv - ok
08:34:58.0521 0x0a00  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:34:58.0525 0x0a00  hcw85cir - ok
08:34:58.0532 0x0a00  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:34:58.0542 0x0a00  HdAudAddService - ok
08:34:58.0546 0x0a00  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:34:58.0553 0x0a00  HDAudBus - ok
08:34:58.0555 0x0a00  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
08:34:58.0560 0x0a00  HidBatt - ok
08:34:58.0563 0x0a00  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:34:58.0570 0x0a00  HidBth - ok
08:34:58.0572 0x0a00  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:34:58.0579 0x0a00  HidIr - ok
08:34:58.0581 0x0a00  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
08:34:58.0598 0x0a00  hidserv - ok
08:34:58.0601 0x0a00  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:34:58.0605 0x0a00  HidUsb - ok
08:34:58.0607 0x0a00  [ BBCC44D677183BEFED776C1ED6B138D1, A219E3C834550FA70E3D3986BFB31C40249B8A43F13BA023B21341C08249A65C ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
08:34:58.0609 0x0a00  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
08:34:58.0648 0x0a00  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
08:34:58.0753 0x0a00  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:34:58.0771 0x0a00  hkmsvc - ok
08:34:58.0776 0x0a00  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:34:58.0784 0x0a00  HomeGroupListener - ok
08:34:58.0789 0x0a00  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:34:58.0796 0x0a00  HomeGroupProvider - ok
08:34:58.0799 0x0a00  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:34:58.0804 0x0a00  HpSAMD - ok
08:34:58.0816 0x0a00  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:34:58.0831 0x0a00  HTTP - ok
08:34:58.0833 0x0a00  [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
08:34:58.0837 0x0a00  HWiNFO32 - ok
08:34:58.0839 0x0a00  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:34:58.0843 0x0a00  hwpolicy - ok
08:34:58.0846 0x0a00  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:34:58.0852 0x0a00  i8042prt - ok
08:34:58.0860 0x0a00  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:34:58.0870 0x0a00  iaStorV - ok
08:34:58.0883 0x0a00  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:34:58.0899 0x0a00  idsvc - ok
08:34:58.0901 0x0a00  IEEtwCollectorService - ok
08:34:58.0967 0x0a00  [ 4AA0CEDCA2DCCD38B6F0AA56BC7B80BB, B4D88292CD95DB1DC9BE7A721D3886889D9761F48BCA5ABA8EB8492B53FCC007 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:34:59.0060 0x0a00  igfx - ok
08:34:59.0072 0x0a00  [ 486F05A5B011EA206AD5F6BB9A032A6B, 77A9113C6A8C0C096CA2B4A4A70C33A75C3DF14B36BCD10605DC34F39EBABA76 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
08:34:59.0081 0x0a00  igfxCUIService1.0.0.0 - ok
08:34:59.0084 0x0a00  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:34:59.0088 0x0a00  iirsp - ok
08:34:59.0101 0x0a00  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
08:34:59.0118 0x0a00  IKEEXT - ok
08:34:59.0127 0x0a00  [ 9D01DDF5EA8494BBCBB73FF385E35D35, C575DC65275BEA8558A855C7DC6CFA84BD7F48D24BB0C522084E89DDC5CB02A7 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
08:34:59.0140 0x0a00  IntcDAud - ok
08:34:59.0153 0x0a00  [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:34:59.0164 0x0a00  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
08:34:59.0164 0x0a00  Detect skipped due to KSN trusted
08:34:59.0164 0x0a00  Intel(R) Capability Licensing Service Interface - ok
08:34:59.0176 0x0a00  [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
08:34:59.0191 0x0a00  Intel(R) Capability Licensing Service TCP IP Interface - ok
08:34:59.0196 0x0a00  [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
08:34:59.0202 0x0a00  Intel(R) PROSet Monitoring Service - ok
08:34:59.0204 0x0a00  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:34:59.0208 0x0a00  intelide - ok
08:34:59.0211 0x0a00  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:34:59.0216 0x0a00  intelppm - ok
08:34:59.0219 0x0a00  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:34:59.0238 0x0a00  IPBusEnum - ok
08:34:59.0240 0x0a00  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:34:59.0257 0x0a00  IpFilterDriver - ok
08:34:59.0267 0x0a00  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:34:59.0279 0x0a00  iphlpsvc - ok
08:34:59.0282 0x0a00  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:34:59.0288 0x0a00  IPMIDRV - ok
08:34:59.0291 0x0a00  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:34:59.0309 0x0a00  IPNAT - ok
08:34:59.0311 0x0a00  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:34:59.0318 0x0a00  IRENUM - ok
08:34:59.0320 0x0a00  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:34:59.0324 0x0a00  isapnp - ok
08:34:59.0330 0x0a00  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:34:59.0337 0x0a00  iScsiPrt - ok
08:34:59.0342 0x0a00  [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
08:34:59.0347 0x0a00  jhi_service - ok
08:34:59.0350 0x0a00  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:34:59.0354 0x0a00  kbdclass - ok
08:34:59.0356 0x0a00  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:34:59.0361 0x0a00  kbdhid - ok
08:34:59.0363 0x0a00  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso          C:\Windows\system32\lsass.exe
08:34:59.0368 0x0a00  KeyIso - ok
08:34:59.0371 0x0a00  [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:34:59.0376 0x0a00  KSecDD - ok
08:34:59.0380 0x0a00  [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:34:59.0386 0x0a00  KSecPkg - ok
08:34:59.0388 0x0a00  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:34:59.0405 0x0a00  ksthunk - ok
08:34:59.0411 0x0a00  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:34:59.0434 0x0a00  KtmRm - ok
08:34:59.0439 0x0a00  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:34:59.0459 0x0a00  LanmanServer - ok
08:34:59.0462 0x0a00  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:34:59.0480 0x0a00  LanmanWorkstation - ok
08:34:59.0484 0x0a00  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:34:59.0501 0x0a00  lltdio - ok
08:34:59.0507 0x0a00  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:34:59.0529 0x0a00  lltdsvc - ok
08:34:59.0531 0x0a00  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:34:59.0548 0x0a00  lmhosts - ok
08:34:59.0555 0x0a00  [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:34:59.0563 0x0a00  LMS - ok
08:34:59.0568 0x0a00  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:34:59.0573 0x0a00  LSI_FC - ok
08:34:59.0576 0x0a00  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:34:59.0581 0x0a00  LSI_SAS - ok
08:34:59.0584 0x0a00  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
08:34:59.0589 0x0a00  LSI_SAS2 - ok
08:34:59.0592 0x0a00  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:34:59.0597 0x0a00  LSI_SCSI - ok
08:34:59.0600 0x0a00  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:34:59.0619 0x0a00  luafv - ok
08:34:59.0621 0x0a00  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:34:59.0625 0x0a00  megasas - ok
08:34:59.0631 0x0a00  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
08:34:59.0639 0x0a00  MegaSR - ok
08:34:59.0642 0x0a00  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
08:34:59.0647 0x0a00  MEIx64 - ok
08:34:59.0649 0x0a00  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
08:34:59.0667 0x0a00  MMCSS - ok
08:34:59.0670 0x0a00  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
08:34:59.0687 0x0a00  Modem - ok
08:34:59.0689 0x0a00  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:34:59.0695 0x0a00  monitor - ok
08:34:59.0697 0x0a00  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:34:59.0702 0x0a00  mouclass - ok
08:34:59.0704 0x0a00  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:34:59.0709 0x0a00  mouhid - ok
08:34:59.0712 0x0a00  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:34:59.0717 0x0a00  mountmgr - ok
08:34:59.0721 0x0a00  [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:34:59.0727 0x0a00  MozillaMaintenance - ok
08:34:59.0731 0x0a00  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:34:59.0737 0x0a00  mpio - ok
08:34:59.0740 0x0a00  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:34:59.0757 0x0a00  mpsdrv - ok
08:34:59.0770 0x0a00  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:34:59.0798 0x0a00  MpsSvc - ok
08:34:59.0802 0x0a00  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:34:59.0808 0x0a00  MRxDAV - ok
08:34:59.0812 0x0a00  [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:34:59.0819 0x0a00  mrxsmb - ok
08:34:59.0825 0x0a00  [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:34:59.0833 0x0a00  mrxsmb10 - ok
08:34:59.0837 0x0a00  [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:34:59.0843 0x0a00  mrxsmb20 - ok
08:34:59.0846 0x0a00  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:34:59.0850 0x0a00  msahci - ok
08:34:59.0854 0x0a00  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:34:59.0860 0x0a00  MSCamSvc - ok
08:34:59.0863 0x0a00  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:34:59.0869 0x0a00  msdsm - ok
08:34:59.0873 0x0a00  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
08:34:59.0880 0x0a00  MSDTC - ok
08:34:59.0883 0x0a00  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:34:59.0900 0x0a00  Msfs - ok
08:34:59.0902 0x0a00  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:34:59.0919 0x0a00  mshidkmdf - ok
08:34:59.0921 0x0a00  [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
08:34:59.0925 0x0a00  MSHUSBVideo - ok
08:34:59.0926 0x0a00  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:34:59.0931 0x0a00  msisadrv - ok
08:34:59.0935 0x0a00  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:34:59.0953 0x0a00  MSiSCSI - ok
08:34:59.0955 0x0a00  msiserver - ok
08:34:59.0957 0x0a00  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:34:59.0974 0x0a00  MSKSSRV - ok
08:34:59.0976 0x0a00  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:34:59.0993 0x0a00  MSPCLOCK - ok
08:34:59.0995 0x0a00  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:35:00.0011 0x0a00  MSPQM - ok
08:35:00.0018 0x0a00  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:35:00.0027 0x0a00  MsRPC - ok
08:35:00.0030 0x0a00  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:35:00.0035 0x0a00  mssmbios - ok
08:35:00.0036 0x0a00  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:35:00.0053 0x0a00  MSTEE - ok
08:35:00.0055 0x0a00  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
08:35:00.0060 0x0a00  MTConfig - ok
08:35:00.0062 0x0a00  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:35:00.0067 0x0a00  Mup - ok
08:35:00.0076 0x0a00  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
08:35:00.0098 0x0a00  napagent - ok
08:35:00.0105 0x0a00  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:35:00.0116 0x0a00  NativeWifiP - ok
08:35:00.0131 0x0a00  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:35:00.0148 0x0a00  NDIS - ok
08:35:00.0151 0x0a00  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:35:00.0168 0x0a00  NdisCap - ok
08:35:00.0170 0x0a00  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:35:00.0187 0x0a00  NdisTapi - ok
08:35:00.0190 0x0a00  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:35:00.0206 0x0a00  Ndisuio - ok
08:35:00.0211 0x0a00  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:35:00.0229 0x0a00  NdisWan - ok
08:35:00.0231 0x0a00  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:35:00.0248 0x0a00  NDProxy - ok
08:35:00.0251 0x0a00  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:35:00.0268 0x0a00  NetBIOS - ok
08:35:00.0273 0x0a00  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:35:00.0281 0x0a00  NetBT - ok
08:35:00.0283 0x0a00  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon        C:\Windows\system32\lsass.exe
08:35:00.0288 0x0a00  Netlogon - ok
08:35:00.0294 0x0a00  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
08:35:00.0316 0x0a00  Netman - ok
08:35:00.0322 0x0a00  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0329 0x0a00  NetMsmqActivator - ok
08:35:00.0332 0x0a00  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0338 0x0a00  NetPipeActivator - ok
08:35:00.0346 0x0a00  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
08:35:00.0370 0x0a00  netprofm - ok
08:35:00.0384 0x0a00  [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
08:35:00.0401 0x0a00  netr28ux - ok
08:35:00.0405 0x0a00  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0412 0x0a00  NetTcpActivator - ok
08:35:00.0415 0x0a00  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:35:00.0421 0x0a00  NetTcpPortSharing - ok
08:35:00.0423 0x0a00  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:35:00.0428 0x0a00  nfrd960 - ok
08:35:00.0614 0x0a00  [ 51863664507D84D42DCDA30EE6F284FB, 655DFB2E019E3E5EEF69C90B796F40D74986951BA4A6EA7CDDAE73DAE420FCE9 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
08:35:00.0808 0x0a00  NIHardwareService - ok
08:35:00.0972 0x0a00  [ F3B089833C4D3B7238C687F2B92FFB95, 2E593CB336ADBB0911AB0150B92E6E9B2A215666F9987BCD7F48A445DB3E2164 ] NIHostIntegrationAgent C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
08:35:01.0128 0x0a00  NIHostIntegrationAgent - ok
08:35:01.0142 0x0a00  [ EEECC4C67144A39BA5B9B6E351932606, C3CB9042D00559893EA37969898840D3D437703E6B13BCF21253AB40F6071446 ] NIWinCDEmu      C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
08:35:01.0147 0x0a00  NIWinCDEmu - ok
08:35:01.0153 0x0a00  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:35:01.0162 0x0a00  NlaSvc - ok
08:35:01.0165 0x0a00  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
08:35:01.0169 0x0a00  NPF - ok
08:35:01.0171 0x0a00  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:35:01.0188 0x0a00  Npfs - ok
08:35:01.0190 0x0a00  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
08:35:01.0208 0x0a00  nsi - ok
08:35:01.0210 0x0a00  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:35:01.0227 0x0a00  nsiproxy - ok
08:35:01.0252 0x0a00  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:35:01.0278 0x0a00  Ntfs - ok
08:35:01.0281 0x0a00  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
08:35:01.0299 0x0a00  Null - ok
08:35:01.0302 0x0a00  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:35:01.0308 0x0a00  nvraid - ok
08:35:01.0312 0x0a00  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:35:01.0318 0x0a00  nvstor - ok
08:35:01.0322 0x0a00  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:35:01.0327 0x0a00  nv_agp - ok
08:35:01.0330 0x0a00  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:35:01.0335 0x0a00  ohci1394 - ok
08:35:01.0430 0x0a00  OSFMount - ok
08:35:01.0439 0x0a00  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:35:01.0448 0x0a00  p2pimsvc - ok
08:35:01.0457 0x0a00  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
08:35:01.0467 0x0a00  p2psvc - ok
08:35:01.0723 0x0a00  [ C8DB2CA854F8D544B634AE73AB3BC344, 50D242599FA45FA4790DC3672C9EFF1ACA5B79FBBC323E750DD079A7C1CD5A38 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
08:35:01.0998 0x0a00  PaceLicenseDServices - ok
08:35:02.0020 0x0a00  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
08:35:02.0026 0x0a00  Parport - ok
08:35:02.0029 0x0a00  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:35:02.0034 0x0a00  partmgr - ok
08:35:02.0038 0x0a00  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:35:02.0046 0x0a00  PcaSvc - ok
08:35:02.0050 0x0a00  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
08:35:02.0057 0x0a00  pci - ok
08:35:02.0058 0x0a00  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:35:02.0063 0x0a00  pciide - ok
08:35:02.0067 0x0a00  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:35:02.0074 0x0a00  pcmcia - ok
08:35:02.0077 0x0a00  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:35:02.0081 0x0a00  pcw - ok
08:35:02.0092 0x0a00  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:35:02.0105 0x0a00  PEAUTH - ok
08:35:02.0115 0x0a00  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:35:02.0120 0x0a00  PerfHost - ok
08:35:02.0143 0x0a00  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
08:35:02.0178 0x0a00  pla - ok
08:35:02.0186 0x0a00  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:35:02.0197 0x0a00  PlugPlay - ok
08:35:02.0207 0x0a00  [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
08:35:02.0218 0x0a00  PMBDeviceInfoProvider - ok
08:35:02.0220 0x0a00  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:35:02.0226 0x0a00  PNRPAutoReg - ok
08:35:02.0232 0x0a00  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:35:02.0241 0x0a00  PNRPsvc - ok
08:35:02.0244 0x0a00  [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
08:35:02.0248 0x0a00  Point64 - ok
08:35:02.0256 0x0a00  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:35:02.0268 0x0a00  PolicyAgent - ok
08:35:02.0273 0x0a00  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
08:35:02.0292 0x0a00  Power - ok
08:35:02.0295 0x0a00  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:35:02.0313 0x0a00  PptpMiniport - ok
08:35:02.0316 0x0a00  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
08:35:02.0321 0x0a00  Processor - ok
08:35:02.0326 0x0a00  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:35:02.0333 0x0a00  ProfSvc - ok
08:35:02.0335 0x0a00  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:35:02.0340 0x0a00  ProtectedStorage - ok
08:35:02.0343 0x0a00  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:35:02.0361 0x0a00  Psched - ok
08:35:02.0383 0x0a00  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:35:02.0408 0x0a00  ql2300 - ok
08:35:02.0412 0x0a00  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:35:02.0418 0x0a00  ql40xx - ok
08:35:02.0423 0x0a00  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
08:35:02.0434 0x0a00  QWAVE - ok
08:35:02.0437 0x0a00  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:35:02.0444 0x0a00  QWAVEdrv - ok
08:35:02.0446 0x0a00  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:35:02.0463 0x0a00  RasAcd - ok
08:35:02.0466 0x0a00  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:35:02.0483 0x0a00  RasAgileVpn - ok
08:35:02.0486 0x0a00  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
08:35:02.0504 0x0a00  RasAuto - ok
08:35:02.0508 0x0a00  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:35:02.0526 0x0a00  Rasl2tp - ok
08:35:02.0532 0x0a00  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
08:35:02.0553 0x0a00  RasMan - ok
08:35:02.0557 0x0a00  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:35:02.0575 0x0a00  RasPppoe - ok
08:35:02.0577 0x0a00  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:35:02.0595 0x0a00  RasSstp - ok
08:35:02.0601 0x0a00  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:35:02.0621 0x0a00  rdbss - ok
08:35:02.0623 0x0a00  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
08:35:02.0630 0x0a00  rdpbus - ok
08:35:02.0632 0x0a00  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:35:02.0648 0x0a00  RDPCDD - ok
08:35:02.0651 0x0a00  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:35:02.0668 0x0a00  RDPENCDD - ok
08:35:02.0670 0x0a00  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:35:02.0687 0x0a00  RDPREFMP - ok
08:35:02.0692 0x0a00  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:35:02.0699 0x0a00  RDPWD - ok
08:35:02.0703 0x0a00  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:35:02.0710 0x0a00  rdyboost - ok
08:35:02.0713 0x0a00  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:35:02.0732 0x0a00  RemoteAccess - ok
08:35:02.0742 0x0a00  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:35:02.0761 0x0a00  RemoteRegistry - ok
08:35:02.0764 0x0a00  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
08:35:02.0769 0x0a00  rpcapd - ok
08:35:02.0772 0x0a00  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:35:02.0790 0x0a00  RpcEptMapper - ok
08:35:02.0792 0x0a00  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
08:35:02.0797 0x0a00  RpcLocator - ok
08:35:02.0806 0x0a00  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
08:35:02.0818 0x0a00  RpcSs - ok
08:35:02.0821 0x0a00  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:35:02.0839 0x0a00  rspndr - ok
08:35:02.0841 0x0a00  [ 24061B0958874C1CB2A5A8E9D25482D4, F84F8173242B95F9F3C4FEA99B5555B33F9CE37CA8188B643871D261CB081496 ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
08:35:02.0844 0x0a00  RTCore64 - ok
08:35:02.0885 0x0a00  [ CB1D6D163F1FA16571F4E01B12BD3A77, 9D3125DD74B3C4924F39805B62069F9B4B78D6EA5BB769D7DAC7D0AD3FC7D5BC ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
08:35:02.0928 0x0a00  RtlWlanu - ok
08:35:02.0934 0x0a00  [ E5DCAF3BA52C18B8C267B8525393750E, 874B78270C60FE426C3B35C0B5FD00EA35D88C081BB94E03F9B71E4479FE46A7 ] RunSwUSB        C:\Windows\runSW.exe
08:35:02.0938 0x0a00  RunSwUSB - ok
08:35:02.0940 0x0a00  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] SamSs           C:\Windows\system32\lsass.exe
08:35:02.0945 0x0a00  SamSs - ok
08:35:02.0948 0x0a00  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:35:02.0953 0x0a00  sbp2port - ok
08:35:02.0957 0x0a00  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:35:02.0977 0x0a00  SCardSvr - ok
08:35:02.0979 0x0a00  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:35:02.0996 0x0a00  scfilter - ok
08:35:03.0012 0x0a00  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
08:35:03.0032 0x0a00  Schedule - ok
08:35:03.0036 0x0a00  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:35:03.0053 0x0a00  SCPolicySvc - ok
08:35:03.0057 0x0a00  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:35:03.0064 0x0a00  SDRSVC - ok
08:35:03.0066 0x0a00  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:35:03.0071 0x0a00  secdrv - ok
08:35:03.0073 0x0a00  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
08:35:03.0078 0x0a00  seclogon - ok
08:35:03.0081 0x0a00  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
08:35:03.0099 0x0a00  SENS - ok
08:35:03.0101 0x0a00  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:35:03.0106 0x0a00  SensrSvc - ok
08:35:03.0108 0x0a00  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:35:03.0113 0x0a00  Serenum - ok
08:35:03.0116 0x0a00  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
08:35:03.0121 0x0a00  Serial - ok
08:35:03.0124 0x0a00  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:35:03.0128 0x0a00  sermouse - ok
08:35:03.0134 0x0a00  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
08:35:03.0152 0x0a00  SessionEnv - ok
08:35:03.0154 0x0a00  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:35:03.0160 0x0a00  sffdisk - ok
08:35:03.0162 0x0a00  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:35:03.0168 0x0a00  sffp_mmc - ok
08:35:03.0169 0x0a00  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:35:03.0175 0x0a00  sffp_sd - ok
08:35:03.0177 0x0a00  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:35:03.0182 0x0a00  sfloppy - ok
08:35:03.0188 0x0a00  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:35:03.0210 0x0a00  SharedAccess - ok
08:35:03.0217 0x0a00  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:35:03.0239 0x0a00  ShellHWDetection - ok
08:35:03.0242 0x0a00  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
08:35:03.0246 0x0a00  SiSRaid2 - ok
08:35:03.0249 0x0a00  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:35:03.0254 0x0a00  SiSRaid4 - ok
08:35:03.0257 0x0a00  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:35:03.0275 0x0a00  Smb - ok
08:35:03.0278 0x0a00  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:35:03.0284 0x0a00  SNMPTRAP - ok
08:35:03.0286 0x0a00  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
08:35:03.0291 0x0a00  speedfan - ok
08:35:03.0293 0x0a00  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:35:03.0297 0x0a00  spldr - ok
08:35:03.0306 0x0a00  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
08:35:03.0330 0x0a00  Spooler - ok
08:35:03.0379 0x0a00  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:35:03.0442 0x0a00  sppsvc - ok
08:35:03.0447 0x0a00  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:35:03.0465 0x0a00  sppuinotify - ok
08:35:03.0474 0x0a00  [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:35:03.0484 0x0a00  srv - ok
08:35:03.0492 0x0a00  [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:35:03.0502 0x0a00  srv2 - ok
08:35:03.0506 0x0a00  [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:35:03.0513 0x0a00  srvnet - ok
08:35:03.0518 0x0a00  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:35:03.0538 0x0a00  SSDPSRV - ok
08:35:03.0541 0x0a00  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:35:03.0560 0x0a00  SstpSvc - ok
08:35:03.0581 0x0a00  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
08:35:03.0605 0x0a00  Steam Client Service - ok
08:35:03.0608 0x0a00  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
08:35:03.0612 0x0a00  stexstor - ok
08:35:03.0622 0x0a00  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
08:35:03.0638 0x0a00  stisvc - ok
08:35:03.0640 0x0a00  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:35:03.0644 0x0a00  swenum - ok
08:35:03.0653 0x0a00  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
08:35:03.0677 0x0a00  swprv - ok
08:35:03.0703 0x0a00  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
08:35:03.0732 0x0a00  SysMain - ok
08:35:03.0736 0x0a00  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:35:03.0745 0x0a00  TabletInputService - ok
08:35:03.0747 0x0a00  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
08:35:03.0752 0x0a00  tap0901 - ok
08:35:03.0758 0x0a00  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:35:03.0779 0x0a00  TapiSrv - ok
08:35:03.0806 0x0a00  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:35:03.0836 0x0a00  Tcpip - ok
08:35:03.0864 0x0a00  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:35:03.0893 0x0a00  TCPIP6 - ok
08:35:03.0897 0x0a00  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:35:03.0902 0x0a00  tcpipreg - ok
08:35:03.0905 0x0a00  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:35:03.0909 0x0a00  TDPIPE - ok
08:35:03.0911 0x0a00  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:35:03.0916 0x0a00  TDTCP - ok
08:35:03.0919 0x0a00  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:35:03.0925 0x0a00  tdx - ok
08:35:04.0067 0x0a00  [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
08:35:04.0209 0x0a00  TeamViewer - ok
08:35:04.0220 0x0a00  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
08:35:04.0223 0x0a00  teamviewervpn - ok
08:35:04.0226 0x0a00  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:35:04.0230 0x0a00  TermDD - ok
08:35:04.0242 0x0a00  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
08:35:04.0256 0x0a00  TermService - ok
08:35:04.0259 0x0a00  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
08:35:04.0268 0x0a00  Themes - ok
08:35:04.0270 0x0a00  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
08:35:04.0288 0x0a00  THREADORDER - ok
08:35:04.0291 0x0a00  [ D154DD00C8F12D94C9CC94027356B6E4, 501026564147DC43D0764521816B8D20576DA8F5D9DB0D2D8D3A16AA48A534A3 ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
08:35:04.0296 0x0a00  Tpkd - ok
08:35:04.0300 0x0a00  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
08:35:04.0319 0x0a00  TrkWks - ok
08:35:04.0323 0x0a00  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:35:04.0342 0x0a00  TrustedInstaller - ok
08:35:04.0345 0x0a00  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:35:04.0350 0x0a00  tssecsrv - ok
08:35:04.0352 0x0a00  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:35:04.0357 0x0a00  TsUsbFlt - ok
08:35:04.0359 0x0a00  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
08:35:04.0363 0x0a00  TsUsbGD - ok
08:35:04.0366 0x0a00  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:35:04.0384 0x0a00  tunnel - ok
08:35:04.0386 0x0a00  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:35:04.0391 0x0a00  uagp35 - ok
08:35:04.0397 0x0a00  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:35:04.0418 0x0a00  udfs - ok
08:35:04.0422 0x0a00  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:35:04.0428 0x0a00  UI0Detect - ok
08:35:04.0430 0x0a00  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:35:04.0435 0x0a00  uliagpkx - ok
08:35:04.0437 0x0a00  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:35:04.0443 0x0a00  umbus - ok
08:35:04.0444 0x0a00  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:35:04.0449 0x0a00  UmPass - ok
08:35:04.0455 0x0a00  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
08:35:04.0477 0x0a00  upnphost - ok
08:35:04.0481 0x0a00  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
08:35:04.0486 0x0a00  usbaudio - ok
08:35:04.0489 0x0a00  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:35:04.0495 0x0a00  usbccgp - ok
08:35:04.0498 0x0a00  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:35:04.0504 0x0a00  usbcir - ok
08:35:04.0506 0x0a00  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:35:04.0511 0x0a00  usbehci - ok
08:35:04.0517 0x0a00  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
08:35:04.0526 0x0a00  usbhub - ok
08:35:04.0528 0x0a00  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:35:04.0533 0x0a00  usbohci - ok
08:35:04.0535 0x0a00  [ E657C5CEA6B8EF318FEA1BCF971EE32D, B97314C2E82E2D942BE22D59DA8703EBF6631EF82ED34EDCD210CC37E206DE37 ] USBPcap         C:\Windows\system32\DRIVERS\USBPcap.sys
08:35:04.0539 0x0a00  USBPcap - ok
08:35:04.0541 0x0a00  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
08:35:04.0547 0x0a00  usbprint - ok
08:35:04.0550 0x0a00  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:35:04.0556 0x0a00  USBSTOR - ok
08:35:04.0558 0x0a00  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:35:04.0562 0x0a00  usbuhci - ok
08:35:04.0566 0x0a00  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:35:04.0573 0x0a00  usbvideo - ok
08:35:04.0575 0x0a00  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
08:35:04.0593 0x0a00  UxSms - ok
08:35:04.0595 0x0a00  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] VaultSvc        C:\Windows\system32\lsass.exe
08:35:04.0600 0x0a00  VaultSvc - ok
08:35:04.0614 0x0a00  [ B9762134953EF28EC04286AA4B35863E, 032C3CCA358E3AEA18FEAD374223544C69287B7380892BB266573D9BEB571B4E ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
08:35:04.0632 0x0a00  VBoxDrv - ok
08:35:04.0636 0x0a00  [ 6DFE5B5F1E614E2088139D4A0C11AB15, 4347577D3E913EED1A094026B6898875B0DA7C5D57182DF77762EDDC3C0AF63F ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
08:35:04.0642 0x0a00  VBoxNetAdp - ok
08:35:04.0647 0x0a00  [ E4DCFB40B687F565CD8261EB558586BD, 7B961F069850653DDB9EA68A67A5129845B6F735EB99F6591E109AEF425B84F9 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
08:35:04.0654 0x0a00  VBoxNetLwf - ok
08:35:04.0657 0x0a00  [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
08:35:04.0664 0x0a00  VBoxUSB - ok
08:35:04.0667 0x0a00  [ 312FB8707B51E327DFFBD7DD08BE9E2E, 02E0A4FCA3560B993209C6F2BF4C4056162FE8F6B9560C142E8263DCFBE7BE90 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
08:35:04.0674 0x0a00  VBoxUSBMon - ok
08:35:04.0676 0x0a00  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:35:04.0681 0x0a00  vdrvroot - ok
08:35:04.0690 0x0a00  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
08:35:04.0714 0x0a00  vds - ok
08:35:04.0718 0x0a00  [ C0BB7F0C789AC778549DCC20B18A8DC0, 6C985B008488EB9766C4CE6709C37AF6ECCEDA7A69EB45627B1871D891D925DF ] veracrypt       C:\Windows\system32\drivers\veracrypt.sys
08:35:04.0724 0x0a00  veracrypt - ok
08:35:04.0726 0x0a00  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:35:04.0733 0x0a00  vga - ok
08:35:04.0735 0x0a00  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:35:04.0752 0x0a00  VgaSave - ok
08:35:04.0756 0x0a00  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:35:04.0763 0x0a00  vhdmp - ok
08:35:04.0765 0x0a00  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:35:04.0769 0x0a00  viaide - ok
08:35:04.0772 0x0a00  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:35:04.0777 0x0a00  volmgr - ok
08:35:04.0783 0x0a00  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:35:04.0792 0x0a00  volmgrx - ok
08:35:04.0798 0x0a00  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:35:04.0806 0x0a00  volsnap - ok
08:35:04.0808 0x0a00  [ 0804B6E024B4A3116E8BF39B65933329, B6A816FAD170E16D03D0F1293B937B600D393331011A8DF66CC3D1EE6569922C ] vpnpbus         C:\Windows\system32\DRIVERS\vpnpbus.sys
08:35:04.0812 0x0a00  vpnpbus - ok
08:35:04.0816 0x0a00  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:35:04.0822 0x0a00  vsmraid - ok
08:35:04.0845 0x0a00  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
08:35:04.0883 0x0a00  VSS - ok
08:35:04.0886 0x0a00  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:35:04.0892 0x0a00  vwifibus - ok
08:35:04.0894 0x0a00  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:35:04.0902 0x0a00  vwififlt - ok
08:35:04.0904 0x0a00  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:35:04.0911 0x0a00  vwifimp - ok
08:35:04.0918 0x0a00  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
08:35:04.0941 0x0a00  W32Time - ok
08:35:04.0944 0x0a00  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:35:04.0949 0x0a00  WacomPen - ok
08:35:04.0952 0x0a00  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:35:04.0969 0x0a00  WANARP - ok
08:35:04.0971 0x0a00  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:35:04.0988 0x0a00  Wanarpv6 - ok
08:35:05.0010 0x0a00  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
08:35:05.0035 0x0a00  wbengine - ok
08:35:05.0040 0x0a00  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:35:05.0051 0x0a00  WbioSrvc - ok
08:35:05.0058 0x0a00  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:35:05.0071 0x0a00  wcncsvc - ok
08:35:05.0074 0x0a00  [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:35:05.0080 0x0a00  WcsPlugInService - ok
08:35:05.0082 0x0a00  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
08:35:05.0086 0x0a00  Wd - ok
08:35:05.0088 0x0a00  [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
08:35:05.0095 0x0a00  WDC_SAM - ok
08:35:05.0107 0x0a00  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:35:05.0123 0x0a00  Wdf01000 - ok
08:35:05.0126 0x0a00  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:35:05.0132 0x0a00  WdiServiceHost - ok
08:35:05.0135 0x0a00  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:35:05.0141 0x0a00  WdiSystemHost - ok
08:35:05.0146 0x0a00  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
08:35:05.0155 0x0a00  WebClient - ok
08:35:05.0160 0x0a00  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:35:05.0180 0x0a00  Wecsvc - ok
08:35:05.0183 0x0a00  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:35:05.0202 0x0a00  wercplsupport - ok
08:35:05.0204 0x0a00  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:35:05.0222 0x0a00  WerSvc - ok
08:35:05.0224 0x0a00  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:35:05.0241 0x0a00  WfpLwf - ok
08:35:05.0243 0x0a00  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:35:05.0247 0x0a00  WIMMount - ok
08:35:05.0249 0x0a00  WinDefend - ok
08:35:05.0251 0x0a00  WinHttpAutoProxySvc - ok
08:35:05.0258 0x0a00  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:35:05.0278 0x0a00  Winmgmt - ok
08:35:05.0306 0x0a00  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:35:05.0338 0x0a00  WinRM - ok
08:35:05.0344 0x0a00  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:35:05.0350 0x0a00  WinUsb - ok
08:35:05.0364 0x0a00  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:35:05.0384 0x0a00  Wlansvc - ok
08:35:05.0386 0x0a00  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:35:05.0391 0x0a00  WmiAcpi - ok
08:35:05.0396 0x0a00  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:35:05.0403 0x0a00  wmiApSrv - ok
08:35:05.0405 0x0a00  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:35:05.0410 0x0a00  WPCSvc - ok
08:35:05.0414 0x0a00  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:35:05.0421 0x0a00  WPDBusEnum - ok
08:35:05.0423 0x0a00  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:35:05.0440 0x0a00  ws2ifsl - ok
08:35:05.0443 0x0a00  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
08:35:05.0452 0x0a00  wscsvc - ok
08:35:05.0454 0x0a00  WSearch - ok
08:35:05.0490 0x0a00  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:35:05.0530 0x0a00  wuauserv - ok
08:35:05.0537 0x0a00  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:35:05.0543 0x0a00  WudfPf - ok
08:35:05.0547 0x0a00  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:35:05.0554 0x0a00  WUDFRd - ok
08:35:05.0557 0x0a00  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:35:05.0563 0x0a00  wudfsvc - ok
08:35:05.0568 0x0a00  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:35:05.0576 0x0a00  WwanSvc - ok
08:35:05.0582 0x0a00  ================ Scan global ===============================
08:35:05.0584 0x0a00  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
08:35:05.0589 0x0a00  [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:35:05.0596 0x0a00  [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
08:35:05.0601 0x0a00  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:35:05.0607 0x0a00  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
08:35:05.0611 0x0a00  [ Global ] - ok
08:35:05.0612 0x0a00  ================ Scan MBR ==================================
08:35:05.0616 0x0a00  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:35:05.0729 0x0a00  \Device\Harddisk0\DR0 - ok
08:35:05.0730 0x0a00  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
08:35:05.0782 0x0a00  \Device\Harddisk1\DR1 - ok
08:35:05.0783 0x0a00  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
08:35:05.0933 0x0a00  \Device\Harddisk3\DR3 - ok
08:35:06.0218 0x0a00  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
08:35:06.0331 0x0a00  \Device\Harddisk4\DR4 - ok
08:35:06.0332 0x0a00  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
08:35:06.0342 0x0a00  \Device\Harddisk2\DR2 - ok
08:35:06.0344 0x0a00  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
08:35:06.0742 0x0a00  \Device\Harddisk6\DR6 - ok
08:35:06.0742 0x0a00  ================ Scan VBR ==================================
08:35:06.0743 0x0a00  [ 74332BDD85CCD3192CACAC8835903D3F ] \Device\Harddisk0\DR0\Partition1
08:35:06.0744 0x0a00  \Device\Harddisk0\DR0\Partition1 - ok
08:35:06.0745 0x0a00  [ E6418B4AB1CA8DAC363AFA50FAF4D751 ] \Device\Harddisk1\DR1\Partition1
08:35:06.0746 0x0a00  \Device\Harddisk1\DR1\Partition1 - ok
08:35:06.0747 0x0a00  [ 284DD4A4C34F1A45A011505DCAEAE5F1 ] \Device\Harddisk3\DR3\Partition1
08:35:06.0748 0x0a00  \Device\Harddisk3\DR3\Partition1 - ok
08:35:06.0792 0x0a00  [ 5452882DF8BC294F58CEFE9BADBA7E1E ] \Device\Harddisk4\DR4\Partition1
08:35:06.0794 0x0a00  \Device\Harddisk4\DR4\Partition1 - ok
08:35:06.0795 0x0a00  [ 968005344DE1B36D36991B76FAD2D247 ] \Device\Harddisk2\DR2\Partition1
08:35:06.0796 0x0a00  \Device\Harddisk2\DR2\Partition1 - ok
08:35:06.0798 0x0a00  [ 7D307B81C9F87F79DB5EEF5803D40BC8 ] \Device\Harddisk6\DR6\Partition1
08:35:06.0799 0x0a00  \Device\Harddisk6\DR6\Partition1 - ok
08:35:06.0800 0x0a00  [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition2
08:35:06.0802 0x0a00  \Device\Harddisk6\DR6\Partition2 - ok
08:35:06.0804 0x0a00  [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition3
08:35:06.0807 0x0a00  \Device\Harddisk6\DR6\Partition3 - ok
08:35:06.0807 0x0a00  ================ Scan generic autorun ======================
08:35:06.0839 0x0a00  [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
08:35:06.0873 0x0a00  IntelliPoint - ok
08:35:06.0876 0x0a00  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
08:35:06.0879 0x0a00  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
08:35:06.0879 0x0a00  Detect skipped due to KSN trusted
08:35:06.0879 0x0a00  amd_dc_opt - ok
08:35:06.0880 0x0a00  Sidebar - ok
08:35:06.0883 0x0a00  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:35:06.0892 0x0a00  mctadmin - ok
08:35:06.0892 0x0a00  Sidebar - ok
08:35:06.0895 0x0a00  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:35:06.0904 0x0a00  mctadmin - ok
08:35:06.0928 0x0a00  [ B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
08:35:06.0955 0x0a00  Process Hacker 2 - ok
08:35:07.0069 0x0a00  [ 52F5D651B8E39F258C1C34272FEB1AB2, C13AD8762A4474D8246DE7BC023244BD74456D45348F74F77373CC61C238A0F3 ] C:\Program Files\CCleaner\CCleaner64.exe
08:35:07.0185 0x0a00  CCleaner Monitoring - ok
08:35:07.0270 0x0a00  [ D03053F72A74801A32F41EFD088FA30E, 3F6E9AD19139F9A5881DB475EC3FD817C1F8CA1622B97E8864A7C59A7F7A2DA2 ] C:\Program Files (x86)\GlassWire\glasswire.exe
08:35:07.0376 0x0a00  GlassWire - ok
08:35:07.0382 0x0a00  Win FW state via NFP2: enabled ( trusted )
08:35:07.0491 0x0a00  ============================================================
08:35:07.0491 0x0a00  Scan finished
08:35:07.0491 0x0a00  ============================================================
08:35:07.0493 0x1214  Detected object count: 1
08:35:07.0493 0x1214  Actual detected object count: 1
08:36:27.0984 0x1214  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
08:36:27.0984 0x1214  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 29.03.2017, 21:26   #6
M-K-D-B
/// TB-Ausbilder
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Hinweis 6. beachten und alles nochmal bitte.
__________________
--> PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?

Alt 30.03.2017, 09:16   #7
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



OH


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (30-03-2017 08:40:27)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Realtek) C:\Windows\SwUSB.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\process-explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(wyDay) C:\Program Files\CyberGhost 6\wyUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Everything\Everything.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d85f-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d8dc-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {ff3dbed7-a9d6-11e5-9bce-85ca1d8cd514} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [script_fcbd] => D:\Anno2205\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\fcbd.bat [332 2016-12-06] ()
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

FireFox:
========
FF DefaultProfile: e24deqok.default
FF DefaultProfile: xcyvelqu.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default [2017-03-30]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\foxyproxy@eric.h.jung [2017-03-28]
FF Extension: (EPUBReader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-03-28]
FF Extension: (FireFTP) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2016-03-04] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation                           )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2016-01-26] (IDRIX)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-30 08:40 - 2017-03-30 08:40 - 00014336 _____ C:\Users\user\Desktop\FRST.txt
2017-03-29 08:31 - 2017-03-29 09:18 - 00410602 _____ C:\TDSSKiller.3.1.0.12_29.03.2017_08.31.29_log.txt
2017-03-29 07:56 - 2017-03-29 08:12 - 00004462 _____ C:\Users\user\Documents\old-firewall-rules.txt
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-25 18:10 - 2017-03-28 08:29 - 00000000 ____D C:\ProgramData\Microleaves
2017-03-25 18:07 - 2017-03-25 18:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Microleaves
2017-03-25 18:06 - 2017-03-28 20:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files\{572656F2-7906-4D07-BDBD-0CC44146CD48}
2017-03-25 18:06 - 2017-03-25 18:06 - 00000000 ____D C:\Program Files (x86)\{A1306F56-8B03-428B-84AD-2F932D81774C}
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:54 - 2017-03-28 21:05 - 00000022 _____ C:\Windows\S.dirmngr
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-21 08:50 - 2017-03-29 07:30 - 04747704 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-03-19 06:01 - 2017-03-19 06:01 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-15 01:35 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 01:35 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 01:35 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 01:35 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 01:35 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 01:35 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 01:35 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 01:35 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 01:35 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 01:35 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 01:35 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 01:35 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 01:35 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 01:35 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 01:35 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 01:35 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 01:35 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 01:35 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 01:35 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 01:35 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 01:35 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 01:35 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 01:35 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 01:35 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 01:35 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 01:35 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 01:35 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 01:35 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 01:35 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 01:35 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 01:35 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 01:35 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 01:35 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 01:35 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 01:35 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 01:35 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 01:35 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 01:35 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 01:35 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 01:35 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 01:35 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 01:35 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 01:35 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 01:35 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 01:35 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 01:35 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 01:35 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 01:35 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 01:35 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 01:35 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 01:35 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 01:35 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 01:35 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 01:35 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 01:35 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 01:35 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 01:35 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 01:35 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 01:35 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 01:35 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 01:35 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 01:35 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 01:35 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 01:35 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 01:35 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 01:35 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 01:35 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 01:35 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 01:35 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 01:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 01:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 07:11 - 2017-03-12 07:11 - 00325806 ____N C:\Users\user\Desktop\rendersound.wav
2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\user\AppData\Roaming\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-30 08:40 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-03-30 08:39 - 2015-11-09 08:20 - 00000000 ____D C:\Program Files\Everything
2017-03-30 08:37 - 2016-11-21 12:54 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-30 04:26 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 04:26 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 10:58 - 2016-10-30 16:51 - 00925720 _____ C:\Windows\ntbtlog.txt
2017-03-29 10:20 - 2015-10-26 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-03-29 07:29 - 2016-09-18 03:13 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-03-28 21:12 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-03-28 21:12 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-03-28 21:12 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-28 21:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-28 21:05 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-03-28 21:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-28 20:05 - 2016-12-18 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-28 20:05 - 2016-12-15 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Local\atom
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2016-08-10 08:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Wise Data Recovery
2017-03-28 20:05 - 2016-08-05 01:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2017-03-28 20:05 - 2016-03-04 08:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-03-28 20:05 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-03-28 20:05 - 2016-01-26 08:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-03-28 20:05 - 2016-01-26 08:29 - 00000000 ____D C:\Program Files\VeraCrypt
2017-03-28 20:05 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\PersBackup5
2017-03-28 20:05 - 2015-11-22 06:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:47 - 2016-11-01 02:43 - 00000000 ____D C:\ProgramData\firebird
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-03-28 08:13 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-25 19:49 - 2016-12-04 04:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Ample Sound
2017-03-24 10:05 - 2016-01-26 08:42 - 00000000 ____D C:\Users\user\AppData\Roaming\VeraCrypt
2017-03-23 15:33 - 2015-10-31 20:07 - 00000255 ____N C:\Users\user\Documents\SongenModularErrorLog.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-23 10:56 - 2015-10-31 12:43 - 00000000 ____D C:\Users\user\.VirtualBox
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-21 08:56 - 2016-01-03 23:20 - 00001854 _____ C:\Users\user\Desktop\CCleaner.lnk
2017-03-21 08:41 - 2016-02-13 22:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-20 21:26 - 2015-10-23 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-20 12:03 - 2015-11-01 08:27 - 00000000 ____D C:\Users\user\AppData\Roaming\inkscape
2017-03-20 11:29 - 2015-12-19 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 08:56 - 2016-02-07 20:49 - 00012009 ____N C:\Users\user\Documents\Serien-View-Status.odt
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2016-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-13 03:54 - 2016-01-24 13:07 - 00000000 ____D C:\Users\user\Documents\Shopping-Money
2017-03-12 23:53 - 2016-12-07 18:21 - 00000000 ____D C:\Users\user\Documents\Wohnung
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 01:54 - 2016-12-03 09:11 - 00000000 ____D C:\Users\user\Desktop\PICTURES VARIOUS
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:49 - 2016-01-10 03:27 - 00000000 ____D C:\Users\user\AppData\Local\TechSmith
2017-03-07 23:46 - 2016-01-10 03:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-03-07 23:46 - 2016-01-10 03:26 - 00000000 ____D C:\Program Files (x86)\TechSmith
2017-03-07 23:34 - 2015-11-22 12:45 - 00000000 ____D C:\Program Files\Sugar Bytes
2017-03-07 23:34 - 2015-11-17 07:11 - 00000000 ____D C:\Users\user\Documents\Sugar Bytes
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-19 06:01 - 2017-03-19 06:01 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc

Einige Dateien in TEMP:
====================
2017-01-03 18:26 - 2017-03-28 21:05 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
2017-03-29 10:20 - 2017-03-29 10:20 - 0672256 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-amd64-sqlitejdbc.dll
2017-03-20 08:41 - 2017-03-20 08:41 - 0637440 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-24 16:52

==================== Ende von FRST.txt ============================
         
--- --- ---


Additon:

FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (30-03-2017 08:40:44)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

AccessData FTK Imager (HKLM-x32\...\{B71206B0-EA24-496A-93F7-03B975A6DDDA}) (Version: 3.2.0.0 - AccessData)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.4.4 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.4 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Atom (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\atom) (Version: 1.12.5 - GitHub Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BumBer Deluxe 1.0 (HKLM-x32\...\BumBer_0) (Version: 1.0 - beatassist.eu)
CamAlert II (HKLM-x32\...\CamAlert_is1) (Version:  - hxxp://www.coderonline.de/)
CamSpy V.5.1.2 (HKLM-x32\...\CamSpy_is1) (Version:  - (c.) André Münsterberg)
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
ConfrontaPDF (HKLM-x32\...\ConfrontaPDF) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID ROG CPU-Z 1.75 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.75 - CPUID, Inc.)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CrypTool 1.4.30 (HKLM-x32\...\CrypTool) (Version: 1.4.30 - )
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 2.17 - NCH Software)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
f.lux (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Flux) (Version:  - )
FluxCenter-32-bit (HKLM-x32\...\{694A585C-15F2-4B79-BC19-AF8D290E0E58}) (Version: 1.1.15.43404 - Flux:: sound and picture development)
Focusrite Scarlett Plug-in Suite 1.1 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.79 - SecureMix LLC)
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Image Crawler (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\dbf3e072e2bbc3c8) (Version: 1.1.0.4 - Danny Kunz)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
JetBrains PyCharm Community Edition 2016.3 (HKLM-x32\...\PyCharm Community Edition 2016.3) (Version: 163.8233.8 - JetBrains s.r.o.)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Oracle VM VirtualBox 5.1.4 (HKLM\...\{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}) (Version: 5.1.4 - Oracle Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version:  - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version:  - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Page Saver 2.10 (HKLM-x32\...\{76BC9438-A16F-43E1-8596-95FA23768E6C}_is1) (Version:  - JADsoftware)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinHex (HKLM-x32\...\WinHex) (Version:  - )
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Data Recovery 3.84 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.84 - WiseCleaner.com, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-PC-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe 
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-11-09 08:20 - 2014-08-06 03:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2015-10-24 00:23 - 2017-03-28 21:05 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\ortp.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 55758824 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libcef.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libEGL.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libGLESv2.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libglesv2.dll
2017-03-29 09:18 - 2017-03-29 09:18 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8554\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{C3A6188C-8842-4337-8196-6554C4770664}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE7D3F1-ED42-47BF-96C3-4A1F15CE7A12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{493D06BA-205E-4192-AAA4-4CDC43C3BAD3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{39577B13-C2BF-42F6-8DD1-626ABA61A103}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A19DBD2B-2346-45F9-AC47-B6290D634603}] => (Block) c:\program files (x86)\teamviewer\teamviewer_service.exe
FirewallRules: [{3F69C447-E05B-4240-B286-710F3FEC3B4F}] => (Block) d:\customize\rainmeter\rainmeter.exe
FirewallRules: [{EC50B221-6994-49F6-87EA-B58302480FAF}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{4300CCD0-0470-4C9E-8708-C8BC2FBBDB86}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{92BA41E0-BDF1-4F98-9890-AA84AC8139E8}] => (Block) c:\windows\explorer.exe
FirewallRules: [TCP Query User{596502F1-B727-4D89-8B89-C18804B4CC8C}C:\program files\oracle\virtualbox\virtualbox.exe] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{045D30C3-D3D2-4989-B17B-A77E1D1E92F6}] => (Block) c:\windows\explorer.exe
FirewallRules: [{C46567DF-BAF2-42CB-9BC4-4EF77F9EC6A0}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{CC5F943F-B8F3-4D45-86C5-C24F9A9DDA65}] => (Block) c:\program files (x86)\openoffice 4\program\soffice.bin
FirewallRules: [{68E770B0-2D19-4ACF-B321-CAC68B5781A9}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4C90B2D8-113C-449B-B827-DC969F3150A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00595824-C993-4CAA-AEE2-0874EE366B59}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{657BC9BB-6239-4FC9-AB10-A306A0E5A6FD}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{88433252-BE13-4CD9-A2A1-2AD1B6059648}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{CC9679C3-9CB5-4D4B-8D34-D4D8CE628CE6}] => (Allow) D:\Portal\bin\steamwebhelper.exe
FirewallRules: [{AA89BA58-B189-49AB-A110-46598B1FA524}] => (Allow) D:\Portal\bin\steamwebhelper.exe
FirewallRules: [{E0697F28-0AE5-4434-A117-6D44DC7490AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exee
FirewallRules: [TCP Query User{F39A3CBE-679E-483A-A82C-C86D5E3DEEAB}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [UDP Query User{ADBC0FD8-795F-42D9-8229-C4B48A494A89}D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base38749\sc2_x64.exe
FirewallRules: [{7DB09F01-E0F3-4D3F-B686-C57EB2F894AA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AE6D1BA3-FFF8-479D-8E20-3E7B67DF27B2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{017548E2-9991-43C7-9990-D60AEC41A61E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BFD4F44F-066F-4439-A8EF-89010BE33F88}] => (Allow) D:\DEUS-EX\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{678BBC95-1B69-4ABE-8730-C1F1824D6B32}] => (Allow) D:\DEUS-EX\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{E059F920-0E69-4379-82DF-31A93DD7EF01}] => (Block) c:\program files\cpuid\hwmonitor\hwmonitor.exe
FirewallRules: [{5E1A1DF9-F0E9-4492-91D8-BCD98FA5D357}] => (Block) c:\program files\cpuid\hwmonitor\hwmonitor.exe
FirewallRules: [{3B67F209-1CCA-439C-8978-C86F7D55A4AF}] => (Block) t:\my-folder\production\plugins\sforzando\sforzando x64.exe
FirewallRules: [{9409E26C-BAC3-4228-9E1C-ECF1141C5016}] => (Block) t:\my-folder\production\plugins\sforzando\sforzando x64.exe
FirewallRules: [{D0DFC248-C299-43B7-BB3C-D908320963D7}] => (Block) c:\windows\system32\msiexec.exe
FirewallRules: [{BE5403EE-1D66-4E97-90F1-D2C31F937471}] => (Block) c:\windows\system32\msiexec.exe
FirewallRules: [{392B8BED-16E1-4D3E-883F-7E3A158BFD1E}] => (Block) c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe
FirewallRules: [{C7BFF11C-74AC-4D99-A770-40411FEB8198}] => (Block) c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe
FirewallRules: [{5AE84138-ADFF-4E0A-BA0E-FCF294F37731}] => (Block) c:\program files (x86)\adobe\adobe photoshop cs2\photoshop.exe
FirewallRules: [{39C15C43-C741-41A2-9B91-9120C6763173}] => (Block) c:\program files (x86)\adobe\adobe photoshop cs2\photoshop.exe
FirewallRules: [TCP Query User{FDF2A2A1-7E99-408C-B3B4-085228CD89E0}D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{9A941200-FB57-4FEF-9EA8-648E2E0E3F02}D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{9EED2BA0-29BE-45C7-A115-13A90DB3FA19}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{14A92DD3-04A0-4496-BA4D-B8306FB47243}] => (Block) c:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{A3AE046F-4844-4DEA-B9B2-51B437A4A518}] => (Block) c:\program files\internet explorer\iexplore.exe
FirewallRules: [{486B1671-98F0-4AD5-AF00-5FAF79EB535C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEF6512F-B1D4-4FB7-A979-BA1A60F4ABBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D81AE651-6E5C-428E-855A-174C44BDA4B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{ED7F5783-3085-4C19-899F-6C9AE4418E83}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{5A4E8E57-8DEE-4A9C-BD14-B8731AD1A4BD}D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{3511FB65-7CF3-4F8C-A979-413943939BD6}] => (Allow) D:\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{CEB8DC44-42CB-4CF5-985A-88FAE92172AF}] => (Allow) D:\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{014FDA46-CF4B-4D8B-B49D-8C2BAADE0BDD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{01679B92-96DA-4CCE-9F09-9D5A0E58E6AF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{95C31838-61D3-488C-891E-8B66E624450B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{1CFAC638-F0F2-4789-AFB2-6404BF3E88DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E8A96067-F7D3-4658-99A9-0AD56A7B7A5D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{616B969C-CCF0-4659-865A-7D5189784773}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6DDEA35B-6D8D-4332-801B-B7B685C1F99F}] => (Block) c:\windows\system32\gwx\gwxux.exe
FirewallRules: [{934A41EE-42E8-416E-8C0C-0788A85B2EBD}] => (Block) c:\windows\system32\gwx\gwxux.exe
FirewallRules: [{840AF8CE-2DDE-47F8-8B04-4885E0D611F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{6AFF3A2A-E89E-4E56-AA70-FA0D2C9A7C2D}] => (Allow) C:\Program Files\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{BFCF23D5-F0EC-4750-99AE-7179067C7218}] => (Allow) C:\Program Files\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{8F24DA1F-1CBF-4793-90FD-EF9950CDDFB9}] => (Allow) C:\Program Files\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{57ADCFCA-1460-45CD-8834-325C1DA31F04}] => (Allow) C:\Program Files\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{3AED76FB-9BC3-4A88-8D39-47CC5052AF4F}] => (Allow) C:\Program Files\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{6AAF9014-E299-4B18-90B9-80EF2D6A9BE4}] => (Allow) C:\Program Files\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{74A142BB-B2EE-42E4-8A8F-FE6718D6AD81}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [TCP Query User{3BCAF9D9-DC8B-4F12-9EC8-0616D8113074}C:\program files\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\davinci resolve\dpdecoder.exe
FirewallRules: [{C2FE1182-8FD1-4167-9D52-BBDB32C28056}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{DCE587E7-5B9B-4C25-815D-BFA1CDAE99B6}] => (Block) c:\windows\system32\gwx\gwxdetector.exe
FirewallRules: [{CD1EC1E3-B016-4B55-A2C9-B3779BC427F1}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{A79E73D7-968D-44DE-A6EB-4CF5751F216B}] => (Block) c:\windows\system32\gwx\gwxconfigmanager.exe
FirewallRules: [{B23381AC-00E9-4188-9239-5FB60ADAB2BE}] => (Allow) LPort=21
FirewallRules: [{FEE484B4-FECE-47DA-BE74-25E2A8D64931}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe

FirewallRules: [TCP Query User{9755D8C4-F349-40C6-A3EC-E7946FB38F60}T:\my-folder\production\plugins\imageline-vsts\minihost\minihostmodular.exe] => (Allow) T:\my-folder\production\plugins\imageline-vsts\minihost\minihostmodular.exe
FirewallRules: [TCP Query User{BF550171-0C40-4522-9D72-36B62AC0D5DD}D:\battle.net\starcraft\starcraft ii\versions\base47185\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base47185\sc2_x64.exe
FirewallRules: [TCP Query User{25A05D70-09FC-4707-9527-A8FCB9737A00}C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe
FirewallRules: [UDP Query User{0AA4971F-1E02-4048-A50D-F16754BF32F1}C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 2016.3\bin\pycharm.exe
FirewallRules: [TCP Query User{5D147D0E-ACB8-4755-A7DC-6CF596436505}D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [UDP Query User{D88E04AB-1E53-4FD0-97E0-CF6EB34DDB00}D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base48645\sc2_x64.exe
FirewallRules: [{16E488C9-B953-43E8-B4B2-B590BAB6CA69}] => (Block) c:\windows\syswow64\macromed\flash\flashplayerplugin_23_0_0_207.exe
FirewallRules: [{2D5E4470-9DE2-4B7C-9654-30522720CEEE}] => (Block) c:\windows\syswow64\macromed\flash\flashplayerplugin_23_0_0_207.exe
FirewallRules: [{0ADCDFD8-F706-42ED-BEA7-92358C8007B2}] => (Block) c:\windows\explorer.exe
FirewallRules: [{6EE97983-C2D9-4E31-B166-9E8B5AF8C96E}] => (Block) c:\windows\explorer.exe
FirewallRules: [{3A92ED55-FA0E-4190-B8FE-C11AA4136D36}] => (Block) c:\windows\temp\opera autoupdate\cprogram files (x86)opera\installing\installer.exe
FirewallRules: [{49237447-2D65-4740-847A-D804DECE40DD}] => (Block) c:\windows\temp\opera autoupdate\cprogram files (x86)opera\installing\installer.exe
FirewallRules: [{550B6BE4-CE38-4B16-944D-630437AF62D6}] => (Block) ?:\folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{F6692C00-2803-4D2F-87ED-232A82AD37C8}] => (Block) ?:\folder\downloads\flashplayer24au_ha_install.exe
FirewallRules: [{4842CFC0-CE91-4B43-9F55-C1AE06256A56}] => (Block) c:\users\user\appdata\local\adobe\c4d73211-ecab-46f7-874b-e2da4fc0aa7d\3b64c024-d7c1-42cd-84ab-f8a1a3c6ec06\57073c20-0a7a-4ca6-933b-4dc45ae951ee
FirewallRules: [{F5345BD5-4EEA-4433-9C17-EF3C93157E98}] => (Block) c:\users\user\appdata\local\adobe\c4d73211-ecab-46f7-874b-e2da4fc0aa7d\3b64c024-d7c1-42cd-84ab-f8a1a3c6ec06\57073c20-0a7a-4ca6-933b-4dc45ae951ee

FirewallRules: [{2AD1A79D-B844-4144-9F86-371678FA9745}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{9C30ED18-2E49-43ED-9FB8-1B3D810764B6}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{04BB0718-9CC3-47FD-A2E4-498E252BDFD4}D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe
FirewallRules: [UDP Query User{1B49813F-0B86-479A-9E00-0EB77D731F41}D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe] => (Allow) D:\battle.net\starcraft\starcraft ii\versions\base51149\sc2_x64.exe
FirewallRules: [{F16767DF-9A4F-41BC-A7BC-52AFAC445B0E}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{7D006F94-DD72-4AAD-A6F3-860B57DF5E03}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe

==================== Wiederherstellungspunkte =========================

22-03-2017 09:41:23 Installed TightVNC
22-03-2017 09:52:42 Installed Intel(R) Network Connections.
22-03-2017 19:20:16 Installed PuTTY release 0.68 (64-bit)
22-03-2017 20:44:57 Installed SDFormatter.
23-03-2017 15:17:18 Installed Bitwig Studio
24-03-2017 10:04:08 VeraCrypt installation
25-03-2017 02:18:25 Windows Update
28-03-2017 09:16:50 Windows-Sicherung
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/29/2017 10:21:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 09:07:53 PM) (Source: CyberGhost 6 Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht beendet werden. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
   bei CyberGhost.VPNServices.OpenVpn.DisconnectFromVpnServer(Boolean sendDisconnectEvent) in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.VPNServices\OpenVPN.cs:Zeile 348.
   bei Service.ServiceController.OnStop() in C:\TeamCity\buildAgent\work\5e751977071a47b0\Projects\CyberGhost\CyberGhost 6\CyberGhost.Service\ServiceController.cs:Zeile 170.
   bei System.ServiceProcess.ServiceBase.DeferredStop()

Error: (03/28/2017 09:06:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 09:05:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/28/2017 08:41:19 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.

Error: (03/28/2017 08:31:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/28/2017 08:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 11:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Name des fehlerhaften Moduls: BitwigVampHost.exe, Version: 0.0.0.0, Zeitstempel: 0x58b57862
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000002e628
ID des fehlerhaften Prozesses: 0xe04
Startzeit der fehlerhaften Anwendung: 0x01d2a5adf086e837
Pfad der fehlerhaften Anwendung: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Bitwig Studio\bin\BitwigVampHost.exe
Berichtskennung: 2f5b8c56-11a1-11e7-bb9a-40167ea5eebf

Error: (03/25/2017 02:35:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Battle.net.exe, Version 1.8.0.8554 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a8

Startzeit: 01d2a4e4e07a8955

Endzeit: 22

Anwendungspfad: C:\Program Files (x86)\Battle.net\Battle.net.8554\Battle.net.exe

Berichts-ID: 81e0478e-1157-11e7-bb9a-60e32713d0cb


Systemfehler:
=============
Error: (03/28/2017 09:05:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (03/28/2017 09:05:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.

Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem Fehler beendet: Beim Datenbankaufruf ist ein nicht behebbarer Fehler aufgetreten.
.

Error: (03/28/2017 08:03:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Vorgang wurde erfolgreich beendet.

Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.

Error: (03/28/2017 08:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Vorgang wurde erfolgreich beendet.

Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.

Error: (03/28/2017 08:03:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Vorgang wurde erfolgreich beendet.

Error: (03/28/2017 08:03:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073741502.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 11952.29 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 25401.51 MB

==================== Laufwerke ================================

Drive ?: (C:) (Fixed) (Total:238.47 GB) (Free:96.91 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:145.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:465.76 GB) (Free:237.62 GB) NTFS
Drive ?: (?) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive ?: (?) (Fixed) (Total:931.51 GB) (Free:637.27 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)

Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
--- --- ---

Alt 30.03.2017, 09:22   #8
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



TDSS

Code:
ATTFilter
09:16:45.0587 0x0b24  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
09:16:51.0850 0x0b24  ============================================================
09:16:51.0850 0x0b24  Current date / time: 2017/03/30 09:16:51.0850
09:16:51.0850 0x0b24  SystemInfo:
09:16:51.0850 0x0b24  
09:16:51.0850 0x0b24  OS Version: 6.1.7601 ServicePack: 1.0
09:16:51.0850 0x0b24  Product type: Workstation
09:16:51.0850 0x0b24  ComputerName: PC
09:16:51.0850 0x0b24  UserName: user
09:16:51.0850 0x0b24  Windows directory: C:\Windows
09:16:51.0850 0x0b24  System windows directory: C:\Windows
09:16:51.0850 0x0b24  Running under WOW64
09:16:51.0850 0x0b24  Processor architecture: Intel x64
09:16:51.0850 0x0b24  Number of processors: 5
09:16:51.0850 0x0b24  Page size: 0x1000
09:16:51.0850 0x0b24  Boot type: Normal boot
09:16:51.0850 0x0b24  CodeIntegrityOptions = 0x00000001
09:16:51.0850 0x0b24  ============================================================
09:16:52.0047 0x0b24  KLMD registered as C:\Windows\system32\drivers\06046288.sys
09:16:52.0047 0x0b24  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23677, osProperties = 0x1
09:16:52.0078 0x0b24  System UUID: {2B1FF162-E8A8-F17D-EAAE-D6C27730F928}
09:16:52.0248 0x0b24  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:16:54.0892 0x0b24  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:16:58.0969 0x0b24  Drive \Device\Harddisk3\DR3 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:04.0048 0x0b24  Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:04.0049 0x0b24  Drive \Device\Harddisk2\DR2 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:17:04.0056 0x0b24  Drive \Device\Harddisk6\DR6 - Size: 0xE8E0B00000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:17:04.0361 0x0b24  ============================================================
09:17:04.0361 0x0b24  \Device\Harddisk0\DR0:
09:17:04.0368 0x0b24  MBR partitions:
09:17:04.0368 0x0b24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4269
09:17:04.0368 0x0b24  \Device\Harddisk1\DR1:
09:17:04.0368 0x0b24  MBR partitions:
09:17:04.0368 0x0b24  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
09:17:04.0368 0x0b24  \Device\Harddisk3\DR3:
09:17:04.0368 0x0b24  MBR partitions:
09:17:04.0368 0x0b24  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:17:04.0368 0x0b24  \Device\Harddisk4\DR4:
09:17:04.0454 0x0b24  MBR partitions:
09:17:04.0454 0x0b24  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
09:17:04.0454 0x0b24  \Device\Harddisk2\DR2:
09:17:04.0454 0x0b24  MBR partitions:
09:17:04.0454 0x0b24  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
09:17:04.0454 0x0b24  \Device\Harddisk6\DR6:
09:17:04.0455 0x0b24  GPT partitions:
09:17:04.0456 0x0b24  \Device\Harddisk6\DR6\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3357F6D4-5E69-412F-A106-7383080A9D1C}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
09:17:04.0456 0x0b24  \Device\Harddisk6\DR6\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {915211A4-1AFA-491C-A468-1EDD370BB039}, Name: Ohne Titel, StartLBA 0x64800, BlocksNum 0x746A0800
09:17:04.0456 0x0b24  MBR partitions:
09:17:04.0456 0x0b24  \Device\Harddisk6\DR6\Partition3: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x746A0800
09:17:04.0456 0x0b24  ============================================================
09:17:04.0457 0x0b24  ?: <-> \Device\Harddisk2\DR2\Partition1
09:17:04.0464 0x0b24  ?: <-> \Device\Harddisk0\DR0\Partition1
09:17:04.0476 0x0b24  ?: <-> \Device\Harddisk4\DR4\Partition1
09:17:04.0501 0x0b24  ?: <-> \Device\Harddisk6\DR6\Partition3
09:17:04.0532 0x0b24  ?: <-> \Device\Harddisk1\DR1\Partition1
09:17:04.0554 0x0b24  ?: <-> \Device\Harddisk3\DR3\Partition1
09:17:04.0555 0x0b24  ============================================================
09:17:04.0555 0x0b24  Initialize success
09:17:04.0555 0x0b24  ============================================================
09:17:18.0655 0x0ef4  ============================================================
09:17:18.0655 0x0ef4  Scan started
09:17:18.0655 0x0ef4  Mode: Manual; SigCheck; TDLFS; 
09:17:18.0655 0x0ef4  ============================================================
09:17:18.0655 0x0ef4  KSN ping started
09:18:38.0624 0x0ef4  KSN ping finished: true
09:18:39.0788 0x0ef4  ================ Scan system memory ========================
09:18:39.0788 0x0ef4  System memory - ok
09:18:39.0788 0x0ef4  ================ Scan services =============================
09:18:39.0806 0x0ef4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:18:39.0826 0x0ef4  1394ohci - ok
09:18:39.0834 0x0ef4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:18:39.0843 0x0ef4  ACPI - ok
09:18:39.0846 0x0ef4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:18:39.0852 0x0ef4  AcpiPmi - ok
09:18:39.0855 0x0ef4  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:18:39.0857 0x0ef4  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
09:18:39.0954 0x0ef4  Detect skipped due to KSN trusted
09:18:39.0955 0x0ef4  Adobe LM Service - ok
09:18:39.0965 0x0ef4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:18:39.0976 0x0ef4  adp94xx - ok
09:18:39.0982 0x0ef4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:18:39.0991 0x0ef4  adpahci - ok
09:18:39.0995 0x0ef4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:18:40.0002 0x0ef4  adpu320 - ok
09:18:40.0005 0x0ef4  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:18:40.0011 0x0ef4  AeLookupSvc - ok
09:18:40.0020 0x0ef4  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
09:18:40.0030 0x0ef4  AFD - ok
09:18:40.0034 0x0ef4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:18:40.0038 0x0ef4  agp440 - ok
09:18:40.0041 0x0ef4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:18:40.0047 0x0ef4  ALG - ok
09:18:40.0049 0x0ef4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:18:40.0053 0x0ef4  aliide - ok
09:18:40.0059 0x0ef4  [ C2C6576BD76BDBD5D29555440C0F147B, EB92CCF0670493B63D073976F5026C0F5954733CBC20812118F13716503C249B ] amdacpksd       C:\Windows\system32\drivers\amdacpksd.sys
09:18:40.0071 0x0ef4  amdacpksd - ok
09:18:40.0073 0x0ef4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:18:40.0077 0x0ef4  amdide - ok
09:18:40.0080 0x0ef4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:18:40.0085 0x0ef4  AmdK8 - ok
09:18:40.0087 0x0ef4  amdkmdag - ok
09:18:40.0096 0x0ef4  [ 6489E58445DC4E53EE1446EC0CB04842, 13449C7B0BBDC1F2D0B5C9A0299BED47475D2D249BD5E24F68F9E06C4DC601BF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:18:40.0110 0x0ef4  amdkmdap - ok
09:18:40.0113 0x0ef4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:18:40.0118 0x0ef4  AmdPPM - ok
09:18:40.0121 0x0ef4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:18:40.0127 0x0ef4  amdsata - ok
09:18:40.0131 0x0ef4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:18:40.0138 0x0ef4  amdsbs - ok
09:18:40.0140 0x0ef4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:18:40.0144 0x0ef4  amdxata - ok
09:18:40.0147 0x0ef4  [ B84DDCCB03A9CEDC1E90A88EDA5306DB, 1E51A7336C7E3F6402ED90AB0B3E98FD3827E2DC51B133E7F8BB37140B315192 ] AppID           C:\Windows\system32\drivers\appid.sys
09:18:40.0152 0x0ef4  AppID - ok
09:18:40.0154 0x0ef4  [ 02B60F8FA4BAB8DC3B14782A7E60564B, D7EB27CB202573734D7A4EB4667B9BCEC1598AA9EBD154F2C9266AF230F51A52 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:18:40.0159 0x0ef4  AppIDSvc - ok
09:18:40.0161 0x0ef4  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
09:18:40.0167 0x0ef4  Appinfo - ok
09:18:40.0170 0x0ef4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:18:40.0175 0x0ef4  arc - ok
09:18:40.0178 0x0ef4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:18:40.0183 0x0ef4  arcsas - ok
09:18:40.0198 0x0ef4  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
09:18:40.0214 0x0ef4  asComSvc - ok
09:18:40.0229 0x0ef4  [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
09:18:40.0245 0x0ef4  asHmComSvc - ok
09:18:40.0254 0x0ef4  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
09:18:40.0258 0x0ef4  AsIO - ok
09:18:40.0264 0x0ef4  [ EE424A5CE56E3923D59BB7DE2E15036D, 8B8196870EFE74D43EDA72674021A46846D370E97A6A058134D84A721AECD091 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:18:40.0270 0x0ef4  aspnet_state - ok
09:18:40.0272 0x0ef4  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
09:18:40.0275 0x0ef4  AsUpIO - ok
09:18:40.0277 0x0ef4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:18:40.0294 0x0ef4  AsyncMac - ok
09:18:40.0296 0x0ef4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:18:40.0300 0x0ef4  atapi - ok
09:18:40.0304 0x0ef4  [ F9DB31BC5CD3700D37DB136BA56E5E9D, 9AB7421975500EE7FE583CCF86914F94E697606A9199DC4F27D5609554C5D3F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:18:40.0310 0x0ef4  AtiHDAudioService - ok
09:18:40.0320 0x0ef4  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:18:40.0334 0x0ef4  AudioEndpointBuilder - ok
09:18:40.0345 0x0ef4  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:18:40.0359 0x0ef4  AudioSrv - ok
09:18:40.0363 0x0ef4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:18:40.0371 0x0ef4  AxInstSV - ok
09:18:40.0380 0x0ef4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:18:40.0390 0x0ef4  b06bdrv - ok
09:18:40.0396 0x0ef4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:18:40.0404 0x0ef4  b57nd60a - ok
09:18:40.0408 0x0ef4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:18:40.0414 0x0ef4  BDESVC - ok
09:18:40.0416 0x0ef4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:18:40.0432 0x0ef4  Beep - ok
09:18:40.0444 0x0ef4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:18:40.0458 0x0ef4  BFE - ok
09:18:40.0472 0x0ef4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:18:40.0500 0x0ef4  BITS - ok
09:18:40.0503 0x0ef4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:18:40.0508 0x0ef4  blbdrive - ok
09:18:40.0517 0x0ef4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:18:40.0526 0x0ef4  Bonjour Service - ok
09:18:40.0530 0x0ef4  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:18:40.0536 0x0ef4  bowser - ok
09:18:40.0538 0x0ef4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:18:40.0544 0x0ef4  BrFiltLo - ok
09:18:40.0546 0x0ef4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:18:40.0552 0x0ef4  BrFiltUp - ok
09:18:40.0556 0x0ef4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:18:40.0562 0x0ef4  Browser - ok
09:18:40.0568 0x0ef4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:18:40.0577 0x0ef4  Brserid - ok
09:18:40.0579 0x0ef4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:18:40.0586 0x0ef4  BrSerWdm - ok
09:18:40.0588 0x0ef4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:18:40.0594 0x0ef4  BrUsbMdm - ok
09:18:40.0596 0x0ef4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:18:40.0601 0x0ef4  BrUsbSer - ok
09:18:40.0603 0x0ef4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:18:40.0610 0x0ef4  BTHMODEM - ok
09:18:40.0614 0x0ef4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:18:40.0631 0x0ef4  bthserv - ok
09:18:40.0636 0x0ef4  [ 95C2FEB994798596F0E2CB2BB2C7F45A, 78A39A6EF8E29620F22970AF4AE37404FC33D308BF83F8CDF16F0A79C5561AAF ] cbdisk3         C:\Windows\system32\drivers\cbdisk3.sys
09:18:40.0643 0x0ef4  cbdisk3 - ok
09:18:40.0650 0x0ef4  [ 6C1506E58A2A0F1FC6756D322C576C5F, FBAE9597A594956AD6677DB0FB7FC2483DA6450E66BEB9B2D2D4F2C1373B7AA8 ] cbfs4           C:\Windows\system32\drivers\cbfs4.sys
09:18:40.0658 0x0ef4  cbfs4 - ok
09:18:40.0661 0x0ef4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:18:40.0679 0x0ef4  cdfs - ok
09:18:40.0683 0x0ef4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:18:40.0689 0x0ef4  cdrom - ok
09:18:40.0692 0x0ef4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:18:40.0709 0x0ef4  CertPropSvc - ok
09:18:40.0713 0x0ef4  [ 2B2559146B072EB183DA1AB57E38E886, CAAE41158C3D5EA55834085C9161DB1EFF173CDF2FD0340B5289F541C294C5CC ] CG6Service      C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
09:18:40.0720 0x0ef4  CG6Service - ok
09:18:40.0723 0x0ef4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:18:40.0730 0x0ef4  circlass - ok
09:18:40.0737 0x0ef4  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
09:18:40.0746 0x0ef4  CLFS - ok
09:18:40.0750 0x0ef4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:18:40.0756 0x0ef4  clr_optimization_v2.0.50727_32 - ok
09:18:40.0760 0x0ef4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:18:40.0765 0x0ef4  clr_optimization_v2.0.50727_64 - ok
09:18:40.0770 0x0ef4  [ 5BAF4F1296D4D91FC28560CDB4C37C4B, ACA4BC57ED1F8432F18F0F215EC7FF956BAEF6E02760779E264E4008A979E9DD ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:18:40.0776 0x0ef4  clr_optimization_v4.0.30319_32 - ok
09:18:40.0781 0x0ef4  [ 569B54004A7E85A74FD92841DE6058E2, 58949313D0F6B1C06359B2F3C68E29940B1655A17E93FFC3718F6D2EAE1633E4 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:18:40.0788 0x0ef4  clr_optimization_v4.0.30319_64 - ok
09:18:40.0790 0x0ef4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:18:40.0795 0x0ef4  CmBatt - ok
09:18:40.0797 0x0ef4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:18:40.0801 0x0ef4  cmdide - ok
09:18:40.0809 0x0ef4  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
09:18:40.0823 0x0ef4  CNG - ok
09:18:40.0825 0x0ef4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:18:40.0829 0x0ef4  Compbatt - ok
09:18:40.0831 0x0ef4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:18:40.0838 0x0ef4  CompositeBus - ok
09:18:40.0839 0x0ef4  COMSysApp - ok
09:18:40.0851 0x0ef4  [ E20D73654A05670BD21F7876A3A0F747, A1708A4291641D8D17A6A4A7CE80A2B26046D3C35D5F718B008F0D3B290953DC ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
09:18:40.0860 0x0ef4  cphs - ok
09:18:40.0862 0x0ef4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:18:40.0866 0x0ef4  crcdisk - ok
09:18:40.0871 0x0ef4  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:18:40.0879 0x0ef4  CryptSvc - ok
09:18:40.0888 0x0ef4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:18:40.0900 0x0ef4  DcomLaunch - ok
09:18:40.0903 0x0ef4  [ 5DE1DB1FD27B0486292C881E1D94437E, D2D824CE9F7B57A3659B2249531DBA85C114E65D4EEBA3A159607B2104FF704B ] debutfilter     C:\Windows\system32\DRIVERS\debutfilterx64.sys
09:18:40.0906 0x0ef4  debutfilter - ok
09:18:40.0912 0x0ef4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:18:40.0932 0x0ef4  defragsvc - ok
09:18:40.0936 0x0ef4  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:18:40.0942 0x0ef4  DfsC - ok
09:18:40.0949 0x0ef4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:18:40.0958 0x0ef4  Dhcp - ok
09:18:40.0978 0x0ef4  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
09:18:41.0002 0x0ef4  DiagTrack - ok
09:18:41.0009 0x0ef4  [ F81460DB0644F0E825109F2E0E9F5D06, 21F26663CE22412BC9E6F4CD0F7FC536ED8844DE7C2C104616ACADBF4F47A839 ] DirMngr         C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
09:18:41.0013 0x0ef4  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
09:18:41.0112 0x0ef4  Detect skipped due to KSN trusted
09:18:41.0112 0x0ef4  DirMngr - ok
09:18:41.0114 0x0ef4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:18:41.0131 0x0ef4  discache - ok
09:18:41.0134 0x0ef4  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
09:18:41.0140 0x0ef4  Disk - ok
09:18:41.0144 0x0ef4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:18:41.0151 0x0ef4  Dnscache - ok
09:18:41.0157 0x0ef4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:18:41.0176 0x0ef4  dot3svc - ok
09:18:41.0180 0x0ef4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:18:41.0198 0x0ef4  DPS - ok
09:18:41.0200 0x0ef4  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:18:41.0205 0x0ef4  drmkaud - ok
09:18:41.0220 0x0ef4  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:18:41.0237 0x0ef4  DXGKrnl - ok
09:18:41.0246 0x0ef4  [ 73F8DE25B04A66CE3BE5D09A10DE56E6, ABA5AA50D936897CC71D710BBCF9A1B1CCCAC290FCD10A710E4471C1CDDE1093 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
09:18:41.0256 0x0ef4  e1dexpress - ok
09:18:41.0260 0x0ef4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:18:41.0278 0x0ef4  EapHost - ok
09:18:41.0323 0x0ef4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:18:41.0372 0x0ef4  ebdrv - ok
09:18:41.0378 0x0ef4  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] EFS             C:\Windows\System32\lsass.exe
09:18:41.0383 0x0ef4  EFS - ok
09:18:41.0392 0x0ef4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:18:41.0404 0x0ef4  elxstor - ok
09:18:41.0406 0x0ef4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:18:41.0411 0x0ef4  ErrDev - ok
09:18:41.0419 0x0ef4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:18:41.0441 0x0ef4  EventSystem - ok
09:18:41.0446 0x0ef4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:18:41.0465 0x0ef4  exfat - ok
09:18:41.0469 0x0ef4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:18:41.0488 0x0ef4  fastfat - ok
09:18:41.0491 0x0ef4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:18:41.0496 0x0ef4  fdc - ok
09:18:41.0498 0x0ef4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:18:41.0515 0x0ef4  fdPHost - ok
09:18:41.0517 0x0ef4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:18:41.0535 0x0ef4  FDResPub - ok
09:18:41.0538 0x0ef4  [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio     C:\Windows\system32\DRIVERS\ffusb2audio.sys
09:18:41.0544 0x0ef4  ffusb2audio - ok
09:18:41.0546 0x0ef4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:18:41.0551 0x0ef4  FileInfo - ok
09:18:41.0553 0x0ef4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:18:41.0571 0x0ef4  Filetrace - ok
09:18:41.0573 0x0ef4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:18:41.0578 0x0ef4  flpydisk - ok
09:18:41.0584 0x0ef4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:18:41.0592 0x0ef4  FltMgr - ok
09:18:41.0609 0x0ef4  [ CF0108CBA6D1860563BA20E3D74C6646, 737B5E89A858D7E3AEC8BF660AA4FCC56501A69468EA143531286016AF7C0B33 ] FontCache       C:\Windows\system32\FntCache.dll
09:18:41.0630 0x0ef4  FontCache - ok
09:18:41.0633 0x0ef4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:18:41.0638 0x0ef4  FontCache3.0.0.0 - ok
09:18:41.0640 0x0ef4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:18:41.0645 0x0ef4  FsDepends - ok
09:18:41.0647 0x0ef4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:18:41.0652 0x0ef4  Fs_Rec - ok
09:18:41.0656 0x0ef4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:18:41.0665 0x0ef4  fvevol - ok
09:18:41.0668 0x0ef4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:18:41.0673 0x0ef4  gagp30kx - ok
09:18:41.0736 0x0ef4  [ 25BBECC7C72D4A1A021FA34534C1C822, F03164CB1624B2E4F6CCDF78562620DD81A3A985D5A6CFF7298B781D924F2F19 ] GlassWire       C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
09:18:41.0820 0x0ef4  GlassWire - ok
09:18:41.0837 0x0ef4  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
09:18:41.0853 0x0ef4  gpsvc - ok
09:18:41.0856 0x0ef4  [ 3CF2C2F026B06D3F6B9A402DD50D5C9B, EEC63C73D54BC6F9AA53F6A248A041E3A0F1CE39386DA6243B42D1C14A322B2B ] gwdrv           C:\Windows\system32\DRIVERS\gwdrv.sys
09:18:41.0860 0x0ef4  gwdrv - ok
09:18:41.0862 0x0ef4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:18:41.0867 0x0ef4  hcw85cir - ok
09:18:41.0873 0x0ef4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:18:41.0885 0x0ef4  HdAudAddService - ok
09:18:41.0888 0x0ef4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:18:41.0896 0x0ef4  HDAudBus - ok
09:18:41.0899 0x0ef4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:18:41.0904 0x0ef4  HidBatt - ok
09:18:41.0907 0x0ef4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:18:41.0914 0x0ef4  HidBth - ok
09:18:41.0917 0x0ef4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:18:41.0924 0x0ef4  HidIr - ok
09:18:41.0926 0x0ef4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:18:41.0943 0x0ef4  hidserv - ok
09:18:41.0945 0x0ef4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:18:41.0950 0x0ef4  HidUsb - ok
09:18:41.0952 0x0ef4  [ BBCC44D677183BEFED776C1ED6B138D1, A219E3C834550FA70E3D3986BFB31C40249B8A43F13BA023B21341C08249A65C ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
09:18:41.0953 0x0ef4  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
09:18:42.0091 0x0ef4  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
09:18:42.0237 0x0ef4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:18:42.0255 0x0ef4  hkmsvc - ok
09:18:42.0260 0x0ef4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:18:42.0268 0x0ef4  HomeGroupListener - ok
09:18:42.0273 0x0ef4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:18:42.0280 0x0ef4  HomeGroupProvider - ok
09:18:42.0284 0x0ef4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:18:42.0289 0x0ef4  HpSAMD - ok
09:18:42.0301 0x0ef4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:18:42.0316 0x0ef4  HTTP - ok
09:18:42.0318 0x0ef4  [ EF558A02D734A1403583E95CCEEC2487, F0D052DAF48A62E4A90D067BFCB5EE9563804DE68D0EA82E0E11C8D16AD19D29 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
09:18:42.0322 0x0ef4  HWiNFO32 - ok
09:18:42.0324 0x0ef4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:18:42.0328 0x0ef4  hwpolicy - ok
09:18:42.0331 0x0ef4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:18:42.0337 0x0ef4  i8042prt - ok
09:18:42.0346 0x0ef4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:18:42.0355 0x0ef4  iaStorV - ok
09:18:42.0369 0x0ef4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:18:42.0385 0x0ef4  idsvc - ok
09:18:42.0387 0x0ef4  IEEtwCollectorService - ok
09:18:42.0453 0x0ef4  [ 4AA0CEDCA2DCCD38B6F0AA56BC7B80BB, B4D88292CD95DB1DC9BE7A721D3886889D9761F48BCA5ABA8EB8492B53FCC007 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:18:42.0548 0x0ef4  igfx - ok
09:18:42.0560 0x0ef4  [ 486F05A5B011EA206AD5F6BB9A032A6B, 77A9113C6A8C0C096CA2B4A4A70C33A75C3DF14B36BCD10605DC34F39EBABA76 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
09:18:42.0569 0x0ef4  igfxCUIService1.0.0.0 - ok
09:18:42.0571 0x0ef4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:18:42.0576 0x0ef4  iirsp - ok
09:18:42.0589 0x0ef4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:18:42.0606 0x0ef4  IKEEXT - ok
09:18:42.0615 0x0ef4  [ 9D01DDF5EA8494BBCBB73FF385E35D35, C575DC65275BEA8558A855C7DC6CFA84BD7F48D24BB0C522084E89DDC5CB02A7 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
09:18:42.0627 0x0ef4  IntcDAud - ok
09:18:42.0641 0x0ef4  [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:18:42.0652 0x0ef4  Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
09:18:42.0755 0x0ef4  Detect skipped due to KSN trusted
09:18:42.0755 0x0ef4  Intel(R) Capability Licensing Service Interface - ok
09:18:42.0769 0x0ef4  [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:18:42.0784 0x0ef4  Intel(R) Capability Licensing Service TCP IP Interface - ok
09:18:42.0789 0x0ef4  [ CBF7341E55A8348C7AB01A9870C7D948, A5084DF3C6321788C88A9E6B5F43FE5BCFDBB579BDE3A4D5F55558C6D13035A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
09:18:42.0795 0x0ef4  Intel(R) PROSet Monitoring Service - ok
09:18:42.0797 0x0ef4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:18:42.0802 0x0ef4  intelide - ok
09:18:42.0804 0x0ef4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:18:42.0810 0x0ef4  intelppm - ok
09:18:42.0812 0x0ef4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:18:42.0831 0x0ef4  IPBusEnum - ok
09:18:42.0833 0x0ef4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:42.0850 0x0ef4  IpFilterDriver - ok
09:18:42.0860 0x0ef4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:18:42.0872 0x0ef4  iphlpsvc - ok
09:18:42.0875 0x0ef4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:18:42.0881 0x0ef4  IPMIDRV - ok
09:18:42.0884 0x0ef4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:18:42.0902 0x0ef4  IPNAT - ok
09:18:42.0904 0x0ef4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:18:42.0912 0x0ef4  IRENUM - ok
09:18:42.0914 0x0ef4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:18:42.0918 0x0ef4  isapnp - ok
09:18:42.0924 0x0ef4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:18:42.0932 0x0ef4  iScsiPrt - ok
09:18:42.0936 0x0ef4  [ A3B59E5887B294F2ED06A522F0FDC9D3, 38B8453FC100C74376E6B36D71F27228D1EBE1094ED0175F96C018C958B1B37A ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:18:42.0941 0x0ef4  jhi_service - ok
09:18:42.0944 0x0ef4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:18:42.0949 0x0ef4  kbdclass - ok
09:18:42.0951 0x0ef4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:18:42.0956 0x0ef4  kbdhid - ok
09:18:42.0958 0x0ef4  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] KeyIso          C:\Windows\system32\lsass.exe
09:18:42.0963 0x0ef4  KeyIso - ok
09:18:42.0966 0x0ef4  [ 3AAA10BAF3F194F7CD34F4C78F8222EE, 25AE0B764748B13C7F093966E228D506072E270379A5E751F1ED619DEFB40814 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:18:42.0971 0x0ef4  KSecDD - ok
09:18:42.0975 0x0ef4  [ 7B7C28D4E71E4A4365F2B7528DA619F8, 0A507468C6A49870F794F28FF274643FE8FD238A3A9BE86C8656882F237DE77B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:18:42.0981 0x0ef4  KSecPkg - ok
09:18:42.0983 0x0ef4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:18:43.0000 0x0ef4  ksthunk - ok
09:18:43.0011 0x0ef4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:18:43.0033 0x0ef4  KtmRm - ok
09:18:43.0038 0x0ef4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:18:43.0057 0x0ef4  LanmanServer - ok
09:18:43.0061 0x0ef4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:18:43.0079 0x0ef4  LanmanWorkstation - ok
09:18:43.0082 0x0ef4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:18:43.0100 0x0ef4  lltdio - ok
09:18:43.0106 0x0ef4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:18:43.0127 0x0ef4  lltdsvc - ok
09:18:43.0129 0x0ef4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:18:43.0146 0x0ef4  lmhosts - ok
09:18:43.0153 0x0ef4  [ 3142FC089FE8FCF79B442B91BC4F0C16, ECF8E9CC84B87D19C4762E73EA2DD80B336A9C42A67512F2E73179F49484592A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:18:43.0161 0x0ef4  LMS - ok
09:18:43.0165 0x0ef4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:18:43.0171 0x0ef4  LSI_FC - ok
09:18:43.0174 0x0ef4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:18:43.0179 0x0ef4  LSI_SAS - ok
09:18:43.0182 0x0ef4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:18:43.0187 0x0ef4  LSI_SAS2 - ok
09:18:43.0190 0x0ef4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:18:43.0195 0x0ef4  LSI_SCSI - ok
09:18:43.0199 0x0ef4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:18:43.0217 0x0ef4  luafv - ok
09:18:43.0219 0x0ef4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:18:43.0223 0x0ef4  megasas - ok
09:18:43.0229 0x0ef4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:18:43.0237 0x0ef4  MegaSR - ok
09:18:43.0240 0x0ef4  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
09:18:43.0244 0x0ef4  MEIx64 - ok
09:18:43.0247 0x0ef4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:18:43.0265 0x0ef4  MMCSS - ok
09:18:43.0267 0x0ef4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:18:43.0284 0x0ef4  Modem - ok
09:18:43.0286 0x0ef4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:18:43.0293 0x0ef4  monitor - ok
09:18:43.0295 0x0ef4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:18:43.0300 0x0ef4  mouclass - ok
09:18:43.0302 0x0ef4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:18:43.0307 0x0ef4  mouhid - ok
09:18:43.0310 0x0ef4  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:18:43.0315 0x0ef4  mountmgr - ok
09:18:43.0319 0x0ef4  [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:18:43.0325 0x0ef4  MozillaMaintenance - ok
09:18:43.0329 0x0ef4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:18:43.0335 0x0ef4  mpio - ok
09:18:43.0338 0x0ef4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:18:43.0356 0x0ef4  mpsdrv - ok
09:18:43.0369 0x0ef4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:18:43.0397 0x0ef4  MpsSvc - ok
09:18:43.0402 0x0ef4  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:18:43.0408 0x0ef4  MRxDAV - ok
09:18:43.0412 0x0ef4  [ 819426D736BCBD31CC7CA27221954E04, 0C4AADEFE282D89EA4A523BDA7B6BB948247F50253D7D0B90C8FC46C4DEEF835 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:43.0419 0x0ef4  mrxsmb - ok
09:18:43.0425 0x0ef4  [ 85CB449B319AF69A3538BB1B97EEA2E5, DB75D56A7E631F57D31957105422811C738E96E5B84480C3346B827ACF280E12 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:43.0434 0x0ef4  mrxsmb10 - ok
09:18:43.0437 0x0ef4  [ C0B2DC34587FE163997055AA38EB883A, A0BFD0CF873CCEF266606ADE1A4DA69DF757A67D8AD28330272AFEABD7F481D5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:43.0444 0x0ef4  mrxsmb20 - ok
09:18:43.0446 0x0ef4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:18:43.0451 0x0ef4  msahci - ok
09:18:43.0455 0x0ef4  [ 41FB1D61DF09C36CCAB0B04EEC66F6D5, C6D0F6B8429656C56A142F95AF0B4A85DD4B78A735664C8775F49C3B04C564B7 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
09:18:43.0461 0x0ef4  MSCamSvc - ok
09:18:43.0464 0x0ef4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:18:43.0470 0x0ef4  msdsm - ok
09:18:43.0474 0x0ef4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:18:43.0481 0x0ef4  MSDTC - ok
09:18:43.0485 0x0ef4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:18:43.0501 0x0ef4  Msfs - ok
09:18:43.0503 0x0ef4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:18:43.0520 0x0ef4  mshidkmdf - ok
09:18:43.0522 0x0ef4  [ BB590070D606AE6F008341FC9A7B2AD7, CF1073A093E679C5BCA19681789FBB85A8286E356F2C0609E0B446DF65A86E29 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
09:18:43.0526 0x0ef4  MSHUSBVideo - ok
09:18:43.0528 0x0ef4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:18:43.0532 0x0ef4  msisadrv - ok
09:18:43.0536 0x0ef4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:18:43.0555 0x0ef4  MSiSCSI - ok
09:18:43.0556 0x0ef4  msiserver - ok
09:18:43.0558 0x0ef4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:18:43.0575 0x0ef4  MSKSSRV - ok
09:18:43.0577 0x0ef4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:43.0593 0x0ef4  MSPCLOCK - ok
09:18:43.0595 0x0ef4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:18:43.0612 0x0ef4  MSPQM - ok
09:18:43.0619 0x0ef4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:18:43.0629 0x0ef4  MsRPC - ok
09:18:43.0632 0x0ef4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:18:43.0636 0x0ef4  mssmbios - ok
09:18:43.0638 0x0ef4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:18:43.0655 0x0ef4  MSTEE - ok
09:18:43.0657 0x0ef4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:18:43.0662 0x0ef4  MTConfig - ok
09:18:43.0665 0x0ef4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:18:43.0670 0x0ef4  Mup - ok
09:18:43.0678 0x0ef4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:18:43.0701 0x0ef4  napagent - ok
09:18:43.0708 0x0ef4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:18:43.0719 0x0ef4  NativeWifiP - ok
09:18:43.0734 0x0ef4  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:18:43.0752 0x0ef4  NDIS - ok
09:18:43.0755 0x0ef4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:43.0772 0x0ef4  NdisCap - ok
09:18:43.0774 0x0ef4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:43.0792 0x0ef4  NdisTapi - ok
09:18:43.0794 0x0ef4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:43.0811 0x0ef4  Ndisuio - ok
09:18:43.0815 0x0ef4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:43.0834 0x0ef4  NdisWan - ok
09:18:43.0836 0x0ef4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:18:43.0854 0x0ef4  NDProxy - ok
09:18:43.0856 0x0ef4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:18:43.0874 0x0ef4  NetBIOS - ok
09:18:43.0879 0x0ef4  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:18:43.0887 0x0ef4  NetBT - ok
09:18:43.0889 0x0ef4  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] Netlogon        C:\Windows\system32\lsass.exe
09:18:43.0894 0x0ef4  Netlogon - ok
09:18:43.0901 0x0ef4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:18:43.0923 0x0ef4  Netman - ok
09:18:43.0928 0x0ef4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:43.0935 0x0ef4  NetMsmqActivator - ok
09:18:43.0938 0x0ef4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:43.0944 0x0ef4  NetPipeActivator - ok
09:18:43.0953 0x0ef4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:18:43.0977 0x0ef4  netprofm - ok
09:18:43.0991 0x0ef4  [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
09:18:44.0008 0x0ef4  netr28ux - ok
09:18:44.0012 0x0ef4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:44.0019 0x0ef4  NetTcpActivator - ok
09:18:44.0022 0x0ef4  [ 0BEF1F19F32C9F3DBE9A503F2E66CC22, 4F4812CDDB675C5D655B5B90375F188A3A5AA52A2BC2CED383B03449CF8210C8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:18:44.0029 0x0ef4  NetTcpPortSharing - ok
09:18:44.0031 0x0ef4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:18:44.0036 0x0ef4  nfrd960 - ok
09:18:44.0227 0x0ef4  [ 51863664507D84D42DCDA30EE6F284FB, 655DFB2E019E3E5EEF69C90B796F40D74986951BA4A6EA7CDDAE73DAE420FCE9 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
09:18:44.0425 0x0ef4  NIHardwareService - ok
09:18:44.0589 0x0ef4  [ F3B089833C4D3B7238C687F2B92FFB95, 2E593CB336ADBB0911AB0150B92E6E9B2A215666F9987BCD7F48A445DB3E2164 ] NIHostIntegrationAgent C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
09:18:44.0749 0x0ef4  NIHostIntegrationAgent - ok
09:18:44.0762 0x0ef4  [ EEECC4C67144A39BA5B9B6E351932606, C3CB9042D00559893EA37969898840D3D437703E6B13BCF21253AB40F6071446 ] NIWinCDEmu      C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
09:18:44.0768 0x0ef4  NIWinCDEmu - ok
09:18:44.0774 0x0ef4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:18:44.0783 0x0ef4  NlaSvc - ok
09:18:44.0785 0x0ef4  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
09:18:44.0790 0x0ef4  NPF - ok
09:18:44.0792 0x0ef4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:18:44.0810 0x0ef4  Npfs - ok
09:18:44.0812 0x0ef4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:18:44.0830 0x0ef4  nsi - ok
09:18:44.0832 0x0ef4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:18:44.0849 0x0ef4  nsiproxy - ok
09:18:44.0874 0x0ef4  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:18:44.0901 0x0ef4  Ntfs - ok
09:18:44.0904 0x0ef4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:18:44.0920 0x0ef4  Null - ok
09:18:44.0924 0x0ef4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:18:44.0930 0x0ef4  nvraid - ok
09:18:44.0934 0x0ef4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:18:44.0940 0x0ef4  nvstor - ok
09:18:44.0944 0x0ef4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:18:44.0949 0x0ef4  nv_agp - ok
09:18:44.0952 0x0ef4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:18:44.0958 0x0ef4  ohci1394 - ok
09:18:45.0024 0x0ef4  [ AEE92DF50D5ADF81FC5709ABF7DFF8A5, 655C2FC05FFF3095D4EBC5A88638D1FF9228FE54154431CBC4F2A34197869A90 ] OSFMount        T:\FTK\OSForensics\OSFMount64\OSFMount.sys
09:18:45.0045 0x0ef4  OSFMount - ok
09:18:45.0054 0x0ef4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:18:45.0064 0x0ef4  p2pimsvc - ok
09:18:45.0071 0x0ef4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:18:45.0082 0x0ef4  p2psvc - ok
09:18:45.0344 0x0ef4  [ C8DB2CA854F8D544B634AE73AB3BC344, 50D242599FA45FA4790DC3672C9EFF1ACA5B79FBBC323E750DD079A7C1CD5A38 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
09:18:45.0638 0x0ef4  PaceLicenseDServices - ok
09:18:45.0659 0x0ef4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:18:45.0666 0x0ef4  Parport - ok
09:18:45.0668 0x0ef4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:18:45.0673 0x0ef4  partmgr - ok
09:18:45.0678 0x0ef4  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:18:45.0686 0x0ef4  PcaSvc - ok
09:18:45.0690 0x0ef4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:18:45.0697 0x0ef4  pci - ok
09:18:45.0699 0x0ef4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:18:45.0703 0x0ef4  pciide - ok
09:18:45.0708 0x0ef4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:18:45.0715 0x0ef4  pcmcia - ok
09:18:45.0717 0x0ef4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:18:45.0722 0x0ef4  pcw - ok
09:18:45.0733 0x0ef4  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:18:45.0746 0x0ef4  PEAUTH - ok
09:18:45.0755 0x0ef4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:18:45.0761 0x0ef4  PerfHost - ok
09:18:45.0783 0x0ef4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:18:45.0818 0x0ef4  pla - ok
09:18:45.0827 0x0ef4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:18:45.0837 0x0ef4  PlugPlay - ok
09:18:45.0847 0x0ef4  [ 840AC13DA861C31665FE805E3B53EAE0, B00593D1E41208ECB6983AE92EE40407B0EF3EC064DE10C921215FB58A674F12 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
09:18:45.0858 0x0ef4  PMBDeviceInfoProvider - ok
09:18:45.0860 0x0ef4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:18:45.0865 0x0ef4  PNRPAutoReg - ok
09:18:45.0872 0x0ef4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:18:45.0881 0x0ef4  PNRPsvc - ok
09:18:45.0883 0x0ef4  [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
09:18:45.0887 0x0ef4  Point64 - ok
09:18:45.0896 0x0ef4  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:18:45.0907 0x0ef4  PolicyAgent - ok
09:18:45.0912 0x0ef4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:18:45.0932 0x0ef4  Power - ok
09:18:45.0935 0x0ef4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:18:45.0952 0x0ef4  PptpMiniport - ok
09:18:45.0955 0x0ef4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:18:45.0960 0x0ef4  Processor - ok
09:18:45.0965 0x0ef4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:18:45.0973 0x0ef4  ProfSvc - ok
09:18:45.0975 0x0ef4  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:18:45.0980 0x0ef4  ProtectedStorage - ok
09:18:45.0983 0x0ef4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:18:46.0000 0x0ef4  Psched - ok
09:18:46.0023 0x0ef4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:18:46.0047 0x0ef4  ql2300 - ok
09:18:46.0052 0x0ef4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:18:46.0057 0x0ef4  ql40xx - ok
09:18:46.0063 0x0ef4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:18:46.0074 0x0ef4  QWAVE - ok
09:18:46.0076 0x0ef4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:18:46.0084 0x0ef4  QWAVEdrv - ok
09:18:46.0086 0x0ef4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:18:46.0103 0x0ef4  RasAcd - ok
09:18:46.0105 0x0ef4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:46.0122 0x0ef4  RasAgileVpn - ok
09:18:46.0126 0x0ef4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:18:46.0144 0x0ef4  RasAuto - ok
09:18:46.0147 0x0ef4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:46.0165 0x0ef4  Rasl2tp - ok
09:18:46.0172 0x0ef4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:18:46.0193 0x0ef4  RasMan - ok
09:18:46.0196 0x0ef4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:46.0214 0x0ef4  RasPppoe - ok
09:18:46.0217 0x0ef4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:18:46.0235 0x0ef4  RasSstp - ok
09:18:46.0241 0x0ef4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:18:46.0261 0x0ef4  rdbss - ok
09:18:46.0263 0x0ef4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
09:18:46.0270 0x0ef4  rdpbus - ok
09:18:46.0271 0x0ef4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:46.0288 0x0ef4  RDPCDD - ok
09:18:46.0291 0x0ef4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:18:46.0307 0x0ef4  RDPENCDD - ok
09:18:46.0310 0x0ef4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:18:46.0327 0x0ef4  RDPREFMP - ok
09:18:46.0331 0x0ef4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:18:46.0339 0x0ef4  RDPWD - ok
09:18:46.0344 0x0ef4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:18:46.0351 0x0ef4  rdyboost - ok
09:18:46.0354 0x0ef4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:18:46.0373 0x0ef4  RemoteAccess - ok
09:18:46.0376 0x0ef4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:18:46.0396 0x0ef4  RemoteRegistry - ok
09:18:46.0399 0x0ef4  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
09:18:46.0404 0x0ef4  rpcapd - ok
09:18:46.0406 0x0ef4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:18:46.0425 0x0ef4  RpcEptMapper - ok
09:18:46.0427 0x0ef4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:18:46.0432 0x0ef4  RpcLocator - ok
09:18:46.0441 0x0ef4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
09:18:46.0453 0x0ef4  RpcSs - ok
09:18:46.0456 0x0ef4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:18:46.0474 0x0ef4  rspndr - ok
09:18:46.0476 0x0ef4  [ 24061B0958874C1CB2A5A8E9D25482D4, F84F8173242B95F9F3C4FEA99B5555B33F9CE37CA8188B643871D261CB081496 ] RTCore64        C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
09:18:46.0480 0x0ef4  RTCore64 - ok
09:18:46.0521 0x0ef4  [ CB1D6D163F1FA16571F4E01B12BD3A77, 9D3125DD74B3C4924F39805B62069F9B4B78D6EA5BB769D7DAC7D0AD3FC7D5BC ] RtlWlanu        C:\Windows\system32\DRIVERS\rtwlanu.sys
09:18:46.0565 0x0ef4  RtlWlanu - ok
09:18:46.0571 0x0ef4  [ E5DCAF3BA52C18B8C267B8525393750E, 874B78270C60FE426C3B35C0B5FD00EA35D88C081BB94E03F9B71E4479FE46A7 ] RunSwUSB        C:\Windows\runSW.exe
09:18:46.0575 0x0ef4  RunSwUSB - ok
09:18:46.0577 0x0ef4  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] SamSs           C:\Windows\system32\lsass.exe
09:18:46.0582 0x0ef4  SamSs - ok
09:18:46.0585 0x0ef4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:18:46.0590 0x0ef4  sbp2port - ok
09:18:46.0594 0x0ef4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:18:46.0614 0x0ef4  SCardSvr - ok
09:18:46.0616 0x0ef4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:18:46.0634 0x0ef4  scfilter - ok
09:18:46.0651 0x0ef4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
09:18:46.0671 0x0ef4  Schedule - ok
09:18:46.0675 0x0ef4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:18:46.0692 0x0ef4  SCPolicySvc - ok
09:18:46.0696 0x0ef4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:18:46.0704 0x0ef4  SDRSVC - ok
09:18:46.0706 0x0ef4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:18:46.0711 0x0ef4  secdrv - ok
09:18:46.0713 0x0ef4  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
09:18:46.0718 0x0ef4  seclogon - ok
09:18:46.0721 0x0ef4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:18:46.0739 0x0ef4  SENS - ok
09:18:46.0741 0x0ef4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:18:46.0747 0x0ef4  SensrSvc - ok
09:18:46.0749 0x0ef4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:18:46.0754 0x0ef4  Serenum - ok
09:18:46.0757 0x0ef4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
09:18:46.0763 0x0ef4  Serial - ok
09:18:46.0765 0x0ef4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:18:46.0770 0x0ef4  sermouse - ok
09:18:46.0775 0x0ef4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:18:46.0794 0x0ef4  SessionEnv - ok
09:18:46.0796 0x0ef4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:18:46.0802 0x0ef4  sffdisk - ok
09:18:46.0804 0x0ef4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:18:46.0810 0x0ef4  sffp_mmc - ok
09:18:46.0812 0x0ef4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:18:46.0819 0x0ef4  sffp_sd - ok
09:18:46.0821 0x0ef4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:18:46.0826 0x0ef4  sfloppy - ok
09:18:46.0832 0x0ef4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:18:46.0854 0x0ef4  SharedAccess - ok
09:18:46.0861 0x0ef4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:18:46.0882 0x0ef4  ShellHWDetection - ok
09:18:46.0884 0x0ef4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:18:46.0889 0x0ef4  SiSRaid2 - ok
09:18:46.0892 0x0ef4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:18:46.0897 0x0ef4  SiSRaid4 - ok
09:18:46.0900 0x0ef4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:18:46.0918 0x0ef4  Smb - ok
09:18:46.0922 0x0ef4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:18:46.0928 0x0ef4  SNMPTRAP - ok
09:18:46.0930 0x0ef4  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
09:18:46.0935 0x0ef4  speedfan - ok
09:18:46.0937 0x0ef4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:18:46.0941 0x0ef4  spldr - ok
09:18:46.0951 0x0ef4  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
09:18:46.0975 0x0ef4  Spooler - ok
09:18:47.0024 0x0ef4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:18:47.0088 0x0ef4  sppsvc - ok
09:18:47.0095 0x0ef4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:18:47.0113 0x0ef4  sppuinotify - ok
09:18:47.0123 0x0ef4  [ EB15C46477EB84B6B520871ED5936CCF, 7366FD2E1315109B9A2F47DA08959CF0CBEEB1F20B2E2DEF449D39B508107D29 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:18:47.0139 0x0ef4  srv - ok
09:18:47.0147 0x0ef4  [ 7F4FDC9528BCE6FB919615B6A77D5724, C4843381504E0F50D4B8E4F8886C83112018CE5F64467B875F2809508EA2B182 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:18:47.0157 0x0ef4  srv2 - ok
09:18:47.0162 0x0ef4  [ 3F20CD2A11872284BD667DAD6D4801CC, 917EAA680CD10D3EA59EEF4B77BB3813D5718E7D1CB0846431255EE73035D834 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:18:47.0169 0x0ef4  srvnet - ok
09:18:47.0173 0x0ef4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:18:47.0194 0x0ef4  SSDPSRV - ok
09:18:47.0196 0x0ef4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:18:47.0215 0x0ef4  SstpSvc - ok
09:18:47.0236 0x0ef4  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:18:47.0260 0x0ef4  Steam Client Service - ok
09:18:47.0263 0x0ef4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:18:47.0267 0x0ef4  stexstor - ok
09:18:47.0277 0x0ef4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:18:47.0293 0x0ef4  stisvc - ok
09:18:47.0295 0x0ef4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:18:47.0299 0x0ef4  swenum - ok
09:18:47.0308 0x0ef4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:18:47.0333 0x0ef4  swprv - ok
09:18:47.0358 0x0ef4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
09:18:47.0387 0x0ef4  SysMain - ok
09:18:47.0391 0x0ef4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:18:47.0401 0x0ef4  TabletInputService - ok
09:18:47.0403 0x0ef4  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
09:18:47.0408 0x0ef4  tap0901 - ok
09:18:47.0414 0x0ef4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:18:47.0435 0x0ef4  TapiSrv - ok
09:18:47.0463 0x0ef4  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:18:47.0492 0x0ef4  Tcpip - ok
09:18:47.0520 0x0ef4  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:18:47.0549 0x0ef4  TCPIP6 - ok
09:18:47.0554 0x0ef4  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:18:47.0559 0x0ef4  tcpipreg - ok
09:18:47.0561 0x0ef4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:18:47.0566 0x0ef4  TDPIPE - ok
09:18:47.0568 0x0ef4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:18:47.0572 0x0ef4  TDTCP - ok
09:18:47.0576 0x0ef4  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:18:47.0581 0x0ef4  tdx - ok
09:18:47.0725 0x0ef4  [ 44449A0EB8EBD8DCBC3ED4BB62BA3A5F, 168197015D1E5ED71775250084C224A1100E0F989A6D1CC4102004E5AAD74F3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
09:18:47.0867 0x0ef4  TeamViewer - ok
09:18:47.0876 0x0ef4  [ F5520DBB47C60EE83024B38720ABDA24, B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
09:18:47.0880 0x0ef4  teamviewervpn - ok
09:18:47.0883 0x0ef4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:18:47.0888 0x0ef4  TermDD - ok
09:18:47.0899 0x0ef4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
09:18:47.0914 0x0ef4  TermService - ok
09:18:47.0917 0x0ef4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:18:47.0925 0x0ef4  Themes - ok
09:18:47.0928 0x0ef4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:18:47.0947 0x0ef4  THREADORDER - ok
09:18:47.0950 0x0ef4  [ D154DD00C8F12D94C9CC94027356B6E4, 501026564147DC43D0764521816B8D20576DA8F5D9DB0D2D8D3A16AA48A534A3 ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
09:18:47.0955 0x0ef4  Tpkd - ok
09:18:47.0959 0x0ef4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:18:47.0978 0x0ef4  TrkWks - ok
09:18:47.0982 0x0ef4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:18:48.0001 0x0ef4  TrustedInstaller - ok
09:18:48.0004 0x0ef4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:48.0009 0x0ef4  tssecsrv - ok
09:18:48.0011 0x0ef4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:18:48.0016 0x0ef4  TsUsbFlt - ok
09:18:48.0018 0x0ef4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:18:48.0023 0x0ef4  TsUsbGD - ok
09:18:48.0026 0x0ef4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:18:48.0044 0x0ef4  tunnel - ok
09:18:48.0046 0x0ef4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:18:48.0052 0x0ef4  uagp35 - ok
09:18:48.0058 0x0ef4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:18:48.0079 0x0ef4  udfs - ok
09:18:48.0082 0x0ef4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:18:48.0088 0x0ef4  UI0Detect - ok
09:18:48.0091 0x0ef4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:18:48.0096 0x0ef4  uliagpkx - ok
09:18:48.0098 0x0ef4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:18:48.0103 0x0ef4  umbus - ok
09:18:48.0105 0x0ef4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:18:48.0110 0x0ef4  UmPass - ok
09:18:48.0116 0x0ef4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:18:48.0138 0x0ef4  upnphost - ok
09:18:48.0142 0x0ef4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:18:48.0147 0x0ef4  usbaudio - ok
09:18:48.0150 0x0ef4  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:48.0156 0x0ef4  usbccgp - ok
09:18:48.0159 0x0ef4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:18:48.0165 0x0ef4  usbcir - ok
09:18:48.0167 0x0ef4  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:18:48.0173 0x0ef4  usbehci - ok
09:18:48.0179 0x0ef4  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
09:18:48.0188 0x0ef4  usbhub - ok
09:18:48.0190 0x0ef4  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:18:48.0195 0x0ef4  usbohci - ok
09:18:48.0197 0x0ef4  [ E657C5CEA6B8EF318FEA1BCF971EE32D, B97314C2E82E2D942BE22D59DA8703EBF6631EF82ED34EDCD210CC37E206DE37 ] USBPcap         C:\Windows\system32\DRIVERS\USBPcap.sys
09:18:48.0201 0x0ef4  USBPcap - ok
09:18:48.0203 0x0ef4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:18:48.0209 0x0ef4  usbprint - ok
09:18:48.0212 0x0ef4  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:48.0218 0x0ef4  USBSTOR - ok
09:18:48.0220 0x0ef4  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:18:48.0224 0x0ef4  usbuhci - ok
09:18:48.0229 0x0ef4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:18:48.0235 0x0ef4  usbvideo - ok
09:18:48.0238 0x0ef4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:18:48.0255 0x0ef4  UxSms - ok
09:18:48.0257 0x0ef4  [ CA69E856332E2D85294665F6B7E97254, A9693F836907FB0154DC1090D9476F1E9242ABE922D932D74D0385772D2EAB65 ] VaultSvc        C:\Windows\system32\lsass.exe
09:18:48.0262 0x0ef4  VaultSvc - ok
09:18:48.0277 0x0ef4  [ B9762134953EF28EC04286AA4B35863E, 032C3CCA358E3AEA18FEAD374223544C69287B7380892BB266573D9BEB571B4E ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
09:18:48.0295 0x0ef4  VBoxDrv - ok
09:18:48.0299 0x0ef4  [ 6DFE5B5F1E614E2088139D4A0C11AB15, 4347577D3E913EED1A094026B6898875B0DA7C5D57182DF77762EDDC3C0AF63F ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
09:18:48.0306 0x0ef4  VBoxNetAdp - ok
09:18:48.0310 0x0ef4  [ E4DCFB40B687F565CD8261EB558586BD, 7B961F069850653DDB9EA68A67A5129845B6F735EB99F6591E109AEF425B84F9 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
09:18:48.0318 0x0ef4  VBoxNetLwf - ok
09:18:48.0321 0x0ef4  [ 96A5BE08C3D815B19E40E00314DCF9F6, 3B6A7F2D02BFFD40B03DED95BA07DA77AB910EAFCDAFAC1CA8069BF8B0CEA931 ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
09:18:48.0328 0x0ef4  VBoxUSB - ok
09:18:48.0332 0x0ef4  [ 312FB8707B51E327DFFBD7DD08BE9E2E, 02E0A4FCA3560B993209C6F2BF4C4056162FE8F6B9560C142E8263DCFBE7BE90 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
09:18:48.0338 0x0ef4  VBoxUSBMon - ok
09:18:48.0340 0x0ef4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:18:48.0345 0x0ef4  vdrvroot - ok
09:18:48.0354 0x0ef4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:18:48.0378 0x0ef4  vds - ok
09:18:48.0383 0x0ef4  [ C0BB7F0C789AC778549DCC20B18A8DC0, 6C985B008488EB9766C4CE6709C37AF6ECCEDA7A69EB45627B1871D891D925DF ] veracrypt       C:\Windows\system32\drivers\veracrypt.sys
09:18:48.0389 0x0ef4  veracrypt - ok
09:18:48.0391 0x0ef4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:48.0397 0x0ef4  vga - ok
09:18:48.0399 0x0ef4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:18:48.0416 0x0ef4  VgaSave - ok
09:18:48.0421 0x0ef4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:18:48.0427 0x0ef4  vhdmp - ok
09:18:48.0439 0x0ef4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:18:48.0444 0x0ef4  viaide - ok
09:18:48.0447 0x0ef4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:18:48.0452 0x0ef4  volmgr - ok
09:18:48.0458 0x0ef4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:18:48.0467 0x0ef4  volmgrx - ok
09:18:48.0473 0x0ef4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:18:48.0481 0x0ef4  volsnap - ok
09:18:48.0483 0x0ef4  [ 0804B6E024B4A3116E8BF39B65933329, B6A816FAD170E16D03D0F1293B937B600D393331011A8DF66CC3D1EE6569922C ] vpnpbus         C:\Windows\system32\DRIVERS\vpnpbus.sys
09:18:48.0487 0x0ef4  vpnpbus - ok
09:18:48.0491 0x0ef4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:18:48.0497 0x0ef4  vsmraid - ok
09:18:48.0520 0x0ef4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:18:48.0558 0x0ef4  VSS - ok
09:18:48.0561 0x0ef4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:18:48.0567 0x0ef4  vwifibus - ok
09:18:48.0570 0x0ef4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:18:48.0578 0x0ef4  vwififlt - ok
09:18:48.0580 0x0ef4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:18:48.0587 0x0ef4  vwifimp - ok
09:18:48.0594 0x0ef4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:18:48.0617 0x0ef4  W32Time - ok
09:18:48.0619 0x0ef4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:18:48.0625 0x0ef4  WacomPen - ok
09:18:48.0628 0x0ef4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:18:48.0645 0x0ef4  WANARP - ok
09:18:48.0647 0x0ef4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:18:48.0665 0x0ef4  Wanarpv6 - ok
09:18:48.0687 0x0ef4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:18:48.0713 0x0ef4  wbengine - ok
09:18:48.0718 0x0ef4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:18:48.0729 0x0ef4  WbioSrvc - ok
09:18:48.0736 0x0ef4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:18:48.0749 0x0ef4  wcncsvc - ok
09:18:48.0751 0x0ef4  [ BC00873272B3771CCDA38336AF2B4D4B, 3E412DEC5F172B4C5FD5C227CD790EE56B90A00A8B538704E8F973D230BE2289 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:18:48.0757 0x0ef4  WcsPlugInService - ok
09:18:48.0759 0x0ef4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:18:48.0763 0x0ef4  Wd - ok
09:18:48.0765 0x0ef4  [ D0335A55E5C3F812548E18300C2ACB62, 7EF7C3A21E97197E1A6D2956D0F5A7C23F2D590C9709708394426031634990A5 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
09:18:48.0773 0x0ef4  WDC_SAM - ok
09:18:48.0785 0x0ef4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:18:48.0801 0x0ef4  Wdf01000 - ok
09:18:48.0804 0x0ef4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:18:48.0811 0x0ef4  WdiServiceHost - ok
09:18:48.0813 0x0ef4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:18:48.0819 0x0ef4  WdiSystemHost - ok
09:18:48.0824 0x0ef4  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
09:18:48.0833 0x0ef4  WebClient - ok
09:18:48.0838 0x0ef4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:18:48.0859 0x0ef4  Wecsvc - ok
09:18:48.0862 0x0ef4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:18:48.0880 0x0ef4  wercplsupport - ok
09:18:48.0883 0x0ef4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:18:48.0901 0x0ef4  WerSvc - ok
09:18:48.0903 0x0ef4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:48.0920 0x0ef4  WfpLwf - ok
09:18:48.0922 0x0ef4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:18:48.0927 0x0ef4  WIMMount - ok
09:18:48.0928 0x0ef4  WinDefend - ok
09:18:48.0931 0x0ef4  WinHttpAutoProxySvc - ok
09:18:48.0937 0x0ef4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:18:48.0957 0x0ef4  Winmgmt - ok
09:18:48.0986 0x0ef4  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:18:49.0018 0x0ef4  WinRM - ok
09:18:49.0023 0x0ef4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:18:49.0030 0x0ef4  WinUsb - ok
09:18:49.0043 0x0ef4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:18:49.0063 0x0ef4  Wlansvc - ok
09:18:49.0066 0x0ef4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:18:49.0070 0x0ef4  WmiAcpi - ok
09:18:49.0076 0x0ef4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:18:49.0083 0x0ef4  wmiApSrv - ok
09:18:49.0085 0x0ef4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:18:49.0091 0x0ef4  WPCSvc - ok
09:18:49.0094 0x0ef4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:18:49.0102 0x0ef4  WPDBusEnum - ok
09:18:49.0104 0x0ef4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:18:49.0121 0x0ef4  ws2ifsl - ok
09:18:49.0124 0x0ef4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:18:49.0133 0x0ef4  wscsvc - ok
09:18:49.0135 0x0ef4  WSearch - ok
09:18:49.0173 0x0ef4  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:18:49.0213 0x0ef4  wuauserv - ok
09:18:49.0217 0x0ef4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:18:49.0223 0x0ef4  WudfPf - ok
09:18:49.0227 0x0ef4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:49.0234 0x0ef4  WUDFRd - ok
09:18:49.0237 0x0ef4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:18:49.0243 0x0ef4  wudfsvc - ok
09:18:49.0248 0x0ef4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:18:49.0256 0x0ef4  WwanSvc - ok
09:18:49.0262 0x0ef4  ================ Scan global ===============================
09:18:49.0264 0x0ef4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
09:18:49.0268 0x0ef4  [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
09:18:49.0275 0x0ef4  [ B68AD91370FA58C1296DE9086BB4BA0A, 3B6B8170990B3B3B321752539A54D8EAB6E6241A25092682FDEE1A46BD39DBF6 ] C:\Windows\system32\winsrv.dll
09:18:49.0280 0x0ef4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:18:49.0287 0x0ef4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:18:49.0291 0x0ef4  [ Global ] - ok
09:18:49.0291 0x0ef4  ================ Scan MBR ==================================
09:18:49.0297 0x0ef4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:18:49.0411 0x0ef4  \Device\Harddisk0\DR0 - ok
09:18:49.0444 0x0ef4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:18:49.0513 0x0ef4  \Device\Harddisk1\DR1 - ok
09:18:49.0514 0x0ef4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
09:18:49.0729 0x0ef4  \Device\Harddisk3\DR3 - ok
09:18:50.0000 0x0ef4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
09:18:50.0114 0x0ef4  \Device\Harddisk4\DR4 - ok
09:18:50.0116 0x0ef4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:18:50.0125 0x0ef4  \Device\Harddisk2\DR2 - ok
09:18:50.0128 0x0ef4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
09:18:50.0518 0x0ef4  \Device\Harddisk6\DR6 - ok
09:18:50.0518 0x0ef4  ================ Scan VBR ==================================
09:18:50.0519 0x0ef4  [ 74332BDD85CCD3192CACAC8835903D3F ] \Device\Harddisk0\DR0\Partition1
09:18:50.0520 0x0ef4  \Device\Harddisk0\DR0\Partition1 - ok
09:18:50.0521 0x0ef4  [ E6418B4AB1CA8DAC363AFA50FAF4D751 ] \Device\Harddisk1\DR1\Partition1
09:18:50.0522 0x0ef4  \Device\Harddisk1\DR1\Partition1 - ok
09:18:50.0523 0x0ef4  [ 284DD4A4C34F1A45A011505DCAEAE5F1 ] \Device\Harddisk3\DR3\Partition1
09:18:50.0524 0x0ef4  \Device\Harddisk3\DR3\Partition1 - ok
09:18:50.0574 0x0ef4  [ 5452882DF8BC294F58CEFE9BADBA7E1E ] \Device\Harddisk4\DR4\Partition1
09:18:50.0576 0x0ef4  \Device\Harddisk4\DR4\Partition1 - ok
09:18:50.0578 0x0ef4  [ 968005344DE1B36D36991B76FAD2D247 ] \Device\Harddisk2\DR2\Partition1
09:18:50.0578 0x0ef4  \Device\Harddisk2\DR2\Partition1 - ok
09:18:50.0580 0x0ef4  [ 7D307B81C9F87F79DB5EEF5803D40BC8 ] \Device\Harddisk6\DR6\Partition1
09:18:50.0581 0x0ef4  \Device\Harddisk6\DR6\Partition1 - ok
09:18:50.0583 0x0ef4  [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition2
09:18:50.0585 0x0ef4  \Device\Harddisk6\DR6\Partition2 - ok
09:18:50.0587 0x0ef4  [ 2E2A8533E883D1A42F08990AA85BA383 ] \Device\Harddisk6\DR6\Partition3
09:18:50.0589 0x0ef4  \Device\Harddisk6\DR6\Partition3 - ok
09:18:50.0589 0x0ef4  ================ Scan generic autorun ======================
09:18:50.0622 0x0ef4  [ DC2755EB981280C312E7BE5EE8CF5D62, 4E52976235B1D2E756235F988709D84E9D83D60927138376BDE1405902997997 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
09:18:50.0657 0x0ef4  IntelliPoint - ok
09:18:50.0661 0x0ef4  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
09:18:50.0664 0x0ef4  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
09:18:50.0762 0x0ef4  Detect skipped due to KSN trusted
09:18:50.0762 0x0ef4  amd_dc_opt - ok
09:18:50.0763 0x0ef4  Sidebar - ok
09:18:50.0765 0x0ef4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:18:50.0774 0x0ef4  mctadmin - ok
09:18:50.0775 0x0ef4  Sidebar - ok
09:18:50.0777 0x0ef4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:18:50.0786 0x0ef4  mctadmin - ok
09:18:50.0810 0x0ef4  [ B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4 ] C:\Program Files\Process Hacker 2\ProcessHacker.exe
09:18:50.0837 0x0ef4  Process Hacker 2 - ok
09:18:50.0951 0x0ef4  [ 52F5D651B8E39F258C1C34272FEB1AB2, C13AD8762A4474D8246DE7BC023244BD74456D45348F74F77373CC61C238A0F3 ] C:\Program Files\CCleaner\CCleaner64.exe
09:18:51.0067 0x0ef4  CCleaner Monitoring - ok
09:18:51.0153 0x0ef4  [ D03053F72A74801A32F41EFD088FA30E, 3F6E9AD19139F9A5881DB475EC3FD817C1F8CA1622B97E8864A7C59A7F7A2DA2 ] C:\Program Files (x86)\GlassWire\glasswire.exe
09:18:51.0258 0x0ef4  GlassWire - ok
09:18:51.0261 0x0ef4  Waiting for KSN requests completion. In queue: 120
09:18:52.0267 0x0ef4  Win FW state via NFP2: enabled ( trusted )
09:18:52.0369 0x0ef4  ============================================================
09:18:52.0369 0x0ef4  Scan finished
09:18:52.0369 0x0ef4  ============================================================
09:18:52.0372 0x0cb8  Detected object count: 1
09:18:52.0372 0x0cb8  Actual detected object count: 1
09:19:04.0115 0x0cb8  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:04.0115 0x0cb8  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 30.03.2017, 21:27   #9
M-K-D-B
/// TB-Ausbilder
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Servus,





Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Image File Execution Options Schlüssel
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Firewall
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
  • Deinstalliere Malwarebytes' Anti-Malware 2 über die Systemsteuerung. (Bebilderte Anleitung)
  • Starte den Rechner im Anschluss neu auf.
  • Downloade dir den MBAM Uninstaller auf deinen Desktop.
  • Schließe alle offenen Programme und führe den Uninstaller aus. Der Rechner muss zum Abschluss neu gestartet werden.





Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware 3
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.





Schritt 4
  • Starte die FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 01.04.2017, 06:51   #10
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Mach ich sofort. Das sit nur ne zwischen Info.

Code:
ATTFilter
# AdwCleaner v6.045 - Bericht erstellt am 01/04/2017 um 06:04:26
# Aktualisiert am 28/03/2017 von Malwarebytes
# Datenbank : 2017-03-31.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : user - PC
# Gestartet von : C:\Users\user\Desktop\AdwCleaner_6.045.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support

***** [ Dienste ] *****
***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Program Files (x86)\{A1306F56-8B03-428B-84AD-2F932D81774C}
[-] Ordner gelöscht: C:\Program Files\{572656F2-7906-4D07-BDBD-0CC44146CD48}
[-] Ordner gelöscht: C:\Users\user\AppData\Roaming\Microleaves
[-] Ordner gelöscht: C:\ProgramData\Microleaves
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Microleaves

***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Image File Execution Options" Schlüssel gelöscht
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Firewall Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2501 Bytes] - [17/09/2016 08:11:04]
C:\AdwCleaner\AdwCleaner[C2].txt - [1635 Bytes] - [18/09/2016 03:07:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [1580 Bytes] - [01/04/2017 06:04:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [2443 Bytes] - [17/09/2016 08:08:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [1689 Bytes] - [18/09/2016 03:07:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [1637 Bytes] - [18/09/2016 03:09:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [2006 Bytes] - [01/04/2017 06:03:54]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1945 Bytes] ##########
         
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 01.04.17
Scan-Zeit: 06:14
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.96
Version des Aktualisierungspakets: 1.0.1640
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: PC\user

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 411948
Abgelaufene Zeit: 5 Min., 18 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
FRST:
FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (01-04-2017 06:23:05)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Blender (HKLM\...\{437221A8-91D1-42A0-9E04-0AD64B502374}) (Version: 2.78.1 - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
Image Crawler (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\dbf3e072e2bbc3c8) (Version: 1.1.0.4 - Danny Kunz)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Oracle VM VirtualBox 5.1.4 (HKLM\...\{4EF3FBF6-697D-440A-AADA-7F5D39B73E62}) (Version: 5.1.4 - Oracle Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version:  - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
PuTTY release 0.68 (64-bit) (HKLM\...\{DB149DDE-903A-4B5E-93C4-46BBEC48F0C2}) (Version: 0.68.0.0 - Simon Tatham)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version:  - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Data Recovery 3.84 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.84 - WiseCleaner.com, Inc.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-PC-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {4381E764-24C9-4867-8805-ABCB2A0CB9AF} - System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => pcalua.exe -a "?:\Folder\Downloads\Kilohearts Installer [9fWsNErBk_i8x5l9ypGT].exe" -d ?:\Folder\Downloads
Task: {606DF2D9-0BC4-41F6-AA98-54D020707610} - System32\Tasks\Opera scheduled Autoupdate 1454056698 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe 
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-04-01 06:13 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2015-10-24 00:23 - 2017-04-01 06:09 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{CFA0E316-915A-4AF6-BEE8-8772C52CB13F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4B63E711-CC41-4744-8A23-5AC41DAAAA83}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe

==================== Wiederherstellungspunkte =========================

28-03-2017 09:16:50 Windows-Sicherung
28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/01/2017 06:05:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/30/2017 01:56:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/29/2017 10:21:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 09:06:57 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "T:\My-Folder\Downloads\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/28/2017 09:05:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/28/2017 08:41:19 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-3869482132-2802206346-888328520-1000}/">.


Systemfehler:
=============
Error: (04/01/2017 06:10:02 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
 und APPID 
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (04/01/2017 06:09:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (04/01/2017 06:09:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/01/2017 06:05:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-19) für Benutzer NT-AUTORITÄT\LOKALER DIENST von Adresse LocalHost (unter Verwendung von LRPC) keine Berechtigung zum Aktivierung (Lokal) für die COM-Serveranwendung mit CLSID 
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
 und APPID 
{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}
 gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.

Error: (04/01/2017 06:05:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (04/01/2017 06:05:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (04/01/2017 06:04:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (04/01/2017 06:04:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GlassWire Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2017 06:04:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/01/2017 06:04:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 13503.93 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 29856.77 MB

==================== Laufwerke ================================

Drive ?: (?) (Fixed) (Total:238.47 GB) (Free:98.4 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:145.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:465.76 GB) (Free:237.62 GB) NTFS
Drive ?: (?) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive ?: (?) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive ?: (?) (Fixed) (Total:931.51 GB) (Free:637.25 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)

Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
--- --- ---


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (01-04-2017 06:22:50)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek) C:\Windows\SwUSB.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\process-explorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [Process Hacker 2] => C:\Program Files\Process Hacker 2\ProcessHacker.exe [1719840 2016-03-29] (wj32)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d85f-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d8dc-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {ff3dbed7-a9d6-11e5-9bce-85ca1d8cd514} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

FireFox:
========
FF DefaultProfile: e2eqo9k.default
FF DefaultProfile: xcy9qu.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e294eqok.default [2017-04-01]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-30]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\89elqu.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (EPUBReader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-03-28]
FF Extension: (FireFTP) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-04-26] (VideoLAN)

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76848 2017-02-06] (CyberGhost S.R.L)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2016-03-04] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33248 2015-05-29] (SecureMix LLC)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-01] (Malwarebytes)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation                           )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2016-01-26] (IDRIX)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-04-01 06:20 - 2017-04-01 06:20 - 00001248 _____ C:\Users\user\Desktop\mbam.txt
2017-04-01 06:13 - 2017-04-01 06:13 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00001876 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 06:13 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-01 06:12 - 2017-04-01 06:12 - 59272008 _____ (Malwarebytes ) C:\Users\user\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-01 06:09 - 2017-04-01 06:09 - 00566128 _____ (Malwarebytes) C:\Users\user\Desktop\mbam-clean-2.3.0.1001.exe
2017-04-01 06:09 - 2017-04-01 06:09 - 00000022 _____ C:\Windows\S.dirmngr
2017-04-01 06:00 - 2017-04-01 06:00 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner_6.045.exe
2017-04-01 04:21 - 2017-04-01 04:21 - 00000028 _____ C:\Users\user\Documents\kotbollen poback.txt
2017-04-01 01:02 - 2017-04-01 06:03 - 00005560 _____ C:\Users\user\Documents\staatsferne-anstalt-kör-aör-rundfunk.txt
2017-03-31 11:17 - 2017-03-31 11:17 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-30 09:16 - 2017-03-30 09:22 - 00211158 _____ C:\TDSSKiller.3.1.0.12_30.03.2017_09.16.45_log.txt
2017-03-30 08:40 - 2017-04-01 06:22 - 00014946 _____ C:\Users\user\Desktop\FRST.txt
2017-03-30 08:40 - 2017-03-30 09:16 - 00052023 _____ C:\Users\user\Desktop\Addition.txt
2017-03-29 08:31 - 2017-03-29 09:18 - 00410602 _____ C:\TDSSKiller.3.1.0.12_29.03.2017_08.31.29_log.txt
2017-03-29 07:56 - 2017-03-29 08:12 - 00004462 _____ C:\Users\user\Documents\old-firewall-rules.txt
2017-03-29 07:19 - 2017-03-29 07:19 - 00002531 _____ C:\Users\user\Desktop\Bitwig Studio.lnk
2017-03-28 21:07 - 2017-03-28 21:08 - 00000000 ____D C:\Program Files\Bitwig Studio2
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-27 18:47 - 2017-03-27 18:57 - 00000000 ____D C:\Users\user\Desktop\Neuer Ordner
2017-03-27 18:40 - 2017-03-28 20:04 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-25 12:21 - 2017-03-25 12:21 - 00003454 ____N C:\Users\user\Documents\schlaf-sequencer-de.txt
2017-03-23 15:17 - 2017-03-28 20:04 - 00000000 ____D C:\Program Files\Bitwig Studio
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-21 08:50 - 2017-03-29 07:30 - 04747704 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-03-20 20:59 - 2017-03-20 20:59 - 00106786 ____N C:\Users\user\Documents\Mitgliedsantrag-V2.0-v.-08.03.2017.pdf
2017-03-20 20:55 - 2017-03-11 18:58 - 00595415 ____N C:\Users\user\Desktop\mietvertrag.pdf
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
...
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 07:11 - 2017-03-12 07:11 - 00325806 ____N C:\Users\user\Desktop\rendersound.wav
2017-03-11 18:59 - 2017-03-11 18:58 - 00595415 ____N C:\Users\user\Documents\mietvertrag.pdf
2017-03-11 04:44 - 2017-03-11 04:44 - 00304333 ____N C:\Users\user\Downloads\watch.htm
2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\user\Documents\Camtasia Studio
2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\user\AppData\Roaming\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00001177 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\TechSmith
2017-03-07 23:46 - 2017-03-07 23:46 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-03-07 23:34 - 2017-03-07 23:34 - 00001015 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obscurium.lnk
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-04-01 06:22 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-04-01 06:17 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 06:17 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 06:16 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-04-01 06:16 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-04-01 06:16 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 06:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-01 06:13 - 2016-10-30 16:51 - 00960650 _____ C:\Windows\ntbtlog.txt
2017-04-01 06:09 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-04-01 06:09 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-04-01 06:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 06:04 - 2016-09-17 08:05 - 00000000 ____D C:\AdwCleaner
2017-03-31 18:12 - 2016-11-21 12:54 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-03-30 18:55 - 2015-11-01 08:27 - 00000000 ____D C:\Users\user\AppData\Roaming\inkscape
2017-03-29 17:46 - 2016-01-29 10:36 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-29 10:20 - 2015-10-26 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-03-29 07:29 - 2016-09-18 03:13 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-03-28 21:08 - 2016-12-25 18:08 - 00002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitwig Studio.lnk
2017-03-28 21:05 - 2015-10-23 20:28 - 00000000 ____D C:\Users\user
2017-03-28 20:05 - 2017-01-05 05:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-03-28 20:05 - 2017-01-05 05:02 - 00000000 ____D C:\Users\user\AppData\Roaming\IrfanView
2017-03-28 20:05 - 2016-12-18 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-28 20:05 - 2016-12-15 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-28 20:05 - 2016-12-11 19:57 - 00000000 ____D C:\Users\user\AppData\Roaming\helmplugin
2017-03-28 20:05 - 2016-12-11 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\helm
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Local\atom
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2016-10-30 18:12 - 00000000 ____D C:\Users\user\Documents\passwordfox
2017-03-28 20:05 - 2016-09-12 05:14 - 00000000 ____D C:\Program Files (x86)\Sundog
2017-03-28 20:05 - 2016-08-10 08:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Wise Data Recovery
2017-03-28 20:05 - 2016-08-05 01:40 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2017-03-28 20:05 - 2016-05-12 22:32 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2017-03-28 20:05 - 2016-04-04 14:51 - 00000000 ____D C:\Users\user\Desktop\Tor Browser
2017-03-28 20:05 - 2016-03-04 08:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-03-28 20:05 - 2016-01-26 08:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-03-28 20:05 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\PersBackup5
2017-03-28 20:05 - 2015-11-22 06:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:47 - 2016-11-01 02:43 - 00000000 ____D C:\ProgramData\firebird
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-03-28 08:13 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-25 19:49 - 2016-12-04 04:20 - 00000000 ____D C:\Users\user\Documents\Ample Sound
2017-03-25 19:49 - 2016-12-04 04:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Ample Sound
2017-03-24 10:05 - 2016-01-26 08:42 - 00000000 ____D C:\Users\user\AppData\Roaming\VeraCrypt
2017-03-23 15:33 - 2015-10-31 20:07 - 00000255 ____N C:\Users\user\Documents\SongenModularErrorLog.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-21 08:56 - 2016-01-03 23:20 - 00001854 _____ C:\Users\user\Desktop\CCleaner.lnk
2017-03-20 21:26 - 2015-10-23 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-20 18:55 - 2015-11-13 10:50 - 00000000 ____D C:\Fraps
2017-03-20 11:29 - 2015-12-19 06:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-19 08:56 - 2016-02-07 20:49 - 00012009 ____N C:\Users\user\Documents\Serien-View-Status.odt
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2016-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-13 03:54 - 2016-01-24 13:07 - 00000000 ____D C:\Users\user\Documents\Shopping-Money
2017-03-12 23:53 - 2016-12-07 18:21 - 00000000 ____D C:\Users\user\Documents\Wohnung
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 01:54 - 2016-12-03 09:11 - 00000000 ____D C:\Users\user\Desktop\PICTURES VARIOUS
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-03-28 08:13 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-31 11:17 - 2017-03-31 11:17 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc

Einige Dateien in TEMP:
====================
2017-01-03 18:26 - 2017-04-01 06:10 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe
2017-03-29 10:20 - 2017-03-29 10:20 - 0672256 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-amd64-sqlitejdbc.dll
2017-03-20 08:41 - 2017-03-20 08:41 - 0637440 _____ () C:\Users\user\AppData\Local\Temp\sqlite-3.8.0-x86-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-24 16:52

==================== Ende von FRST.txt ============================
         
--- --- ---

Zu Schritt 3.
Es öffnen sich Popups für die Aktualisierung von MBAM und den Echtzeitschutz, wo zweiteres wohl nicht akzeptiert werden muss oder sollte?

MBAM setzt sich zudem in die Taskleiste nach dem Neustart.

Alt 01.04.2017, 13:59   #11
M-K-D-B
/// TB-Ausbilder
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Servus,



Zitat:
Es öffnen sich Popups für die Aktualisierung von MBAM und den Echtzeitschutz, wo zweiteres wohl nicht akzeptiert werden muss oder sollte?
Nicht akzeptieren, genau.
Wie lauten die Meldungen genau?



Zitat:
MBAM setzt sich zudem in die Taskleiste nach dem Neustart.
Schlimm? Am Ende kannst du das Programm auch wieder deinstallieren, also keine Panik.




Wir kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.





Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {4381E764-24C9-4867-8805-ABCB2A0CB9AF} - System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => pcalua.exe -a "?:\Folder\Downloads\Kilohearts Installer [9fWsNErBk_i8x5l9ypGT].exe" -d ?:\Folder\Downloads
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset








Schritt 4
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 02.04.2017, 05:37   #12
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Popup ist nicht vom System sondern von MBAM direkt, man kann dort auf aktualisieren klicken.
Nur als Info womit ich nicht gerechnet habe, weil ich ja keinen Echtzeitschutz wollte von MBAM er sich aber trotzdem da reinsetzt.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (01-04-2017 21:17:58) Run:2
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
Task: {14C02CA1-F88F-4C59-8F41-CFAC350FD451} - System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => pcalua.exe -a ?:\Folder\Downloads\jxpiinstall.exe -d ?:\Folder\Downloads
Task: {4381E764-24C9-4867-8805-ABCB2A0CB9AF} - System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => pcalua.exe -a "?:\Folder\Downloads\Kilohearts Installer [9fWsNErBk_i8x5l9ypGT].exe" -d ?:\Folder\Downloads
Task: {D4B25374-61A3-48AA-BFEC-F796411ECD2B} - System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => pcalua.exe -a ?:\Folder\Production\grizzly-v1.1b-se1.160.exe -d ?:\Folder\Production
Task: {DC35CD34-092D-4CA0-840A-353ECDEEB877} - System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => pcalua.exe -a ?:\Folder\Downloads\VirtualBox-5.0.26-108824-Win.exe -d ?:\Folder\Downloads
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14C02CA1-F88F-4C59-8F41-CFAC350FD451} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14C02CA1-F88F-4C59-8F41-CFAC350FD451} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0811E0DB-12EE-44C5-A4D8-D55DD584F3C5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4381E764-24C9-4867-8805-ABCB2A0CB9AF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4381E764-24C9-4867-8805-ABCB2A0CB9AF} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{0C1634C6-C250-4E27-A142-2F29C3222992} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C1634C6-C250-4E27-A142-2F29C3222992} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4B25374-61A3-48AA-BFEC-F796411ECD2B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B25374-61A3-48AA-BFEC-F796411ECD2B} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA0F6697-59F4-4AAE-A353-26AF764EBAEB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC35CD34-092D-4CA0-840A-353ECDEEB877} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC35CD34-092D-4CA0-840A-353ECDEEB877} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7476B4B9-F9F5-4227-A7EB-B7B0D1323EB9} => Schlüssel erfolgreich entfernt
C:\ProgramData => ":482EE99B1E21CE8C" ADS erfolgreich entfernt.
"C:\Users\All Users" => ":482EE99B1E21CE8C" ADS nicht gefunden.
"C:\ProgramData\Anwendungsdaten" => ":482EE99B1E21CE8C" ADS nicht gefunden.
"C:\ProgramData\Application Data" => ":482EE99B1E21CE8C" ADS nicht gefunden.
C:\ProgramData\PACE => ":E6530E75740592D0" ADS erfolgreich entfernt.
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile => Schlüssel erfolgreich entfernt

========= dir "%ProgramFiles%" =========
 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Program Files

01.04.2017  06:13    <DIR>          .
01.04.2017  06:13    <DIR>          ..
25.11.2016  18:35    <DIR>          AMD
24.10.2015  00:23    <DIR>          ASUS
15.12.2016  21:02    <DIR>          Blender Foundation
28.01.2016  12:15    <DIR>          Bonjour
03.01.2016  23:20    <DIR>          CCleaner
02.10.2016  17:29    <DIR>          Common Files
16.02.2016  23:16    <DIR>          CPUID
07.11.2015  06:37    <DIR>          DIFX
13.12.2016  18:14    <DIR>          Dotz Softwares
01.04.2017  21:15    <DIR>          Everything
02.10.2016  08:08    <DIR>          FileZilla FTP Client
30.10.2016  06:55    <DIR>          HWiNFO64
22.03.2017  09:53    <DIR>          Intel
15.03.2017  04:37    <DIR>          Internet Explorer
01.04.2017  06:13    <DIR>          Malwarebytes
02.09.2016  21:54    <DIR>          Microsoft IntelliPoint
14.07.2009  07:32    <DIR>          MSBuild
21.11.2016  23:32    <DIR>          Process Hacker 2
26.10.2015  01:12    <DIR>          process-explorer
22.03.2017  19:20    <DIR>          PuTTY
14.07.2009  07:32    <DIR>          Reference Assemblies
21.11.2016  12:45    <DIR>          Scite
05.01.2016  03:15    <DIR>          TAP-Windows
22.03.2017  09:41    <DIR>          TightVNC
04.01.2016  15:37    <DIR>          USBPcap
18.12.2016  11:03    <DIR>          VSTPlugins
25.10.2015  03:58    <DIR>          Windows Defender
12.04.2011  09:43    <DIR>          Windows Mail
23.10.2015  20:36    <DIR>          Windows Media Player
23.10.2015  20:28    <DIR>          Windows NT
12.04.2011  09:43    <DIR>          Windows Photo Viewer
21.11.2010  05:31    <DIR>          Windows Portable Devices
06.01.2016  05:45    <DIR>          Windows Sidebar
23.10.2016  01:40    <DIR>          Wireshark
               0 Datei(en),              0 Bytes
              60 Verzeichnis(se), 104.660.430.848 Bytes frei

========= Ende von CMD: =========

========= dir "%ProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Program Files (x86)

01.04.2017  06:09    <DIR>          .
01.04.2017  06:09    <DIR>          ..
21.11.2016  03:53    <DIR>          4Discovery
30.10.2016  07:05    <DIR>          AccessData
22.11.2015  18:26    <DIR>          AGEIA Technologies
30.08.2016  21:51    <DIR>          AMD
16.09.2016  09:52    <DIR>          Apple Software Update
24.10.2015  00:28    <DIR>          ASUS
25.10.2015  22:10    <DIR>          Benchmark
28.01.2016  12:15    <DIR>          Bonjour
07.03.2017  23:46    <DIR>          Common Files
19.06.2016  16:55    <DIR>          ConfrontaPDF
10.08.2016  08:07    <DIR>          Convar
05.04.2011  18:07    <DIR>          diffpdf-1.1.5-win32-static
17.01.2016  20:43    <DIR>          GNU
09.02.2016  10:02    <DIR>          Hi-Rez Studios
28.01.2016  12:15    <DIR>          iLok License Manager
22.03.2017  21:13    <DIR>          ImageWriter
04.11.2015  08:49    <DIR>          Intel
02.11.2015  19:28    <DIR>          Intel Driver Update Utility
15.03.2017  04:37    <DIR>          Internet Explorer
24.11.2016  02:02    <DIR>          JetBrains
20.03.2016  07:46    <DIR>          Lame For Audacity
09.02.2016  10:03    <DIR>          Microsoft Chart Controls
05.03.2016  10:22    <DIR>          Microsoft LifeCam
01.11.2015  23:53    <DIR>          Microsoft.NET
07.08.2016  04:33    <DIR>          MPK MINI Editor .13
14.07.2009  07:32    <DIR>          MSBuild
18.09.2016  02:15    <DIR>          MSECache
25.02.2016  11:38    <DIR>          MSI Afterburner
16.01.2016  10:21    <DIR>          MSXML 4.0
28.03.2017  20:05    <DIR>          NCH Software
05.08.2016  01:40    <DIR>          NirSoft
08.01.2017  07:52    <DIR>          Notepad++
11.08.2016  20:31    <DIR>          Output
25.10.2016  17:06    <DIR>          QuickTime
10.04.2016  01:38    <DIR>          Raptr Inc
14.07.2009  07:32    <DIR>          Reference Assemblies
29.02.2016  00:37    <DIR>          RivaTuner Statistics Server
23.10.2015  20:42    <DIR>          Samsung
22.03.2017  20:45    <DIR>          SDA
14.06.2016  15:24    <DIR>          Sony
25.02.2016  11:20    <DIR>          SpeedFan
28.03.2017  20:05    <DIR>          Steam
24.10.2015  00:05    <DIR>          VLC
12.08.2016  03:05    <DIR>          VSTPlugins
25.11.2016  18:35    <DIR>          VulkanRT
08.11.2016  08:35    <DIR>          Web Page Saver
25.10.2015  03:58    <DIR>          Windows Defender
12.04.2011  09:43    <DIR>          Windows Mail
14.07.2009  07:32    <DIR>          Windows NT
12.04.2011  09:43    <DIR>          Windows Photo Viewer
21.11.2010  05:31    <DIR>          Windows Portable Devices
06.01.2016  05:45    <DIR>          Windows Sidebar
17.10.2016  18:20    <DIR>          WinHex
19.06.2016  16:08    <DIR>          WinMerge
23.10.2016  01:40    <DIR>          WinPcap
10.08.2016  08:09    <DIR>          Wise
               0 Datei(en),              0 Bytes
              92 Verzeichnis(se), 104.660.426.752 Bytes frei

========= Ende von CMD: =========
========= dir "%ProgramData%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\ProgramData

30.10.2016  07:13    <DIR>          AccessData
28.01.2016  12:15    <DIR>          Apple
25.10.2016  17:06    <DIR>          Apple Computer
01.12.2016  10:30    <DIR>          Application Support
24.10.2015  00:28    <DIR>          ASUS
13.02.2016  11:23    <DIR>          ATI
20.09.2016  02:22                16 autobk.inc
14.06.2016  11:11    <DIR>          Blackmagic Design
23.03.2017  15:22    <DIR>          boost_interprocess
11.12.2015  13:41    <DIR>          FLEXnet
25.10.2015  22:36    <DIR>          GlassWire
17.01.2016  20:43    <DIR>          GNU
09.02.2016  10:04    <DIR>          Hi-Rez Studios
03.11.2015  09:19    <DIR>          Intel
04.11.2015  08:49    <DIR>          IntelDLM
01.04.2017  06:13    <DIR>          Malwarebytes
17.09.2016  00:22    <DIR>          Malwarebytes' Anti-Malware (portable)
04.03.2016  08:35    <DIR>          NCH Software
01.04.2017  06:09    <DIR>          PACE
20.03.2017  18:57    <DIR>          Package Cache
01.11.2016  02:25    <DIR>          PassMark
07.03.2017  23:46    <DIR>          regid.1995-08.com.techsmith
23.10.2015  20:42    <DIR>          Samsung
14.06.2016  15:16    <DIR>          Sony Corporation
07.02.2016  16:54    <DIR>          TargemGames
13.11.2015  17:04    <DIR>          TP-LINK
               1 Datei(en),             16 Bytes
              40 Verzeichnis(se), 104.660.422.656 Bytes frei

========= Ende von CMD: =========
========= dir "%Appdata%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Users\user\AppData\Roaming

01.04.2017  06:04    <DIR>          .
01.04.2017  06:04    <DIR>          ..
16.01.2016  09:49    <DIR>          AlphaLive
18.06.2016  08:29    <DIR>          Apple Computer
13.02.2016  11:23    <DIR>          ATI
22.11.2016  22:05    <DIR>          Atom
28.03.2017  20:05    <DIR>          Audacity
11.12.2016  19:57    <DIR>          Beepstreet
29.02.2016  22:59    <DIR>          Blender Foundation
07.08.2016  04:34    <DIR>          Cycling '74
05.10.2016  16:45    <DIR>          DigitalSuburban
04.11.2015  09:27    <DIR>          endless-sky
11.12.2015  13:48    <DIR>          FLEXnet
15.01.2017  05:04    <DIR>          fltk.org
31.10.2015  20:06    <DIR>          Futucraft
21.11.2016  13:42    <DIR>          geany
08.03.2017  00:26    <DIR>          gnupg
23.10.2015  20:29    <DIR>          Identities
21.11.2016  13:45    <DIR>          JetBrains
10.04.2016  01:28    <DIR>          library_dir
07.11.2015  07:48    <DIR>          Macromedia
25.03.2016  19:51    <DIR>          Maize Sampler Player
12.04.2011  09:54    <DIR>          Media Center Programs
07.03.2017  23:14    <DIR>          Mozilla
20.09.2016  02:22                16 msregsvv.dll
18.12.2016  17:40         1.249.792 msvcr90-ruby191.dll
04.03.2016  09:05    <DIR>          NCH Software
08.01.2017  03:08    <DIR>          Notepad++
05.08.2016  23:21    <DIR>          Polac
04.01.2016  06:16    <DIR>          Process Hacker 2
10.04.2016  01:51    <DIR>          Raptr
14.06.2016  15:29    <DIR>          Sony Corporation
25.01.2016  04:22    <DIR>          Sun
22.03.2017  09:42    <DIR>          TightVNC
04.03.2016  08:38             1.181 trace_FilterInstaller.1.txt
28.03.2017  08:13               919 trace_FilterInstaller.txt
28.03.2017  08:13                 0 trace_FilterInstaller.txt-CRT.txt
16.04.2016  14:14    <DIR>          TS3Client
24.03.2017  10:05    <DIR>          VeraCrypt
29.03.2017  10:20    <DIR>          vlc
17.11.2015  14:14    <DIR>          VST3 Presets
               5 Datei(en),      1.251.908 Bytes
              73 Verzeichnis(se), 104.660.422.656 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Users\user\AppData\Local

31.03.2017  11:17    <DIR>          .
31.03.2017  11:17    <DIR>          ..
24.09.2016  03:54    <DIR>          AMD
14.06.2016  11:09    <DIR>          Apple
05.08.2016  15:54    <DIR>          Apple Computer
20.03.2016  02:53    <DIR>          Apps
13.02.2016  11:23    <DIR>          ATI
28.03.2017  20:05    <DIR>          atom
01.11.2015  15:52    <DIR>          CEF
28.03.2017  08:49    <DIR>          CrashDumps
11.08.2016  20:31    <DIR>          Crashpad
24.10.2016  18:07    <DIR>          Deployment
22.03.2017  20:44    <DIR>          Downloaded Installations
18.11.2015  07:07    <DIR>          dxhr
27.10.2015  18:45    <DIR>          fontconfig
05.01.2017  03:31           719.744 GDIPFONTCACHEV1.DAT
27.10.2015  18:45    <DIR>          gegl-0.2
18.12.2016  12:22    <DIR>          GlassWire
28.03.2017  20:05    <DIR>          gtk-2.0
10.04.2016  15:17    <DIR>          GWX
02.11.2015  00:51    <DIR>          Intel
24.01.2016  12:04    <DIR>          IsolatedStorage
18.12.2016  12:05    <DIR>          Logon Screen
07.11.2015  07:48    <DIR>          Macromedia
23.01.2016  08:34    <DIR>          MAGIX
24.01.2016  12:45    <DIR>          Mediafour
14.06.2016  11:28    <DIR>          Meltytech
07.03.2017  23:51    <DIR>          Microsoft
07.02.2016  00:04    <DIR>          PaceAP
23.01.2016  18:07    <DIR>          Package Cache
24.11.2016  08:22    <DIR>          pip
23.01.2016  18:08    <DIR>          Programs
23.03.2017  13:55               600 PUTTY.RND
31.03.2017  11:17             3.318 recently-used.xbel
01.11.2015  08:16             7.611 Resmon.ResmonCfg
30.11.2015  10:25    <DIR>          SCE
22.11.2016  22:04    <DIR>          SquirrelTemp
22.11.2015  14:45    <DIR>          Targem
01.04.2017  21:14    <DIR>          Temp
06.12.2016  12:03    <DIR>          Ubisoft Game Launcher
28.01.2016  12:19    <DIR>          VirtualStore
               4 Datei(en),        731.273 Bytes
              61 Verzeichnis(se), 104.660.418.560 Bytes frei

========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Program Files (x86)\Common Files

07.03.2017  23:46    <DIR>          .
07.03.2017  23:46    <DIR>          ..
14.06.2016  11:09    <DIR>          Apple
13.02.2016  11:19    <DIR>          ATI Technologies
18.09.2016  03:43    <DIR>          AV
22.11.2015  10:41    <DIR>          Avid
22.11.2015  10:41    <DIR>          Digidesign
10.08.2016  08:04    <DIR>          InstallShield
04.11.2015  08:49    <DIR>          Intel
18.09.2016  02:41    <DIR>          microsoft shared
28.01.2016  12:15    <DIR>          PACE
03.11.2015  09:18    <DIR>          postureAgent
14.07.2009  05:20    <DIR>          Services
14.07.2009  05:20    <DIR>          SpeechEngines
25.10.2015  03:58    <DIR>          System
28.01.2016  12:15    <DIR>          UVI
11.12.2016  19:49    <DIR>          VST3
22.11.2015  18:26    <DIR>          Wise Installation Wizard
23.07.2016  15:24    <DIR>          WPAPI
               0 Datei(en),              0 Bytes
              28 Verzeichnis(se), 104.660.414.464 Bytes frei

========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Program Files\Common Files

02.10.2016  17:29    <DIR>          .
02.10.2016  17:29    <DIR>          ..
13.02.2016  11:18    <DIR>          ATI Technologies
05.12.2015  17:07    <DIR>          AV
30.11.2015  09:29    <DIR>          Avid
23.07.2016  15:25    <DIR>          Merging Technologies
02.09.2016  21:54    <DIR>          Microsoft Shared
14.07.2009  05:20    <DIR>          Services
14.07.2009  05:20    <DIR>          SpeechEngines
25.10.2015  03:58    <DIR>          System
12.10.2016  22:05    <DIR>          VST3
               0 Datei(en),              0 Bytes
              14 Verzeichnis(se), 104.660.414.464 Bytes frei

========= Ende von CMD: =========


========= dir "%UserProfile%" =========

 Datentr„ger in Laufwerk C: ist ?
 Volumeseriennummer: E4C1-8DCC

 Verzeichnis von C:\Users\user

28.03.2017  21:05    <DIR>          .
28.03.2017  21:05    <DIR>          ..
22.11.2016  22:30    <DIR>          .atom
27.04.2016  12:27    <DIR>          .gimp-2.8
28.03.2017  20:05    <DIR>          .idlerc
05.08.2016  01:42    <DIR>          .oracle_jre_usage
21.11.2016  13:45    <DIR>          .PyCharm2016.2
24.11.2016  02:02    <DIR>          .PyCharmCE2016.3
29.02.2016  00:32    <DIR>          .thumbnails
31.03.2017  22:07    <DIR>          .VirtualBox
28.03.2017  20:05    <DIR>          Contacts
01.04.2017  21:17    <DIR>          Desktop
23.11.2016  01:51    <DIR>          dwhelper
07.02.2016  08:52    <DIR>          GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
07.08.2016  01:16               544 Komplete Kontrol.log
28.03.2017  18:50               621 Letzte Sitzung user.prj
12.03.2016  21:51             2.560 PaceKeyChain
24.11.2016  04:11    <DIR>          PycharmProjects
28.03.2017  20:05    <DIR>          Saved Games
28.03.2017  20:05    <DIR>          Searches
27.12.2016  20:00    <DIR>          Soundly Data
               3 Datei(en),          3.725 Bytes
              28 Verzeichnis(se), 104.660.410.368 Bytes frei

========= Ende von CMD: =========
========= RemoveProxy: =========

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========
========= netsh winsock reset =========

Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.

========= Ende von CMD: =========
=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12816396 B
Java, Flash, Steam htmlcache => 2680 B
Windows/system/drivers => 100794329 B
Edge => 0 B
Chrome => 0 B
Firefox => 19795408 B
Opera => 9937832 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 106642 B
user => 50708638 B

RecycleBin => 22022172 B
EmptyTemp: => 214.2 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:17:59 ====
         
Code:
ATTFilter
HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : PC
   Windows . . . . . . . : 6.1.1.7601.X64/5
   User name . . . . . . : PC\user
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-04-01 21:43:25
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 9

   Objects scanned . . . : 2.899.326
   Files scanned . . . . : 191.465
   Remnants scanned  . . : 1.391.893 files / 1.315.968 keys

Malware _____________________________________________________________________

   C:\Program Files\Process Hacker 2\ProcessHacker.exe
      Size . . . . . . . : 1.719.840 bytes
      Age  . . . . . . . : 130.9 days (2016-11-21 23:32:04)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4
      Product  . . . . . : Process Hacker
      Publisher  . . . . : wj32
      Description  . . . : Process Hacker
      Version  . . . . . : 2.39.0.124
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      LanguageID . . . . : 3081
      Authenticode . . . : Valid
      Running processes  : 4176
    > Kaspersky  . . . . : not-a-virus:HEUR:RiskTool.Win32.ProcHack.gen
      Fuzzy  . . . . . . : 88.0
      Startup
         HKU\S-1-5-21-3869482132-2802206346-888328520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Process Hacker 2
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Process Hacker 2.lnk
         C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Process Hacker 2 (2).lnk
         HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Process Hacker 2\ProcessHacker.exe

   ?:\FTK\**.exe
      Size . . . . . . . : 5.877.825 bytes
      Age  . . . . . . . : 151.7 days (2016-11-01 04:11:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 0E9CD7B36D3E9F76513E0F48C4B8062DE2C3B41A428A87ED8E7BDD0C2071E6A9
    > Kaspersky  . . . . : not-a-virus:PSWTool.Win32.PWDump.sa
      Fuzzy  . . . . . . : 109.0
      References
         HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\?:\FTK\**.exe


Suspicious files ____________________________________________________________

   C:\Users\user\Desktop\FRST64.exe
      Size . . . . . . . : 2.424.832 bytes
      Age  . . . . . . . : 2.5 days (2017-03-30 08:38:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3A3DCD0D3C9C1FE10C45AF795DC9452DA192246BB67D896AB7F16151A53C1B5F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=80edf42d0632184798fa737a55313c9b
# end=init
# utc_time=2017-04-01 07:55:21
# local_time=2017-04-01 09:55:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 32919
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=80edf42d0632184798fa737a55313c9b
# end=updated
# utc_time=2017-04-01 07:58:58
# local_time=2017-04-01 09:58:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=80edf42d0632184798fa737a55313c9b
# engine=32919
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-04-02 01:28:12
# local_time=2017-04-02 03:28:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 156788 242726342 0 0
# scanned=1102167
# found=0
# cleaned=0
# scan_time=19754
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von user (Administrator) auf PC (02-04-2017 05:09:50)
Gestartet von C:\Users\user\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Realtek) C:\Windows\SwUSB.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [5728208 2016-11-19] (SecureMix LLC)
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d85f-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {1911d8dc-9ee4-11e5-8780-b04e58a100a3} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\MountPoints2: {ff3dbed7-a9d6-11e5-9bce-85ca1d8cd514} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [script_fcbd] => D:\Anno2205\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\fcbd.bat [332 2016-12-06] ()
SSODL: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\system32\cbdiskMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbdisk3 - {274E2043-7EEC-429D-BC66-3ED282762A69} - C:\Windows\SysWOW64\cbdiskMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\system32\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbdisk3] -> {1B53DB42-7158-421A-B97C-5886EE14C75A} => C:\Windows\SysWOW64\cbdiskMntNtf3.dll [2013-10-18] (EldoS Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{251F104E-10FE-40D6-B45C-7B106746BA2F}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{2BB04CC1-AAC0-4F0D-B99D-878528CCFE7B}: [DhcpNameServer] 192.168.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

FireFox:
========
FF DefaultProfile: ?.default
FF DefaultProfile: ?.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default [2017-04-02]
FF Extension: (Sea Fox) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\seafox@extensions.moz.xpi [2017-03-07] [ist nicht signiert]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-13]
FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\SeaMonkey\Profiles\e24deqok.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-30]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default [2017-04-02]
FF Homepage: Mozilla\Firefox\Profiles\xcyvelqu.default -> hxxps://duckduckgo.com
FF Extension: (NoScript) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcyvelqu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-26] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-14] (Intel Corporation)

Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-12-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-12-01] (Adobe Systems) [Datei ist nicht signiert]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4397008 2016-11-19] (SecureMix LLC)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2015-03-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2016-09-07] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()
R1 cbdisk3; C:\Windows\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-31] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-14] (REALiX(tm))
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-12-15] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 OSFMount; T:\FTK\OSForensics\OSFMount64\OSFMount.sys [1299384 2016-03-23] (PassMark Software)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-01-15] (Realtek Semiconductor Corporation                           )
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38888 2014-02-19] (USBPcap)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121248 2016-08-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195936 2016-08-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135824 2016-08-16] (Oracle Corporation)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-18] (EldoS Corporation)
R4 debutfilter; system32\DRIVERS\debutfilterx64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-04-01 21:54 - 2017-04-01 21:54 - 02870984 _____ (ESET) C:\Users\user\Desktop\esetsmartinstaller_deu.exe
2017-04-01 21:41 - 2017-04-01 21:47 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-01 21:41 - 2017-04-01 21:41 - 11581544 _____ (SurfRight B.V.) C:\Users\user\Desktop\HitmanPro_x64.exe
2017-04-01 21:18 - 2017-04-02 00:31 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-01 21:17 - 2017-04-01 21:17 - 00028636 _____ C:\Users\user\Desktop\Fixlog.txt
2017-04-01 06:20 - 2017-04-01 06:20 - 00001248 _____ C:\Users\user\Desktop\mbam.txt
2017-04-01 06:13 - 2017-04-01 21:18 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 06:13 - 2017-04-01 21:18 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-01 06:13 - 2017-04-01 21:18 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-01 06:13 - 2017-04-01 21:18 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-01 06:13 - 2017-04-01 06:13 - 00001876 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 06:13 - 2017-04-01 06:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 06:13 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-01 06:12 - 2017-04-01 06:12 - 59272008 _____ (Malwarebytes ) C:\Users\user\Desktop\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-01 06:09 - 2017-04-01 21:18 - 00000022 _____ C:\Windows\S.dirmngr
2017-04-01 06:09 - 2017-04-01 06:09 - 00566128 _____ (Malwarebytes) C:\Users\user\Desktop\mbam-clean-2.3.0.1001.exe
2017-04-01 06:00 - 2017-04-01 06:00 - 04089296 _____ C:\Users\user\Desktop\AdwCleaner_6.045.exe
2017-03-31 11:17 - 2017-03-31 11:17 - 00003318 _____ C:\Users\user\AppData\Local\recently-used.xbel
2017-03-30 09:16 - 2017-03-30 09:22 - 00211158 _____ C:\TDSSKiller.3.1.0.12_30.03.2017_09.16.45_log.txt
2017-03-30 08:40 - 2017-04-02 05:10 - 00015414 _____ C:\Users\user\Desktop\FRST.txt
2017-03-30 08:40 - 2017-04-01 21:06 - 00052762 _____ C:\Users\user\Desktop\Addition.txt
2017-03-29 08:31 - 2017-03-29 09:18 - 00410602 _____ C:\TDSSKiller.3.1.0.12_29.03.2017_08.31.29_log.txt
2017-03-29 07:56 - 2017-03-29 08:12 - 00004462 _____ C:\Users\user\Documents\old-firewall-rules.txt
2017-03-28 20:00 - 2017-03-28 20:00 - 00195528 _____ C:\Users\user\Documents\W-LAN-TPLink.xps
2017-03-28 08:38 - 2017-03-28 19:27 - 00000345 _____ C:\Users\user\Documents\virus-filedropper.txt
2017-03-25 21:36 - 2017-03-25 21:20 - 22222968 ____N C:\Users\user\Desktop\Rawkee_Bestandsaufnahme_FINISHED.wav
2017-03-22 21:13 - 2017-03-22 21:13 - 00001072 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2017-03-22 21:13 - 2017-03-22 21:13 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2017-03-22 20:45 - 2017-03-22 20:45 - 00002095 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2017-03-22 20:45 - 2017-03-22 20:45 - 00000000 ____D C:\Program Files (x86)\SDA
2017-03-22 19:21 - 2017-03-23 13:55 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2017-03-22 19:20 - 2017-03-22 19:20 - 00000860 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2017-03-22 19:20 - 2017-03-22 19:20 - 00000000 ____D C:\Program Files\PuTTY
2017-03-22 09:53 - 2013-07-04 18:05 - 00552760 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-03-22 09:53 - 2006-01-13 07:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2017-03-22 09:49 - 2017-03-22 09:49 - 00000000 ____D C:\Users\user\Downloads\LAN
2017-03-22 09:42 - 2017-03-22 09:42 - 00001857 _____ C:\Users\user\Desktop\TightVNC Viewer.lnk
2017-03-22 09:42 - 2017-03-22 09:42 - 00000000 ____D C:\Users\user\AppData\Roaming\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-03-22 09:41 - 2017-03-22 09:41 - 00000000 ____D C:\Program Files\TightVNC
2017-03-22 09:31 - 2017-03-22 09:31 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2017-03-21 08:51 - 2017-03-21 19:28 - 00208388 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_07.51.26_log.txt
2017-03-21 08:50 - 2017-03-29 07:30 - 04747704 _____ (AO Kaspersky Lab) C:\Users\user\Desktop\tdsskiller.exe
2017-03-20 20:59 - 2017-03-20 20:59 - 00106786 ____N C:\Users\user\Documents\Mitgliedsantrag-V2.0-v.-08.03.2017.pdf
2017-03-20 20:55 - 2017-03-11 18:58 - 00595415 ____N C:\Users\user\Desktop\mietvertrag.pdf
2017-03-15 01:35 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 01:35 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 01:35 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 01:35 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 01:35 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 01:35 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 01:35 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 01:35 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 01:35 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 01:35 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 01:35 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 01:35 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 01:35 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 01:35 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 01:35 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 01:35 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 01:35 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 01:35 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 01:35 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 01:35 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 01:35 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 01:35 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 01:35 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 01:35 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 01:35 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 01:35 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 01:35 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 01:35 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 01:35 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 01:35 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 01:35 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 01:35 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 01:35 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 01:35 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 01:35 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 01:35 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 01:35 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 01:35 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 01:35 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 01:35 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 01:35 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 01:35 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 01:35 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 01:35 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 01:35 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 01:35 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 01:35 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 01:35 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 01:35 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 01:35 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 01:35 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 01:35 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 01:35 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 01:35 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 01:35 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 01:35 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 01:35 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 01:35 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 01:35 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 01:35 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 01:35 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 01:35 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 01:35 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 01:35 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 01:35 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 01:35 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 01:35 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 01:35 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 01:35 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 01:35 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 01:35 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 01:35 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 01:35 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 01:35 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 01:35 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 01:35 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 01:35 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 01:35 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 01:35 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 01:35 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 01:35 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 01:35 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 01:35 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 01:35 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 01:35 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 01:35 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 01:35 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 01:35 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 01:35 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 01:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 01:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 01:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 01:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-07 23:34 - 2017-03-07 23:34 - 00001015 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obscurium.lnk
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2017-03-07 23:14 - 2017-03-07 23:14 - 00000000 ____D C:\Program Files (x86)\SeaMonkey

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-04-02 05:09 - 2016-09-09 15:13 - 00000000 ____D C:\FRST
2017-04-02 05:06 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2017-04-02 05:06 - 2016-03-04 08:38 - 00000000 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-04-02 05:06 - 2016-03-04 08:35 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-04-02 04:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-02 04:27 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-02 00:31 - 2016-10-30 16:51 - 00979748 _____ C:\Windows\ntbtlog.txt
2017-04-02 00:09 - 2015-10-26 01:32 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-04-01 21:24 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-04-01 21:24 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-04-01 21:24 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-01 21:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-01 21:18 - 2016-02-13 11:20 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-04-01 21:18 - 2016-01-30 19:28 - 00000000 ____D C:\ProgramData\PACE
2017-04-01 21:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-01 21:17 - 2015-11-25 03:13 - 00000000 ____D C:\Users\user\AppData\LocalLow\Temp
2017-04-01 21:15 - 2015-11-09 08:20 - 00000000 ____D C:\Program Files\Everything
2017-04-01 06:04 - 2016-09-17 08:05 - 00000000 ____D C:\AdwCleaner
2017-03-29 07:29 - 2016-09-18 03:13 - 02424832 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-03-28 20:05 - 2016-12-18 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-28 20:05 - 2016-12-15 21:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-03-28 20:05 - 2016-12-11 19:57 - 00000000 ____D C:\Users\user\AppData\Roaming\helmplugin
2017-03-28 20:05 - 2016-12-11 19:51 - 00000000 ____D C:\Users\user\AppData\Roaming\helm
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-03-28 20:05 - 2016-11-22 22:04 - 00000000 ____D C:\Users\user\AppData\Local\atom
2017-03-28 20:05 - 2016-11-16 08:06 - 00000000 ____D C:\Users\user\.idlerc
2017-03-28 20:05 - 2015-11-04 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2017-03-28 20:05 - 2015-11-04 08:32 - 00000000 ____D C:\Users\user\AppData\Local\gtk-2.0
2017-03-28 20:05 - 2015-10-23 22:02 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 20:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-28 20:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 20:02 - 2015-10-25 15:27 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-03-28 18:50 - 2016-10-17 18:35 - 00000621 _____ C:\Users\user\Letzte Sitzung user.prj
2017-03-28 09:20 - 2016-01-06 01:15 - 00000000 ____D C:\Users\user\Documents\PersBackup
2017-03-28 08:49 - 2016-06-14 11:44 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-03-28 08:13 - 2016-03-04 08:38 - 00000919 _____ C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2017-03-23 15:33 - 2015-10-31 20:07 - 00000255 ____N C:\Users\user\Documents\SongenModularErrorLog.txt
2017-03-23 15:22 - 2016-02-29 00:55 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-22 20:44 - 2015-11-22 18:26 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2017-03-22 09:53 - 2015-11-03 09:18 - 00000000 ____D C:\Program Files\Intel
2017-03-21 08:56 - 2016-01-03 23:20 - 00001854 _____ C:\Users\user\Desktop\CCleaner.lnk
2017-03-20 21:26 - 2015-10-23 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 21:26 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-20 18:57 - 2015-11-01 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 05:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 04:38 - 2016-11-26 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-15 04:38 - 2009-07-14 06:45 - 02106920 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-15 04:37 - 2016-04-09 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 04:02 - 2016-08-07 00:58 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 04:00 - 2016-08-07 00:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-11 18:46 - 2016-01-29 10:38 - 00003872 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454056698
2017-03-08 00:26 - 2016-01-17 20:43 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Mozilla
2017-03-07 23:14 - 2015-10-23 21:19 - 00000000 ____D C:\Users\user\AppData\Local\Mozilla

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\Users\user\AppData\Roaming\msregsvv.dll
2016-01-28 12:19 - 2016-12-18 17:40 - 1249792 _____ (hxxp://www.ruby-lang.org/) C:\Users\user\AppData\Roaming\msvcr90-ruby191.dll
2016-03-04 08:38 - 2017-03-28 08:13 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.1.txt
2016-03-04 08:38 - 2016-03-04 08:38 - 0001181 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.2.txt
2016-03-04 08:38 - 2017-04-02 05:06 - 0000919 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt
2016-03-04 08:38 - 2017-04-02 05:06 - 0000000 _____ () C:\Users\user\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-03-22 19:21 - 2017-03-23 13:55 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2017-03-31 11:17 - 2017-03-31 11:17 - 0003318 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-11-01 08:16 - 2015-11-01 08:16 - 0007611 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-01-28 01:19 - 2016-09-20 02:22 - 0000016 _____ () C:\ProgramData\autobk.inc

Einige Dateien in TEMP:
====================
2017-04-01 21:18 - 2017-04-01 21:18 - 1347216 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\AppData\Local\Temp\PROCEXP64.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-24 16:52

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von user (02-04-2017 05:10:08)
Gestartet von C:\Users\user\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 18:28:58)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3869482132-2802206346-888328520-500 - Administrator - Disabled)
user (S-1-5-21-3869482132-2802206346-888328520-1000 - Administrator - Enabled) => C:\Users\user
Gast (S-1-5-21-3869482132-2802206346-888328520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3869482132-2802206346-888328520-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARIA Engine v1.8.4.4 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.4 - Plogue Art et Technologie, Inc)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0907.1109.18253 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CPUID ROG CPU-Z 1.75 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.75 - CPUID, Inc.)
CreditMovie1 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie2 (x32 Version: 10.1.00 - Sony Corporation) Hidden
CreditMovie3 (x32 Version: 10.1.00 - Sony Corporation) Hidden
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
Helm (HKLM-x32\...\{2F131038-3C70-4AD4-B44B-7FE7E7F0C2A5}) (Version: 0.8.5.0 - Matt Tytel)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HWiNFO64 Version 5.38 (HKLM\...\HWiNFO64_is1) (Version: 5.38 - Martin Malík - REALiX)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
JetBrains PyCharm Community Edition 2016.3 (HKLM-x32\...\PyCharm Community Edition 2016.3) (Version: 163.8233.8 - JetBrains s.r.o.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Prerequisites (x64) (HKLM\...\{04BEC103-A388-41EE-BB49-1235FAAF883D}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Prerequisites (x86) (HKLM-x32\...\{2F65108E-8DF7-47B9-8ECC-49BD3BC47AAB}) (Version: 11.0.61030 - Blue Cat Audio)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PA Free Bundle V1 1.0.1 (HKLM\...\PA Free Bundle V1_is1) (Version:  - Plugin Alliance)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.) Hidden
Personal Backup 5.8.3.1 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.8.3.1 - Dr. J. Rathlev)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PMB_ModeEditor_ACMC (x32 Version: 10.1.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3869482132-2802206346-888328520-1000\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TP-LINK Archer T4U Driver (HKLM-x32\...\{58F414FE-74CC-42A0-9D86-A089849C510A}) (Version: 1.3.1 - TP-LINK)
Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
USBPcap 1.0.0.7 (HKLM\...\USBPcap) (Version:  - )
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Web Page Saver 2.10 (HKLM-x32\...\{76BC9438-A16F-43E1-8596-95FA23768E6C}_is1) (Version:  - JADsoftware)
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
WinHex (HKLM-x32\...\WinHex) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3869482132-2802206346-888328520-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01244CD2-DBF2-48E1-81DC-F60B80EEE392} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {03F920C6-176B-4700-9E50-08D5840C4166} - System32\Tasks\Process Explorer-PC-user => "C:\PROGRAM FILES\PROCESS-EXPLORER\PROCEXP.EXE" /t
Task: {0AEC350F-0667-4D55-94A7-F058AF78AFAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EA96307-8DAE-44A1-A2A3-D458155E23ED} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-07] (Advanced Micro Devices, Inc.)
Task: {1069660B-6FC5-4CE6-AFE7-3786642ED336} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {606DF2D9-0BC4-41F6-AA98-54D020707610} - System32\Tasks\Opera scheduled Autoupdate 1454056698 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {8EDC83D7-53F0-44F6-B328-F893CBF2A114} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {999449FC-8698-4C3C-8FE5-7B8A92964F9E} - System32\Tasks\Logon Screen SkipUAC => C:\Program Files\Logon Screen\Logon Screen.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-06-04 11:41 - 2013-06-04 11:41 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-24 20:32 - 2015-11-24 20:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-11-13 17:05 - 2015-03-19 09:41 - 00048856 _____ () C:\Windows\runSW.exe
2017-04-01 06:13 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-01 06:13 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-01 10:46 - 2016-10-01 10:46 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-10-24 00:23 - 2017-04-01 21:18 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-24 00:23 - 2013-06-04 11:41 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 20:14 - 2015-11-24 20:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-11-24 20:09 - 2015-11-24 20:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 20:20 - 2015-11-24 20:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 20:22 - 2015-11-24 20:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-03 09:18 - 2013-05-14 00:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [1]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: CG6Service => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fcbd.bat => C:\Windows\pss\fcbd.bat.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreeAC => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: Process Hacker 2 => "C:\Program Files\Process Hacker 2\ProcessHacker.exe" -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{CFA0E316-915A-4AF6-BEE8-8772C52CB13F}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{4B63E711-CC41-4744-8A23-5AC41DAAAA83}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe

==================== Wiederherstellungspunkte =========================

28-03-2017 20:03:35 Wiederherstellungsvorgang
28-03-2017 21:09:21 Windows Update
01-04-2017 19:00:20 Windows-Sicherung

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/02/2017 04:59:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/02/2017 04:22:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/02/2017 04:22:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\user\desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/01/2017 09:55:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/01/2017 09:55:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/01/2017 09:54:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\user\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/01/2017 09:18:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (04/01/2017 06:10:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.


Systemfehler:
=============
Error: (04/01/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (04/01/2017 09:58:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/01/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (04/01/2017 09:58:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/01/2017 09:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (04/01/2017 09:58:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/01/2017 09:57:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (04/01/2017 09:57:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/01/2017 09:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (04/01/2017 09:57:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Prozentuale Nutzung des RAM: 22%
Installierter physikalischer RAM: 16321.48 MB
Verfügbarer physikalischer RAM: 12580.52 MB
Summe virtueller Speicher: 32641.15 MB
Verfügbarer virtueller Speicher: 28866 MB

==================== Laufwerke ================================

Drive c: (SSD-Alpha) (Fixed) (Total:238.47 GB) (Free:96.03 GB) NTFS
Drive d: (Games) (Fixed) (Total:232.88 GB) (Free:145.99 GB) NTFS
Drive e: (Backup) (Fixed) (Total:465.76 GB) (Free:220.84 GB) NTFS
Drive g: (SuperBackup) (Fixed) (Total:931.31 GB) (Free:668.99 GB) NTFS
Drive r: (Bkupfiles) (Fixed) (Total:232.88 GB) (Free:135.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive t: (SWAP) (Fixed) (Total:931.51 GB) (Free:636.78 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B162B162)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FD1A7096)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: A1E3F745)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99D2C736)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: EBBBAA60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 444663B5)

Partition: GPT.
Partition 2: (Not Active) - (Size=931.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Ich merke keine Probleme oder Unauffälligkeiten.
Die Spyware wurde also gut versteckt. ^^ *joke
Nach der Wiederherstellung hatten sich die Probleme weitgehend eingestellt.
Die kleinen Fetzen scheinen durch die Widerherstellung nicht entfernt worden, was janun funktioniert hat.

NoScript verhindert nun tatsächlich die Anzeige des anderen Buttons auf der Webseite wo ich mir das eingefangen habe.

Ich konnte noch nicht rausfinden was die Schadware anrichtet.
Was macht sie?
Was sind alternate DataStreams?
Wie helfe ich anderen die evtl. sich das gleiche eingefangen haben?
Welche Einträge der Fixlist haben direkt was mit der oder einer Schadware zu tun?

Besten Danke
Grüße

Geändert von construct (01.04.2017 um 21:51 Uhr)

Alt 02.04.2017, 11:48   #13
M-K-D-B
/// TB-Ausbilder
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Servus,



Zitat:
Nur als Info womit ich nicht gerechnet habe, weil ich ja keinen Echtzeitschutz wollte von MBAM er sich aber trotzdem da reinsetzt.
Du kannst den Echtzeitschutz deaktivieren. Starte dazu MBAM, klicke auf Einstellungen > Mein Konto.
Hier sollte es einen Button geben, mit dem du den Echtzeitschutz deaktivieren kannst. Den genauen Wortlaut weiß ich leider gerade nicht... sowas wie "Zur Kostenlosen Version / Freeware wechseln".



Zitat:
Ich konnte noch nicht rausfinden was die Schadware anrichtet.
Was macht sie?
Erzeugung von Werbung, Öffnung bzw. Weiterleitung von bzw. auf unerwünschter(n) Seiten
Es ist nicht gefährlich, nur lästig



Zitat:
Was sind alternate DataStreams?
Link



Zitat:
Wie helfe ich anderen die evtl. sich das gleiche eingefangen haben?
Sie sollen sich hier im Forum melden, wir bereinigen auch deren Rechner.

Da jeder Infektion eizigartig ist, kann man nicht gewisse Schritte 1:1 wiederholen und davon ausgehen, dass dann alles sauber ist.



Zitat:
Welche Einträge der Fixlist haben direkt was mit der oder einer Schadware zu tun?
Diese hier:
Zitat:
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:E6530E75740592D0 [217]
HKU\S-1-5-21-3869482132-2802206346-888328520-1000\Software\Classes\regfile: regedit.exe "%1" <===== ACHTUNG






Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 02.04.2017, 18:00   #14
construct
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



PACE?

Ist nicht gleich:

- PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)

oder?

Vielen Dank für die Infos, das finde ich sehr gut, nicht nur putzen sondern auch wissen was man wegputzt

Deine Infos gehe ich durch, mal sehen was davon für mich in Frage kommt.

Grüße

Alt 02.04.2017, 21:05   #15
M-K-D-B
/// TB-Ausbilder
 
PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Standard

PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?



Servus,



Zitat:
PACE?

Ist nicht gleich:

- PACE License Support Win64 (HKLM-x32\...\InstallShield_{DF91FC8F-0D43-415b-BB5D-22533FC1CC1A}) (Version: 2.6.0.1134 - PACE Anti-Piracy, Inc.)

oder?
Ich weiß nicht, was du mich fragen willst...
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Antwort

Themen zu PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?
apptrailer, ccleaner, download, exe, firewall, folge, gesucht, icon, internet, log, microleaves lts, namen, neu, nsblock, online guardian, online-guardian, passwörter, rechner, registry, scan, seite, seiten, startet, traffic, updater.exe, verursacht, win, win7, windows, wlan



Ähnliche Themen: PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?


  1. "PUP.Optional.Reimage" wurde von Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.10.2016 (31)
  2. Malwarebytes findet zum wiederholten Male "PUP.Optional.Booking"
    Plagegeister aller Art und deren Bekämpfung - 17.10.2016 (18)
  3. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  4. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  5. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  6. Fenster öffnen sich und Antivirus Meldung "pup.optional.VBates"
    Log-Analyse und Auswertung - 13.06.2014 (15)
  7. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  8. MALWAREBYTES meldet 2 Funde, als Anbieter "PUP.Optional.Conduit.A" und "PUP.Optional.DataMngr.A"
    Log-Analyse und Auswertung - 10.03.2014 (7)
  9. Infizierter Registrierungschlüssel "PUP.Optional.InstallCore.A"; Chrome lädt Seiten nicht richtig
    Log-Analyse und Auswertung - 01.02.2014 (11)
  10. Win8: Browser/Progs -"Not Responding" - Mbam--> 3xPUP optional.Installer
    Log-Analyse und Auswertung - 30.01.2014 (5)
  11. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  12. Fund von PUP.Optional.Wajam.A, Neuinstallation fällig oder eher "nur" unerwünschte Software
    Log-Analyse und Auswertung - 26.11.2013 (19)
  13. Malewarebytes fand infizierte Datei "PUP.Optional.DownloadSponsor.A"
    Log-Analyse und Auswertung - 22.10.2013 (8)
  14. Vista startet/bootet sehr langsam durch "Virus" PUP.Optional
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (28)
  15. Malwarebytes bereibigt "PUP.Optional.xxx.A", aber AdwCleaner findet noch was in der Registry
    Log-Analyse und Auswertung - 14.10.2013 (13)
  16. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  17. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)

Zum Thema PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? - Hi, unter Win7 ist mir folgendes passiert... - keine AV - Firewall Windows mit Glasswire - Malewarebytes ist aktuell und drüber gelaufen Log vorhanden - CCleaner auch durchlaufen gelassen - - PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ?...
Archiv
Du betrachtest: PUP.Optional.AppTrailer.Generic + PUP.Optional. OnlineIO + NSBLock + "Microleafs LTD" über Filedropper.com oder Fileupload.net ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.