Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hijack.exe+Virus Neshta file nach installation von visual studio (https://www.trojaner-board.de/194230-hijack-exe-virus-neshta-file-installation-visual-studio.html)

cosinus 17.12.2018 11:12
So ich habs jetzt endlich selbst rausgefunden, du warst ja nicht in der Lage mal gleich die angemeckerte Datei zu posten.

Zitat:
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Kannst du denn wenigstens etwas zur Herkunft von I:\register-mail-online.exe verraten?

korato 17.12.2018 11:37
Sagmal was habe ich davon euch zu verarschen, so langsam glaube ich das von dir.

Mein Gott Hijack.exe+Virus Neshta (steht in der Überschrift) welche Art von Schädling das sind weis ich nicht. gefunden von search&destroy + adw cleaner.

Hijack.exe ist in der Registry den genauen pfad weis ich nicht mehr.
hklm\???\Windows\classes\Shell\??? end.

virus-neshta liegt in c\Windows\svhost.com springt aber trotz Quarantäne immer wieder an, angezeigt durch mbam. Ist laut mbam ein Trojan.Agent.SVC.Generic

beide werden aber nicht angezeigt wenn man zu dem pfaden geht. So mehr kann ich dir nicht sagen. Wenn du immer noch denkst das ich dich verarsche kick, bann mich oder was auch immer.
An sonsten wäre es schön wenn geholfen wird.

cosinus 17.12.2018 11:56
Zitat:
virus-neshta liegt in c\Windows\svhost.com springt aber trotz Quarantäne immer wieder an, angezeigt durch mbam. Ist laut mbam ein Trojan.Agent.SVC.Generic
Na also! Warum postest du das nicht gleich?!


Zitat:
An sonsten wäre es schön wenn geholfen wird.
Ansonsten wäre es schön, wenn du die Infos gleich postest und nicht erst nach ellenlangen unsinnigen Diskussionen!

Bist du auch schonmal auf die Idee gekommen, dass du selbst die Malware rangeschleppt hast Siehe:

Zitat:
Foxit_PhantomPDF_Business_9.3.0.10826_Multilingual_crackzsoft.com
Wondershare PDFelement Professional 6.8.4.3921 Multilingual [CrackzSoft.com]
[Fulldb Cracked] 739k HQ Combo Private Premium SQLi Hit Guaranteed Booom! Iptv,Btc,Psn,Vpn,Directv,Netflix,Hbo,Shopping,Selly,Porn,Chaturbate,Hosting,Minecraft,Steam,Origin,Uplay,More.txt
Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

korato 17.12.2018 11:57
Zitat:
Zitat von cosinus (Beitrag 1708755)
So ich habs jetzt endlich selbst rausgefunden, du warst ja nicht in der Lage mal gleich die angemeckerte Datei zu posten.
Namen der vieren stehen doch im Topic. Häätest es ja auch mal genauer beschreiben können das du genau den Pfad wissen möchtest.

cosinus 17.12.2018 11:59
Zitat:
Zitat von korato (Beitrag 1708760)
Namen der vieren stehen doch im Topic.
Es wurde erklärt, dass nur die Namen der Schädlinge nicht reichen. Das steht auch in den Nutzungsbedingungen - denen du vor der Registrierung übrigens zustimmen musst.

korato 17.12.2018 13:39
Meisten ist der Bug vor der Tastatur ;).
Die Dateien sind entfernt. Waren aber blos für das reverse engeneering Verständnis, wurden nur im Debugger ausgeführt. in VMware. Aber von selbst kriegt man sowas natürlich auch nicht, also muss ich schon irgend wie dafür gesorgt haben.


Zudem erstmal danke das dir die mühe gemacht hast mir zu helfen.


Hier nochmal der neue Scan als proof.


FRST


Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
durchgeführt von Mortifer (Administrator) auf DESKTOP-HP1IRVV (17-12-2018 13:27:40)
Gestartet von C:\Users\Mortifer\Desktop
Geladene Profile: Mortifer (Verfügbare Profile: Mortifer)
Platform: Windows 10 Pro Version 1803 17134.471 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Firefox Nightly\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\runSW.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Electronic Arts) D:\Games\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) D:\VMware Workstation\Workstation\vmware-authd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek) C:\Windows\SwUSB.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() D:\VMware Workstation\Workstation\vmware-hostd.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Dominik Reichl)
HKLM-x32\...\Run: [vmware-tray.exe] => D:\VMware Workstation\Workstation\vmware-tray.exe [167344 2018-12-17] ()
HKLM-x32\...\Run: [WPSTool] => C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe [1891840 2018-02-06] (TP-Link Technologies Co., Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2179216 2018-12-17] ()
HKLM-x32\...\Run: [CCEnhancer] => C:\Program Files (x86)\CCEnhancer\CCEnhancer.exe [895488 2018-12-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Dominik Reichl)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5896240 2018-11-02] (IDRIX)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2053472 2017-07-24] (Palit Microsystems Ltd.)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [EpicGamesLauncher] => D:\Games\Fortnite\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35149712 2018-12-14] (Epic Games, Inc.)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [3173152 2018-12-16] ()
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3478256 2018-12-16] ()
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [EADM] => D:\Games\Origin\Origin.exe [3155240 2018-12-16] ()
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{3615a814-1cd2-4d8f-8a5c-417e21555e98}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2411979688-3473291244-4169740345-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kein Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-10] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: lwvz5smc.default
FF ProfilePath: C:\Users\Mortifer\AppData\Roaming\Mozilla\Firefox\Profiles\lwvz5smc.default [nicht gefunden] <==== ACHTUNG
FF DefaultProfile: x4qx88x5.default
FF ProfilePath: C:\Users\Mortifer\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\x4qx88x5.default [2018-12-17]
FF Extension: (Dark Moon) - C:\Users\Mortifer\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\x4qx88x5.default\Extensions\darkmoon@lootyhoof-pm.xpi [2018-11-02] [Legacy] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Mortifer\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\x4qx88x5.default\Extensions\langpack-de@palemoon.org.xpi [2018-11-23] [Legacy] [ist nicht signiert]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2018-10-17] [Legacy] [ist nicht signiert]
FF HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Firefox\Extensions: [{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}] - D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDFirefoxExt
FF Extension: (Allavsoft Video Downloader Firefox Extension) - D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDFirefoxExt [2018-11-24] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-10] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-02] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-11-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-11-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-11-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
StartMenuInternet: Firefox-6F193CCC56814779 - C:\Program Files\Firefox Nightly\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default [2018-12-17]
CHR Extension: (Slides) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-09]
CHR Extension: (Docs) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-09]
CHR Extension: (Google Drive) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-09]
CHR Extension: (YouTube) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-09]
CHR Extension: (Allavsoft video downloader converter) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif [2018-12-02]
CHR Extension: (Sheets) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-02]
CHR Extension: (Morpheon Dark) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-09]
CHR Extension: (Gmail) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDChromeExt.crx [2018-11-24]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7398152 2018-12-16] () [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [5389968 2018-07-09] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [843904 2018-12-16] () [Datei ist nicht signiert]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-12-16] () [Datei ist nicht signiert]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-12-16] () [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [290768 2018-12-16] () [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2310976 2018-12-16] () [Datei ist nicht signiert]
R2 Origin Web Helper Service; D:\Games\Origin\OriginWebHelperService.exe [3130696 2018-11-20] (Electronic Arts)
R2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [38664 2018-10-17] ()
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-09-20] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [281840 2018-10-29] ()
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-02-07] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534400 2018-09-26] (Razer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-10-06] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1725728 2018-12-16] () [Datei ist nicht signiert]
R2 VMAuthdService; D:\VMware Workstation\Workstation\vmware-authd.exe [100784 2018-09-19] (VMware, Inc.)
R2 VMwareHostd; D:\VMware Workstation\Workstation\vmware-hostd.exe [15445936 2018-09-19] ()
S3 VSStandardCollectorService150; D:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [198952 2018-12-17] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3921592 2018-12-16] () [Datei ist nicht signiert]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [155680 2018-12-16] () [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-11-01] (Bluestack System Inc. )
S3 CorsairCAHS1; C:\Windows\system32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
R3 kmloop; C:\Windows\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-12-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-12-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [63768 2018-12-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [111152 2018-12-17] (Malwarebytes)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.)
R1 npf; C:\Windows\system32\DRIVERS\npf.sys [81688 2018-03-03] (Insecure.Com LLC.)
S4 npf_wifi; C:\Windows\system32\DRIVERS\npf.sys [81688 2018-03-03] (Insecure.Com LLC.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e59b844303b9907e\nvlddmkm.sys [20395400 2018-11-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [36384 2018-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [7148864 2018-04-10] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [45024 2018-11-06] (The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [44976 2018-06-01] (The OpenVPN Project)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [828776 2018-11-02] (IDRIX)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2018-09-19] (VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92040 2018-06-22] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R3 ysusb_w10_64; C:\Windows\system32\drivers\ysusb_w10_64.sys [173536 2018-08-01] (Yamaha Corporation)
U3 dmwappushsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-12-17 13:27 - 2018-12-17 13:27 - 002417152 _____ (Farbar) C:\Users\Mortifer\Desktop\FRST64.exe
2018-12-17 13:27 - 2018-12-17 13:27 - 000024451 _____ C:\Users\Mortifer\Desktop\FRST.txt
2018-12-17 13:13 - 2018-12-17 13:23 - 000041472 _____ C:\Windows\svchost.com
2018-12-17 13:13 - 2018-12-17 13:13 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-17 13:13 - 2018-12-17 13:13 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-17 13:13 - 2018-12-17 13:13 - 000111152 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-17 13:13 - 2018-12-17 13:13 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-17 12:45 - 2018-12-17 12:45 - 000000479 _____ C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lokaler Datenträger (C).lnk
2018-12-17 12:20 - 2018-12-17 12:21 - 000000000 ____D C:\Users\Mortifer\Desktop\Word
2018-12-17 04:56 - 2018-12-17 04:56 - 000244962 _____ C:\Users\Mortifer\Desktop\OTL.Txt
2018-12-17 04:56 - 2018-12-17 04:56 - 000094086 _____ C:\Users\Mortifer\Desktop\Extras.Txt
2018-12-17 02:55 - 2018-12-17 13:27 - 000000000 ____D C:\FRST
2018-12-17 02:50 - 2018-12-17 02:50 - 000001495 _____ C:\Users\Mortifer\Desktop\malwbscan.txt
2018-12-17 02:47 - 2018-12-17 05:24 - 004406102 _____ C:\Users\Mortifer\Desktop\install.progs.txt
2018-12-17 02:20 - 2018-12-08 08:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2018-12-17 02:20 - 2018-12-08 08:36 - 005746688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2018-12-17 02:20 - 2018-12-08 08:28 - 004529664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2018-12-17 02:12 - 2018-12-17 13:01 - 001149440 _____ C:\Users\Mortifer\Desktop\RSIT.exe
2018-12-17 02:12 - 2018-12-17 13:01 - 000886960 _____ C:\Users\Mortifer\Desktop\Autoruns64.exe
2018-12-17 02:12 - 2018-12-17 13:01 - 000785072 _____ C:\Users\Mortifer\Desktop\autorunsc64.exe
2018-12-17 02:12 - 2018-12-17 13:01 - 000758440 _____ C:\Users\Mortifer\Desktop\Autoruns.exe
2018-12-17 02:12 - 2018-12-17 13:01 - 000671400 _____ C:\Users\Mortifer\Desktop\autorunsc.exe
2018-12-17 02:12 - 2017-09-10 17:22 - 000050512 _____ C:\Users\Mortifer\Desktop\autoruns.chm
2018-12-17 02:12 - 2017-06-13 15:52 - 000007490 _____ C:\Users\Mortifer\Desktop\Eula.txt
2018-12-17 02:09 - 2018-12-17 02:09 - 001306150 _____ C:\Users\Mortifer\Desktop\Autoruns.zip
2018-12-17 02:07 - 2018-12-17 13:01 - 000643584 _____ C:\Users\Mortifer\Desktop\OTL.exe
2018-12-17 01:35 - 2018-12-17 01:35 - 000001528 _____ C:\Users\Mortifer\Desktop\fileeeeeeeeee.txt
2018-12-17 01:28 - 2018-12-17 01:28 - 000000000 ____D C:\Users\Mortifer\Desktop\backups
2018-12-17 01:20 - 2018-12-17 13:01 - 000430080 _____ C:\Users\Mortifer\Desktop\HijackThis.exe
2018-12-17 01:10 - 2018-12-17 13:14 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-12-17 01:10 - 2018-12-17 06:03 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-12-17 01:10 - 2018-12-17 01:10 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-12-17 01:10 - 2018-12-17 01:10 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-12-17 01:10 - 2018-12-17 01:10 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-12-17 01:10 - 2018-12-17 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-12-17 01:10 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-12-17 00:57 - 2018-12-17 00:57 - 019731263 _____ C:\Users\Mortifer\Downloads\tweaking.com_windows_repair_aio.zip
2018-12-17 00:53 - 2018-12-17 00:53 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Mortifer\Downloads\spybotsd-2.7.64.0.exe
2018-12-17 00:47 - 2018-12-17 00:48 - 000000000 ____D C:\AdwCleaner
2018-12-17 00:46 - 2018-12-17 13:01 - 007363280 _____ C:\Users\Mortifer\Desktop\adwcleaner_7.2.5.0.exe
2018-12-17 00:30 - 2018-12-17 00:30 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-17 00:25 - 2018-12-17 00:25 - 000000000 ____D C:\Users\Public\Documents\Python Scripts
2018-12-17 00:25 - 2018-12-17 00:25 - 000000000 ____D C:\Users\Mortifer\Documents\Visual Studio 2017
2018-12-17 00:25 - 2018-12-17 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Package Cache
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\Program Files\IIS
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\Program Files (x86)\IIS
2018-12-17 00:13 - 2018-12-17 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\ProgramData\dftmp
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files\VS2012Schemas
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files\VS2010Schemas
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files\Microsoft SDKs
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2018-12-17 00:03 - 2018-12-17 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2018-12-17 00:00 - 2018-12-17 00:00 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2018-12-17 00:00 - 2018-12-17 00:00 - 000000000 ____D C:\Program Files\Application Verifier
2018-12-17 00:00 - 2018-12-17 00:00 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2018-12-16 23:55 - 2018-12-17 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-12-16 23:55 - 2018-12-16 23:55 - 000000000 ____D C:\Program Files\Windows Kits
2018-12-16 23:55 - 2018-12-16 23:55 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2018-12-16 23:48 - 2018-04-11 06:46 - 000402944 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2018-12-16 23:48 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2018-12-16 23:48 - 2018-04-11 05:12 - 000380416 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2018-12-16 23:48 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2018-12-16 23:48 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2018-12-16 23:48 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2018-12-16 23:48 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2018-12-16 23:48 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2018-12-16 23:48 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2018-12-16 23:48 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2018-12-16 23:48 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2018-12-16 23:48 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2018-12-16 23:48 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2018-12-16 23:48 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2018-12-16 23:48 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2018-12-16 23:48 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2018-12-16 23:48 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2018-12-16 23:48 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2018-12-16 23:48 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2018-12-16 23:48 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2018-12-16 23:48 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2018-12-16 23:48 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2018-12-16 23:48 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2018-12-16 23:48 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2018-12-16 23:48 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2018-12-16 23:48 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2018-12-16 23:45 - 2018-12-16 23:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2018-12-16 23:42 - 2018-12-16 23:45 - 000000000 ____D C:\Program Files\IIS Express
2018-12-16 23:42 - 2018-12-16 23:45 - 000000000 ____D C:\Program Files (x86)\IIS Express
2018-12-16 23:42 - 2018-12-16 23:42 - 000000000 ____D C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
2018-12-16 23:42 - 2018-12-16 23:42 - 000000000 ____D C:\Program Files (x86)\NuGet
2018-12-16 23:41 - 2018-12-16 23:42 - 000000000 ____D C:\Users\Mortifer\.dotnet
2018-12-16 23:41 - 2018-12-16 23:42 - 000000000 ____D C:\Program Files\dotnet
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\3082
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\2052
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1055
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1049
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1046
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1045
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1042
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1041
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1040
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1036
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1033
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1031
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1029
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1028
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\3082
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\2052
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1055
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1049
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1046
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1045
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1042
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1041
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1040
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1036
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1033
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1031
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1029
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1028
2018-12-16 23:38 - 2018-12-16 23:38 - 000001697 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2018-12-16 23:38 - 2018-12-16 23:38 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2018-12-16 23:36 - 2018-12-16 23:46 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-12-16 23:35 - 2018-12-16 23:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-12-16 23:34 - 2018-12-17 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2018-12-16 23:34 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2018-12-16 23:34 - 2018-12-16 23:55 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-12-16 23:33 - 2018-12-16 23:33 - 000001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2018-12-16 23:18 - 2018-12-17 00:28 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Visual Studio Setup
2018-12-16 23:18 - 2018-12-16 23:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-12-16 23:18 - 2018-12-16 23:18 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2018-12-16 23:18 - 2018-12-16 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\vstelemetry
2018-12-16 23:18 - 2018-12-16 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft Visual Studio
2018-12-16 23:18 - 2018-12-16 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ServiceHub
2018-12-16 23:17 - 2018-12-16 23:17 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2018-12-16 23:16 - 2018-12-17 13:01 - 001323008 _____ C:\Users\Mortifer\Documents\vs_community.exe
2018-12-16 22:23 - 2018-12-17 13:23 - 000000000 _____ C:\Windows\directx.sys
2018-12-16 22:06 - 2018-12-16 22:06 - 004996834 _____ C:\Users\Mortifer\Downloads\combo.rar
2018-12-16 21:52 - 2018-12-16 21:52 - 004173811 _____ C:\Users\Mortifer\Documents\125k-NLLD.txt
2018-12-16 20:46 - 2018-12-16 20:46 - 000029820 _____ C:\Users\Mortifer\Downloads\you tube video ideas.xlsx
2018-12-16 19:46 - 2018-12-16 19:46 - 000020960 _____ C:\Users\Mortifer\Downloads\Best Digital Marketing Tools - CompleteDigitalMarketingCourse.com.xlsx
2018-12-16 19:43 - 2018-12-16 19:43 - 000431466 _____ C:\Users\Mortifer\Downloads\Digital-Marketing-Demystified.pdf
2018-12-16 19:02 - 2018-12-16 19:02 - 000016775 _____ C:\Users\Mortifer\Documents\links.txt
2018-12-16 18:51 - 2018-12-16 18:51 - 000005932 _____ C:\Users\Mortifer\Downloads\notepad-plus-plus-master.zip
2018-12-16 18:51 - 2018-12-16 18:51 - 000000000 ____D C:\Users\Mortifer\Downloads\notepad-plus-plus-master
2018-12-16 14:55 - 2018-12-16 14:55 - 000001036 _____ C:\Users\Mortifer\Desktop\Nmap - Zenmap GUI.lnk
2018-12-16 14:55 - 2018-12-16 14:55 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2018-12-16 14:53 - 2018-12-16 14:54 - 000000000 ____D C:\Program Files\Npcap
2018-12-16 14:53 - 2018-12-16 14:53 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2018-12-16 14:53 - 2018-12-16 14:53 - 000000000 ____D C:\Windows\system32\Npcap
2018-12-16 14:52 - 2018-12-16 14:54 - 000000000 ____D C:\Program Files (x86)\Nmap
2018-12-16 14:51 - 2018-12-16 14:51 - 027530328 _____ (Insecure.org) C:\Users\Mortifer\Downloads\nmap-7.70-setup.exe
2018-12-16 07:02 - 2018-12-16 07:02 - 024203365 _____ C:\Users\Mortifer\Documents\BlackBullet.zip
2018-12-16 05:01 - 2018-12-16 05:01 - 001294682 _____ C:\Users\Mortifer\Downloads\ollybone-0.1.zip
2018-12-16 04:41 - 2018-12-16 04:41 - 000000810 _____ C:\Users\Mortifer\Documents\Downloads - Verknüpfung.lnk
2018-12-16 03:43 - 2018-12-16 04:07 - 000000000 ____D C:\Users\Mortifer\Desktop\olly
2018-12-16 03:36 - 2018-12-16 03:36 - 000213988 _____ C:\Users\Mortifer\Downloads\plug110.zip
2018-12-16 01:53 - 2018-12-16 01:53 - 000002157 _____ C:\Users\Mortifer\Desktop\PUBG MOBILE.lnk
2018-12-16 01:07 - 2018-12-16 01:07 - 000000000 ____D C:\Users\Mortifer\.pylint.d
2018-12-16 01:00 - 2018-12-16 01:00 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Python
2018-12-16 01:00 - 2018-12-16 01:00 - 000000000 ____D C:\Users\Mortifer\AppData\Local\pip
2018-12-16 00:58 - 2018-12-16 00:58 - 000000000 ____D C:\Users\Mortifer\.idlerc
2018-12-16 00:55 - 2018-12-16 00:55 - 000008933 _____ C:\Users\Mortifer\Desktop\recommender.py
2018-12-16 00:17 - 2018-12-16 00:17 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-12-16 00:17 - 2018-12-16 00:17 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-16 00:16 - 2018-12-16 11:20 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-16 00:16 - 2018-12-16 00:18 - 000000009 _____ C:\Users\Mortifer\Downloads\Unlocker 1.9.2.msi
2018-12-16 00:15 - 2018-12-16 21:31 - 002531634 _____ C:\Users\Mortifer\Downloads\Unlocker 1.9.2_0541372110.exe
2018-12-16 00:08 - 2018-12-16 00:11 - 519474715 _____ C:\Users\Mortifer\Downloads\VMware-Fusion-11.0.2-10952296.dmg
2018-12-15 18:32 - 2018-12-15 18:32 - 000051654 _____ C:\Users\Mortifer\Downloads\Hide Debugger v1.2.4.rar
2018-12-15 18:25 - 2018-12-15 18:25 - 000398311 _____ C:\Users\Mortifer\Downloads\PEiD-0.95-20081103.zip
2018-12-15 18:15 - 2018-12-16 21:31 - 004606600 _____ C:\Users\Mortifer\Downloads\vvpro25-64.exe
2018-12-15 12:00 - 2018-12-15 12:00 - 007135444 _____ C:\Users\Mortifer\Downloads\vb_decompiler_lite.zip
2018-12-15 11:18 - 2018-12-15 11:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Deployment
2018-12-15 11:18 - 2018-12-15 11:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Apps\2.0
2018-12-15 11:17 - 2018-12-15 11:17 - 000000000 ____D C:\Users\Mortifer\Downloads\Word_Add_in_Microsoft_Programmierer
2018-12-15 11:16 - 2018-12-15 11:16 - 018425568 _____ C:\Users\Mortifer\Downloads\Word_Add_in_Microsoft_Programmierer.zip
2018-12-15 02:43 - 2018-12-15 20:09 - 000000000 ____D C:\Python35
2018-12-15 02:42 - 2018-12-15 02:42 - 225065576 _____ (ActiveState Software Inc.) C:\Users\Mortifer\Downloads\ActivePython-3.5.4.3504-win64-x64-404899.exe
2018-12-15 02:36 - 2018-12-15 02:36 - 018542592 _____ C:\Users\Mortifer\Downloads\python-3.2.2.amd64.msi
2018-12-14 17:41 - 2018-12-14 17:41 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-12-14 17:41 - 2018-12-14 17:41 - 000001270 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2018-12-14 17:41 - 2018-12-14 17:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-12-14 10:01 - 2018-12-14 17:48 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Thunderbird
2018-12-14 10:01 - 2018-12-14 10:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Thunderbird
2018-12-14 09:57 - 2018-12-14 17:39 - 031795664 _____ (Mozilla) C:\Users\Mortifer\Downloads\Thunderbird Setup 60.3.3.exe
2018-12-12 10:20 - 2018-12-12 10:20 - 000000000 ____D C:\ProgramData\HP
2018-12-12 04:12 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-12-12 04:12 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-12-12 04:12 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 04:12 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-12 04:12 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2018-12-12 04:12 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2018-12-12 04:12 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 04:12 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-12 04:12 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-12-12 04:12 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-12-12 04:12 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-12-12 04:12 - 2018-12-08 09:05 - 007520096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-12-12 04:12 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-12-12 04:12 - 2018-12-08 09:04 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 04:12 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-12-12 04:12 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-12-12 04:12 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-12-12 04:12 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-12-12 04:12 - 2018-12-08 08:45 - 006569040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-12 04:12 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-12-12 04:12 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-12 04:12 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2018-12-12 04:12 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-12-12 04:12 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-12-12 04:12 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-12-12 04:12 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-12-12 04:12 - 2018-12-08 08:36 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-12-12 04:12 - 2018-12-08 08:36 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-12-12 04:12 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-12 04:12 - 2018-12-08 08:28 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-12-12 04:12 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-12-12 04:12 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2018-12-12 04:12 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-12 04:12 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-12 04:12 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-12 04:11 - 2018-12-08 13:48 - 000034104 _____ C:\Windows\system32\SyncAppvPublishingServer.exe
2018-12-12 04:11 - 2018-12-08 13:47 - 001786896 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001627656 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001422864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001038352 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000954384 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000830480 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000825352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000750096 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000670224 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000652296 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000495632 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000399880 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000258064 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000231440 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2018-12-12 04:11 - 2018-12-08 13:47 - 000228368 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000201744 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000180752 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2018-12-12 04:11 - 2018-12-08 13:47 - 000173072 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2018-12-12 04:11 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll
2018-12-12 04:11 - 2018-12-08 13:43 - 000304144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2018-12-12 04:11 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-12-12 04:11 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-12-12 04:11 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-12-12 04:11 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-12-12 04:11 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll
2018-12-12 04:11 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2018-12-12 04:11 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-12-12 04:11 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-12-12 04:11 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 04:11 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-12 04:11 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2018-12-12 04:11 - 2018-12-08 09:13 - 001040936 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-12-12 04:11 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-12-12 04:11 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-12-12 04:11 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2018-12-12 04:11 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2018-12-12 04:11 - 2018-12-08 09:07 - 001221632 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-12-12 04:11 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-12-12 04:11 - 2018-12-08 09:07 - 001030184 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-12-12 04:11 - 2018-12-08 09:07 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-12-12 04:11 - 2018-12-08 09:07 - 000076280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2018-12-12 04:11 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-12-12 04:11 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-12-12 04:11 - 2018-12-08 09:06 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-12-12 04:11 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-12-12 04:11 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-12-12 04:11 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-12-12 04:11 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\Windows\system32\xbgmengine.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2018-12-12 04:11 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 001457032 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-12-12 04:11 - 2018-12-08 09:04 - 001257672 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-12-12 04:11 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 001140480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-12-12 04:11 - 2018-12-08 09:04 - 000982912 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-12-12 04:11 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-12-12 04:11 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iorate.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2018-12-12 04:11 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2018-12-12 04:11 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-12-12 04:11 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2018-12-12 04:11 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wpnsruprov.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\eeprov.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2018-12-12 04:11 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2018-12-12 04:11 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 001308160 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\appsruprov.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2018-12-12 04:11 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-12-12 04:11 - 2018-12-08 08:36 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mmcss.sys
2018-12-12 04:11 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-12-12 04:11 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-12-12 04:11 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2018-12-12 04:11 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-12-12 04:11 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2018-12-12 04:11 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2018-12-12 04:11 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-12-12 04:11 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 04:11 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2018-12-12 04:11 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2018-12-12 04:11 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-12-12 04:11 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000669696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-12-12 04:11 - 2018-12-08 07:16 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-12-12 04:11 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 04:11 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-12-12 04:11 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-12-12 04:11 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-12-12 04:11 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\sensrsvc.dll
2018-12-12 04:11 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-12 04:11 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2018-12-12 04:11 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 04:11 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2018-12-12 04:11 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-12-12 04:11 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2018-12-12 04:11 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-12-12 04:11 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 04:11 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-12-12 04:11 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-12-12 04:11 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-12-12 04:11 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-12 04:11 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2018-12-12 04:11 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-12-12 04:11 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-12-12 04:11 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-12-12 04:11 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-12-12 04:11 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-12-12 04:11 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-12-12 04:11 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-12 04:11 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-12 04:11 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2018-12-12 04:11 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-12-12 04:11 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2018-12-12 04:11 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-12-12 04:11 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2018-12-12 04:11 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\winhttpcom.dll
2018-12-12 04:11 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-12-12 04:11 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-12-12 04:11 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2018-12-12 04:11 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 006032384 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\BthAvctpSvc.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2018-12-12 04:11 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2018-12-12 04:11 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-12-12 04:11 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-12 04:11 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-12-12 04:11 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-12-12 04:11 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2018-12-12 04:11 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-12-12 04:11 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2018-12-12 04:11 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2018-12-12 04:11 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-12-12 04:11 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-12-12 04:11 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2018-12-12 04:11 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-12-12 04:11 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-12-12 04:11 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-12-12 04:11 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-12-12 04:11 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-12-12 04:11 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2018-12-12 04:11 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttpcom.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-12-12 04:11 - 2018-11-09 02:28 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-12-12 04:11 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-12-12 04:11 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2018-12-12 04:11 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-12-12 04:11 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 04:11 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-12-12 04:11 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2018-12-12 04:11 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2018-12-12 04:11 - 2018-05-20 19:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
2018-12-11 20:41 - 2018-12-11 21:16 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ProtonVPN
2018-12-11 20:41 - 2018-12-11 20:51 - 000000000 ____D C:\ProgramData\ProtonVPN
2018-12-11 20:41 - 2018-12-11 20:41 - 000001230 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2018-12-11 20:41 - 2018-12-11 20:41 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\ProtonVPN AG
2018-12-11 20:41 - 2018-12-11 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2018-12-11 20:41 - 2018-12-11 20:41 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2018-12-11 17:01 - 2018-12-11 17:01 - 000003199 _____ C:\Users\Mortifer\Desktop\E52CD47FB3A7B96D5551EB48B7E0C348D07561BE.asc
2018-12-11 17:01 - 2018-12-11 17:01 - 000000735 _____ C:\Users\Mortifer\AppData\Local\recently-used.xbel
2018-12-11 09:46 - 2018-12-11 17:01 - 000000000 ____D C:\Users\Mortifer\AppData\Local\gtk-2.0
2018-12-11 08:35 - 2018-12-11 08:35 - 000000907 _____ C:\Users\Public\Desktop\Claws-Mail.lnk
2018-12-11 08:35 - 2018-12-11 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claws Mail
2018-12-11 08:35 - 2018-12-11 08:35 - 000000000 ____D C:\Program Files\Claws Mail
2018-12-11 08:22 - 2018-12-11 08:22 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\claws Mail
2018-12-11 08:18 - 2018-12-11 08:46 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Claws-mail
2018-12-11 07:34 - 2018-12-11 07:36 - 000004938 _____ C:\Users\Mortifer\Desktop\test123456.gpg
2018-12-11 06:26 - 2018-12-11 06:26 - 000000007 _____ C:\Users\Mortifer\Desktop\new 20.txt
2018-12-11 06:12 - 2018-12-11 06:14 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\PyBitmessage
2018-12-11 04:51 - 2018-12-11 17:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\kleopatra
2018-12-11 04:46 - 2018-12-11 17:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\gnupg
2018-12-11 04:46 - 2018-12-11 04:46 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000002116 _____ C:\Users\Public\Desktop\Kleopatra.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000001338 _____ C:\Users\Public\Desktop\GPA.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-12-11 04:45 - 2018-12-11 04:46 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-12-11 04:29 - 2018-12-11 09:45 - 000000000 ____D C:\Users\Mortifer\Desktop\PGP
2018-12-11 02:42 - 2018-12-11 02:42 - 001269132 _____ C:\Users\Mortifer\Desktop\SQLi Dorks By The N3RoX.rar
2018-12-11 02:06 - 2018-12-11 02:06 - 000001555 _____ C:\Users\Mortifer\Desktop\prox.txt
2018-12-11 00:34 - 2018-12-11 00:34 - 000007676 _____ C:\Users\Mortifer\Downloads\Shodan Queries.txt
2018-12-11 00:23 - 2018-12-16 19:06 - 000067782 _____ C:\Users\Mortifer\Desktop\Meine URL's.txt
2018-12-10 23:25 - 2018-12-10 23:25 - 019833350 _____ C:\Users\Mortifer\Desktop\10.12.18.html
2018-12-10 23:10 - 2018-12-10 23:10 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Bishop_Fox
2018-12-10 23:09 - 2018-12-10 23:09 - 000002627 _____ C:\Users\Public\Desktop\SearchDiggity.lnk
2018-12-10 23:09 - 2018-12-10 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
2018-12-10 23:09 - 2018-12-10 23:09 - 000000000 ____D C:\Program Files (x86)\Bishop Fox
2018-12-10 23:08 - 2018-12-10 23:08 - 000000000 ____D C:\Users\Mortifer\Downloads\SearchDiggity_v3.1.0-MSI
2018-12-10 23:07 - 2018-12-10 23:08 - 011722751 _____ C:\Users\Mortifer\Downloads\SearchDiggity_v3.1.0-MSI.zip
2018-12-10 23:05 - 2018-12-10 23:05 - 000352456 _____ C:\Users\Mortifer\Desktop\Bing Queries.txt
2018-12-10 22:53 - 2018-12-10 22:53 - 004522562 _____ C:\Users\Mortifer\Downloads\Hacking_SharePoint_FINAL.pptx
2018-12-10 21:21 - 2018-12-10 21:21 - 000230122 _____ C:\Users\Mortifer\Downloads\Bypass IPTV.pdf
2018-12-10 15:19 - 2018-12-10 15:19 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Sun
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\Users\Mortifer\AppData\LocalLow\Sun
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\ProgramData\Oracle
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\Program Files\Java
2018-12-10 15:18 - 2018-12-10 15:18 - 074618232 _____ (Oracle Corporation) C:\Users\Mortifer\Downloads\jre-8u191-windows-x64.exe
2018-12-10 15:10 - 2018-12-10 15:14 - 000000000 ____D C:\Users\Mortifer\Desktop\ValidateCreditCard
2018-12-10 15:10 - 2007-01-13 00:59 - 000411003 _____ C:\Users\Mortifer\Desktop\ValidateCreditCard.jar
2018-12-10 05:44 - 2018-12-10 05:44 - 003260163 _____ C:\Users\Mortifer\Documents\Journey-Into-the-Hidden-Web-A-Guide-For-New-Researchers.pdf
2018-12-08 06:40 - 2018-12-14 14:39 - 000000912 _____ C:\Users\Public\Desktop\Battlefield™ V.lnk
2018-12-05 03:13 - 2018-12-05 03:13 - 000377734 _____ C:\Users\Mortifer\Downloads\RISCS-Annual-Report-2013.pdf
2018-12-05 03:06 - 2018-12-05 03:06 - 002200861 _____ C:\Users\Mortifer\Downloads\Thaler_2014_Fooling_wired_NAC.pdf
2018-12-05 02:27 - 2018-12-05 02:27 - 001804955 _____ C:\Users\Mortifer\Downloads\auditing-aspnet-applications-pci-dss-compliance-33869.pdf
2018-12-05 01:46 - 2018-12-05 01:46 - 000022765 _____ C:\Users\Mortifer\Downloads\hook.zip
2018-12-04 16:21 - 2018-12-04 16:21 - 000033280 _____ C:\Users\Mortifer\Documents\Kopie von businessanalysisfebruary2015_tcm77-399475.xls
2018-12-04 05:00 - 2018-12-04 05:00 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Wondershare
2018-12-04 02:34 - 2018-12-16 21:31 - 006849024 _____ C:\Users\Mortifer\Downloads\SDLTradosStudio2019TrialInstaller.exe
2018-12-04 02:34 - 2018-12-04 02:34 - 000000000 ____D C:\Users\Mortifer\Documents\SDL
2018-12-03 11:56 - 2018-12-03 11:56 - 000001365 _____ C:\Users\Public\Desktop\PDFelement 6 Pro.lnk
2018-12-03 11:56 - 2018-12-03 11:56 - 000000000 ____D C:\ProgramData\PDFelement 6 Pro
2018-12-03 11:56 - 2018-12-03 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-12-03 11:56 - 2017-10-19 10:17 - 000271360 _____ (Wondershare Software) C:\Windows\system32\WSPDFelementMonitor.dll
2018-12-03 11:55 - 2018-12-16 21:31 - 001028200 _____ C:\Users\Mortifer\Downloads\pdfelement6-pro_setup_full2990.exe
2018-12-03 11:55 - 2018-12-03 11:55 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-12-03 11:55 - 2018-11-27 18:16 - 011011136 _____ C:\Windows\SysWOW64\WSPECRT.dll
2018-12-03 11:54 - 2018-12-16 21:31 - 001449064 _____ C:\Users\Mortifer\Downloads\recoverit_setup_full4134.exe
2018-12-03 10:14 - 2018-12-03 11:02 - 000000000 ____D C:\Users\Mortifer\Documents\Malware Analyze Tools
2018-12-03 04:58 - 2018-12-03 05:02 - 000000000 ____D C:\Users\Mortifer\Documents\Video´s
2018-12-03 04:48 - 2018-12-03 05:17 - 087852792 _____ (Wondershare Software ) C:\Users\Mortifer\Downloads\pdf-converter-pro_full839.exe
2018-12-03 04:48 - 2018-12-03 04:50 - 007759926 _____ C:\Users\Mortifer\Downloads\thxg_card-giveaway.zip
2018-12-03 04:44 - 2018-12-03 04:55 - 033447176 _____ ( ) C:\Users\Mortifer\Downloads\3steppdf-1.2.0-October2017.exe
2018-12-03 04:43 - 2018-12-16 21:31 - 003004304 _____ C:\Users\Mortifer\Downloads\7-Data_Recovery_Suite_4.1.0.exe
2018-12-03 04:24 - 2018-12-10 13:22 - 000000000 ____D C:\Users\Mortifer\Desktop\Pirate Browser
2018-12-03 04:12 - 2018-12-03 04:19 - 022324759 _____ C:\Users\Mortifer\Desktop\w_sitb100.pdf
2018-12-03 01:27 - 2018-12-03 01:28 - 024133472 _____ (ExpressVPN) C:\Users\Mortifer\Downloads\expressvpn_6.8.0.5553.BETA.exe
2018-12-03 00:51 - 2018-12-03 01:30 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ExpressVPN
2018-12-03 00:51 - 2018-12-03 00:51 - 000000000 ____D C:\Users\Mortifer\AppData\Local\IsolatedStorage
2018-12-02 19:58 - 2018-12-02 19:58 - 033641900 _____ C:\Users\Mortifer\Downloads\Bitmessage-0.6.1_64.exe
2018-12-02 19:56 - 2018-12-02 20:08 - 035422880 _____ C:\Users\Mortifer\Downloads\Bitmessage_x86_0.6.3.2.exe
2018-12-01 14:45 - 2018-12-16 21:31 - 006604448 _____ C:\Users\Mortifer\Downloads\FiddlerSetup.exe
2018-12-01 11:57 - 2018-12-01 13:23 - 000000000 ____D C:\Users\Mortifer\Downloads\x64dbg
2018-12-01 10:14 - 2018-12-17 12:33 - 000000000 ____D C:\Users\Mortifer\Downloads\IDA
2018-12-01 09:42 - 2018-12-01 09:42 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Hex-Rays
2018-12-01 09:42 - 2018-12-01 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2018-12-01 09:41 - 2018-12-01 09:42 - 000000000 ____D C:\python27-x64
2018-12-01 09:41 - 2018-12-01 09:41 - 000000852 _____ C:\Users\Mortifer\Desktop\IDA Demo.lnk
2018-12-01 09:41 - 2018-12-01 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA Demo
2018-12-01 09:41 - 2018-12-01 09:41 - 000000000 ____D C:\Program Files\IDA Demo 7.2
2018-12-01 05:13 - 2018-12-01 05:13 - 000115034 _____ C:\Users\Mortifer\Downloads\Disasm201.zip
2018-12-01 05:13 - 2018-12-01 05:13 - 000075540 _____ C:\Users\Mortifer\Downloads\chicken.zip
2018-12-01 05:13 - 2018-12-01 05:13 - 000060720 _____ C:\Users\Mortifer\Downloads\language.zip
2018-12-01 05:12 - 2018-12-01 05:12 - 006965278 _____ C:\Users\Mortifer\Downloads\odbg201.zip
2018-11-27 17:36 - 2018-11-27 17:43 - 000000000 ____D C:\Users\Mortifer\Desktop\peppi
2018-11-27 13:21 - 2018-12-12 14:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-11-27 12:26 - 2018-11-27 12:26 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\EasyAntiCheat
2018-11-27 11:51 - 2018-11-27 11:51 - 000000000 ____D C:\Users\Mortifer\ansel
2018-11-27 11:50 - 2018-11-16 00:29 - 000133160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-11-27 11:47 - 2018-11-16 20:40 - 019712744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 016989208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 015909720 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 013203592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001471632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001462416 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001167792 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001152008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001145928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000914608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000822584 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000794840 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000637688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-11-27 11:47 - 2018-11-16 19:43 - 000047384 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000978128 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000978128 _____ C:\Windows\system32\vulkan-1.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000845008 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000845008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000552144 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000456904 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000267984 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2018-11-27 11:47 - 2018-11-16 16:44 - 000267984 _____ C:\Windows\system32\vulkaninfo.exe
2018-11-27 11:47 - 2018-11-16 16:44 - 000243408 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-11-27 11:47 - 2018-11-16 16:44 - 000243408 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-11-27 11:47 - 2018-11-16 16:42 - 002003424 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 001460128 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 001126280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 000631392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 000521472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 040256992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 035154400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 004945288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 004316040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 002017536 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441701.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 001510656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 001468192 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441701.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 000750472 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 000609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-11-27 11:31 - 2018-11-27 11:51 - 000000000 ____D C:\Users\Mortifer\Documents\Battlefield V
2018-11-27 11:27 - 2018-11-27 11:27 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-11-27 11:02 - 2018-11-27 11:02 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-11-25 21:55 - 2018-11-25 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-11-25 21:50 - 2018-11-25 21:50 - 000000000 ____D C:\Users\Mortifer\.QtWebEngineProcess
2018-11-25 21:50 - 2018-11-25 21:50 - 000000000 ____D C:\Users\Mortifer\.Origin
2018-11-25 21:49 - 2018-12-16 17:56 - 000000000 ____D C:\ProgramData\Origin
2018-11-25 21:49 - 2018-12-16 12:27 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Origin
2018-11-25 21:49 - 2018-11-25 22:01 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Origin
2018-11-25 21:49 - 2018-11-25 21:49 - 063362344 _____ (Electronic Arts) C:\Users\Mortifer\Downloads\OriginThinSetup.exe
2018-11-25 20:45 - 2018-11-25 20:45 - 042718488 _____ (Mozilla) C:\Users\Mortifer\Downloads\GMX_Firefox_Setup.exe
2018-11-25 01:44 - 2018-11-25 01:44 - 009301680 _____ C:\Users\Mortifer\Downloads\CISSP_Tips_and_Tricks_E_Book.pdf
2018-11-25 01:35 - 2018-11-27 11:50 - 000000000 ____D C:\temp
2018-11-25 01:35 - 2018-11-25 01:35 - 000001634 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-11-25 01:35 - 2018-11-25 01:35 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Synapse3
2018-11-25 01:35 - 2018-11-25 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-11-25 01:34 - 2018-11-25 01:35 - 000000000 ____D C:\Program Files (x86)\Razer
2018-11-25 01:34 - 2018-11-25 01:34 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Razer
2018-11-25 01:31 - 2018-11-25 01:50 - 000000000 ____D C:\ProgramData\Razer
2018-11-25 00:31 - 2018-12-16 21:31 - 004312040 _____ C:\Users\Mortifer\Downloads\RazerSynapseInstaller_V1.0.87.116.exe
2018-11-24 11:48 - 2018-11-24 11:50 - 000995870 _____ C:\Users\Mortifer\Downloads\[Klassfield_M.]_Adobe_Photoshop_CC_(2015)_The_Ult(b-ok.cc).epub
2018-11-24 11:47 - 2018-11-24 11:47 - 005947208 _____ C:\Users\Mortifer\Downloads\[Björn_Franke_(eds.)]_Compiler_Construction_24th(b-ok.cc).pdf
2018-11-24 11:43 - 2018-11-24 11:45 - 000238147 _____ C:\Users\Mortifer\Downloads\[Gerald_M._Weinberg]_Perfect_Software_and_Other_Il(b-ok.cc).epub
2018-11-24 11:42 - 2018-11-24 11:42 - 004374958 _____ C:\Users\Mortifer\Downloads\Sanjib Sinha (auth.)-Beginning Ethical Hacking with Python-Apress (2017)-Kopieren.pdf
2018-11-24 11:41 - 2018-11-24 11:41 - 002084778 _____ C:\Users\Mortifer\Downloads\[IEEE_Computer_Society]_IEEE_Standard_for_Informat(b-ok.cc)-Kopieren.pdf
2018-11-24 11:35 - 2018-11-24 11:35 - 001333942 _____ C:\Users\Mortifer\Downloads\[IEEE_Computer_Society]_IEEE_Standard_for_Informat(b-ok.cc).pdf
2018-11-24 09:47 - 2018-12-16 21:31 - 002783048 _____ C:\Users\Mortifer\Downloads\uTorrent.exe
2018-11-24 09:32 - 2018-11-24 09:32 - 003868890 _____ C:\Users\Mortifer\Downloads\318d75acd08e962f02cbdc9411500d62
2018-11-24 07:47 - 2018-11-24 07:47 - 000002295 _____ C:\Users\Mortifer\Desktop\Fortnite Installer.lnk
2018-11-24 07:32 - 2018-11-24 07:32 - 000002175 _____ C:\Users\Mortifer\Desktop\Snapchat.lnk
2018-11-24 07:30 - 2018-11-24 07:30 - 000003628 _____ C:\Windows\System32\Tasks\BlueStacksHelper
2018-11-24 07:27 - 2018-11-24 07:27 - 000001798 _____ C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-11-24 07:27 - 2018-11-24 07:27 - 000001774 _____ C:\Users\Mortifer\Desktop\BlueStacks.lnk
2018-11-24 07:26 - 2018-11-27 11:49 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\NVIDIA
2018-11-24 07:26 - 2018-11-24 07:26 - 000000000 ____D C:\ProgramData\BlueStacks
2018-11-24 07:26 - 2018-11-24 07:26 - 000000000 ____D C:\Program Files\BlueStacks
2018-11-24 07:25 - 2018-11-24 07:25 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Bluestacks
2018-11-24 07:24 - 2018-12-16 21:31 - 001583624 _____ C:\Users\Mortifer\Downloads\BlueStacks - CHIP-Installer.exe
2018-11-24 07:05 - 2018-11-24 07:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-11-24 07:03 - 2018-11-24 07:03 - 082654607 _____ C:\Users\Mortifer\Downloads\Snapchat_v10.45.6.0_apkpure.com.apk
2018-11-24 03:07 - 2018-12-17 00:27 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Allavsoft
2018-11-24 03:07 - 2018-11-24 03:07 - 000000000 ____D C:\Users\Mortifer\Documents\Allavsoft
2018-11-24 03:06 - 2018-11-24 03:06 - 000000931 _____ C:\Users\Public\Desktop\Allavsoft.lnk
2018-11-24 03:06 - 2018-11-24 03:06 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allavsoft
2018-11-23 13:32 - 2018-11-23 13:32 - 004486692 _____ C:\Users\Mortifer\Documents\Kurzanleitung+Springer+Professional.pdf
2018-11-23 12:34 - 2018-11-23 14:08 - 000000000 ____D C:\Users\Mortifer\Downloads\2252000
2018-11-23 12:10 - 2018-11-23 12:10 - 024054018 _____ C:\Users\Mortifer\Documents\Hacking mit Metasploit Das umfassende Handbuch zu Penetration Testing und Metasploit.pdf
2018-11-23 11:54 - 2018-11-23 11:54 - 005299903 _____ C:\Users\Mortifer\Documents\Intensivkurs Angriff und Verteidigung mit Python.pdf
2018-11-23 08:54 - 2018-11-23 08:54 - 000000000 ____D C:\Users\Mortifer\AppData\Local\CrashReportClient
2018-11-23 08:27 - 2018-11-23 08:27 - 019197014 _____ C:\Users\Mortifer\Desktop\lz.11.18.html
2018-11-23 06:32 - 2018-11-23 06:32 - 008954281 _____ C:\Users\Mortifer\Documents\Eldad_Eilam-Reversing__Secrets_of_Reverse_Engineering-Wiley(2005).pdf
2018-11-23 06:29 - 2018-11-23 06:29 - 006442047 _____ C:\Users\Mortifer\Documents\Chris Eagle-The IDA Pro book_ The unofficial guide to the world's most popular disassembler-No Starch Press (2011).pdf
2018-11-23 06:13 - 2018-11-23 06:13 - 002952430 _____ C:\Users\Mortifer\Downloads\mm-tools.pdf
2018-11-23 05:38 - 2018-11-23 05:38 - 002001053 _____ C:\Users\Mortifer\Downloads\odbg201h.zip
2018-11-23 02:55 - 2018-11-23 02:55 - 000000000 ____D C:\Users\Mortifer\Documents\My Games
2018-11-23 02:47 - 2018-11-23 02:47 - 000483486 _____ C:\Users\Mortifer\Downloads\21K Combo (User_User)Private by cosmos697.txt
2018-11-23 02:34 - 2018-12-16 21:31 - 008570917 _____ C:\Users\Mortifer\Downloads\combo_checker_v2.exe
2018-11-22 12:06 - 2018-11-22 12:06 - 009117698 _____ C:\Users\Mortifer\Downloads\dwt-3.2.0-cp27-win_x86.zip
2018-11-22 12:06 - 2018-11-22 12:06 - 000000000 ____D C:\Users\Mortifer\Downloads\dwt-3.2.0-cp27-win_x86
2018-11-22 05:23 - 2018-11-22 05:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ElevatedDiagnostics
2018-11-21 20:46 - 2018-11-22 11:35 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-21 18:15 - 2018-11-21 18:15 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Steam
2018-11-21 18:13 - 2018-11-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-21 18:12 - 2018-12-16 21:31 - 001615040 _____ C:\Users\Mortifer\Downloads\SteamSetup.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-12-17 13:17 - 2018-11-02 00:21 - 001837624 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-17 13:17 - 2018-11-02 00:07 - 000786554 _____ C:\Windows\system32\perfh007.dat
2018-12-17 13:17 - 2018-11-02 00:07 - 000168444 _____ C:\Windows\system32\perfc007.dat
2018-12-17 13:17 - 2018-11-02 00:03 - 000000000 ____D C:\Windows\INF
2018-12-17 13:13 - 2018-11-02 21:44 - 000000000 ____D C:\ProgramData\VMware
2018-12-17 13:13 - 2018-11-02 00:15 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-17 13:13 - 2018-11-02 00:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-17 13:13 - 2018-11-02 00:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-17 13:12 - 2018-11-02 00:00 - 000524288 _____ C:\Windows\system32\config\BBI
2018-12-17 12:57 - 2018-11-03 12:28 - 000000000 ____D C:\Users\Mortifer\AppData\Local\CrashDumps
2018-12-17 12:57 - 2018-11-02 22:15 - 000000000 ____D C:\Users\Mortifer\AppData\LocalLow\Mozilla
2018-12-17 12:50 - 2018-11-08 07:17 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Code
2018-12-17 11:17 - 2018-11-02 00:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-12-17 10:38 - 2018-11-02 07:37 - 000000000 ____D C:\ProgramData\VeraCrypt
2018-12-17 10:38 - 2018-11-02 07:17 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\VeraCrypt
2018-12-17 02:20 - 2018-11-02 00:01 - 000000000 ____D C:\Windows\CbsTemp
2018-12-17 01:32 - 2018-11-02 00:00 - 000000000 ____D C:\Windows\Panther
2018-12-17 00:30 - 2018-11-03 04:14 - 000000000 ____D C:\Program Files\Firefox Nightly
2018-12-17 00:30 - 2018-11-02 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-17 00:30 - 2018-11-02 01:25 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-17 00:28 - 2018-11-02 05:40 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\KeePass
2018-12-17 00:27 - 2018-11-02 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\VMware
2018-12-17 00:27 - 2018-11-02 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\VMware
2018-12-17 00:02 - 2018-11-02 00:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-12-16 23:41 - 2018-11-02 00:21 - 000000000 ____D C:\Users\Mortifer
2018-12-16 23:38 - 2018-11-02 00:04 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-16 21:31 - 2018-11-09 09:17 - 001172312 _____ C:\Users\Mortifer\Downloads\ChromeSetup.exe
2018-12-16 21:31 - 2018-11-09 04:04 - 001467240 _____ C:\Users\Mortifer\Downloads\novapdf.exe
2018-12-16 21:31 - 2018-11-09 01:37 - 004613992 _____ C:\Users\Mortifer\Downloads\npp.7.5.9.Installer.x64.exe
2018-12-16 21:31 - 2018-11-08 11:57 - 001028200 _____ C:\Users\Mortifer\Downloads\pdfelement6-pro_setup_full3010.exe
2018-12-16 21:31 - 2018-11-06 21:02 - 004912112 _____ C:\Users\Mortifer\Downloads\Diablo-III-Setup.exe
2018-12-16 21:31 - 2018-11-03 07:56 - 005604448 _____ C:\Users\Mortifer\Downloads\rcsetup153.exe
2018-12-16 21:31 - 2018-11-03 04:13 - 000326336 _____ C:\Users\Mortifer\Downloads\Firefox Installer.de.exe
2018-12-16 21:31 - 2018-11-02 17:53 - 002802664 _____ C:\Users\Mortifer\Downloads\officedeploymenttool_11023-33600.exe
2018-12-16 21:31 - 2018-11-02 12:04 - 007570120 _____ C:\Users\Mortifer\Downloads\setuphomebusinessretail.x64.de-de_.exe
2018-12-16 21:31 - 2018-11-02 05:34 - 003322624 _____ C:\Users\Mortifer\Downloads\KeePass-2.40-Setup.exe
2018-12-16 19:20 - 2018-11-16 22:09 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\TS3Client
2018-12-16 18:19 - 2018-11-03 04:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk
2018-12-16 17:55 - 2018-11-08 20:27 - 000000000 ____D C:\Program Files (x86)\CCEnhancer
2018-12-16 17:55 - 2018-11-02 06:02 - 000000000 ____D C:\Program Files\CCleaner
2018-12-16 17:44 - 2018-11-06 21:03 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Battle.net
2018-12-16 11:05 - 2018-11-02 00:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Packages
2018-12-16 01:32 - 2018-11-03 02:30 - 000000000 ____D C:\Users\Mortifer\AppData\Local\NVIDIA
2018-12-16 01:00 - 2018-11-08 07:17 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2018-12-16 00:17 - 2018-11-02 00:04 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-12-15 23:30 - 2018-11-07 17:34 - 000000000 ____D C:\Users\Mortifer\Documents\Data mining IoT
2018-12-15 22:07 - 2018-11-02 05:35 - 000031886 _____ C:\Users\Mortifer\Documents\Datenbank.kdbx
2018-12-15 16:43 - 2018-11-06 21:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-12-15 14:29 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\AppReadiness
2018-12-15 10:22 - 2018-11-07 12:50 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\vlc
2018-12-15 10:13 - 2018-11-02 00:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-14 08:15 - 2018-11-06 21:11 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-12-14 08:01 - 2018-11-02 18:07 - 000000000 ____D C:\Program Files\Microsoft Office
2018-12-12 09:44 - 2018-11-02 00:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-12 09:44 - 2018-11-02 00:23 - 000000000 ___RD C:\Users\Mortifer\3D Objects
2018-12-12 09:44 - 2018-11-02 00:14 - 000407544 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\TextInput
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\ShellComponents
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\bcastdvr
2018-12-12 04:18 - 2018-11-02 01:00 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 04:16 - 2018-11-02 01:00 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-11 03:21 - 2018-11-02 00:32 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-11 03:21 - 2018-11-02 00:14 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-12-10 21:22 - 2018-11-07 11:41 - 000000000 ____D C:\Users\Mortifer\Documents\css toolkit Projekt
2018-12-10 19:43 - 2018-11-03 07:58 - 000000000 ____D C:\Program Files\Recuva
2018-12-10 13:20 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\LiveKernelReports
2018-12-08 04:43 - 2018-11-03 02:28 - 000000000 ____D C:\Users\Mortifer\AppData\Local\UnrealEngine
2018-12-08 00:03 - 2018-11-15 23:32 - 000000000 ____D C:\Program Files\rempl
2018-12-03 11:56 - 2018-11-08 14:14 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-12-03 11:56 - 2018-11-08 14:14 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Wondershare
2018-12-03 05:42 - 2018-11-03 02:28 - 000000000 ____D C:\Users\Mortifer\AppData\Local\D3DSCache
2018-12-02 21:12 - 2018-11-02 06:02 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-12-01 05:01 - 2018-11-02 00:06 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-11-02 00:06 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-01 04:43 - 2018-11-02 06:02 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-01 04:43 - 2018-11-02 06:01 - 018174280 _____ (Piriform Software Ltd) C:\Users\Mortifer\Downloads\cctrialsetup.exe
2018-12-01 00:25 - 2018-11-03 11:02 - 000000000 ____D C:\Users\Mortifer\AppData\Local\calibre-cache
2018-12-01 00:25 - 2018-11-03 11:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\calibre
2018-11-27 15:34 - 2018-11-02 00:15 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-27 12:27 - 2018-11-03 02:51 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-11-27 11:50 - 2018-11-03 02:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-11-27 11:50 - 2018-11-02 00:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\VirtualStore
2018-11-27 11:50 - 2018-11-02 00:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-27 11:50 - 2018-11-02 00:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-27 11:43 - 2018-11-03 02:30 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-11-27 11:43 - 2018-11-03 02:27 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:43 - 2018-11-03 02:27 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:43 - 2018-11-03 02:27 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 08:18 - 2018-11-09 09:18 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-24 16:33 - 2018-11-02 00:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ConnectedDevicesPlatform
2018-11-22 12:08 - 2018-11-02 00:24 - 000000000 ___RD C:\Users\Mortifer\OneDrive
2018-11-22 11:55 - 2018-11-02 00:24 - 000000000 ____D C:\Users\Mortifer\AppData\Local\PlaceholderTileLogoFolder
2018-11-22 05:17 - 2018-11-03 02:28 - 000000000 ____D C:\ProgramData\Epic

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2018-12-11 17:01 - 2018-12-11 17:01 - 000000735 _____ () C:\Users\Mortifer\AppData\Local\recently-used.xbel
2018-11-07 05:56 - 2018-11-08 22:00 - 000007621 _____ () C:\Users\Mortifer\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-11-02 00:14

==================== Ende von FRST.txt ============================

korato 17.12.2018 13:40
Addition

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09.12.2018
durchgeführt von Mortifer (17-12-2018 13:28:16)
Gestartet von C:\Users\Mortifer\Desktop
Windows 10 Pro Version 1803 17134.471 (X64) (2018-11-01 23:17:06)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2411979688-3473291244-4169740345-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2411979688-3473291244-4169740345-503 - Limited - Disabled)
Gast (S-1-5-21-2411979688-3473291244-4169740345-501 - Limited - Disabled)
Mortifer (S-1-5-21-2411979688-3473291244-4169740345-1001 - Administrator - Enabled) => C:\Users\Mortifer
WDAGUtilityAccount (S-1-5-21-2411979688-3473291244-4169740345-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Active Directory Authentication Library für SQL Server (HKLM\...\{5AE8DFF5-F9A2-4B59-9875-45BFF82DC1DA}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Allavsoft 3.16.4.6855 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.59.30619 - Electronic Arts)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.32.57.2556 - BlueStack Systems, Inc.)
calibre (HKLM-x32\...\{DF1CF60D-3193-4602-970E-8B0D776D0E31}) (Version: 3.33.1 - Kovid Goyal)
CCEnhancer Version 4.5.3 (HKLM-x32\...\{D621766C-B5EC-42BD-9E10-774C02C17B44}_is1) (Version: 4.5.3 - SingularLabs)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Claws Mail (HKLM-x32\...\ClawsMail) (Version: 3.17.1-1 - claws-mail.org)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.01 - NVIDIA Corporation) Hidden
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.11 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gpg4win (3.1.5) (HKLM-x32\...\Gpg4win) (Version: 3.1.5 - The Gpg4win Project)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IDA Demo v7.2 (HKLM\...\IDA Demo_is1) (Version:  - Hex-Rays SA)
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
KeePass Password Safe 2.40 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.40 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.11029.20108 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{E9AD0F97-5DF2-4F5B-BC5B-F524D21BF165}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{33B8D051-4DF5-4103-8FDB-8663E468A204}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.30.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1089.1204 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM\...\{598EF772-9320-43B6-9D3C-A60A1F6A804E}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM-x32\...\{2773DECE-0FE5-4CA9-96A8-621E0185388F}) (Version: 15.0.600.33 - Microsoft Corporation)
Mozilla Firefox 60.3.0 ESR (x64 de) (HKLM\...\Mozilla Firefox 60.3.0 ESR (x64 de)) (Version: 60.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.3.3 - Mozilla)
Mozilla Thunderbird 60.3.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 60.3.3 (x86 de)) (Version: 60.3.3 - Mozilla)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Nightly 66.0a1 (x64 de) (HKLM\...\Nightly 66.0a1 (x64 de)) (Version: 66.0a1 - Mozilla)
Nmap 7.70 (HKLM-x32\...\Nmap) (Version: 7.70 - Nmap Project)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Npcap 0.99-r2 (HKLM-x32\...\NpcapInst) (Version: 0.99-r2 - Nmap Project)
NVIDIA 3D Vision Controller-Treiber 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 417.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 417.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.01 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.31.17411 - Electronic Arts, Inc.)
Paket zur Festlegung von "Doc Redirected"-Zielversionen von Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM-x32\...\{5B970BE4-A2F2-41BD-8B91-FEA8DAA1DB9B}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Pale Moon 28.1.0 (x64 en-US) (HKLM\...\Pale Moon 28.1.0 (x64 en-US)) (Version: 28.1.0 - Moonchild Productions)
ProtonVPN (HKLM-x32\...\{ED11FFD4-61B3-4329-870E-8F4DAC7D5A0D}) (Version: 1.6.4 - ProtonVPN AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.6.4) (Version: 1.6.4 - ProtonVPN AG)
ProtonVPNTap (HKLM-x32\...\{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 - ProtonVPN AG)
Python 2.7.13 (64-bit) (HKLM\...\{4A656C6C-D24A-473F-9747-3A8D00907A04}) (Version: 2.7.13150 - Python Software Foundation)
Python 3.6.5 (Anaconda3 5.2.0 64-bit) (HKLM\...\Python 3.6.5 (Anaconda3 5.2.0 64-bit)) (Version: 5.2.0 - Anaconda, Inc.)
Python 3.6.6 (64-bit) (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation)
Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A9DED8BE-05DF-45D5-81A0-3743A44CC0C9}) (Version: 3.6.6386.0 - Python Software Foundation)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.1031.102917 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SDK ARM Additions (HKLM-x32\...\{346B2C02-CC0D-6E09-8B9D-CAA2821473CF}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{825784BB-114D-ADB3-B65F-E1EB2A63C3BC}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SearchDiggity (HKLM-x32\...\{32593C5B-EEAD-49F1-8968-211C5C311072}) (Version: 3.1.0 - Bishop Fox)
Simple DNSCrypt (HKLM-x32\...\{DA89A82E-D909-41F5-AB28-7E5F612DC386}) (Version: 0.5.8 - bitbeans)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
Thunder Master v3.2 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 3.2.0.0 - Palit Microsystems Ltd.)
TP-Link Archer T4U Driver (HKLM-x32\...\{4805DC86-DEBF-4A5C-B9C4-291FA6441548}) (Version: 2.1.0 - TP-Link)
TP-Link Wireless Adapter WPS Tool (HKLM-x32\...\{685EFF87-B126-49E4-8213-70C56625C5B5}) (Version: 1.0.0.1 - TP-Link)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{BA6F1D53-C3F2-F9D5-80CE-CEF608E36AD3}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{6E43CA0C-046E-4F38-A0A2-3B1BA139B661}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{77B667B9-36B3-4712-AD45-28EA1A278D8B}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.23 - IDRIX)
Visual Studio Community 2017 (HKLM-x32\...\47418da4) (Version: 15.9.28307.222 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VMware Workstation (HKLM\...\{A6D7B449-8F4F-4FA9-B80A-101345AA998A}) (Version: 15.0.0 - VMware, Inc.)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
WinRAR 5.61 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.8.6) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.8.6.4121 - Wondershare Software Co.,Ltd.)
Word_Add_In_Microsoft_Programmierer (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\03B29BC83A87B7C74EBC6B73E82B25E3D70320ED) (Version: 1.0.0.7 - Raimund Popp CodeDocu.com)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Progs\Notepad++\NppShell_06.dll [2018-10-14] ()
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-11-13] (g10 Code GmbH)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\VMware Workstation\Workstation\vmdkShellExt.dll [2018-09-19] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\VMware Workstation\Workstation\x64\vmdkShellExt64.dll [2018-09-19] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-11-13] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-11-16] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07865D17-69CD-4D0E-B9AD-85391050CBAA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {17A69A16-C0BF-458F-985A-4AE024BD2444} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {1ADDE1A7-0C52-4FD6-8F29-CB558A8245BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {256638C0-7A6D-4A69-8279-769B29806EFA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {32CE7343-0ED8-42A4-BB48-3F52FDC0A3F2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {58BABD45-3914-4D28-BD57-4CB80ABC32DD} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {62AC5E09-A222-459F-A978-DEA6ECA1BA5D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {653D4761-0C64-4DC3-8534-814BE6C73AEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-16] ()
Task: {6E2E8B51-BA69-44C4-BDA5-5A9E021DC0F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {7D1C3C96-A69B-4525-AB06-6DCD11D1332F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {8267A650-DF0F-471D-AE12-C00DCCB244EB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-16] ()
Task: {833EB10E-8DAC-4F71-8573-2C960BB2872F} - System32\Tasks\ThunderMaster => C:\Program Files (x86)\Thunder Master\THPanel.exe [2017-07-24] (Palit Microsystems Ltd.)
Task: {839B7A67-16B2-4E7E-B78B-43030DF5BC6A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-12-16] ()
Task: {8EFC613D-66EC-4655-8F91-E4230363703A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {98874578-7805-4E67-85D1-9FB20CFA864E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-16] (AVAST Software)
Task: {9E4A04FB-A6A0-40A5-A872-43A2289BB205} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-16] ()
Task: {9F220C7A-5584-4CB0-B1F1-4E2533A5F38A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-16] ()
Task: {A78B8817-4CE4-44F4-9B03-BF8B4D48E13D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {A7ADACC7-01DC-4283-82C7-FBEEBAB8CE45} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {B083DEFD-5961-460A-A023-DB1FBEF6F5AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-02] (Microsoft Corporation)
Task: {BA573C9B-2CB6-41D5-8991-98203A8AE63F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-12-16] ()
Task: {C5560092-2626-4106-86B5-C0D5C57C5A84} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {D5246B66-6578-4ECC-B3DE-19B61C66D1E1} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2411979688-3473291244-4169740345-1001 => C:\Users\Mortifer\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E4AFA1C8-73D7-4F5D-8A57-0D5185DACE3D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-12-16] ()
Task: {F34ADCBB-F0B2-41AE-AFFB-19274ED9FD0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-02] (Microsoft Corporation)
Task: {F3D31349-9AEE-4EAA-ACFD-C959BF9505F3} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [2018-12-16] ()
Task: {F41B1E29-4281-4128-8C00-6667C872E846} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {FD190C35-EFAC-490F-ABE3-28A5E970175C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk -> C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 ____N () C:\Windows\SYSTEM32\inputhost.dll
2018-07-09 18:23 - 2018-07-09 18:23 - 005389968 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2018-11-03 02:27 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-11-04 19:04 - 2018-02-07 19:06 - 000059232 _____ () C:\Windows\runSW.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2018-11-11 22:28 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-11 22:28 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-10-17 13:46 - 2018-10-17 13:46 - 000038664 _____ () C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
2018-08-17 06:50 - 2018-08-17 06:50 - 000300032 _____ () C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\firewall.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 04:11 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-14 19:45 - 2018-10-14 19:45 - 000230064 _____ () D:\Progs\Notepad++\NppShell_06.dll
2018-09-19 04:18 - 2018-09-19 04:18 - 015445936 _____ () D:\VMware Workstation\Workstation\vmware-hostd.exe
2018-10-29 10:19 - 2018-10-29 10:19 - 000281840 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2018-12-12 04:11 - 2018-12-08 08:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-02 00:41 - 2018-11-02 00:42 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-10-29 10:19 - 2018-10-29 10:19 - 000303344 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
2018-12-08 00:03 - 2018-12-08 00:03 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-08 00:03 - 2018-12-08 00:03 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 17:24 - 2018-04-12 17:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 20:46 - 2018-11-29 20:46 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-08 00:03 - 2018-12-08 00:03 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-08 00:03 - 2018-12-08 00:03 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000038400 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\SourceAppService.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000205312 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\FFmpegInterop.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000747520 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\avcodec-58_ms.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000317440 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\avformat-58_ms.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\avutil-56_ms.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000174592 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\swresample-3_ms.dll
2018-11-15 18:49 - 2018-11-15 18:49 - 000721408 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.12902.0_x64__8wekyb3d8bbwe\swscale-5_ms.dll
2018-09-19 04:12 - 2018-09-19 04:12 - 000091568 _____ () D:\VMware Workstation\Workstation\zlib1.dll
2018-09-19 04:18 - 2018-09-19 04:18 - 002035120 _____ () D:\VMware Workstation\Workstation\libxml2.dll
2018-11-03 02:27 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-09-19 04:18 - 2018-09-19 04:18 - 000141744 _____ () D:\VMware Workstation\Workstation\expat.dll
2018-11-25 01:35 - 2018-10-29 10:15 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-11-25 01:35 - 2018-10-29 10:15 - 000179952 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-11-25 01:35 - 2018-10-10 04:57 - 000206576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativePhilipsHueWrapper.dll
2018-11-25 01:35 - 2018-10-29 10:16 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-11-25 01:35 - 2018-10-26 13:21 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-11-25 01:35 - 2018-10-29 10:12 - 000354544 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AudioPlayer.dll
2018-11-25 01:35 - 2018-10-29 10:12 - 000135408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-11-25 01:35 - 2018-10-26 13:21 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-11-25 01:35 - 2018-10-26 13:21 - 000344816 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-11-25 01:35 - 2018-10-26 13:22 - 000260336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-11-25 01:35 - 2018-10-29 10:15 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-11-25 01:35 - 2018-10-09 21:28 - 000631536 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DeviceStatus.dll
2018-11-25 01:35 - 2018-10-09 21:28 - 000332016 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DriverMode.dll
2018-10-29 10:12 - 2018-10-29 10:12 - 000361712 _____ () C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKLM\...\exefile\shell\open\command:  <==== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\localhost -> localhost

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2018-11-02 00:04 - 2018-11-22 12:08 - 000003907 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mortifer\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\18469-aurora-borealis-over-hammerfest-1920x1200-world-wallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "Synapse3"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

10-12-2018 09:43:05 Windows Modules Installer
11-12-2018 20:41:20 Installed ProtonVPN
15-12-2018 02:37:00 Installed Python 3.2.2 (64-bit)
16-12-2018 23:33:07 Visual Studio Community 2017 wird installiert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/17/2018 09:57:49 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-HP1IRVV)
Description: httphttp-2147467263

Error: (12/17/2018 09:49:36 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-HP1IRVV)
Description: httphttp-2147467263

Error: (12/17/2018 07:10:54 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-HP1IRVV)
Description: httphttp-2147467263

Error: (12/17/2018 06:51:56 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-HP1IRVV)
Description: httphttp-2147467263

Error: (12/17/2018 06:33:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdgeSH.exe, Version: 11.0.17134.1, Zeitstempel: 0x6b6a1aef
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.17134.407, Zeitstempel: 0x731653ad
Ausnahmecode: 0xc0000602
Fehleroffset: 0x0000000000092998
ID des fehlerhaften Prozesses: 0x38c0
Startzeit der fehlerhaften Anwendung: 0x01d495ca0d2c0434
Pfad der fehlerhaften Anwendung: C:\Windows\system32\MicrosoftEdgeSH.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\combase.dll
Berichtskennung: 095f90f6-d804-42bc-af45-480094ea3d38
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (12/17/2018 06:33:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdgeSH.exe, Version: 11.0.17134.1, Zeitstempel: 0x6b6a1aef
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.17134.407, Zeitstempel: 0x731653ad
Ausnahmecode: 0xc0000602
Fehleroffset: 0x0000000000092998
ID des fehlerhaften Prozesses: 0x2538
Startzeit der fehlerhaften Anwendung: 0x01d495c9fb8b23d1
Pfad der fehlerhaften Anwendung: C:\Windows\system32\MicrosoftEdgeSH.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\combase.dll
Berichtskennung: 5034aecb-a094-46e3-a395-44523bd90625
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (12/17/2018 06:32:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdgeSH.exe, Version: 11.0.17134.1, Zeitstempel: 0x6b6a1aef
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.17134.407, Zeitstempel: 0x731653ad
Ausnahmecode: 0xc0000602
Fehleroffset: 0x0000000000092998
ID des fehlerhaften Prozesses: 0x444
Startzeit der fehlerhaften Anwendung: 0x01d495c9ed857da6
Pfad der fehlerhaften Anwendung: C:\Windows\system32\MicrosoftEdgeSH.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\combase.dll
Berichtskennung: a284de98-36cc-452b-84ff-207319e89737
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (12/17/2018 06:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdgeSH.exe, Version: 11.0.17134.1, Zeitstempel: 0x6b6a1aef
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.17134.407, Zeitstempel: 0x731653ad
Ausnahmecode: 0xc0000602
Fehleroffset: 0x0000000000092998
ID des fehlerhaften Prozesses: 0x3f1c
Startzeit der fehlerhaften Anwendung: 0x01d495c892fcf1fc
Pfad der fehlerhaften Anwendung: C:\Windows\system32\MicrosoftEdgeSH.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\combase.dll
Berichtskennung: 38094b6c-2ece-4304-978a-ebb2fd76edc8
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge


Systemfehler:
=============
Error: (12/17/2018 01:23:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HP1IRVV)
Description: Der Server "XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX9v491rntc114gd4rhkbmzrsqkaj04tt3.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/17/2018 01:15:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/17/2018 01:15:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (12/17/2018 01:14:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Defender Antivirus Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Die digitale Signatur dieser Datei kann nicht überprüft werden. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um böswillige Software aus einer unbekannten Quelle handelt, installiert.

Error: (12/17/2018 01:13:39 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HP1IRVV)
Description: Ein DCOM-Server konnte nicht gestartet werden: XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX559n63yb6s27psgjf2h1zbhpvwdswf46.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"0"
Aufgetreten beim Start dieses Befehls:
"C:\Windows\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXz2zxkdmw4wwcwh41me91q40p6xy5v793.mca

Error: (12/17/2018 01:13:39 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HP1IRVV)
Description: Ein DCOM-Server konnte nicht gestartet werden: XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppXd76em2g4mkahvna91b70wzfmvdn9m9hk.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"298"
Aufgetreten beim Start dieses Befehls:
"C:\Windows\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXz2zxkdmw4wwcwh41me91q40p6xy5v793.mca

Error: (12/17/2018 01:13:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HP1IRVV)
Description: Der Server "XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX9v491rntc114gd4rhkbmzrsqkaj04tt3.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/17/2018 01:13:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinDefend" wurde aufgrund folgenden Fehlers nicht gestartet:
Die digitale Signatur dieser Datei kann nicht überprüft werden. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um böswillige Software aus einer unbekannten Quelle handelt, installiert.


Windows Defender:
===================================
Date: 2018-12-16 17:56:00.933
Description:
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.733.0, AS: 1.283.733.0, NIS: 1.283.733.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 17:55:27.574
Description:
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.733.0, AS: 1.283.733.0, NIS: 1.283.733.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 11:23:29.258
Description:
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.684.0, AS: 1.283.684.0, NIS: 1.283.684.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 11:22:54.882
Description:
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.684.0, AS: 1.283.684.0, NIS: 1.283.684.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-15 16:41:57.480
Description:
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.652.0, AS: 1.283.652.0, NIS: 1.283.652.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 17:56:00.703
Description:
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden.
Signaturversion: AV: 1.283.733.0, AS: 1.283.733.0, NIS: 1.283.733.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 11:23:29.045
Description:
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden.
Signaturversion: AV: 1.283.684.0, AS: 1.283.684.0, NIS: 1.283.684.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-15 16:41:57.255
Description:
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden.
Signaturversion: AV: 1.283.652.0, AS: 1.283.652.0, NIS: 1.283.652.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-11 01:51:23.876
Description:
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\explorer.exe
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden.
Signaturversion: AV: 1.283.262.0, AS: 1.283.262.0, NIS: 1.283.262.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-02 21:15:11.698
Description:
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.281.1155.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.15400.5
Fehlercode: 0x80240438
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

CodeIntegrity:
===================================

Date: 2018-12-17 13:24:19.690
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:24:19.404
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:16:30.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:16:29.952
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:16:29.884
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:16:22.584
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:16:22.579
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 13:14:21.801
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 16345.51 MB
Verfügbarer physikalischer RAM: 12952.18 MB
Summe virtueller Speicher: 25561.51 MB
Verfügbarer virtueller Speicher: 20668.44 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:93.81 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:164.24 GB) NTFS

\\?\Volume{44a6bf94-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.54 GB) (Free:0.13 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 44A6BF94)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 281FAE7C)

Partition: GPT.

==================== Ende von Addition.txt ============================
Solltest noch irgend welche Scans sehen wollen bitte bescheid geben.

cosinus 17.12.2018 14:01
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Spybot - Search & Destroy

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

korato 17.12.2018 14:56
Habe nun Spybot search&destroy mit dem Revo Uninstaller wie beschrieben Deinstalliert.

Folgende Probleme sind noch vorhanden.
Windows Defender wird nicht in der Symbolleiste angezeit, und wenn ich im Security Center auf Vieren und Bedrohungsschutz klicke, kommt die Fehlermeldung das mein It Administrator die Zugriffsrechte eingeschränkt hat. Ressource nicht verfügbar.

Ihr Profil Firefox kann nicht geladen werden, es ist möglicherweise nicht vorhanden.
Zugriff nicht möglich.

Mbam Scan findet immer noch Virus Neshta im folgenden Pfad --> C:\Windows\SVHost.com


Code:
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 17.12.18
Scan-Zeit: 14:34
Protokolldatei: 6e53fd3a-0200-11e9-87fd-002522b0a413.json

-Softwaredaten-
Version: 3.6.1.2711
Komponentenversion: 1.0.482
Version des Aktualisierungspakets: 1.0.8357
Lizenz: Premium in der Toleranzperiode

-Systemdaten-
Betriebssystem: Windows 10 (Build 17134.471)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-HP1IRVV\Mortifer

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 356675
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 2 Min., 48 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
Trojan.Agent.SVC.Generic, C:\WINDOWS\SVCHOST.COM, Löschen bei Neustart, [6292], [384897],1.0.8357

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
Wie sollte ich nun weiter verfahren ?

cosinus 17.12.2018 15:03
Schädlinge suchen mit Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

korato 17.12.2018 15:27
TDSSKILLER REPORT


Code:
15:13:14.0942 0x241c  TDSS rootkit removing tool 3.1.0.24 Dec  3 2018 16:46:46
15:13:24.0475 0x241c  ============================================================
15:13:24.0475 0x241c  Current date / time: 2018/12/17 15:13:24.0475
15:13:24.0475 0x241c  SystemInfo:
15:13:24.0476 0x241c 
15:13:24.0476 0x241c  OS Version: 10.0.17134 ServicePack: 0.0
15:13:24.0476 0x241c  Product type: Workstation
15:13:24.0476 0x241c  ComputerName: DESKTOP-HP1IRVV
15:13:24.0476 0x241c  UserName: Mortifer
15:13:24.0476 0x241c  Windows directory: C:\Windows
15:13:24.0476 0x241c  System windows directory: C:\Windows
15:13:24.0476 0x241c  Running under WOW64
15:13:24.0476 0x241c  Processor architecture: Intel x64
15:13:24.0476 0x241c  Number of processors: 4
15:13:24.0476 0x241c  Page size: 0x1000
15:13:24.0476 0x241c  Boot type: Normal boot
15:13:24.0476 0x241c  CodeIntegrityOptions = 0x00000001
15:13:24.0476 0x241c  ============================================================
15:13:24.0598 0x241c  KLMD registered as C:\Windows\system32\drivers\44673464.sys
15:13:24.0598 0x241c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 17134.1, osProperties = 0x19
15:13:24.0675 0x241c  System UUID: {86F6EB73-2C9A-295C-F926-6CC91F462799}
15:13:24.0877 0x241c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:24.0902 0x241c  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:24.0915 0x241c  ============================================================
15:13:24.0915 0x241c  \Device\Harddisk0\DR0:
15:13:24.0916 0x241c  MBR partitions:
15:13:24.0916 0x241c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x112800
15:13:24.0916 0x241c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x113000, BlocksNum 0x1D0B2000
15:13:24.0916 0x241c  \Device\Harddisk1\DR1:
15:13:24.0916 0x241c  GPT partitions:
15:13:24.0917 0x241c  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7979C9F8-4475-4836-890B-B156EA2B5658}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x3A385000
15:13:24.0917 0x241c  MBR partitions:
15:13:24.0917 0x241c  ============================================================
15:13:24.0918 0x241c  C: <-> \Device\Harddisk0\DR0\Partition2
15:13:24.0934 0x241c  D: <-> \Device\Harddisk1\DR1\Partition1
15:13:24.0934 0x241c  ============================================================
15:13:24.0934 0x241c  Initialize success
15:13:24.0934 0x241c  ============================================================
15:15:07.0589 0x2a20  ============================================================
15:15:07.0589 0x2a20  Scan started
15:15:07.0589 0x2a20  Mode: Manual; SigCheck; TDLFS;
15:15:07.0589 0x2a20  ============================================================
15:15:07.0589 0x2a20  KSN ping started
15:15:07.0655 0x2a20  KSN ping finished: true
15:15:08.0556 0x2a20  ================ Scan BIOS =================================
15:15:08.0557 0x2a20  BIOS info: vendor = American Megatrends Inc., version = P3.10, releaseDate = 04/24/2012
15:15:08.0557 0x2a20  Base board info: manufacturer = ASRock, product = P67 Extreme4, version =                     
15:15:10.0070 0x2a20  [ 80002D18154FF2C51DA587A70C6696BF, 8D3C05D70BB6968EAF345B43458100A2056981A2AEE13C0BB05E40AC99ABD5F2 ] BIOS
15:15:10.0603 0x2a20  BIOS - ok
15:15:10.0605 0x2a20  ================ Scan system memory ========================
15:15:10.0607 0x2a20  System memory - ok
15:15:10.0609 0x2a20  ================ Scan services =============================
15:15:10.0655 0x2a20  [ 4B45A2D37CCE3CC0F161B7C7286081A6, DF4EBAA12E083AE45411AABD3EDE916E2CC6963FBA664861AC9B2351B5E042DC ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
15:15:10.0703 0x2a20  1394ohci - ok
15:15:10.0708 0x2a20  [ F5E5BA493B7C497F1F769942E2EA4CE2, 4AD54DA24142BCE49FB64CFF2CB28764FAA93827E7DB02925090B68F8C73B1FB ] 3ware          C:\Windows\system32\drivers\3ware.sys
15:15:10.0723 0x2a20  3ware - ok
15:15:10.0738 0x2a20  [ CA51BB1B81F97E896E116C839B92D9D8, 09F73D8FB93EA524D3C9A9C264F62340560DC7042589597A318626A0A198F91F ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:15:10.0762 0x2a20  ACPI - ok
15:15:10.0766 0x2a20  [ 75795E4B19BB3ED8D3C25A17CD15DC30, 22A13064E0B472A0A2258D61A889B73EE3F537DA7796CCE39DF973AFA8FA1567 ] AcpiDev        C:\Windows\System32\drivers\AcpiDev.sys
15:15:10.0782 0x2a20  AcpiDev - ok
15:15:10.0787 0x2a20  [ DDA0FC1400A24988A7D3E746AEDF2C0F, 3A703A204FDE46C67017C274CA1F50F591D909EE182A82697E89442D4A5569CE ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
15:15:10.0801 0x2a20  acpiex - ok
15:15:10.0804 0x2a20  [ 1F2EC25DA23D1DF3ADA12FE5A26D321C, B165D72949E43F04312C95BF0FF5C25CFE5CA0CDF43415E01AB2B1550D06C737 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
15:15:10.0831 0x2a20  acpipagr - ok
15:15:10.0835 0x2a20  [ 6AFFD57803BBB6FBCB483F983900A5C4, A3A87984E70C8B47F919D2633E6378F3AACCBF3E74DB3B35BB2E15D036DB36E2 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
15:15:10.0849 0x2a20  AcpiPmi - ok
15:15:10.0853 0x2a20  [ 0FC8673FAFC7D78C1CDC000F892CAC64, 33FB109ABD18FBF4DA5047BAA9FAF63E88D5BA1826442DB02F9130DAD11D15F2 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
15:15:10.0866 0x2a20  acpitime - ok
15:15:10.0890 0x2a20  [ A3D4CF2F3A433BE18CD4AD3E6665DC63, 9D62A7E2DDA15B2E75490CCB9C8E10A41030F496A93631EDED5F1003DF368290 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
15:15:10.0938 0x2a20  ADP80XX - ok
15:15:10.0955 0x2a20  [ 4DCCC3E02A22ED4A4ADB11386F226071, 40BB183049DE3ADCC7A5B1B269620C8534291BB7A956157434C857DE249559EE ] AFD            C:\Windows\system32\drivers\afd.sys
15:15:10.0979 0x2a20  AFD - ok
15:15:10.0983 0x2a20  [ F267095A11A461BEF39FB180750BE801, CF90798C46892FF5225155D2C7BCC469A4A631E22919CBEDA2F4FEEF4F05E301 ] afunix          C:\Windows\system32\drivers\afunix.sys
15:15:11.0001 0x2a20  afunix - ok
15:15:11.0009 0x2a20  [ 0CD0F0C62414217DE9EA7EC8D425277E, FD211157B85B841D0C94B36776572FADC7425F1B0B49EACC910D3E175208A7EC ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
15:15:11.0030 0x2a20  ahcache - ok
15:15:11.0034 0x2a20  [ 2BF4DA8EC5F1A0D88D2DDE1E6821076B, B9F4D499DB4CB91576ACE4847B96F2FC770B9BCC223B5E2261B2DEC22D7651E7 ] AJRouter        C:\Windows\System32\AJRouter.dll
15:15:11.0051 0x2a20  AJRouter - ok
15:15:11.0056 0x2a20  [ 9E9D78D1C179EB2E3E2282A1DC409D93, EA7486B4425A87FDDD60542AAF0812A8DB868F569886B894883702B362A05D2C ] ALG            C:\Windows\System32\alg.exe
15:15:11.0075 0x2a20  ALG - ok
15:15:11.0081 0x2a20  [ 6DF48AD26E6285FB137F11328B64A376, 76FF9A753C262065E819E862E7950127472C5E6AB7E97B57977C6DCE6180760A ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
15:15:11.0100 0x2a20  AmdK8 - ok
15:15:11.0107 0x2a20  [ D8804032BCDE4077A6D8D431D12AC6CC, F017A3FEAB2919A9662A9BFEF31AE7B7EC19F1136C9D0DC6C48A415B540A8062 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
15:15:11.0125 0x2a20  AmdPPM - ok
15:15:11.0129 0x2a20  [ A88F5E24B65228FB25F2051B3408A0E4, C124B486839EA15D6806EB51E91EBF99401CD7D226541320A7A4934A8477DCEF ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:15:11.0142 0x2a20  amdsata - ok
15:15:11.0149 0x2a20  [ AECD39E51DABC2BF045B2857F02FA2BD, 83E2AC3200B6EA1586E4E0204D81CEAF303D7C9EBE7E5D1273A41A4EC1390E56 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:15:11.0166 0x2a20  amdsbs - ok
15:15:11.0170 0x2a20  [ B4CC9943230CAEB05B46CC30C220E141, 013716E6911136EB0916A1D592198DD7953800549DA0C885093D2BA3CC9BA2A7 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:15:11.0181 0x2a20  amdxata - ok
15:15:11.0188 0x2a20  [ C3ECF8840E4EAF09A4F2AE0174D6F36A, F810A2158FAA4C6B086259125691E163696C67698BD447FE403E740131815F0B ] AppID          C:\Windows\system32\drivers\appid.sys
15:15:11.0200 0x2a20  AppID - ok
15:15:11.0205 0x2a20  [ F1A04835C7FA75C8215961C1095D5EBF, 45D153404E601C0CE247058B78F328DD9F7F4F6A9480132F7CE6D9A7092F63CF ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:15:11.0222 0x2a20  AppIDSvc - ok
15:15:11.0228 0x2a20  [ 48EA4B4CCC920D130529A1EF85388B6A, 31F69543682E70DF0A6B2A70FC7553ECEE643C554E7F8FF18A2DD09359360F8E ] Appinfo        C:\Windows\System32\appinfo.dll
15:15:11.0253 0x2a20  Appinfo - ok
15:15:11.0257 0x2a20  [ 769316CA5884FBBD02D45C28FE105922, 117168BFB2D8DBF1258EBA53DCE09E74000B35B7B7460251B4C46BDB9CEA709A ] applockerfltr  C:\Windows\system32\drivers\applockerfltr.sys
15:15:11.0272 0x2a20  applockerfltr - ok
15:15:11.0279 0x2a20  [ 78548DB096DA7BA26BAA318FE9B0CEC1, 7B8D29C457B8677E3D4FAF0C070C373CD937E852BE28C1A8313E3E9448621E8D ] AppMgmt        C:\Windows\System32\appmgmts.dll
15:15:11.0298 0x2a20  AppMgmt - ok
15:15:11.0313 0x2a20  [ 636575088044E7271088BB8CFA382B45, DCD2CAD626E66AF98D31B9339A4A92FD94E99F335B48649529AC327B7AF52B9A ] AppReadiness    C:\Windows\system32\AppReadiness.dll
15:15:11.0348 0x2a20  AppReadiness - ok
15:15:11.0366 0x2a20  [ 39C180F07B002F3EE652E259F16547B4, 00A013D75BEFF21E85EFF53E026E68D562501C91ED117D8404D0AE14F6F962CA ] AppVClient      C:\Windows\system32\AppVClient.exe
15:15:11.0399 0x2a20  AppVClient - ok
15:15:11.0405 0x2a20  [ 5CD58F779237F533D5F30C294DA04C0E, 3CFEF499310AC6444369A06E604B6335D3329E1AB6E4EFBCD09BB7CA8440BB3E ] AppvStrm        C:\Windows\system32\drivers\AppvStrm.sys
15:15:11.0419 0x2a20  AppvStrm - ok
15:15:11.0425 0x2a20  [ A4354E3EF779E4CDC6C9D705FFBD3652, BBF11800EE6014E77C1BAA8FBFE8F551338420384E72C69579A0E8690B585D46 ] AppvVemgr      C:\Windows\system32\drivers\AppvVemgr.sys
15:15:11.0438 0x2a20  AppvVemgr - ok
15:15:11.0444 0x2a20  [ 467021D15ED33D9B8CD313C7631A89B6, 18703DBB3EF3192EDFEC4A64B2BA49CBD7197B1B181C991397A2626171E22331 ] AppvVfs        C:\Windows\system32\drivers\AppvVfs.sys
15:15:11.0457 0x2a20  AppvVfs - ok
15:15:11.0517 0x2a20  [ 16E7961A046F362D8A74EF5E32ECFD93, BC09A51B414F0424FA59D7EE32973D81A5F690A5217EF36B26849D1240F5D974 ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
15:15:11.0623 0x2a20  AppXSvc - ok
15:15:11.0631 0x2a20  [ 013E057DF3D13A4462AD912D7732E7E0, 7C89AD5799091D17EAED682058559DBAE882D0E18C347B5AECE7BCCFD0E2D21C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:15:11.0645 0x2a20  arcsas - ok
15:15:11.0654 0x2a20  [ 9EDC7F9BB19D3F12EB05437BD5687C8A, 182772D576C3C8A9CFDADE7F75A14DD0639C0DF5C3C345F158C2DE51708A2F76 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:15:11.0667 0x2a20  aspnet_state - ok
15:15:11.0681 0x2a20  [ 44EDBC9E6F5823D2F529113C26368A9E, DD8739523C24078B90E9B00C994C1A7793539E4C945A1F728828F48ACE608005 ] AssignedAccessManagerSvc C:\Windows\System32\assignedaccessmanagersvc.dll
15:15:11.0712 0x2a20  AssignedAccessManagerSvc - ok
15:15:11.0716 0x2a20  [ B25ACCD9BE5F5798E9DD8FFB04D7BE4C, 87577AD2E4A47518B8101C67F1025CB3CD2ABBA678774A5926192FCD56EF1350 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
15:15:11.0733 0x2a20  AsyncMac - ok
15:15:11.0737 0x2a20  [ 90AB4ED8EBD72A1C096A40CC35404B91, C343466D439552D154BBD1A5F9D391CDD3FA298A712594EA27C3049E3516D1AF ] atapi          C:\Windows\system32\drivers\atapi.sys
15:15:11.0748 0x2a20  atapi - ok
15:15:11.0762 0x2a20  [ 40037D813ADD64CF1486B8D278EBDC97, 8C1EF8BB5D9F4E76010E38703F12F8609F907CFA99B9AB63920AF1D29FA7913E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
15:15:11.0794 0x2a20  AudioEndpointBuilder - ok
15:15:11.0828 0x2a20  [ E8809785AC2D25D668683CD87E9A3D09, D57E5835745D4CFEB7139209A6768B1444DEAD062BFE44283B3436E08E8A36A4 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:15:11.0888 0x2a20  Audiosrv - ok
15:15:11.0895 0x2a20  [ D7BFD86F7A9ABE39351199869D093110, 90BB2C0A8185D3982FEFAC7C1E18783AF949EBECA3B9E44DCF89E2FD5FD6AA0C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:15:11.0911 0x2a20  AxInstSV - ok
15:15:11.0924 0x2a20  [ F10E4C9444A9FC6DCBAB2C42F6999FA1, 4238B6DD49CBADFE2C737AC1B211AE045F458DDF1693EE54608455C1ECE1BCCA ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
15:15:11.0946 0x2a20  b06bdrv - ok
15:15:11.0951 0x2a20  [ 982FAA5686F67BFEF3E6094705C2621F, 02456312B0FD0ABE7B7EEC0FB385268AF34DDB5F13AF934F96FCA7C32EA51447 ] bam            C:\Windows\system32\drivers\bam.sys
15:15:11.0962 0x2a20  bam - ok
15:15:11.0967 0x2a20  [ FA4973E379E872C61D0CF4E39F807833, 3320FAB0CF16BB1ABBBA222CC31D20B5AC7A4259DE4323B109A8F2FECC28C8A4 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
15:15:11.0981 0x2a20  BasicDisplay - ok
15:15:11.0986 0x2a20  [ F024B80EA0076A318598DAB795F9C3D0, 6225A5FCD2B750A0E4FFFCCB1CDF49BAA7809A4B4AD7AB625A585CF4971CDE25 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
15:15:12.0000 0x2a20  BasicRender - ok
15:15:12.0028 0x2a20  [ 7AA59719295A0A30F81270E7254111C5, 5AB8DAA4B9FC55CEA26C736239315F793ED78388E5884B5169AD29FB7ABAE884 ] BcastDVRUserService C:\Windows\System32\BcastDVRUserService.dll
15:15:12.0081 0x2a20  BcastDVRUserService - ok
15:15:12.0088 0x2a20  [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
15:15:12.0103 0x2a20  bcmfn2 - ok
15:15:12.0113 0x2a20  [ E3C52508E764B710C6EC9C7E06E5966A, 1D8DDE92918C17C405C462A19456DFA1BD62EE9DF45E182921E22A1031C89734 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:15:12.0138 0x2a20  BDESVC - ok
15:15:12.0142 0x2a20  [ 9B068DF7B7B3DDF768D06DFD69B49FD0, DC2CD3A70506AEB1BCEB207A9B06657806E72C5432FA605FF9C6F11516F38132 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:15:12.0158 0x2a20  Beep - ok
15:15:12.0284 0x2a20  [ F2D4E303911F24F44443A524AD804A76, D46CB32AF3D9A56DCF756B29AA33C47E173BD8F884619E2AD50F9F776589525E ] BEService      C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
15:15:12.0489 0x2a20  BEService - detected UnsignedFile.Multi.Generic ( 1 )
15:15:12.0573 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:12.0633 0x2a20  BEService ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:12.0633 0x2a20  Force sending object to P2P due to detect: BEService
15:15:12.0824 0x2a20  Object send P2P result: true
15:15:12.0976 0x2a20  [ 0B9B6D7A2F31FBD63301D19B1B08238E, 7EF63C87FB2B9E0971B633BC86F99B12F8BBE188D53E0B105E44766A0657A67E ] BFE            C:\Windows\System32\bfe.dll
15:15:13.0018 0x2a20  BFE - ok
15:15:13.0023 0x2a20  [ E60934C14CBC38236800059EECAC29DA, 3DD6A161F837A0DF76C12365282DD3FD0D41E83A713036E280F1B8929AD785B3 ] bindflt        C:\Windows\system32\drivers\bindflt.sys
15:15:13.0036 0x2a20  bindflt - ok
15:15:13.0063 0x2a20  [ 97F4C0B9741E06BAC6AD2D93ABCEAED8, 25FD58F4BA2F8EC99241A580352D1EC49924829C61D89353B30CCEEE2CEBADE7 ] BITS            C:\Windows\System32\qmgr.dll
15:15:13.0117 0x2a20  BITS - ok
15:15:13.0137 0x2a20  [ 5E448DCF5BF4F29E12A56CDFC4576F91, 97C876F69BC1525D8FD569F227F776964D58D1D06F9BF96764DA9CBF88042734 ] BlueStacksDrv  C:\Program Files\BlueStacks\BstkDrv.sys
15:15:13.0157 0x2a20  BlueStacksDrv - ok
15:15:13.0169 0x2a20  [ 30D75769E23CCFBE13DB41FC54243BB1, 4ED018F1DB103D3F354D8EF7DFE797028DBDF22294D355F6D38DF9C6AF61B69E ] BluetoothUserService C:\Windows\System32\Microsoft.Bluetooth.UserService.dll
15:15:13.0197 0x2a20  BluetoothUserService - ok
15:15:13.0204 0x2a20  [ 85B874696CC64AFE22DEAD2B87498621, 7832A2CB92BB743C4EA855A2BC1AB2E129FFA723D71E98C2A81E7A4267F25A99 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:15:13.0220 0x2a20  bowser - ok
15:15:13.0238 0x2a20  [ 8A607C17CF3D5A92B1D1185458E96755, 622C9D396878DAE8423FE907EBD163BC7F454A42266CB0A1989ED471895065F1 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
15:15:13.0284 0x2a20  BrokerInfrastructure - ok
15:15:13.0296 0x2a20  [ D39550C1AA58659A24DCA705A4DE5A91, 5F29E55C961F43E142D8CC235B7AFF60BB35715AEDE61DF1C378DFBF4194060B ] BTAGService    C:\Windows\System32\BTAGService.dll
15:15:13.0325 0x2a20  BTAGService - ok
15:15:13.0337 0x2a20  [ 37E4B4109ECEC6083A14A4C3E3CCBED8, 6AD6C64A36462024DE4A88B433131BED4E44C90D8F1D0972BBCC76B624FDD6F7 ] BthAvctpSvc    C:\Windows\System32\BthAvctpSvc.dll
15:15:13.0361 0x2a20  BthAvctpSvc - ok
15:15:13.0367 0x2a20  [ 5512D026F23AA7C99B49A8A18FE8556F, F4C6906E07789A1D462F94FFC2EF2EAB09FF92897640AF1F3A7127D32233D305 ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
15:15:13.0383 0x2a20  BthHFEnum - ok
15:15:13.0388 0x2a20  [ A0EC1D5C937995A2C5F1179538A8A6B4, CBFBDF2D8305BD72FFF64AAAB31EB5D5B8ADE537C35AC63DC3F6ADCBF96B3659 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
15:15:13.0403 0x2a20  BTHMODEM - ok
15:15:13.0410 0x2a20  [ 45FDE7D6EBD8A3C524BCCB76F2FF6D41, D18507FC73C979F6CD1F3AC3C6B5A88F21C70996927BA633AF82EADF55E55166 ] bthserv        C:\Windows\system32\bthserv.dll
15:15:13.0428 0x2a20  bthserv - ok
15:15:13.0432 0x2a20  [ E3786BEBB7E4003DE324A18069DDA081, 4DDA70CCB011D74811BA51686E6ED9A404EBE549AE6B3CE0DDBCB83D09E8AABA ] bttflt          C:\Windows\system32\drivers\bttflt.sys
15:15:13.0444 0x2a20  bttflt - ok
15:15:13.0448 0x2a20  [ 03C13BB635635B9152DBF49AA07B728C, F6141576EB54EFE5E329762EC548C7D256EFB57C42A46BB3426B779413F0C975 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
15:15:13.0463 0x2a20  buttonconverter - ok
15:15:13.0468 0x2a20  [ 9983FF8D9834F2E67787F4BDC42A8E36, 85260F4A657D657ACD394339DFDDE814AD6BCA65712EAD943833BE7AB0937C8D ] CAD            C:\Windows\System32\drivers\CAD.sys
15:15:13.0479 0x2a20  CAD - ok
15:15:13.0487 0x2a20  [ B405F59CF690653105600F85C9B576B9, BEB313DF7D343B2A421EF76E908FCDB64C62AB2ABB7A3188F48A6CACA9644D97 ] camsvc          C:\Windows\system32\CapabilityAccessManager.dll
15:15:13.0509 0x2a20  camsvc - ok
15:15:13.0515 0x2a20  [ 407B33DE151A3DFCF564AC4270E44B1D, 8B1419FEDDCEF9F9F239B4C1A629F4F2748FC09CF3E38CA01D8D6D1D32252346 ] CapImg          C:\Windows\System32\drivers\capimg.sys
15:15:13.0531 0x2a20  CapImg - ok
15:15:13.0537 0x2a20  [ 1200CA82E0D59510F69B6839540A76AA, A24E0098D279B04734558032A95EEBED0F20422AF8C62783E46FDEE0DA39F94E ] CaptureService  C:\Windows\System32\CaptureService.dll
15:15:13.0553 0x2a20  CaptureService - ok
15:15:13.0559 0x2a20  [ D3CBC6DE5955D014407C7BD1FFE80F00, 9D185AED383FCBF16EE63192452DE888D8485D7BD9C0257BF92A68C42120A1B8 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:15:13.0579 0x2a20  cdfs - ok
15:15:13.0593 0x2a20  [ AF7AA61D08DC12FE9B6616C8CC484FD0, F4A64174AA2292F9E1F523681960379F9816840073DF4B5F725434580C4DD150 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
15:15:13.0623 0x2a20  CDPSvc - ok
15:15:13.0634 0x2a20  [ 9CCBB0E811E6790BA1C82D75491DF794, 71ACA8E1F68FBCE855CF2E2D1816F712B9E92DCD8196675BAE62EF5F30DCDCF9 ] CDPUserSvc      C:\Windows\System32\CDPUserSvc.dll
15:15:13.0659 0x2a20  CDPUserSvc - ok
15:15:13.0667 0x2a20  [ 6834DBBA2A1DBA5B9B6360D0B9A3CBB5, 637331058347D94FBDEE0D47E56723C98BDBBE8E044A225CCE7B3592AA562021 ] cdrom          C:\Windows\System32\drivers\cdrom.sys
15:15:13.0686 0x2a20  cdrom - ok
15:15:13.0693 0x2a20  [ 6C6FAAB1BC8D63BF8CB6B5EFCEF4E351, D2AF0A5B3C4BBC4FD19D96D111FB1A694483E91B926C9BC093C114B94BE42CBC ] CertPropSvc    C:\Windows\System32\certprop.dll
15:15:13.0712 0x2a20  CertPropSvc - ok
15:15:13.0721 0x2a20  [ 4A08B239F92B319AD31E3916D27AD4B9, 948772689F14090E9E096CF7423CE5D994E3F9964775AD5B2F78C37A987EE980 ] cht4iscsi      C:\Windows\system32\drivers\cht4sx64.sys
15:15:13.0744 0x2a20  cht4iscsi - ok
15:15:13.0779 0x2a20  [ C8EA9376E4D284F9DF24B27AC6E3AB85, DAD3B00A37797E7C80E0C359BA735B65BBBE5DC25480910737D86D2711A6FF8C ] cht4vbd        C:\Windows\System32\drivers\cht4vx64.sys
15:15:13.0826 0x2a20  cht4vbd - ok
15:15:13.0832 0x2a20  [ 3AA86DA04A561E8162C2DBBF92D12074, 9CB67299BEC25F2B357DDAA5A36B3464193B8BDAB4DCFAE0CD4315911027E409 ] circlass        C:\Windows\System32\drivers\circlass.sys
15:15:13.0846 0x2a20  circlass - ok
15:15:13.0857 0x2a20  [ 4C9CDDE070A9A005CC11CF17483720A4, F2F95125A52B13F34A9DC5473CEF777D6D85C4D810FA0102553EBF72560F6CAA ] CldFlt          C:\Windows\system32\drivers\cldflt.sys
15:15:13.0881 0x2a20  CldFlt - ok
15:15:13.0892 0x2a20  [ DB26170CF6555B9AFF76CFA067ABCF90, A066E89267783A5E54A36D1CF193916218BE2E1D177F0ACA82E2B86211629806 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
15:15:13.0909 0x2a20  CLFS - ok
15:15:14.0077 0x2a20  [ 08D343C9D37FA5584330714DF6C8A6C1, 546A062DF1244A1228DE60C8EAE49C6AD64021A23F53A3B6B344693C586FF4B5 ] ClickToRunSvc  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
15:15:14.0260 0x2a20  ClickToRunSvc - ok
15:15:14.0291 0x2a20  [ 5BD85187D6A6A37D2A4563F33D7A76E4, 6FF434BE93259229E0EA64EC1B6E09B1B814C2A467FC2859B94C79549E2F114C ] ClipSVC        C:\Windows\System32\ClipSVC.dll
15:15:14.0323 0x2a20  ClipSVC - ok
15:15:14.0332 0x2a20  [ 66CBF6F8FE6F436B315D7FEAF5D2BB40, 0F6AE6412EF73C74EF0EB1866E8CD85AACE4373D5C24F3D0121F5A7420E5A03B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
15:15:14.0346 0x2a20  CmBatt - ok
15:15:14.0361 0x2a20  [ E78A2BC9A6BFE9BE04267CEF010CD4A4, 27BAC6824E8715F95E489B96B54BD1E452282F67F97C6C2BF59FF2B6F4D36DAD ] CNG            C:\Windows\system32\Drivers\cng.sys
15:15:14.0386 0x2a20  CNG - ok
15:15:14.0391 0x2a20  [ 037DCC7A71938729CB12E8174E03031C, 1BA2F74F639BF8D5BB38AA658A6D847BAE8D85CF72C4AD5F13BBA1D53145789F ] cnghwassist    C:\Windows\system32\DRIVERS\cnghwassist.sys
15:15:14.0403 0x2a20  cnghwassist - ok
15:15:14.0416 0x2a20  [ E40C99A3E0FFF49687F2187BF3E3050D, 30723EC5767C3F6FAA3CF299440B71B5973F890FB54B9737B96FA0359E7D90FA ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
15:15:14.0429 0x2a20  CompositeBus - ok
15:15:14.0433 0x2a20  COMSysApp - ok
15:15:14.0439 0x2a20  [ 3799A9DFB162D9AAD6AC12CB8185FD19, 942F2777049166EC43F93177F0084EA08B06CE9107AF55337124FE25CCB158C4 ] condrv          C:\Windows\system32\drivers\condrv.sys
15:15:14.0450 0x2a20  condrv - ok
15:15:14.0468 0x2a20  [ 0E3C710DF2D39FD88A67B844EC1BE81B, 7C1CBD6A6313D3DC371B6FEFA7AE6D631B726859C293AE06A46D7724C2C8AE07 ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
15:15:14.0500 0x2a20  CoreMessagingRegistrar - ok
15:15:14.0528 0x2a20  [ 984CC82169360EA26076A77949254A1B, A5278D332BFCAF0EBD1CD4E6A07CA5B7331BC9123A7E7EA9709A5C89A520B705 ] CorsairCAHS1    C:\Windows\system32\drivers\CAHS164.sys
15:15:14.0576 0x2a20  CorsairCAHS1 - ok
15:15:14.0584 0x2a20  [ 6C6073B45D65887A6035F1A8D073274A, F002B25E05D0894CD12BA3D046E11D4AD6F0BCE8796618B0EE54851223A65C15 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:15:14.0605 0x2a20  CryptSvc - ok
15:15:14.0617 0x2a20  [ 3D4C5DCB65E56C3F961E1773A5728825, A9AB783E1ACBD75A0DAC11B382AA1EAB19A9F2599968F4FCDA3A21B03A515451 ] CSC            C:\Windows\system32\drivers\csc.sys
15:15:14.0654 0x2a20  CSC - ok
15:15:14.0670 0x2a20  [ E20EC7EA6EEF16B5780B459FBA86C521, 52CAAB13F1B1E99097E4996432943260417F519E6F4D232A0CFE0259C8BCAECF ] CscService      C:\Windows\System32\cscsvc.dll
15:15:14.0706 0x2a20  CscService - ok
15:15:14.0711 0x2a20  [ 8711386E9B04357F8F58166760759F3A, 8912CFD220645002C9D3F9E49717D8B0B98704380B45F53D45D5674537B496FF ] dam            C:\Windows\system32\drivers\dam.sys
15:15:14.0724 0x2a20  dam - ok
15:15:14.0748 0x2a20  [ E0D1E2A22B39782081D3FC64AB8ABA35, 338B6C7C3E63B783820F159DA502642F88B07F8DE6A6090DF54DAC6BE0400DB0 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:15:14.0798 0x2a20  DcomLaunch - ok
15:15:14.0810 0x2a20  [ C482918CE0D93CD50A1633866794B50A, CC03C7D842F5FE324B72FE5EED6BFBB0CF6DA816162FF731DD1A7E2A1676A198 ] defragsvc      C:\Windows\System32\defragsvc.dll
15:15:14.0847 0x2a20  defragsvc - ok
15:15:14.0858 0x2a20  [ BF443F7BE4BBA1A2F345474D74953A42, 5FA1312B01C055573A0FEE65E56AD22B452EE69D2F7CC0CFFF8CE0F09406CA19 ] DeviceAssociationService C:\Windows\system32\das.dll
15:15:14.0885 0x2a20  DeviceAssociationService - ok
15:15:14.0891 0x2a20  [ DBD6E8A5C358AAA3B4900EFD5CF94CC8, C8261CBE358562B3F31ADA0567723E0118A8687DFC8939FABC65E61C38BFE20B ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
15:15:14.0909 0x2a20  DeviceInstall - ok
15:15:14.0920 0x2a20  [ 38D6ED38A46F815C24C5656E8A5AB083, 730DD6D85771A60E5C089BF5D810E3AEA335BF7DD14FD72924A1A4FCF021A59D ] DevicePickerUserSvc C:\Windows\System32\Windows.Devices.Picker.dll
15:15:14.0950 0x2a20  DevicePickerUserSvc - ok
15:15:14.0968 0x2a20  [ 372BD821867225F32DE87A6B3FEC8A2E, 20389A1861B5A451EE3383F68FC59B3C9A75D3123B2DF1669CBB5CC37A0128B0 ] DevicesFlowUserSvc C:\Windows\System32\DevicesFlowBroker.dll
15:15:15.0003 0x2a20  DevicesFlowUserSvc - ok
15:15:15.0009 0x2a20  [ C48C4D6B8D9C53F0399DEDA402A6FAE5, 25FBE2A51DCF7DB95AD2707502F8A9661B94FC61DFC405DA5BF23BED1BA123D2 ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
15:15:15.0029 0x2a20  DevQueryBroker - ok
15:15:15.0035 0x2a20  [ 8A1C10410FDA4287A76EC5A64371E221, 66CE271DDAD9CD82D2DF220247D91CCB906FA4B5508ABE0DC4A56D1C0C008BCA ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
15:15:15.0053 0x2a20  Dfsc - ok
15:15:15.0064 0x2a20  [ A25AA328816454FA5CCD054343CADAFC, BA2524E443213DF65DF923C58D5C6A99681F102917C1AFD94B31196F4838DB8A ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:15:15.0090 0x2a20  Dhcp - ok
15:15:15.0096 0x2a20  [ 1A468A999C05ACA23C8F5A52C996AEDA, 84A4FF952516CB2F3A40378D530710E00AF9161A736A8F3877E2F66BDDE32BEE ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
15:15:15.0113 0x2a20  diagnosticshub.standardcollector.service - ok
15:15:15.0120 0x2a20  [ 6EC6BB6EF31C85FD72D14BE4A1BD1B03, E027124AD492ED22F0D604030CB0E2C3778331879FC73A614644FA8C8606ADD3 ] diagsvc        C:\Windows\system32\DiagSvc.dll
15:15:15.0142 0x2a20  diagsvc - ok
15:15:15.0147 0x2a20  [ A79FCB89805FA9EA9F48B671A4591D4E, 13CA8B9CB35DF9F8EFFF8E6ECC0F65E4F179FA9BEF4B68F3382CA4A6BF14FA54 ] Disk            C:\Windows\system32\drivers\disk.sys
15:15:15.0160 0x2a20  Disk - ok
15:15:15.0177 0x2a20  [ EAA267FAABDBE6194985DC6A0AC96664, 604908384B503AD7E14F15776C1B3DC58A278149145C2811B5B5300EA597A50C ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
15:15:15.0215 0x2a20  DmEnrollmentSvc - ok
15:15:15.0220 0x2a20  [ F69D7A5D7EDEE16B85F08040836FB09C, 944730FA6CA6ED0ECA85848A2F00EE1E647F7DD4CC37E557A812ECE8A92B3999 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
15:15:15.0236 0x2a20  dmvsc - ok
15:15:15.0245 0x2a20  [ BA5A58540B04E0E5489D7004FAFC44BF, C9E10129DF5EE42EB5776B1042562A887258D87A5772848430A59CADFB567055 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:15:15.0267 0x2a20  Dnscache - ok
15:15:15.0363 0x2a20  [ 82947256E40FBC521AD976A17416157D, 9F9EBA30FE81A35F1EE104677CA5634E38311ECAFA6E72FA88072EE604CC8B7F ] dnscrypt-proxy  C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
15:15:15.0482 0x2a20  dnscrypt-proxy - ok
15:15:15.0496 0x2a20  [ C79E79CD4DE45EC0EC0ECB5C76D6CB11, C1AFCA79A104EDF5C59C3E6A113467C7F73E84AACEDE97A22BCBA5B25563E163 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:15:15.0518 0x2a20  dot3svc - ok
15:15:15.0524 0x2a20  [ 5B1EF28DE7302A6BD5DF8459E2C598EF, F2292B8ED8FBFFA681942D5566BF1932D1E9B4F44C2D13329B60E5A8B9386CC9 ] DPS            C:\Windows\system32\dps.dll
15:15:15.0544 0x2a20  DPS - ok
15:15:15.0547 0x2a20  [ AD1BEFBF96C0273925EDC9282557D984, E23B1B043E9EE25054DCEFB10C1C69009DCB1E12675DAE60B00A646735B03D99 ] drmkaud        C:\Windows\System32\drivers\drmkaud.sys
15:15:15.0558 0x2a20  drmkaud - ok
15:15:15.0565 0x2a20  [ E7D1636EEA6F9A941573CA426F214054, 7730C82E808C80BAFB59A6AD140B11C2269A62F2396783CB063E58D8EA624BDD ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
15:15:15.0588 0x2a20  DsmSvc - ok
15:15:15.0594 0x2a20  [ 2BEEDBF313F5EE8ECA555AFFE45C52BB, 00C890BEBC229BB8D7872C4B240DF9813BCF74D9FB9FE358D619E6E071492A44 ] DsSvc          C:\Windows\System32\DsSvc.dll
15:15:15.0613 0x2a20  DsSvc - ok
15:15:15.0622 0x2a20  [ 09D2D1F30343682F6241B58C721D5FDF, FD757D19ED86C243B1698B20427033ADEE9071CD81DF86A5FE3D0EF484F2A7A8 ] DusmSvc        C:\Windows\System32\dusmsvc.dll
15:15:15.0646 0x2a20  DusmSvc - ok
15:15:15.0699 0x2a20  [ 9DE01582E771304FC81538738CA5C7E0, 83D7A40E5B5D01A2D80CC4789E578AF717B11CCD453A35C14A3088BB77ACCA94 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:15:15.0767 0x2a20  DXGKrnl - ok
15:15:15.0774 0x2a20  [ 7E9A1608894297B133AF5EE18E404208, 9E2E4B4F6133375DB8E490337594BEFB86BA964223FB272A23ADD02FA8065253 ] Eaphost        C:\Windows\System32\eapsvc.dll
15:15:15.0792 0x2a20  Eaphost - ok
15:15:15.0809 0x2a20  [ 847A2FDBBA9CDA0DA921B1555EE6C0D4, CAD2DBE2F4101B31E772D3CBA9C7141AD9D915D52C6F803BB9C7FDF8A40BBD7D ] EasyAntiCheat  C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
15:15:15.0839 0x2a20  EasyAntiCheat - detected UnsignedFile.Multi.Generic ( 1 )
15:15:15.0905 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:15.0906 0x2a20  EasyAntiCheat ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:15.0906 0x2a20  Force sending object to P2P due to detect: EasyAntiCheat
15:15:16.0076 0x2a20  Object send P2P result: true
15:15:16.0290 0x2a20  [ 75CA88887850A74DDAAAF92500B6D9B9, 1C413719D0E659E20C66B0762B2FC708E55536961A1D9F21906ADBE9CF431489 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
15:15:16.0369 0x2a20  ebdrv - ok
15:15:16.0376 0x2a20  [ 3DF3B76B19DA92A8ADC01FF38560282D, F56DDDF7A8F1AA0F3D9FFE0CD618544CFAF233A33314240ECCBE5F897A91B534 ] EFS            C:\Windows\System32\lsass.exe
15:15:16.0390 0x2a20  EFS - ok
15:15:16.0395 0x2a20  [ 7E838D857FC55535710C316441459C38, C4673014D3ED3E68E02DB5BE6DB53E45B1E4A3CE2B04B15BFD507AF703A60134 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
15:15:16.0408 0x2a20  EhStorClass - ok
15:15:16.0413 0x2a20  [ 49023DD6F646B8C70AE1C105415F3E2B, 16EC2920A2CB71C17BFA7A0E22EDAE1C0E7004C986BEBCA9435F6FDB5D8E64CF ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
15:15:16.0426 0x2a20  EhStorTcgDrv - ok
15:15:16.0432 0x2a20  [ 80D5BD4804C587B21A121566549A63FB, 9BDC1DEB8805E06851F2E2A8B8762265FDC6B12B873D391BFCB8300BDF425B36 ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
15:15:16.0453 0x2a20  embeddedmode - ok
15:15:16.0461 0x2a20  [ 214697A8DFA6A8C4F41472BFA742A244, 236319F2322FC9726C8B8BE3507D72E154933926589106E443120D41195EF9E8 ] EntAppSvc      C:\Windows\system32\EnterpriseAppMgmtSvc.dll
15:15:16.0484 0x2a20  EntAppSvc - ok
15:15:16.0488 0x2a20  [ 1DF19D7A941CB06F8EADF89FA0BF59AD, 0A8891AD73AF277B764FA5CF163E6BC29DFFA0E35388A941AE27E001289C0A4A ] ErrDev          C:\Windows\System32\drivers\errdev.sys
15:15:16.0501 0x2a20  ErrDev - ok
15:15:16.0511 0x2a20  [ 082F9D1ADB6DF9E5DB30EB52A34FCF0A, DC62F2E7D81B4D3C266855A64A575563A31D894B19F23E841B6C8A552FAF81CC ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
15:15:16.0523 0x2a20  ESProtectionDriver - ok
15:15:16.0536 0x2a20  [ 9B538A1E44E1D61FA80E80EA75A085FA, 6431BBC533895BD466879C407B9BE7EB50345D666FEE69CAB0813283F07DBE82 ] EventSystem    C:\Windows\system32\es.dll
15:15:16.0566 0x2a20  EventSystem - ok
15:15:16.0576 0x2a20  [ F03D76FD609F3490AD8661F175024CED, 127DC686FDAFFCF2404DDB8A55B9B82979D87E862539F34B7AB4AB6D3A707C14 ] exfat          C:\Windows\system32\drivers\exfat.sys
15:15:16.0601 0x2a20  exfat - ok
15:15:16.0611 0x2a20  [ 7EB91BCA4FAC626098300885E6914BE4, F0954D9F632A87CFB5569FD07C728169D275D37F38B561B2ADF2EA03DA864DD1 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:15:16.0630 0x2a20  fastfat - ok
15:15:16.0645 0x2a20  [ BBD6407DA3DA4FC718710587E253C7BF, 8C9995A86EF9FC1FB47ADA1367A67A9829E0E3CE191D11E0AFB0F85E325D48DC ] Fax            C:\Windows\system32\fxssvc.exe
15:15:16.0677 0x2a20  Fax - ok
15:15:16.0682 0x2a20  [ 6701B9973DE98578A491721B4BDE0926, 48D07092E6B44CAA529559DF620BDAA4DFCC16430DBA8178B461E556AC526DE1 ] fdc            C:\Windows\System32\drivers\fdc.sys
15:15:16.0696 0x2a20  fdc - ok
15:15:16.0708 0x2a20  [ A2037943CCC079307A383C5543607CEF, 2FAC5F76526A8E4D7D7FAE80F9A0AF31D37DD12FF597769C87912B973C339BF4 ] fdPHost        C:\Windows\system32\fdPHost.dll
15:15:16.0725 0x2a20  fdPHost - ok
15:15:16.0729 0x2a20  [ C11A1A9CF331B7AA2F04974EE262EC07, AA1C79FCCDEC3C7236B7BE73E6888D7DD5642EB16E13B4633C98EE34CB72A644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:15:16.0747 0x2a20  FDResPub - ok
15:15:16.0752 0x2a20  [ 71CECDA2DCF81E0AD8C30440C77966E2, E26313CD895579A9F3380A648E6FC271EFED0E82C0FCFB287049C5C2D0CC35A9 ] fhsvc          C:\Windows\system32\fhsvc.dll
15:15:16.0771 0x2a20  fhsvc - ok
15:15:16.0775 0x2a20  [ 9BC7FE262AF52B341048234809AA7D91, DF95BBEB59821357C69797AC659380C9F27C11B8A60A599C9A2C5623B7CBB6DB ] FileCrypt      C:\Windows\system32\drivers\filecrypt.sys
15:15:16.0791 0x2a20  FileCrypt - ok
15:15:16.0795 0x2a20  [ 6702E71BDC30527842F86F1BF5B9F59E, 86AF9D7099862BB69189AEFEF5194AB86B53915B8ADA1F8C21CBF3835483634E ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:15:16.0809 0x2a20  FileInfo - ok
15:15:16.0813 0x2a20  [ 01D83D284E6B37902DB3C4D4DB0649E0, 4376F872575013DE87CA8173FABAD367FFF907086864C106A4C82933EF9DA308 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:15:16.0829 0x2a20  Filetrace - ok
15:15:16.0833 0x2a20  [ CE9CB1DB00B5007ABFFF0717E748E919, 314E1FA6B0CD9416894EED93ADF3DCB273FF37F6E56EF64C9E7B55E174EB3226 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
15:15:16.0848 0x2a20  flpydisk - ok
15:15:16.0858 0x2a20  [ C5374BA2CAE89DE7269EC61A969EF5D5, 520D7A4C50A9FFF308599C6EADDCADD3D9E398718786D82F02F7EE5C30E7D6A2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:15:16.0877 0x2a20  FltMgr - ok
15:15:16.0913 0x2a20  [ 57061AB9B898F63F538B547C04B736E0, 5943E23BB662B16FE78A4BE5C49C9EA10C1CC99E8CC1C48BD29C611AC188BD5C ] FontCache      C:\Windows\system32\FntCache.dll
15:15:16.0984 0x2a20  FontCache - ok
15:15:16.0990 0x2a20  [ CE9456F925ADA70ED5A4158F103F9A26, 89753CCCB2E8B1553F077B8F13C63FBEC2EABE7093A6B847477542483347C827 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:15:16.0999 0x2a20  FontCache3.0.0.0 - ok
15:15:17.0014 0x2a20  [ B6BC6E6731FB1E02F0B3C73A87E1C35E, D9CA56006C1D995568A557E53DCCD7802D152CADE535BDB5DBBFC66F3F2EE236 ] FrameServer    C:\Windows\system32\FrameServer.dll
15:15:17.0051 0x2a20  FrameServer - ok
15:15:17.0056 0x2a20  [ 835F9C7193B6F9A796DE76897DC56968, 62D6CF40CD6B798E79FF3274DB156DAB17724EDEEC85F6602F3C0EDCDD2DBA11 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:15:17.0069 0x2a20  FsDepends - ok
15:15:17.0073 0x2a20  [ A01BA0506E07F316483E99D7AD9B6E75, B2CFB3AAE0E49C539C743A7F416CFC0DE2E0CFC2D5AE685F8B1BECBDB95C4308 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:15:17.0084 0x2a20  Fs_Rec - ok
15:15:17.0099 0x2a20  [ 73721B6013AA296F935755A2EC8A3574, 3A8036B7DA0E55989B7393A796DFC84CAEB33A10B6D52645A32CF9C95ABB5ABF ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:15:17.0127 0x2a20  fvevol - ok
15:15:17.0131 0x2a20  [ 71DBED7FB264DB60341BC796EC2E8135, DBD29794A45AEFB16A5765D03962B311CB061D1EB8A281C5F34DABF39C66A3B2 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
15:15:17.0144 0x2a20  gencounter - ok
15:15:17.0148 0x2a20  [ EA5EE5EF9765A9157B346DF671952F18, FD0A8DBA6EA3E47D454B877CEC74B7B6BEC8B7A98BE37E9E1110D867009D9EA1 ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
15:15:17.0165 0x2a20  genericusbfn - ok
15:15:17.0171 0x2a20  [ 6BE6550F1A32796A11EBC58BBC72C44D, 99DC4058EC1B3BF316F1470BF1208F0A2FC72A508BCC9E7548D91BB0FF04376A ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
15:15:17.0186 0x2a20  GPIOClx0101 - ok
15:15:17.0211 0x2a20  [ 3FC2377994D9D63FC128B6C48B22B68F, B47D6BE6FF596A23BBDB7261B1CA9CA67CD138CBF89AEA7A68882E62C0087561 ] gpsvc          C:\Windows\System32\gpsvc.dll
15:15:17.0262 0x2a20  gpsvc - ok
15:15:17.0267 0x2a20  [ 508614CAC7BF8AEE4FB9002A413919B1, F60DE0236B0453FC99473A09A7FAC1140831E581C08F3F5C440F5EFCD30943AB ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
15:15:17.0283 0x2a20  GpuEnergyDrv - ok
15:15:17.0287 0x2a20  [ 248739BB0F3A1156A2C0AF51F39A9EA2, A94C43658BCCC88C2D229F40F5C03CA5839A2EAFD57CA088E3E85EB9264CCA3E ] GraphicsPerfSvc C:\Windows\System32\GraphicsPerfSvc.dll
15:15:17.0306 0x2a20  GraphicsPerfSvc - ok
15:15:17.0313 0x2a20  [ 8AA6D64CC622030ADFA286CCECBF2A39, A608FA480F30192EB63979472165044B210861EA27A07F0C01169F8956C749D6 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:15:17.0325 0x2a20  gupdate - detected UnsignedFile.Multi.Generic ( 1 )
15:15:17.0386 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:17.0386 0x2a20  gupdate ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:17.0386 0x2a20  Force sending object to P2P due to detect: gupdate
15:15:17.0515 0x2a20  Object send P2P result: true
15:15:17.0658 0x2a20  [ 8AA6D64CC622030ADFA286CCECBF2A39, A608FA480F30192EB63979472165044B210861EA27A07F0C01169F8956C749D6 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:15:17.0680 0x2a20  gupdatem - detected UnsignedFile.Multi.Generic ( 1 )
15:15:17.0680 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:17.0680 0x2a20  gupdatem ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:17.0680 0x2a20  Force sending object to P2P due to detect: gupdatem
15:15:17.0825 0x2a20  Object send P2P result: true
15:15:17.0964 0x2a20  [ F38011FF8B3682619B35501608A609F9, C83E800FD0170DD98255BA6DCD1529B02E21DE1055F613F891ED5EDB726AAC2F ] hcmon          C:\Windows\system32\DRIVERS\hcmon.sys
15:15:17.0986 0x2a20  hcmon - ok
15:15:18.0006 0x2a20  [ 99FB3BA9180CDD9E71A6DDCB07F91140, 28A2DD9B44AD2A20CBAAC7F62F701D9B46B1A89373131AFD2B39B42DB87A407B ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
15:15:18.0034 0x2a20  HdAudAddService - ok
15:15:18.0039 0x2a20  [ DED74127C7A2266715C0B8EA2EE75214, 999507BECB4BAAC61317D98311962D446844CAC6271BFFE181F6CD6DFE221465 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
15:15:18.0056 0x2a20  HDAudBus - ok
15:15:18.0062 0x2a20  [ 95888B85956AF97320D1F5C354632957, C0218271A17897D4682192AB431658523EC87CB13551B2BDA40576BF766BB26C ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
15:15:18.0074 0x2a20  HidBatt - ok
15:15:18.0079 0x2a20  [ 104124D3EB9D10608F80D621FA1B4525, 293B2F2D2326E4B03591267BC9CC763D57719EF08392337E80B42C31A1F28FA0 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
15:15:18.0096 0x2a20  HidBth - ok
15:15:18.0100 0x2a20  [ 6D767FEB02DF712F783BEEFF09E06431, AB64C61E5729FB27BF9564CA8308D895CFFB992CE8606FDC31EFF01BB1FF8FFE ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
15:15:18.0117 0x2a20  hidi2c - ok
15:15:18.0122 0x2a20  [ 542AB7A14235C5227A9307ACF1636F0B, E54C4C4511727F4E70CB1C9259C56D4AC62E70BAB2F42E9AB402C1DF4AF3FA25 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
15:15:18.0133 0x2a20  hidinterrupt - ok
15:15:18.0138 0x2a20  [ 1553DF41F4EE4F60B4BEEEC62264BE71, 46AE8357E8038D35ADB82A51ED421293D7AB18C926C713F19149B97400D4C65E ] HidIr          C:\Windows\System32\drivers\hidir.sys
15:15:18.0152 0x2a20  HidIr - ok
15:15:18.0156 0x2a20  [ 3030F19C6A73367D6D5EEDD157F5D01A, B1F13C2AE334C8CDF15BD96B70E92A81487308D841196A29AE3D1164CDAF9AA2 ] hidserv        C:\Windows\system32\hidserv.dll
15:15:18.0173 0x2a20  hidserv - ok
15:15:18.0177 0x2a20  [ 6E3FB2047B8AE72E1B5F1C00A5F3E475, A5F791BECA43925D410751C114BCF2FC4A46D7A44BE80B02CD3259C6E271FF31 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
15:15:18.0192 0x2a20  HidUsb - ok
15:15:18.0199 0x2a20  [ 621B1FFB2E4E4745484EA01B013BF1D2, 6F6761922EF931DB95D6597A5884DEB3CC127FB9D763A5A27369F7881DE64B8D ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:15:18.0211 0x2a20  HpSAMD - ok
15:15:18.0231 0x2a20  [ 87B74C28D0A841D920B05184554C41BB, 5E51CCBFD5E7F00E9DB9A1322B99C50C0AC62150ED1E3FBBD6CCACB5494C5778 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:15:18.0263 0x2a20  HTTP - ok
15:15:18.0268 0x2a20  [ 9E1F3BA540DB9F4942A3F50A92E5754F, 3FF53B60DC52886D6F2EC7F9D8C12009A4BECE5A046D827BC8C941E7401ED000 ] hvcrash        C:\Windows\System32\drivers\hvcrash.sys
15:15:18.0279 0x2a20  hvcrash - ok
15:15:18.0283 0x2a20  [ EBFCD9B6431859F529CE9BB66E723D37, 2D693E8B44D0A9564CF515A00F6079F4D06B2E2E3C297A048E40B20CFCC0F7B1 ] HvHost          C:\Windows\System32\hvhostsvc.dll
15:15:18.0296 0x2a20  HvHost - ok
15:15:18.0301 0x2a20  [ 35A370FB603525FEA33BD034A3BBA2C1, 916360898677F49E40AAE2F2B05B2D7A8237F7C945398F4EFF7F2EF812FC764C ] hvservice      C:\Windows\system32\drivers\hvservice.sys
15:15:18.0313 0x2a20  hvservice - ok
15:15:18.0317 0x2a20  [ B149905CD7451160B6BFA2191A3F6182, A706E4F12963A20F9767D8730973282B5830D97A087ADA8CA9B7D219513C127F ] HwNClx0101      C:\Windows\system32\Drivers\mshwnclx.sys
15:15:18.0333 0x2a20  HwNClx0101 - ok
15:15:18.0337 0x2a20  [ FE36689912DEC37D45B7A6C6414046FE, 3AE4E52B4ECD50ABEF67DCD1E30E409908F53624D9854BDD472352E8B280F19D ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:15:18.0348 0x2a20  hwpolicy - ok
15:15:18.0351 0x2a20  [ A1133368F47D514D73DD7FB4C4FD2B75, 6019DABCAB9E2941D76EC62F4352FA76DDCD964671C490730BF725CA2234CA3D ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
15:15:18.0365 0x2a20  hyperkbd - ok
15:15:18.0369 0x2a20  [ B68252C53556FFB52CCE18FF30FACA99, 0463FB8661A9EF338EFBBE43EE76C63DE170510D0E9B612D62009D7D85669365 ] HyperVideo      C:\Windows\System32\drivers\HyperVideo.sys
15:15:18.0388 0x2a20  HyperVideo - ok
15:15:18.0393 0x2a20  [ DA179667B8CEC22E4ECBBF4210DC0E35, 70CDB592E1775919B9AB1810A7BA18FE4851FBD493E4772741F36FC11A4CA47E ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
15:15:18.0411 0x2a20  i8042prt - ok
15:15:18.0415 0x2a20  [ B5EC43755E62591197DE5CBBDAA9FEB7, 1B4E0EAB677B09A050925879ECDA311404270DCF020AAD390692427198C73C9F ] iagpio          C:\Windows\System32\drivers\iagpio.sys
15:15:18.0430 0x2a20  iagpio - ok
15:15:18.0435 0x2a20  [ D8CA23F9C5FEF44296FDE1E005C06EC0, 0D7B03EF9E19B9B2A28C3318560488B3F9573CF364A533A9B4A2CD0A7FFA4F84 ] iai2c          C:\Windows\System32\drivers\iai2c.sys
15:15:18.0451 0x2a20  iai2c - ok
15:15:18.0456 0x2a20  [ 7B769C9D19C013F94874C4B15D59A005, 53A15F0480AEC43B5A01CFB17360188885B6ECBFFF6E566D27E5B6D4C7737243 ] iaLPSS2i_GPIO2  C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys
15:15:18.0472 0x2a20  iaLPSS2i_GPIO2 - ok
15:15:18.0476 0x2a20  [ E0F1B3A2A70FABE3BE1C9140BB55E607, 34E5B055619F3A26B7BB6054EA49D40B7D6DAFE234F57F358FE7C8EE83E10618 ] iaLPSS2i_GPIO2_BXT_P C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
15:15:18.0492 0x2a20  iaLPSS2i_GPIO2_BXT_P - ok
15:15:18.0499 0x2a20  [ 89A869BCC0588A3009ECB875B09ECD39, 5ECC2C6E661B326511682D8EA1C82F942C63835890687285FEF455C5C9DC2476 ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
15:15:18.0517 0x2a20  iaLPSS2i_I2C - ok
15:15:18.0524 0x2a20  [ 2E693DF3C02A0859DB8DE25772751100, 3EFFDA44B247E04258429ADC85E88E23F926FD487A3A85BF879E6E5802197B3F ] iaLPSS2i_I2C_BXT_P C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
15:15:18.0542 0x2a20  iaLPSS2i_I2C_BXT_P - ok
15:15:18.0546 0x2a20  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
15:15:18.0556 0x2a20  iaLPSSi_GPIO - ok
15:15:18.0562 0x2a20  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
15:15:18.0579 0x2a20  iaLPSSi_I2C - ok
15:15:18.0597 0x2a20  [ 26405FA714257E449581DE5D6E6200E6, 1C3055AF6BB53308B7E6268A11929881263767619FF524674C51C03B7990C0A8 ] iaStorAVC      C:\Windows\system32\drivers\iaStorAVC.sys
15:15:18.0626 0x2a20  iaStorAVC - ok
15:15:18.0637 0x2a20  [ 11AC0355FE52CC8813EE6864DE7531E4, 4D77C451C230395E03B3DB592B1BDCDB8B2142961906A25F0FD070D3A8B670EB ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:15:18.0657 0x2a20  iaStorV - ok
15:15:18.0670 0x2a20  [ 62CD9FA7394BCDF7784CCEFC9D00C9AA, 2A09A921EBD998EC45470675FC8D803EAE5F9E2E16B9313591987AA574835CFE ] ibbus          C:\Windows\System32\drivers\ibbus.sys
15:15:18.0692 0x2a20  ibbus - ok
15:15:18.0700 0x2a20  [ 964C20272DDC5D504B27050008B30860, 2941BB9A8B6E5842BA32C84F9CA36E982387319933D8848F7337C4F3493EFD90 ] icssvc          C:\Windows\System32\tetheringservice.dll
15:15:18.0722 0x2a20  icssvc - ok
15:15:18.0743 0x2a20  [ 37D673A961E21BFF0143AE43C3E41DAC, 8F049E0CBCE994C17D12A6BE4EBBF2D0BF47FB96BA40C482232E9D77BBF6F88A ] IKEEXT          C:\Windows\System32\ikeext.dll
15:15:18.0782 0x2a20  IKEEXT - ok
15:15:18.0787 0x2a20  [ AA38C19A3D65E8228D822EB18037E19D, 54943929E398C67A5A9C72EA65F0FD7A06BB43F03A2291CAEA29443CD10C5169 ] IndirectKmd    C:\Windows\System32\drivers\IndirectKmd.sys
15:15:18.0803 0x2a20  IndirectKmd - ok
15:15:18.0833 0x2a20  [ 90A2488077F890EA85D2FB1BCABEFA0D, 960762EB27DA0228DA2030AF4D4EDC3BF1916F0EDEA74D98738CC6B9F6397985 ] InstallService  C:\Windows\system32\InstallService.dll
15:15:18.0890 0x2a20  InstallService - ok
15:15:18.0910 0x2a20  [ B63CF22D1AD2ABDC39D85851B2BEAA6D, 37E9043BABB5895BFD2B59AFB60C438B992C6EAA1B5FDE5B3445314343F4C406 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
15:15:18.0934 0x2a20  Intel(R) Capability Licensing Service TCP IP Interface - ok
15:15:18.0943 0x2a20  [ 8213094EA736A9C575AB0E22AD09B0BA, 12670A466B5AA37283BD4CB481D000DE3AE2A8D1BD159F67A41703A6FE5675EC ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
15:15:18.0959 0x2a20  Intel(R) Security Assist - detected UnsignedFile.Multi.Generic ( 1 )
15:15:19.0015 0x2a20  Detect skipped due to KSN trusted
15:15:19.0015 0x2a20  Intel(R) Security Assist - ok
15:15:19.0019 0x2a20  [ F1B552F7ACDF6E3E4DDDB76118CAFDE3, C4047BAAECF6FA3B73EB684F53C7F81A08AA39F42F8DC7C31BF35DFA93B7C647 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:15:19.0030 0x2a20  intelide - ok
15:15:19.0037 0x2a20  [ E6CC7C1E7CEDC81D6B15BF2CF4C99109, 1B181F55CD2E500468FE07C9BA6F20B207FA4B601C4971D1551B80A480D42EBD ] intelpep        C:\Windows\system32\drivers\intelpep.sys
15:15:19.0052 0x2a20  intelpep - ok
15:15:19.0060 0x2a20  [ 2CEF9DEB97B2CA327175EE8AD5F195A1, 1D6A3B47A844A235B73F8DC2BF872A943FE980480480843EDD5935307C115B3E ] intelppm        C:\Windows\System32\drivers\intelppm.sys
15:15:19.0078 0x2a20  intelppm - ok
15:15:19.0082 0x2a20  [ 8F466DA27E6160934A695BCCEFB80AC3, 080A52DB0616A9A3732FD02572D6CDC2789F06C8F21BAA6A356BFB412C5B6C43 ] iorate          C:\Windows\system32\drivers\iorate.sys
15:15:19.0094 0x2a20  iorate - ok
15:15:19.0099 0x2a20  [ FB72A49FAD5C343C8C38948F92D87BBF, 3947D9393D6F4F104D2D07D5FBA61041A8D6006BE2497F2A6337462F8B04A124 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:19.0118 0x2a20  IpFilterDriver - ok
15:15:19.0135 0x2a20  [ 9064A49C03F1CED42EAC2B4636C87192, CF388E05EA782BC0645FD0B42A41C9334C074BE6D7C193FA4F9819905CBCEA9C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:15:19.0172 0x2a20  iphlpsvc - ok
15:15:19.0178 0x2a20  [ 5C58142E0F1F8AA379748CC123BA7527, 1D6D42F2595DF3C0EE8FEF751F13119951A2D040D2B22A7F0CBD6083B49F8A37 ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
15:15:19.0191 0x2a20  IPMIDRV - ok
15:15:19.0198 0x2a20  [ 7408B83959A4B8271EF67FD06A6B366B, C22DDB76AC3351A50B889AD7D2756EF8612450AC8EE72C88A1044691A0071BE5 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:15:19.0219 0x2a20  IPNAT - ok
15:15:19.0223 0x2a20  [ 7BEA2228C81FB6E1EADDD54D615B4C7E, 8640865C98F951B1B8D99E841D9A3FDC6E0251AFAC6B02F815DC409627A50112 ] IPT            C:\Windows\System32\drivers\ipt.sys
15:15:19.0238 0x2a20  IPT - ok
15:15:19.0243 0x2a20  [ AD0574F12AA812340BD39071FD30AD1E, 765F1EDFEDEA1F2728108D7A1187A468F529A883886006F74DB9EAD0BFE7B1B6 ] IpxlatCfgSvc    C:\Windows\System32\IpxlatCfg.dll
15:15:19.0261 0x2a20  IpxlatCfgSvc - ok
15:15:19.0266 0x2a20  [ 030AE3773151CFA728C67E38416FAD8D, 167E698035F2F07E822B430B31F02FABF3997BAC93039786747053344CE6E6D3 ] irda            C:\Windows\system32\drivers\irda.sys
15:15:19.0284 0x2a20  irda - ok
15:15:19.0288 0x2a20  [ 79D02DC54AB4F85D2C13A728A0E36193, 3B6BA678ED269195D506D29EBD9E070603F02AC0FAA92364E7C553B8856C3EDB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:15:19.0303 0x2a20  IRENUM - ok
15:15:19.0307 0x2a20  [ 6ADE9DCAF71DCD888320CA47DB8B05EF, 6FA1EBB3D025546AAD14D968DF7CABD3002598F2F561CCC1D4F07A9B0322DE02 ] irmon          C:\Windows\System32\irmon.dll
15:15:19.0322 0x2a20  irmon - ok
15:15:19.0325 0x2a20  [ 1DFC3CCA51785254C5604238BB1A5467, 31451A90A91AEE14C6B24F84CB9816E5C77179D411B8B3E8547F538235BEEFB0 ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
15:15:19.0331 0x2a20  isaHelperSvc - detected UnsignedFile.Multi.Generic ( 1 )
15:15:19.0386 0x2a20  Detect skipped due to KSN trusted
15:15:19.0386 0x2a20  isaHelperSvc - ok
15:15:19.0396 0x2a20  [ 38A6EC08D0067DECF7B5BA4C871B846C, 0FAB8EACA2BB4A0BF3895B6BB7CA9BCF74447CF640535A57998C6A4A35EAC030 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:15:19.0417 0x2a20  isapnp - ok
15:15:19.0425 0x2a20  [ 5529131AAB75E07D9295B19E20C54DAE, C2F2C7D33945C13DDC5EF540581772CEF73EFB23F19E6BCDBB6A99D8C96A302B ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
15:15:19.0444 0x2a20  iScsiPrt - ok
15:15:19.0450 0x2a20  [ C35FD802C800F3CBB4FD426D5A542A22, B2325956DB68222C5FBB43DFA0BF5EEC073470010E13997F2A5635CC89D66872 ] ItSas35i        C:\Windows\system32\drivers\ItSas35i.sys
15:15:19.0464 0x2a20  ItSas35i - ok
15:15:19.0470 0x2a20  [ 832F7C2747F04D1294AEF46A2CE5B63B, ABAECEFCAD9B526C3D98681A874966B924EB99AF61CDFAC6D5E767BE2FAF6CFA ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:15:19.0484 0x2a20  jhi_service - ok
15:15:19.0489 0x2a20  [ 17F3B012B28F27E7B813A7B037A3D790, DADE75BB016438B7E0A11A1CF1FFA596C27246EF7F4E04D96366029C9F65F0C5 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
15:15:19.0501 0x2a20  kbdclass - ok
15:15:19.0505 0x2a20  [ 843B4BBD15DD0340C5C293CD419D4A76, F6D17CCE13697669DA4EF1F83E394F5496C437496E0E09307F8B615DE3216CC5 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
15:15:19.0521 0x2a20  kbdhid - ok
15:15:19.0525 0x2a20  [ 5BBB86F3F1700E0ACE1DF10F0EF7B227, 348FE61522F8C24F407F87D2966F62BD816DF27CD824AC103699CA66EE799640 ] kdnic          C:\Windows\System32\drivers\kdnic.sys
15:15:19.0543 0x2a20  kdnic - ok
15:15:19.0548 0x2a20  [ 3DF3B76B19DA92A8ADC01FF38560282D, F56DDDF7A8F1AA0F3D9FFE0CD618544CFAF233A33314240ECCBE5F897A91B534 ] KeyIso          C:\Windows\system32\lsass.exe
15:15:19.0561 0x2a20  KeyIso - ok
15:15:19.0565 0x2a20  [ EEDB88DAE96BAFA92C8C0600851E41E9, 2ECE876BC29C56570A7C21CE375D8F4819BE1DF7AFF703E90D41BEF44046BB4A ] kmloop          C:\Windows\System32\drivers\loop.sys
15:15:19.0580 0x2a20  kmloop - ok
15:15:19.0587 0x2a20  [ 9E2603E22242B1482EB5184EBE6ED107, 5CB6EFF7684F8FD22F6FE42AD946B1DDE9DEF91C1172302FE5CAD307F282EAF9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:15:19.0601 0x2a20  KSecDD - ok
15:15:19.0608 0x2a20  [ 2E19EF8F616D5340C95998FDD712E471, 90103648A5847559E21CCB3D38BF9062EB2E6FCDBC2D4BCFAB280BC3795C1560 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:15:19.0623 0x2a20  KSecPkg - ok
15:15:19.0627 0x2a20  [ 10F2EBC1F1C4549C355781715DE47B66, 9D23CBA56245532D88396DF99C62A26E71A7EEEF7CD8BA98FFF9FD2804DDF946 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:15:19.0643 0x2a20  ksthunk - ok
15:15:19.0653 0x2a20  [ C4151271434A490707B4FD4E6AAE9EED, DDB809D002039645CDED08322B9CDCA04C483A119380098FF9EBA998A1A3811D ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:15:19.0680 0x2a20  KtmRm - ok
15:15:19.0688 0x2a20  [ 081D030BC669BDEDC68B8FE81A67E6A7, B5C1FA89ACAE1683A524CD14E2D7D6C3C1FAE0ABCD330841D493FC6DB0843798 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:15:19.0714 0x2a20  LanmanServer - ok
15:15:19.0723 0x2a20  [ 514E8BD07F42D95667F54777D57403D0, 3D024A18F7AC70A846FAB3255AA1048F8DD1DC4301F1B70B647B71F5E7A1AA24 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:15:19.0749 0x2a20  LanmanWorkstation - ok
15:15:19.0755 0x2a20  [ C2A49E8EEE7C3D06ECA80847A42F65D5, E1559EF96E6F2146E4AC0BE46CBFF5FA29829812A64A6F09803C00E3E0AAB1F0 ] lfsvc          C:\Windows\System32\lfsvc.dll
15:15:19.0773 0x2a20  lfsvc - ok
15:15:19.0777 0x2a20  [ DB8F10ED986BFE0A5B663A1D067F2CCC, 88EE540F545C8838E9F855094A2A4AAC096BD24F77103E06464CCD77C3FCFFFD ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
15:15:19.0795 0x2a20  LicenseManager - ok
15:15:19.0800 0x2a20  [ 3CF979AFF0196DF3DF5E54DFC049EB1F, FEA82EF2AA4222171E80548EB00A4F0FBD27363B84AA9E6B8F82147C568BADEE ] lltdio          C:\Windows\system32\drivers\lltdio.sys
15:15:19.0817 0x2a20  lltdio - ok
15:15:19.0825 0x2a20  [ D6DD748EAC3BC540CFE65C73FE20C099, 8A79E1F1834D949D027B4D3471297ADFB539B9282DE5DF5FDBE60AE171F3CFFC ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:15:19.0847 0x2a20  lltdsvc - ok
15:15:19.0851 0x2a20  [ BD35F484DA59014D091736F8F10BFB42, 7004408EEE281BA707248369910483928A15F3304F4A8F594EA2E04D43929926 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:15:19.0870 0x2a20  lmhosts - ok
15:15:19.0880 0x2a20  [ 76BC5705E1F838E32451ECF14518B1C8, 3F664723DCF6C07BDB3287184175F60DD7B4A85B0480800ECBE065730E2DA5F5 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:15:19.0898 0x2a20  LMS - ok
15:15:19.0906 0x2a20  [ 48380096385DB46E43D85CD92B9500DB, D93F4FDAA5A665E09004F7676E821AEAD0ED059F0E006FF73F02BB8FF1C0F9FC ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
15:15:19.0918 0x2a20  LSI_SAS - ok
15:15:19.0924 0x2a20  [ F708223E5829510DF0D5AF209D11C8B8, DE82ACC6D04092C22BA4E63CF527814467870A10B93D7E9B061DBA23CEF9424B ] LSI_SAS2i      C:\Windows\system32\drivers\lsi_sas2i.sys
15:15:19.0938 0x2a20  LSI_SAS2i - ok
15:15:19.0943 0x2a20  [ B91BCC8F670F128A4BB826ACF2C2B9D5, D905232E3E49EA6CACE04CDB241D12CA9E84F106D15340C921B980610C1080FB ] LSI_SAS3i      C:\Windows\system32\drivers\lsi_sas3i.sys
15:15:19.0955 0x2a20  LSI_SAS3i - ok
15:15:19.0960 0x2a20  [ FA31CDF977CD31AF9AEAAA422966ACC1, 705761786930A2534CD1B797F5F16F56F58647192175F5D19E13642A89462CAA ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
15:15:19.0973 0x2a20  LSI_SSS - ok
15:15:19.0988 0x2a20  [ 52B6D805C60127F0456DF019775F5740, 3005C49349072EDD68DBFC6DBF884FC75E060920EA3FA90A60C39F5A83939595 ] LSM            C:\Windows\System32\lsm.dll
15:15:20.0022 0x2a20  LSM - ok
15:15:20.0028 0x2a20  [ E86400D7B6E095E89CF63667D94D3F50, 4E30374B82FB1D8904B9803109C4557C565023FA94C7AE61BB2ADAAACAE0E179 ] luafv          C:\Windows\system32\drivers\luafv.sys
15:15:20.0046 0x2a20  luafv - ok
15:15:20.0053 0x2a20  [ 07514F5635999D7DDB5F3A62B5C5AEB3, D3717437D14C36873E2D0C1AA65F29EB9A5DB1DE60A7EE86A093FD126B7EBC05 ] LxpSvc          C:\Windows\System32\LanguageOverlayServer.dll
15:15:20.0076 0x2a20  LxpSvc - ok
15:15:20.0081 0x2a20  [ 1CA48E995EE9BDAE7EE3601C792D8DA4, DC4EE789810D3993343F7085DBCFBE1E74B10A31B32C60964582E2F27B5D716B ] MapsBroker      C:\Windows\System32\moshost.dll
15:15:20.0099 0x2a20  MapsBroker - ok
15:15:20.0111 0x2a20  [ BD3D311802427608403C5E73A8D6137D, C85DCB557E931E302AF90270731C3F5AA820CDF14D7DBACA95284FD9E4BF5F3D ] mausbhost      C:\Windows\System32\drivers\mausbhost.sys
15:15:20.0133 0x2a20  mausbhost - ok
15:15:20.0138 0x2a20  [ 61C2D9790943D8E3AD05AE35E4A313EF, 96BBA5333F4AEEE41FAD28124DD448CFECD8111F931758CAB60FCB1DAA05E239 ] mausbip        C:\Windows\System32\drivers\mausbip.sys
15:15:20.0150 0x2a20  mausbip - ok
15:15:20.0156 0x2a20  [ 4F80A687C9BCF3E9C5FF3606A6268A24, 7EDA59DAC9365CBDADDF5D4663EBB1F7693ACBCAC0072ABB1F3DCA5C1F432780 ] MBAMChameleon  C:\Windows\System32\Drivers\MbamChameleon.sys
15:15:20.0168 0x2a20  MBAMChameleon - ok
15:15:20.0174 0x2a20  [ 31A4045CF63A3075C86A61BED91CE246, D4855A9B5331EB739318EDD51D62286569DB469E6AABF0180B019A79D10F6B67 ] MBAMFarflt      C:\Windows\system32\DRIVERS\farflt.sys
15:15:20.0185 0x2a20  MBAMFarflt - ok
15:15:20.0190 0x2a20  [ 738B5006742E0A32B67CABAE4CCA9525, 58CA12653081FFDD13EEFF42CA248868A680B1811B0C18A17821365735D79285 ] MBAMProtection  C:\Windows\system32\DRIVERS\mbam.sys
15:15:20.0199 0x2a20  MBAMProtection - ok
15:15:20.0310 0x2a20  [ ECB760B2391608BA4E0A7987ADA70CCF, 03B39EA56CD46666CFA8467AA246A63924C0F4AACD27E51FD5E1192000B4A577 ] MBAMService    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
15:15:20.0432 0x2a20  MBAMService - ok
15:15:20.0446 0x2a20  [ CB258766E99AB3B57E6FDF32177804A2, 61833AF290A3E10B0ABF9773625C1DD89B337D8F65BC6650B5BBB7393B77652B ] MBAMSwissArmy  C:\Windows\system32\Drivers\mbamswissarmy.sys
15:15:20.0459 0x2a20  MBAMSwissArmy - ok
15:15:20.0465 0x2a20  [ E929297ADFDE04C602405A5F7E4E6275, 6D624B5CFB5DF4898A42933209502053703E5F7B0E82B36C38E88B3D8BC854A9 ] MBAMWebProtection C:\Windows\system32\DRIVERS\mwac.sys
15:15:20.0475 0x2a20  MBAMWebProtection - ok
15:15:20.0479 0x2a20  [ 61BCE12529E96E6F0335A2A8DEB83C61, BFDD1E52736311CF53AE9C778C664D37B5B711B544BC41BDFB137F7A9789AD2A ] megasas        C:\Windows\system32\drivers\megasas.sys
15:15:20.0491 0x2a20  megasas - ok
15:15:20.0495 0x2a20  [ CA22763F12783A9C81C512ED747CECDD, 8D2403364D5479D89479FA0C23BB9511A4360F51504F78AA1675220CDCD21398 ] megasas2i      C:\Windows\system32\drivers\MegaSas2i.sys
15:15:20.0506 0x2a20  megasas2i - ok
15:15:20.0512 0x2a20  [ FDB06D857FC43D654547BBB31D039DB4, 4CBE0F0FBDD88A5DB4F333466BB4E1C886E0742D41B4ED418587B40C4F59B307 ] megasas35i      C:\Windows\system32\drivers\megasas35i.sys
15:15:20.0525 0x2a20  megasas35i - ok
15:15:20.0538 0x2a20  [ 230361AF74DDB91705284E024A22DF4F, 82F13E3E4A8B3CB6AE65C1C9F878702D16D101B0DCC79B9FF8368F9B87E0F285 ] megasr          C:\Windows\system32\drivers\megasr.sys
15:15:20.0563 0x2a20  megasr - ok
15:15:20.0572 0x2a20  [ 0CAEA11CEC2EEC7511385A467FD464D1, C84DD82374D551C90CCB274AB7F8CE4A503042CC8D1337A1F6498B2538E1793A ] MEIx64          C:\Windows\System32\drivers\TeeDriverW8x64.sys
15:15:20.0584 0x2a20  MEIx64 - ok
15:15:20.0589 0x2a20  [ 69259AFDF347B5F4AF06E900C4A1F62E, 167FF155F3E1B362A5D5FDB010A5F539F5E13CAD7E64E6F105CC770DA3639EEB ] MessagingService C:\Windows\System32\MessagingService.dll
15:15:20.0607 0x2a20  MessagingService - ok
15:15:20.0628 0x2a20  [ A8931C3820D5F392D89176E0628E766E, 0F035833B1CBABDF9E5142F3E5EB6413DC7DDBF3A0562170018A8EBA20992CA4 ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
15:15:20.0657 0x2a20  mlx4_bus - ok
15:15:20.0662 0x2a20  [ 133BE679CF8962E52A7E927C25F41EF3, 55EA0539AA4EB5E3BFCC33EFEE885AE4DE5D855069E95259CD22893AFC41FEF3 ] MMCSS          C:\Windows\system32\drivers\mmcss.sys
15:15:20.0677 0x2a20  MMCSS - ok
15:15:20.0681 0x2a20  [ CA25F2D78FDD0D36E3F3071B4B317BD4, 21B5902EF802FAFA7DC6FD737CE9888C74526983FDCE31CDFAB11630E1476FD1 ] Modem          C:\Windows\system32\drivers\modem.sys
15:15:20.0696 0x2a20  Modem - ok
15:15:20.0700 0x2a20  [ 13142B3B30F633F407D5256B2FFCCEF0, 0A8DD229FD752E8B7E1D11E1A066BCF8B3E2023068AD731FF23ACBF4D182D23D ] monitor        C:\Windows\System32\drivers\monitor.sys
15:15:20.0714 0x2a20  monitor - ok
15:15:20.0719 0x2a20  [ 66C9CCC6A100ACF7A4514BD3091CE566, 1423EC39D4203D717B79BF2E5F4A89A0541CCEA2162351A670EA46AA69A0859D ] mouclass        C:\Windows\System32\drivers\mouclass.sys
15:15:20.0730 0x2a20  mouclass - ok
15:15:20.0734 0x2a20  [ 6BE61DAF4CDC0E13940096EAC4A9F490, 954DA0C9FE3881030EC0B9A428C2C2BBC86353EC9421009AC48FDC047315160F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
15:15:20.0750 0x2a20  mouhid - ok
15:15:20.0755 0x2a20  [ 2CFB54C638F75E39FBB22723401A8A56, 5E4B1107534AF4ADCD031FC4931B6819B8371720A3D68B5C9788C2AB34DA2C21 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:15:20.0769 0x2a20  mountmgr - ok
15:15:20.0777 0x2a20  [ 1D062A64F9EE43F7234BCB6829E6EF89, 12E2B8B76E7DE9B509F98280E8CD12314341E497F934914747C31D7A18C825FF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:15:20.0792 0x2a20  MozillaMaintenance - detected UnsignedFile.Multi.Generic ( 1 )
15:15:20.0848 0x2a20  MozillaMaintenance ( UnsignedFile.Multi.Generic ) - warning
15:15:20.0848 0x2a20  Force sending object to P2P due to detect: MozillaMaintenance
15:15:20.0990 0x2a20  Object send P2P result: true
15:15:21.0129 0x2a20  [ BC7C041E5AB2D7F157731456188BFCF5, 8E2FDB34BD25A0D92692F584AD30419E54DE4349DC2ECF9B1FB15DB6C475A7C1 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:15:21.0159 0x2a20  mpsdrv - ok
15:15:21.0179 0x2a20  [ 9C7CE5CF0CDB6F41FDB96EF03754D283, A9A8B755EAF20C13FA32240FF71134020F21EF1EB7F033F385AA1F7FDB3CEF14 ] mpssvc          C:\Windows\system32\mpssvc.dll
15:15:21.0219 0x2a20  mpssvc - ok
15:15:21.0226 0x2a20  [ C12373EC998C6F17C0FE2D6C3CBB9C04, 5F41757D6774B2DCADB340430B26C2C1BA93D7A47948DA92023622B66BB7B482 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:15:21.0244 0x2a20  MRxDAV - ok
15:15:21.0256 0x2a20  [ 6C321DB795F5EF5FF870737177825FC9, A8E0049A0E3FF273383383E397F5E8C3D3D3462C4C699E92D012B3EA1590BAC1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:21.0277 0x2a20  mrxsmb - ok
15:15:21.0284 0x2a20  [ 42FE3D84EFE835443151DC2A50D05643, 3582EA0CAA2A02AA9A6FDECF9DE0F962BF10FB1C2E7E804A3F0D62C4A4C365B1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:21.0300 0x2a20  mrxsmb20 - ok
15:15:21.0305 0x2a20  [ F14DE177087F9E990EDE95ACE1F94662, E0B8C7DAF8C13CAD08B974D681981038E33ED8871717C550477EDCFD05A3B96D ] MsBridge        C:\Windows\system32\drivers\bridge.sys
15:15:21.0324 0x2a20  MsBridge - ok
15:15:21.0330 0x2a20  [ 9A94F32C1DC90A7E5A35D0F820A8FB1D, 4CAFCE804D9135BE9CBF80307D570F24E4A102890DAB504E3DEFF3B335C9B80E ] MSDTC          C:\Windows\System32\msdtc.exe
15:15:21.0351 0x2a20  MSDTC - ok
15:15:21.0360 0x2a20  [ 128E1D8C23F690DF1DD7AFDB214DB6ED, 9A04B77E91956B76B2FA2FE5F192C794E0C1DA708AE99B64B3B3D39902452E39 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:15:21.0378 0x2a20  Msfs - ok
15:15:21.0383 0x2a20  [ 5A5ABA987943317300A4E55A5C5EB8C4, 9AC863F537BBB2D776C3F240B510DEE94BD84A7675C695D1270770609E77F65B ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
15:15:21.0395 0x2a20  msgpiowin32 - ok
15:15:21.0398 0x2a20  [ D727DEA75E316C80793C7098225D3F56, F6E7F01DDDED03E29BE64796873875A4CC7215B3C8152192A465EE2E76FFC8A1 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:15:21.0413 0x2a20  mshidkmdf - ok
15:15:21.0417 0x2a20  [ E12A703CE10B068727499276340D5296, 67F513A83D896DBF014D7446D66F1A1F9F0D03ADB23B57FD1A3CCC880ED50299 ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
15:15:21.0432 0x2a20  mshidumdf - ok
15:15:21.0436 0x2a20  [ 8E42D6B92CB4567467E29F58F2E31715, F1EEB6811526C079EF8C3702A535B23FA14C5A33CA2B14C9A65BAE136568B724 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:15:21.0448 0x2a20  msisadrv - ok
15:15:21.0454 0x2a20  [ C9930B9F2ABF42C732202813951A9A26, FFCE4E4FEC9F8393C75828C1D5CC380A666D4606891789D3A6923CE6701D5D99 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:15:21.0475 0x2a20  MSiSCSI - ok
15:15:21.0478 0x2a20  msiserver - ok
15:15:21.0482 0x2a20  [ 2F3B9A23F8DEE9C3AD58CB3D966D83DD, C030A6376B392AA2D9CB8FF16196A4F71F4E7A3E32124B4B30D714D75B6583B2 ] MSKSSRV        C:\Windows\System32\drivers\MSKSSRV.sys
15:15:21.0500 0x2a20  MSKSSRV - ok
15:15:21.0505 0x2a20  [ AECFFBE104D428E8A74BCABF5B3B9912, EA94A7FA1F9BE357311E411293F4D3CC8F80ED1523BFE362DA56A3C2AC65DF58 ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
15:15:21.0521 0x2a20  MsLldp - ok
15:15:21.0524 0x2a20  [ 83364A92271339D8042C9DD5FD938A84, 23B9A90411DEF1ABA0A9EBFA6CC39F7EA2BFABD578F3783AD398551816AFEC2A ] MSPCLOCK        C:\Windows\System32\drivers\MSPCLOCK.sys
15:15:21.0540 0x2a20  MSPCLOCK - ok
15:15:21.0544 0x2a20  [ AE5A4B89CDFF544B6481970BFD48A056, 6BE9ABE33305387AA61B29AB075C2C72CCFC01A7E86C573B6BE9B4A0FFA9D3EC ] MSPQM          C:\Windows\System32\drivers\MSPQM.sys
15:15:21.0560 0x2a20  MSPQM - ok
15:15:21.0571 0x2a20  [ 63794CE6137D70D2E8468E147A89BD76, F3CE3CC7FA1EADF63807E39C6C96543EA37AE98406061E28696A677B6A952AD0 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:15:21.0603 0x2a20  MsRPC - ok
15:15:21.0614 0x2a20  [ 0EB202DFD0BBEBDA54159D0E37CA1A35, A73CFB1D6D5D4A053FE51634AC4B6B785BE02F45715D590410F00474B03A370F ] MsSecFlt        C:\Windows\system32\drivers\mssecflt.sys
15:15:21.0631 0x2a20  MsSecFlt - ok
15:15:21.0636 0x2a20  [ 4566CB65F176CE5CD8FCA487D2E3A64B, C058E431ED6D3F83A6C923648A79664A61A25F8797DA83C4AE25B491CC195F30 ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
15:15:21.0648 0x2a20  mssmbios - ok
15:15:21.0652 0x2a20  [ 8A11E03B32840C0B73C14D16794F1A8A, A003C44F5234522454E285D388E506B7880CCE5FCE5622618F97C2DFFC6EA9DB ] MSTEE          C:\Windows\System32\drivers\MSTEE.sys
15:15:21.0668 0x2a20  MSTEE - ok
15:15:21.0672 0x2a20  [ 794285C4F166B8108292E63FEA3C41E3, 69BB7DDB7D6F3D21395432384FB06E114B2C343664CD62A5DE1A95FBC0F5AEDD ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
15:15:21.0686 0x2a20  MTConfig - ok
15:15:21.0691 0x2a20  [ EEB9D3E90B83546864211D63C1A0A74A, E67118F7B91A192B50C9C2DC159B4276BBD8BF9CC935ABADA459E4DF4191066A ] Mup            C:\Windows\system32\Drivers\mup.sys
15:15:21.0705 0x2a20  Mup - ok
15:15:21.0709 0x2a20  [ 69CECA6726FAD321F5643B16A1FF3934, 8F43BEC668DD0A1D65D3B545B78AF4324AE36DCC3524B7CF3385FE2B19CB6B07 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
15:15:21.0722 0x2a20  mvumis - ok
15:15:21.0737 0x2a20  [ 84E984CE780DDAFDC1460C0DDBDE0DF3, DDDACF273B2D2FCF4D64E44149CBBD1437FB4545F86A11CDC6DCBCCB75C8D8C5 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys

korato 17.12.2018 15:28
Code:
15:15:21.0765 0x2a20  NativeWifiP - ok
15:15:21.0784 0x2a20  [ B281FAC1C60FE21ED3F635ECF673A981, 6641CCBD38AEF3FA5D9EDD24F01AAB6509AD6D3927371CD7938C04B3BBC92FD1 ] NaturalAuthentication C:\Windows\System32\NaturalAuth.dll
15:15:21.0822 0x2a20  NaturalAuthentication - ok
15:15:21.0829 0x2a20  [ 6FEC83EDC4A3D1E99039CA1D96AD720D, F6DB011FBED10EAF8CCDC9EDDCB47F728B6B17A6A3CA5D6DB5DE50EEFE7DDD4D ] NcaSvc          C:\Windows\System32\ncasvc.dll
15:15:21.0849 0x2a20  NcaSvc - ok
15:15:21.0859 0x2a20  [ C3D3E2DFBD52C48EA787604F49060A5C, 0F5E3C9E63F6421398154EF942182FE67CCCCE6DE25B1EE2A30A8E6E3C17145A ] NcbService      C:\Windows\System32\ncbservice.dll
15:15:21.0886 0x2a20  NcbService - ok
15:15:21.0892 0x2a20  [ 9AB04C4C14B32D127DB6E7D3DF79FF26, DAC84CBDF605C43657CDA1B95A86DC0D55E236A75BFDA3041472C5D6222EB025 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
15:15:21.0910 0x2a20  NcdAutoSetup - ok
15:15:21.0915 0x2a20  [ AB9EB3CADF4D415B598487397476A23A, EA48BC5CCD9814F6CA50485818BA150A1066D462306764C197935A926DF0565E ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
15:15:21.0927 0x2a20  ndfltr - ok
15:15:21.0953 0x2a20  [ E54D9AC4A3315D7E775ECC7B06F373DC, B3F150A0A3D71DA644BE91B17E1260D790926C10D36B83EB9D59F8C088E2D9F0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:15:21.0991 0x2a20  NDIS - ok
15:15:21.0998 0x2a20  [ AF73B18F3096B165A6F4417C5ED36B01, B0FA9E52D7208F756103E2E853F1D17F594C9FDD2E76304743C581613E612449 ] NdisCap        C:\Windows\system32\drivers\ndiscap.sys
15:15:22.0013 0x2a20  NdisCap - ok
15:15:22.0019 0x2a20  [ 1A9B1F5B8B131CE461A01C9424E149D7, 66E3F49308DF111B5D5DBF57F11A05E0B9492530587E37C6729C46AED17647D3 ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
15:15:22.0037 0x2a20  NdisImPlatform - ok
15:15:22.0041 0x2a20  [ 4C8BBD7EE829CE9BFB8E21134AC477E0, ED8E0D603AFFA4BD7C7057B7B10FEB811B89CB8C6D66EC8212AC24062D58CEDB ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:22.0058 0x2a20  NdisTapi - ok
15:15:22.0063 0x2a20  [ 76DB7B344F90A29A16CB6B7C67B87CF6, 921E6AF5B22CF3A9E153F6A6F5E3FFE64BE49959AD705F865D2734B0F8A07517 ] Ndisuio        C:\Windows\system32\drivers\ndisuio.sys
15:15:22.0083 0x2a20  Ndisuio - ok
15:15:22.0087 0x2a20  [ A76D79B71300EB3FEDD3D12D4C6F1D76, 9B20C3716DDD9EECCDDFA2C4F1A9ACA512B612A8CDFC8C22B2F867280AE51A3B ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
15:15:22.0102 0x2a20  NdisVirtualBus - ok
15:15:22.0108 0x2a20  [ 407FC276F4E21FC9BF40D8F78E9D96AE, 87AC75F713100C9938FBAE16B0F40A5C77713DA12690AFCF7365F2FCBCCD4472 ] NdisWan        C:\Windows\System32\drivers\ndiswan.sys
15:15:22.0127 0x2a20  NdisWan - ok
15:15:22.0134 0x2a20  [ 407FC276F4E21FC9BF40D8F78E9D96AE, 87AC75F713100C9938FBAE16B0F40A5C77713DA12690AFCF7365F2FCBCCD4472 ] ndiswanlegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:22.0152 0x2a20  ndiswanlegacy - ok
15:15:22.0157 0x2a20  [ 934E4A5CFD9CB891CD338052FA3467C6, 0D7C1709E6C818E2DA969220C888BF3A28D0952E73322EDDFF66AFEEB03A3103 ] ndproxy        C:\Windows\system32\DRIVERS\NDProxy.sys
15:15:22.0174 0x2a20  ndproxy - ok
15:15:22.0180 0x2a20  [ 0E3B0F3645D1BAE79397C66FE8AF6402, 6568FD9646FE7C7D61D280C26097583EFA2FB9F59D43340A7283BEAD3A5CC206 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
15:15:22.0200 0x2a20  Ndu - ok
15:15:22.0207 0x2a20  [ A704515CF3038668E9E2CA66E31A0700, 0F5A75AC5FF8E021D15D89ACE4C4D215825D931097E1BB633F46177E36F40157 ] NetAdapterCx    C:\Windows\system32\drivers\NetAdapterCx.sys
15:15:22.0229 0x2a20  NetAdapterCx - ok
15:15:22.0234 0x2a20  [ DD09E3115DF2CDB36FED21E67149EB91, F2FAD5091F456E593FB25843026C5F2440D3605E5355F5FEFBFEF5E9E70DDED6 ] NetBIOS        C:\Windows\system32\drivers\netbios.sys
15:15:22.0246 0x2a20  NetBIOS - ok
15:15:22.0256 0x2a20  [ A6C01E478CD9ED26F6FB7ABCF9A2C773, 9524D6BC0F3360311A8C887B7987949BC1B24606BCAB92532C59AA61B364F0D7 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:15:22.0280 0x2a20  NetBT - ok
15:15:22.0285 0x2a20  [ 3DF3B76B19DA92A8ADC01FF38560282D, F56DDDF7A8F1AA0F3D9FFE0CD618544CFAF233A33314240ECCBE5F897A91B534 ] Netlogon        C:\Windows\system32\lsass.exe
15:15:22.0297 0x2a20  Netlogon - ok
15:15:22.0306 0x2a20  [ C3D07481FDD607F9B66B2CF1D8E26EF0, 5B20EAE39884B103F83A36E9AA55BA8932432344C7BADB11D8B827C07C7999E4 ] Netman          C:\Windows\System32\netman.dll
15:15:22.0329 0x2a20  Netman - ok
15:15:22.0341 0x2a20  [ A3425B6F5F038DA2755EE004CDD2D76D, 2C81B42A77AD27CBDAC2AA1737410EDA52DD00A65529640250EF1462BCD65050 ] netprofm        C:\Windows\System32\netprofmsvc.dll
15:15:22.0370 0x2a20  netprofm - ok
15:15:22.0380 0x2a20  [ C8B1AF912319FEF251288BDD27E9576D, 0A8C2CDE353C23F076F6ED8609F3074116179B3C8BF7700324250689FDB2331C ] NetSetupSvc    C:\Windows\System32\NetSetupSvc.dll
15:15:22.0407 0x2a20  NetSetupSvc - ok
15:15:22.0417 0x2a20  [ 7EC8B56348F9298BCCA7A745C7F70E2C, F677CBD94ABE25AECF08ECFBBDA063A9C032C678327A0D105CB6B3E587C44C19 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:15:22.0428 0x2a20  NetTcpPortSharing - ok
15:15:22.0435 0x2a20  [ DA8548D75434CE421BF921BAAC0916D9, 3A7E1D5EC02D6D4FD3321A1B8ADB20E99DD556E2D5FE1C98633F06EE6A023A23 ] netvsc          C:\Windows\System32\drivers\netvsc.sys
15:15:22.0454 0x2a20  netvsc - ok
15:15:22.0469 0x2a20  [ 162A571ABAF9546339EE0BB482FF6AE7, E6E590B628AA65D161D7A87C9CF360D905FCC858E73EE1C4723FE217E8A91EA2 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
15:15:22.0503 0x2a20  NgcCtnrSvc - ok
15:15:22.0521 0x2a20  [ CA8AD24C34F990C93846D4D9DDDC9E58, 8509062782423D978CBF498731043B1464C2A84524025B08AEA2BB0A51400C31 ] NgcSvc          C:\Windows\system32\ngcsvc.dll
15:15:22.0557 0x2a20  NgcSvc - ok
15:15:22.0569 0x2a20  [ BF69FF80C3975B1D1E9428A689A16CB1, 670016D59D2169B44E2EF4CBDE281A34C4E868D2465362B09FA2DBFA393A2804 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:15:22.0596 0x2a20  NlaSvc - ok
15:15:22.0601 0x2a20  [ 57C732F21604C5FC74FD1CBCA0C6EAE7, B65EB98012A14523C5CE59859FD973B3ECEAC929DA58B79CB05597C5A75D4858 ] npcap          C:\Windows\system32\DRIVERS\npcap.sys
15:15:22.0612 0x2a20  npcap - ok
15:15:22.0616 0x2a20  [ 57C732F21604C5FC74FD1CBCA0C6EAE7, B65EB98012A14523C5CE59859FD973B3ECEAC929DA58B79CB05597C5A75D4858 ] npcap_wifi      C:\Windows\system32\DRIVERS\npcap.sys
15:15:22.0625 0x2a20  npcap_wifi - ok
15:15:22.0634 0x2a20  [ 55E728D557F3AE1CBA58B80D7DD59D69, 03EE2DFDD5A06D6BFDF4382A8DBD3E768A48613311A4C29F7626B81E296B7EF1 ] npf            C:\Windows\system32\DRIVERS\npf.sys
15:15:22.0658 0x2a20  npf - ok
15:15:22.0663 0x2a20  [ 7190932DB00BE83B57C01B5EAC4D746B, A3C7C87874620E042EFCDF64332450ACEDD4FAB7F6C1B2DE97A1C6EDA2DA3055 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:15:22.0679 0x2a20  Npfs - ok
15:15:22.0684 0x2a20  [ 55E728D557F3AE1CBA58B80D7DD59D69, 03EE2DFDD5A06D6BFDF4382A8DBD3E768A48613311A4C29F7626B81E296B7EF1 ] npf_wifi        C:\Windows\system32\DRIVERS\npf.sys
15:15:22.0695 0x2a20  npf_wifi - ok
15:15:22.0699 0x2a20  [ 218DB396170D77BB94F69B526CC51B8F, 6AACC3C38E22061A210918771D3B087903CB7024AFBD013827864C02CD75A3F9 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
15:15:22.0717 0x2a20  npsvctrig - ok
15:15:22.0722 0x2a20  [ 457DAC0D0978F5391E0742ADCB4C2E28, AD53F2FC597E90AFF0795655A36192BA803AD1E737C86FD216CD39E2EC4F9C36 ] nsi            C:\Windows\system32\nsisvc.dll
15:15:22.0739 0x2a20  nsi - ok
15:15:22.0744 0x2a20  [ A4952889D7C5804F17ABB9F454A371C2, 0FCE2AD4F705805D95993337915607F74CE2AA9EC92919DDE3D2569D6B9B5C13 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:15:22.0758 0x2a20  nsiproxy - ok
15:15:22.0805 0x2a20  [ 8AA13C67D70E9452B55B7A5C8B96BD36, 01E69E7E0EC4A6C2DC4736A01188348A8C5B17A6D1B443212173AE4A7D93BEDB ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:15:22.0865 0x2a20  Ntfs - ok
15:15:22.0871 0x2a20  [ C029E5408EEE26C3B4E5BA5D29738DB8, 8463A19A690304DC757E7698FCB59902B6305A0E9C48BF2FB2DF24C1EFA4A6EC ] Null            C:\Windows\system32\drivers\Null.sys
15:15:22.0889 0x2a20  Null - ok
15:15:22.0898 0x2a20  [ 189E5FCB96ABFEA84239A16062256EE4, F3233B1B14363CD4CD032F43368FD10A42C0BE665F4B13A7E253C327C2B832DB ] nvdimm          C:\Windows\System32\drivers\nvdimm.sys
15:15:22.0912 0x2a20  nvdimm - ok
15:15:22.0922 0x2a20  [ 0A4C96A706AAD735FFE0F98C408242A8, EF5DE8569A7BEDF5A940A2567FAC8660140ECD6E407938006880DAB5F8C98A13 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
15:15:22.0937 0x2a20  NVHDA - ok
15:15:23.0292 0x2a20  [ F5C82A48B7A514B5CB76089C4B4D3A34, 6CE6BF988D0E9FEC778DD66791EA0C59893138D023CCCFF44EE5EA3B1CE8717B ] nvlddmkm        C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e59b844303b9907e\nvlddmkm.sys
15:15:23.0673 0x2a20  nvlddmkm - ok
15:15:23.0698 0x2a20  [ 1F50ED95984009BF3634D6BD1A16FA5B, 650A25B2419331D95B1E4C26DE253AC3500374EDEFC5DB55CD5D5884A26783F0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:15:23.0712 0x2a20  nvraid - ok
15:15:23.0718 0x2a20  [ D6C14906B78F235461EEF96A886830D4, 5D0EDE46EB9965C494B994F7071696C91C0C01352D1B000501E7B55F54F11952 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:15:23.0732 0x2a20  nvstor - ok
15:15:23.0737 0x2a20  [ 23423E859CA253382D80D0321522A171, 79C914C0A421E0BE566B5FCD5868B1248D4F397C24F8C5E70A8EA6E260617845 ] NvStreamKms    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
15:15:23.0746 0x2a20  NvStreamKms - ok
15:15:23.0758 0x2a20  [ 4BE0930A6E5FC5FB5C91473A3E89FB7B, 41987260F74651C9BAC97BBB31BAA991C5F86C96E5DAB1F1F7AEBC9BD4BEB502 ] NvStUSB        C:\Windows\System32\drivers\nvstusb.sys
15:15:23.0776 0x2a20  NvStUSB - ok
15:15:23.0780 0x2a20  [ F12864A2CCC899FE8E87463C967A9916, 08C2FD2E23EEFAA43904CBE46BBE1D073DE400E4DA005B8B5325BE2C6A29BA9D ] NVSWCFilter    C:\Windows\System32\drivers\nvswcfilter.sys
15:15:23.0790 0x2a20  NVSWCFilter - ok
15:15:23.0802 0x2a20  [ 9DF8BBA81D0A44AA9D14B7ADE47D2200, 3F50BE14892D168032DA9AF22259A986F024E6AD43DAEEC3C1E777BFA9E5A157 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
15:15:23.0818 0x2a20  NvTelemetryContainer - ok
15:15:23.0823 0x2a20  [ E502016A185B5BB9DC341873F82CD49C, A1F7D3E4FA5B4C81966F0E1DE8039CDD0374A9FF86AB252483FC9D98360089A1 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
15:15:23.0832 0x2a20  nvvad_WaveExtensible - ok
15:15:23.0837 0x2a20  [ F438902185093A11F1BEC238B6B5862A, 18E1CFF7899B0A5D4DBA1633FF0D46ECE47AD0828CEA8D8A3A8B3549BFD1C9E6 ] nvvhci          C:\Windows\System32\drivers\nvvhci.sys
15:15:23.0848 0x2a20  nvvhci - ok
15:15:23.0858 0x2a20  [ 9DBC464AB85AA48C9760C6C2E591E2D3, C9D718F8BE838E13F7488F1E8DAA79809340235A5BA5BF206C1C3DBF0A5DDB48 ] OneSyncSvc      C:\Windows\System32\APHostService.dll
15:15:23.0882 0x2a20  OneSyncSvc - ok
15:15:24.0021 0x2a20  [ 85E841798B0669F260BAD9D778F8146F, F37CDBC3F875DE1A0104B117D6E8D7DC4C5C1D8196986C08C6A090C1C236970B ] Origin Client Service D:\Games\Origin\OriginClientService.exe
15:15:24.0092 0x2a20  Origin Client Service - detected UnsignedFile.Multi.Generic ( 1 )
15:15:24.0159 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:24.0160 0x2a20  Origin Client Service ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:24.0160 0x2a20  Force sending object to P2P due to detect: Origin Client Service
15:15:24.0327 0x2a20  Object send P2P result: true
15:15:24.0602 0x2a20  [ 23F31E9A56527C63FE34E9C742B27DB8, 2F7279DC19D0BECAB9A282EDFF8A0955A5A2419FBA608D86345C9B21BDB2638D ] Origin Web Helper Service D:\Games\Origin\OriginWebHelperService.exe
15:15:24.0664 0x2a20  Origin Web Helper Service - ok
15:15:24.0675 0x2a20  [ D73A677A040EFEB9645EF25615EE7D5B, 6B88E17E7CF273BF7AB4AFA53D33AFB11CF48D4FE1FB3D20AB122C5369C12415 ] ose64          c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:24.0689 0x2a20  ose64 - ok
15:15:24.0699 0x2a20  [ CD5ECD6470B6B235B73569A091150299, FAAE20B0F2F15ADA5B3F5F2BBBFEA000A95EC8A64B37C9364145CE04EE204352 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:15:24.0723 0x2a20  p2pimsvc - ok
15:15:24.0735 0x2a20  [ CCD10679BA0D9EF549F80C458C2AD1C4, 7B433FEE4BEA69C28A98F4BFBE5FA603DB2CE1DFCF229EBB4D9B7A0FD159FF04 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:15:24.0760 0x2a20  p2psvc - ok
15:15:24.0765 0x2a20  [ 13B175715A4391E4E5D2AB2EBC8CDBB5, 12BA91A586C5A31FBECEB2D4842E52F79EDD3E2AD4DB169C902B9A120AEC0201 ] Parport        C:\Windows\System32\drivers\parport.sys
15:15:24.0781 0x2a20  Parport - ok
15:15:24.0788 0x2a20  [ 428B9FAFB0EE6EF66EAAB7B49A96487A, 90892AC924B529B86B42D011B2B2F0556E204650C890FDACABD8051AD6EDB631 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:15:24.0801 0x2a20  partmgr - ok
15:15:24.0815 0x2a20  [ D0D8F07883CE4C96B41469071DA4E58B, 237B128D8B20101A6AE0BAD2689FEF58A14807A2DB87AEBB21E2F8375F082BB1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:15:24.0837 0x2a20  PcaSvc - ok
15:15:24.0848 0x2a20  [ 171FEE651F837DE6BC0831EB2EE6E667, 3DA84AE42D5D05405143B76B0DE0D21E46052AF124EBE2E639349250382711E0 ] pci            C:\Windows\system32\drivers\pci.sys
15:15:24.0865 0x2a20  pci - ok
15:15:24.0870 0x2a20  [ C447CDA030A3415711E4E940D2E9B399, 292888AE9D44013D8B12BB1D8803988EFF64957DE682B64FDC82E100646390DA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:15:24.0880 0x2a20  pciide - ok
15:15:24.0886 0x2a20  [ 753174DF234EA8BBF732986D5F78FCE7, 6BE93B24DA2161DAE5ECBE393729BD4661F04CD0CDEBEBF6D92E9E212FA89D71 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:15:24.0897 0x2a20  pcmcia - ok
15:15:24.0902 0x2a20  [ 1D05B6DE437515281CD91A16C16529E6, 0FC581E40AF55D916CF428ECF4387C1E909C3361426F1D9F723F9497C9B025D8 ] pcw            C:\Windows\system32\drivers\pcw.sys
15:15:24.0914 0x2a20  pcw - ok
15:15:24.0921 0x2a20  [ F5F1A092463D6E46E71CC709A65403D1, 9EEB499D54842667B4ECF1036E28926C8AD20515333373D2965C57BC2C7EAD4C ] pdc            C:\Windows\system32\drivers\pdc.sys
15:15:24.0933 0x2a20  pdc - ok
15:15:24.0950 0x2a20  [ 42B12A76D3C98AE69C97727E3BEC7D8A, C878A05A9817F62514432685FAA795737F628EF7258EC5C7846045E1CAB2DF6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:15:24.0994 0x2a20  PEAUTH - ok
15:15:25.0033 0x2a20  [ 05A0A1AC00A8653B49F94381872D47E7, 75B7E616D08D6D8BD964953B5CC342E72E35D8C660E2F97BD36ADA59130169F6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
15:15:25.0102 0x2a20  PeerDistSvc - ok
15:15:25.0109 0x2a20  [ CD9BA1C279BE0E92E971C2B45A7F3D9B, EC6546868718771EE45D07E9E856E5F33DD4339C1115E4479D7DEF4394D141D0 ] percsas2i      C:\Windows\system32\drivers\percsas2i.sys
15:15:25.0121 0x2a20  percsas2i - ok
15:15:25.0126 0x2a20  [ 6D5EA79E82A48B181E18C2C39416E8C8, 4F5EF24FFFABB82B1E9D98DE3275508D458589F729C4976FDB3C2EC51549D414 ] percsas3i      C:\Windows\system32\drivers\percsas3i.sys
15:15:25.0138 0x2a20  percsas3i - ok
15:15:25.0161 0x2a20  [ 185100798FBD23C849DC1C00ED43D99D, 10895ADE339744BBABDFB50BE6025217C02C76B1911C2C8740A57912385B38DE ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:15:25.0185 0x2a20  PerfHost - ok
15:15:25.0227 0x2a20  [ 7ECA879200FAB0A7EAA2E4F17239666D, 7D9177274055A5DC30C1925F4AB0C79756F4D8BB40440BF1C5C906492343041D ] PhoneSvc        C:\Windows\System32\PhoneService.dll
15:15:25.0264 0x2a20  PhoneSvc - ok
15:15:25.0272 0x2a20  [ 807ED476A62E79935315342BD3FAA046, FF56FC79C6B6043A10C123CF85A8DDA0B8564E03D49AD5811DDCBB99823C4836 ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
15:15:25.0294 0x2a20  PimIndexMaintenanceSvc - ok
15:15:25.0325 0x2a20  [ 4E614DBE28B5857F70DEBCC804629E67, B93C42FB96BBA0577CB892274905352AE4A6DE257F676D6A23CE0297F945D7E7 ] pla            C:\Windows\system32\pla.dll
15:15:25.0388 0x2a20  pla - ok
15:15:25.0395 0x2a20  [ DBD6E8A5C358AAA3B4900EFD5CF94CC8, C8261CBE358562B3F31ADA0567723E0118A8687DFC8939FABC65E61C38BFE20B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:15:25.0413 0x2a20  PlugPlay - ok
15:15:25.0422 0x2a20  [ E8BE4041A69023B6A4D1096EE8436347, 133BAA21852D077EA600F0A09C112F6511ACB792757472891E71185E94135D5B ] pmem            C:\Windows\System32\drivers\pmem.sys
15:15:25.0438 0x2a20  pmem - ok
15:15:25.0443 0x2a20  [ 99ECEDA6B2E1FDB6892FBD5AED1E5D99, C970DDDBDB4AF8C6A1AA92D780B82920B4922304649509075CF14A2AB86C3CCF ] PNPMEM          C:\Windows\System32\drivers\pnpmem.sys
15:15:25.0456 0x2a20  PNPMEM - ok
15:15:25.0460 0x2a20  [ 75690F495CEDBEF3D5989828AEEAE832, 3257E7261DF8F39CA4988BBED3060B9E8A5988978F66A4B1409E08F65B262FED ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:15:25.0475 0x2a20  PNRPAutoReg - ok
15:15:25.0485 0x2a20  [ CD5ECD6470B6B235B73569A091150299, FAAE20B0F2F15ADA5B3F5F2BBBFEA000A95EC8A64B37C9364145CE04EE204352 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:15:25.0508 0x2a20  PNRPsvc - ok
15:15:25.0519 0x2a20  [ 9744ADAF8DD679D64A33D828FABA39E1, AE820E529697A2F308E6A24127B3D4A7F02C406DA46A6CB65243EC3F6B400950 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:15:25.0546 0x2a20  PolicyAgent - ok
15:15:25.0555 0x2a20  [ F39D3876C731BB01BFE8F574188837C8, 51CB5E89397D6A150A05BDD53CC9B90B419A040BE1828C2E7BBD6684FE371588 ] Power          C:\Windows\system32\umpo.dll
15:15:25.0578 0x2a20  Power - ok
15:15:25.0583 0x2a20  [ 1FB09FD846D5030B82EB345E9970A105, 871D38DD966EDD919B2E0C51125E1834A15A0222E2452605988BFD7E7B37C5C1 ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
15:15:25.0602 0x2a20  PptpMiniport - ok
15:15:25.0665 0x2a20  [ AD62FCEC1CB8ECD7C0E3DFD2FA79FDE4, 6372FC5E78A2DDB8AE6EB73BEB5C0D4056FB6BE9F231A36BAC37AE970F5EB247 ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
15:15:25.0770 0x2a20  PrintNotify - ok
15:15:25.0783 0x2a20  [ A60202AE474E2173ED91118DD73ADAAD, 6AE315E1DD9E3B03E48B8848FCB0CDD506080F0012DE478BA99D102F91E968E6 ] PrintWorkflowUserSvc C:\Windows\System32\PrintWorkflowService.dll
15:15:25.0802 0x2a20  PrintWorkflowUserSvc - ok
15:15:25.0811 0x2a20  [ E0E55CDA29C80A9520FCFC78D7F8A73D, 9DE15A73643D71183E568F8F4DD8776D935786BE46F15BFE2DFD607378FC9E58 ] Processor      C:\Windows\System32\drivers\processr.sys
15:15:25.0828 0x2a20  Processor - ok
15:15:25.0840 0x2a20  [ F96AA93B40D4670016DAF8C8F0D1BCB5, E8B77B271FDD6036F44EB9F7B7D270E754E69914F91E19512BF038FC3EDAC04F ] ProfSvc        C:\Windows\system32\profsvc.dll
15:15:25.0867 0x2a20  ProfSvc - ok
15:15:25.0874 0x2a20  [ 9E73997C6710ED6078C814B8708A3ABA, 124649F43C41FCFEC8DC4121716B37ACD559172A3B65FD287A17ADD03C015EE5 ] ProtonVPN Service C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
15:15:25.0884 0x2a20  ProtonVPN Service - ok
15:15:25.0891 0x2a20  [ E4BF8BE7B3711BCBBC95EE983C0236F4, A71C09D83034C96F7ED4DB58F7388F8A13C7FD1A3F41FE8EEC553C42B65DFFC6 ] Psched          C:\Windows\system32\drivers\pacer.sys
15:15:25.0904 0x2a20  Psched - ok
15:15:25.0912 0x2a20  [ 114C1662EBF3C52B0FF52EAB1D9787BB, 6EB1871F69EF4CB1A8FBFA9D73050E5253861D4BF8DC8999B652EAAFB04DD10D ] PushToInstall  C:\Windows\system32\PushToInstall.dll
15:15:25.0940 0x2a20  PushToInstall - ok
15:15:25.0949 0x2a20  [ 8AB5F41584C98047ABEF490FC1E31F7E, F8480F9D9C1A60901975C529CC0911ED592834AB1068FADD88B15E6497A59221 ] QWAVE          C:\Windows\system32\qwave.dll
15:15:25.0972 0x2a20  QWAVE - ok
15:15:25.0977 0x2a20  [ 00F72861538B6C4E925A21BAE397A49D, 6847E2332CC8573850428CC7E3A73B2DA0274977F53BDDF7DBA68D223A501CC4 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:15:25.0993 0x2a20  QWAVEdrv - ok
15:15:25.0997 0x2a20  [ 0FFABEB2D06CD74DDE0BCA510EEAEEBC, 8598F39D312754C92A3776104D596F0C0312712D934B9994B2711F95FA6FE0AE ] Ramdisk        C:\Windows\system32\DRIVERS\ramdisk.sys
15:15:26.0009 0x2a20  Ramdisk - ok
15:15:26.0013 0x2a20  [ B834761352403111D0113284D8736025, 444D05D5F4CED956AFE48CA29CD59420BDB2B14336D19BE2A28612A851EACF4E ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:15:26.0028 0x2a20  RasAcd - ok
15:15:26.0034 0x2a20  [ FA99CE309B66586A0AA6EF9CFF7BC467, 4684EB05828C2153FE94468E7A9A75D8C81F90E700B437C5990BC9451AD39AC7 ] RasAgileVpn    C:\Windows\System32\drivers\AgileVpn.sys
15:15:26.0052 0x2a20  RasAgileVpn - ok
15:15:26.0060 0x2a20  [ C7CCE345D0010B3B9AC5067578436BFE, 4473E7D0492B7F0214576861A6AD90363D7F826B5E0DE15A56E93DA94BBF19E7 ] RasAuto        C:\Windows\System32\rasauto.dll
15:15:26.0078 0x2a20  RasAuto - ok
15:15:26.0083 0x2a20  [ 775ED7E51B58CF9EB415A1DBA540DACF, A3035A8A299D35B7A24A347FB8A2DB6B5892FD2A181D90F64CCD4806EA154395 ] Rasl2tp        C:\Windows\System32\drivers\rasl2tp.sys
15:15:26.0101 0x2a20  Rasl2tp - ok
15:15:26.0122 0x2a20  [ 6208EAF6A9D17E867401D08BAB2FE47D, 55512CC174029D4168351B8C9584EF730AD25B4197EDED78CE3FD9AC47D761E0 ] RasMan          C:\Windows\System32\rasmans.dll
15:15:26.0160 0x2a20  RasMan - ok
15:15:26.0165 0x2a20  [ E2433A620ABF4083157944E4692C500D, 126CA9F9D38FB4FA312A82FEA24C13D0693407384B1BCD55A0CBEFA8E52E1D8A ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:26.0181 0x2a20  RasPppoe - ok
15:15:26.0186 0x2a20  [ EE5D1D51FA74ECCE57CF2DB8F6A417D8, CC295366C60CAECA7CC32903E3A983635B55A5F5FD6E6BC4FEFE997B8154345C ] RasSstp        C:\Windows\System32\drivers\rassstp.sys
15:15:26.0204 0x2a20  RasSstp - ok
15:15:26.0212 0x2a20  [ D7574D53A3D663B1DBBFCDC8223F8961, 711C92FDCA9724E193FE4D510E31C7A037DEF889DE007FC7A24D5941B0A9458D ] Razer Game Manager Service C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
15:15:26.0224 0x2a20  Razer Game Manager Service - ok
15:15:26.0233 0x2a20  [ DDEA05522E182C1B62522663DE3BF750, 047BEDEA92F536F77527BAA2D37C1EAC6F1B4194243084B8EF4268E193600B8E ] Razer Synapse Service C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
15:15:26.0246 0x2a20  Razer Synapse Service - ok
15:15:26.0258 0x2a20  [ 8CBCB14A22D48DE6EADFAED372AF870D, 61AE92836FFB40BC818D713C2E9F8838B4D7AE1327C2720B59CBAF2B101AAA73 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:15:26.0278 0x2a20  rdbss - ok
15:15:26.0284 0x2a20  [ 206AB796793FDBD518B82E2F308A7176, ED0DBDE7106970F217F4FB1FB184B6795A16356C879C17E0910840F64F292809 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
15:15:26.0298 0x2a20  rdpbus - ok
15:15:26.0305 0x2a20  [ 3DE4216324BE32FC3AF7667AE2406EE5, B2E3C47983C58B32E07E251FF729670B5D481249EEDFD3A3EFB0F8734673F1F6 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
15:15:26.0331 0x2a20  RDPDR - ok
15:15:26.0340 0x2a20  [ 0600DF60EF88FD10663EC84709E5E245, 48572DC0C644E13BD1713E29E522763EB4E00337ACA64D1392960D17EAF8923A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:15:26.0350 0x2a20  RdpVideoMiniport - ok
15:15:26.0359 0x2a20  [ 65652EFAAF4A8A59E60A2D7BE15317E8, 83A9A8506EF4769625EF0EF43B93906A6FBD9133E52C12B17A68B89DAC68D026 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:15:26.0375 0x2a20  rdyboost - ok
15:15:26.0412 0x2a20  [ 3DCB3FAFE46B9FE41C9065EBBED97724, AEB08C8C1E6AB6181A5F2B540F913B59A1256AF0E6D5355C4AC7DDBA0BF0F20B ] ReFS            C:\Windows\system32\drivers\ReFS.sys
15:15:26.0462 0x2a20  ReFS - ok
15:15:26.0484 0x2a20  [ B76350D40A46DBA17205F8373528FD83, A599A9B1297B5D70632A9EF23E9771BA646672A1B0E323144EDE906CCA172EB7 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
15:15:26.0512 0x2a20  ReFSv1 - ok
15:15:26.0526 0x2a20  [ 980F60634FAF9C58FC468AF9AA609D68, 7BA03FE851F78D5DC9062ACEADF194ACB4F8F56C9D496B17D846CE1E4373B404 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:15:26.0554 0x2a20  RemoteAccess - ok
15:15:26.0561 0x2a20  [ 106E630F1B2A8BF2BBD4508D9B166406, FAFBE21EC61B97B4B825285EBA0F661382A95119E1740EE4FB9A1F6FB3C0F5F7 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:15:26.0581 0x2a20  RemoteRegistry - ok
15:15:26.0597 0x2a20  [ 53BE6D9C36A9CB95A1568C24D44A8A34, DD8245F87B9D4203F56595D6ABF9F1E74EA071D4B7BB0469A293CA9E20BDA246 ] RetailDemo      C:\Windows\system32\RDXService.dll
15:15:26.0637 0x2a20  RetailDemo - ok
15:15:26.0645 0x2a20  [ 3D4F4CCE0364CD3F1B539D2630686F24, 620EFC53D6F5279AEF4748FAE22F7239E7855D1F5C79B85F6CB54EF51C516408 ] rhproxy        C:\Windows\System32\drivers\rhproxy.sys
15:15:26.0661 0x2a20  rhproxy - ok
15:15:26.0668 0x2a20  [ 7414B6F0E0B9BD9A215F93A385BFEBF1, 17903ABF595411694BC9951785668421FEC439EF346A65C8854D4FA663F185A2 ] RmSvc          C:\Windows\System32\RMapi.dll
15:15:26.0686 0x2a20  RmSvc - ok
15:15:26.0692 0x2a20  [ 3CD63AE6A9A1DE4CD5831AE15221C861, CB8B5FDA48D9D4E5A9F26F67859105E2769AF82B2CA1B0B35D9BFBA611445CC0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:15:26.0712 0x2a20  RpcEptMapper - ok
15:15:26.0717 0x2a20  [ 19EC4D05E01FE350B3494CEA122D64EB, 09FF60A8F22D66796257E33F4CFD6059D4A11A3173A7691718E9FE841E15ABA2 ] RpcLocator      C:\Windows\system32\locator.exe
15:15:26.0732 0x2a20  RpcLocator - ok
15:15:26.0756 0x2a20  [ E0D1E2A22B39782081D3FC64AB8ABA35, 338B6C7C3E63B783820F159DA502642F88B07F8DE6A6090DF54DAC6BE0400DB0 ] RpcSs          C:\Windows\system32\rpcss.dll
15:15:26.0801 0x2a20  RpcSs - ok
15:15:26.0807 0x2a20  [ FFFB16EF6E0B8B5F7F19B425923E7D12, 27C2882AC7B27BAC5A4051C2C9326A6D289F297158DE7A3A93E8B09378DC91AA ] rspndr          C:\Windows\system32\drivers\rspndr.sys
15:15:26.0824 0x2a20  rspndr - ok
15:15:26.0839 0x2a20  [ AB7C0639DF052528C2CB06D0EAE115EC, 5D709DE453FBC3DD880859D2B11BCB780FEA8C0618AA47622C85BD414EC540BE ] rt640x64        C:\Windows\System32\drivers\rt640x64.sys
15:15:26.0868 0x2a20  rt640x64 - ok
15:15:26.0990 0x2a20  [ E0FB1CB021E0C1E1BA390EC18B32C022, 0B78AA81E4EAEA00527DCBC1C4A0239D844811E2D537F2BB41E4FEF1C43CE433 ] RtlWlanu        C:\Windows\System32\drivers\rtwlanu.sys
15:15:27.0119 0x2a20  RtlWlanu - ok
15:15:27.0130 0x2a20  [ AC8474C1E816A3447E4EA661E18810CC, 3A617E31B9CBFB0A4C25166990E6C04215932E3642535CCC858AA4650408983F ] RunSwUSB        C:\Windows\runSW.exe
15:15:27.0140 0x2a20  RunSwUSB - ok
15:15:27.0153 0x2a20  [ 2CDD66018B7B9BD5C148DCC06B1ED5EE, 1832853E77C9D6B363C8EBE06CDEA7C5E2116BBBB7FBE5FAFCED93004E40B23A ] RzActionSvc    C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
15:15:27.0172 0x2a20  RzActionSvc - ok
15:15:27.0176 0x2a20  [ A2939E69027B97105014434BFBFF7195, 9DC09BE94415564D0E80431223BDA1C59E3555AB5267DD3F64E71D4A18C8553A ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
15:15:27.0190 0x2a20  s3cap - ok
15:15:27.0195 0x2a20  [ 3DF3B76B19DA92A8ADC01FF38560282D, F56DDDF7A8F1AA0F3D9FFE0CD618544CFAF233A33314240ECCBE5F897A91B534 ] SamSs          C:\Windows\system32\lsass.exe
15:15:27.0208 0x2a20  SamSs - ok
15:15:27.0214 0x2a20  [ 04C51BBD8C9F54E5F2C5D831B03B11E3, 15AD9F224CBBCAFB117574F03C6F1C02639928A95BC4533453EBAFB20F7AE671 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:15:27.0227 0x2a20  sbp2port - ok
15:15:27.0235 0x2a20  [ 2BB468B175EAC4B566954B79142CC73B, 3BD169B0F044F1E53CA4A14021CEA755D29D3F8407300B4AF4F6514DC516FB0D ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:15:27.0256 0x2a20  SCardSvr - ok
15:15:27.0264 0x2a20  [ 1B1FB3D8403E621F2B9201EF414E21D9, 5EFBEA5DC09CD5F151EF224BE2FF2C985D19301B17E5C16F5D00CB2852DAF8BF ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
15:15:27.0283 0x2a20  ScDeviceEnum - ok
15:15:27.0288 0x2a20  [ 0070C2DC6563C48EDA63A282748F3FCD, 12C8505DDD05994641B2B19666D7A54E12A21F6894913342A9BA5D148F193BE0 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:15:27.0302 0x2a20  scfilter - ok
15:15:27.0322 0x2a20  [ 0C333E26CFF25C53FCBAB58F4ED74685, CB3046ECE1D50EC8F4F524615047442DB3A75DD5A171C57980EDC6C91EF87B4A ] Schedule        C:\Windows\system32\schedsvc.dll
15:15:27.0362 0x2a20  Schedule - ok
15:15:27.0369 0x2a20  [ A61C34A8B6BA61E61C612CAD636C369F, 9966C5D2B4B60555BE9B9533DA62E0806767226B55EEC31030FB230DEBEC2650 ] scmbus          C:\Windows\system32\drivers\scmbus.sys
15:15:27.0382 0x2a20  scmbus - ok
15:15:27.0389 0x2a20  [ 6C6FAAB1BC8D63BF8CB6B5EFCEF4E351, D2AF0A5B3C4BBC4FD19D96D111FB1A694483E91B926C9BC093C114B94BE42CBC ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:15:27.0407 0x2a20  SCPolicySvc - ok
15:15:27.0417 0x2a20  [ 495273177E87B0C34D7E431E9254FA23, 61116DA77622F5A0E931F5033C1B870A22AD3438C056FD1F320F857908E4124B ] sdbus          C:\Windows\System32\drivers\sdbus.sys
15:15:27.0433 0x2a20  sdbus - ok
15:15:27.0438 0x2a20  [ 9EF09DE84CE20B787C02395394AC2A7E, 17019B74506D26707EBC342365008A9BB5AACA381FB60ABA85F34D153FB0682C ] SDFRd          C:\Windows\System32\drivers\SDFRd.sys
15:15:27.0448 0x2a20  SDFRd - ok
15:15:27.0454 0x2a20  [ 01607A2FAB0068450A06C90AF755D57E, 9615261063475045CBC99F17BD3A4919198D0F77CA9E4EC7B13826E514BC8543 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:15:27.0474 0x2a20  SDRSVC - ok
15:15:27.0479 0x2a20  [ F80D6C03FEA2F7DEE14023B7229DA8C2, B62AFCFCDE9C1BA0A5D80BAAC3D3D95546DB2E532C04C765FF85B27D1CBD5B8D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
15:15:27.0490 0x2a20  sdstor - ok
15:15:27.0495 0x2a20  [ 5514DB4DAC7A99CA9F9EF697951BF2F0, 92EB28F543D0A5BF3F53C2638C12B25EA35A3B7329AD87E19A49612333262002 ] seclogon        C:\Windows\system32\seclogon.dll
15:15:27.0513 0x2a20  seclogon - ok
15:15:27.0530 0x2a20  [ 0F67F777705C6DC33FFE0FF459762957, 16BE999DCEC6C2C4F799025ACBFDE04CCE66B39160B6186A00F4BCFA2A1E41AA ] SecurityHealthService C:\Windows\system32\SecurityHealthService.exe
15:15:27.0559 0x2a20  SecurityHealthService - ok
15:15:27.0569 0x2a20  [ 271E64A1E7FFFEC74DEB31BA99842A25, B4300129F80FA484BB83181F1B970143D167DA528849BBC0FD02EF0F0E103CD7 ] sedsvc          C:\Program Files\rempl\sedsvc.exe
15:15:27.0588 0x2a20  sedsvc - ok
15:15:27.0614 0x2a20  [ 7D7ED932B6417D8687D1D972989B310B, A5DF3B6CEE97DD110FD1BC542CC5A5313B2F447E5FCC40DF6EFB9D7D49CD792C ] SEMgrSvc        C:\Windows\system32\SEMgrSvc.dll
15:15:27.0676 0x2a20  SEMgrSvc - ok
15:15:27.0683 0x2a20  [ CA614C9FBC8307AB1DC937F3393899E2, 4833CC631FA30E4D4B45BBC2CE41DE72B332B6A1FFD23B7DBFD6EDD6BC1A2ED8 ] SENS            C:\Windows\System32\sens.dll
15:15:27.0702 0x2a20  SENS - ok
15:15:27.0705 0x2a20  Sense - ok
15:15:27.0732 0x2a20  [ 46AEFFC68BEAF89805B95CC6F9529C2E, 7A6A38A329E82F684191561479604142BBB35121822A5CDD828819C606F2A60A ] SensorDataService C:\Windows\System32\SensorDataService.exe
15:15:27.0785 0x2a20  SensorDataService - ok
15:15:27.0802 0x2a20  [ 2B81117E9C3E20BBAA2CB5467D000F77, AC0DF8E635908026EE43EE0444DEF61481E211737A85A473D64EC8BB214D1135 ] SensorService  C:\Windows\system32\SensorService.dll
15:15:27.0838 0x2a20  SensorService - ok
15:15:27.0846 0x2a20  [ D093B7A8E73850F0D5FDA3AB37D7A267, 0B7E2DF6C6746856701812E5D010EDB2B82166A3F3561405F547B58F442C6837 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:15:27.0868 0x2a20  SensrSvc - ok
15:15:27.0873 0x2a20  [ C5CF2941AA9E417B3A224601255C002E, 31E2988E13D9BB3630980E8B71AE5FB244EFB15970623C1FE76B7ACA25A4A2F2 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
15:15:27.0886 0x2a20  SerCx - ok
15:15:27.0893 0x2a20  [ B9C113BD9FCA4F3E23F03708A7DA07CC, 0A070BDDA956B1869D58A173B56ABA011E1F7A3C5D258343D0AEDC1EC87F4B53 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
15:15:27.0908 0x2a20  SerCx2 - ok
15:15:27.0912 0x2a20  [ 1845736FA47A1DFBBB642FE21095B4E0, 057E8750E8695F6B72A33BBF1C5CFCCD6BFC992E6B99A487A07F5A4921004791 ] Serenum        C:\Windows\System32\drivers\serenum.sys
15:15:27.0927 0x2a20  Serenum - ok
15:15:27.0933 0x2a20  [ F1BABF50469041797ED9928C31318832, 1A8C75F4696D4D2AA47EA33BC96069A394466953EBC3CFB2B3D6B961B8B5875A ] Serial          C:\Windows\System32\drivers\serial.sys
15:15:27.0950 0x2a20  Serial - ok
15:15:27.0954 0x2a20  [ 340116988930B07629A2D0C2B380A365, EBAAC3DF2E8DABFB477340E79FC8E3A8B74340C389D73E51D64A97A332664113 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
15:15:27.0971 0x2a20  sermouse - ok
15:15:27.0987 0x2a20  [ 87340BC77470B34F11A9E558B591DB08, FD91561FE5951B4F59FEE23707E1ACE31293E508EF734A5CDB0F34D332EFDDF7 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:15:28.0018 0x2a20  SessionEnv - ok
15:15:28.0023 0x2a20  [ 77FF0A5BA023D8E8C82EACCD54EA5C78, A4A88A550419C347E369DDD29D4EB5C1BC4D980FBA9C655DF787A166FCA2497D ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
15:15:28.0036 0x2a20  sfloppy - ok
15:15:28.0041 0x2a20  [ 1941F5CA54C469E16957587FD56ED842, D356547A9702A50AEB5F7765AC44668EEA913563A422ABBD0427EC22833A5B78 ] SgrmAgent      C:\Windows\system32\drivers\SgrmAgent.sys
15:15:28.0053 0x2a20  SgrmAgent - ok
15:15:28.0060 0x2a20  [ D3170A3F3A9626597EEE1888686E3EA6, 9321991C441B095DF15D24C8AE58F87EE5A3242532E8C023D0F78B2F96FEE6B7 ] SgrmBroker      C:\Windows\system32\SgrmBroker.exe
15:15:28.0076 0x2a20  SgrmBroker - ok
15:15:28.0090 0x2a20  [ AC1D97F89F2EC7E334A406603A686973, D230059C1CB400CCA62438603356F058B40E17DE4C7BD4DADDBB981E4F5E4C9C ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:15:28.0122 0x2a20  SharedAccess - ok
15:15:28.0139 0x2a20  [ 7C5348D398340B5C2A77543FA966C0D3, E111E2AB4DA47C7A15797DDA2499EF93D26BB0D9103EAAF81A244C9545FC10B4 ] SharedRealitySvc C:\Windows\System32\SharedRealitySvc.dll
15:15:28.0175 0x2a20  SharedRealitySvc - ok
15:15:28.0191 0x2a20  [ 63B104867F70F0D81125C37989146960, 468431098DD9B91F1C58551CEB4DBE6E1C456FFE845E302571B970EF05AE03A8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:15:28.0236 0x2a20  ShellHWDetection - ok
15:15:28.0244 0x2a20  [ F6D90D09D2BCFA2B5E492BFECA40EDE4, 7B427335943C1EFDE482D59F3A23149FCD45BB014643BEF620A708720383C4A8 ] shpamsvc        C:\Windows\system32\Windows.SharedPC.AccountManager.dll
15:15:28.0265 0x2a20  shpamsvc - ok
15:15:28.0270 0x2a20  [ 1443CF919C2A3207CE7724E0A31686A2, 3F0ECC565F67638A57A23BF69C399AD638DA9F81F1660CF3E027DC057E990EA4 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:15:28.0281 0x2a20  SiSRaid2 - ok
15:15:28.0287 0x2a20  [ C0B1EAD6CC127CAE4E84EBF54105B3B8, 86F5C937D9DC61F262FF00B45249162F4087B6A1CA0FC24EF7950E4E77FEF26B ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:15:28.0299 0x2a20  SiSRaid4 - ok
15:15:28.0306 0x2a20  [ 7DDE76ABF8C7E92252343340FFC9C0D8, D0862F24B81904D15D96A403877192042771E113971102BE6B6747A5B80AB141 ] smbdirect      C:\Windows\system32\DRIVERS\smbdirect.sys
15:15:28.0324 0x2a20  smbdirect - ok
15:15:28.0330 0x2a20  [ B7C6144293CFAD2DEDCD022C44735DC2, 75F26A8F43EED45764D50B2CCE44C453BFBBD0FA56B6AF1F2B4B8B3665C3961E ] smphost        C:\Windows\System32\smphost.dll
15:15:28.0346 0x2a20  smphost - ok
15:15:28.0360 0x2a20  [ A3BEF2736E902B9DCA68554F4E10E08C, 5C7590D8F2D637B6D4A5F68945D8350B1C3D48EBE1B2C36658361900C9425611 ] SmsRouter      C:\Windows\system32\SmsRouterSvc.dll
15:15:28.0392 0x2a20  SmsRouter - ok
15:15:28.0401 0x2a20  [ 577EC13EB5215325E9B9FC51FB56A974, 1D7A0245A3C474BCD4EC69704040FB50C0E086DB1711C5B7FC4D9C4A7909DAB9 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:15:28.0419 0x2a20  SNMPTRAP - ok
15:15:28.0434 0x2a20  [ FF44BF888D6F8046FD4FCBF96A5FCE65, D79A33B45D8926415E614D2B2709360B9749086FC3C7D9E29E15E4BB0235550E ] spaceport      C:\Windows\system32\drivers\spaceport.sys
15:15:28.0457 0x2a20  spaceport - ok
15:15:28.0463 0x2a20  [ FE1776E587227120DC04EAEC45473245, 9DEBD997D275065481EEEDD2310479F2021D53B64AA6D5CEEA70E9BB8C9856C7 ] SpatialGraphFilter C:\Windows\system32\drivers\SpatialGraphFilter.sys
15:15:28.0474 0x2a20  SpatialGraphFilter - ok
15:15:28.0480 0x2a20  [ D05EB2BB52EC6B665D1631EC33241B80, 29598FC180020515254A9FAE7BE8077549C656EDB425059691007EEC0F9346F9 ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
15:15:28.0492 0x2a20  SpbCx - ok
15:15:28.0516 0x2a20  [ 52A4B8C04C345434C974B9A949521BAE, 5FAA7E1BECD6FA28E4BA53E9B3301328B6E8516867BD7D76202A73B8CD530BC5 ] spectrum        C:\Windows\system32\spectrum.exe
15:15:28.0558 0x2a20  spectrum - ok
15:15:28.0575 0x2a20  [ C05A19A38D7D203B738771FD1854656F, 3A832F3CBA33682EAA18ABB721BF2D5A6FE9AC853038C684C264700DEB52AA65 ] Spooler        C:\Windows\System32\spoolsv.exe
15:15:28.0613 0x2a20  Spooler - ok
15:15:28.0691 0x2a20  [ 2D089EFC02200382A6A0597801FF3B37, 0170CFD41CE0DA2589B504C69C898140BB75B7E68CBE67867B787B8097EDCF99 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:15:28.0794 0x2a20  sppsvc - ok
15:15:28.0804 0x2a20  [ E8276BE984738AA44070CFDE6EFC9300, F0B09D3E08BDB1B8AEBA97A700271E97AB2506793B42D96415B23DB68DA99FA8 ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:15:28.0816 0x2a20  SQLWriter - ok
15:15:28.0833 0x2a20  [ D9EFD1D7829994F16141DA4FB6ACAABC, 513C5446DAEA4797049E052E95CBB798DCD8D457A8D8F4999741261150BCDE3B ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:15:28.0867 0x2a20  srv2 - ok
15:15:28.0876 0x2a20  [ 93DF24D0C33F2894429D4180145CBDA7, 763F05818AD5F348887C297FA14FB77B6F54B9A5C3C1D70CF2B7B0692961950C ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:15:28.0897 0x2a20  srvnet - ok
15:15:28.0906 0x2a20  [ 1AEA66706573E8CCD6038369FE37F237, A62CAFE205D5B4C9F8528EDDA4E20BA4E2D1E231F2B183FE70EFE6458B2D5460 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:15:28.0927 0x2a20  SSDPSRV - ok
15:15:28.0940 0x2a20  [ 5EE518DFADC18573E681BB78833E93FA, E98CCD3E2ADA265D6E3CF48CDBFE5C3067E0546F179F23B77C267F65CEB978EE ] ssh-agent      C:\Windows\System32\OpenSSH\ssh-agent.exe
15:15:28.0970 0x2a20  ssh-agent - ok
15:15:28.0978 0x2a20  [ C7DF51E24DD853E7E2D3C0BCDCE57D6C, D1BFDC89F00C5B8388EB233290B6D540C246D0267B1C192C51645004A8CD8C62 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:15:28.0999 0x2a20  SstpSvc - ok
15:15:29.0088 0x2a20  [ B9E4174DFBDCA9979A92D17C2E67890E, 1717A6B7CADDDFCA8879B293C29617E194437E049308BCEDF3D07007C41FE39F ] StateRepository C:\Windows\system32\windows.staterepository.dll
15:15:29.0203 0x2a20  StateRepository - ok
15:15:29.0240 0x2a20  [ E4724564ABC4D34E2FD85907781BF95B, E3C440B87825E4F3E6F8812C6202D1B9EBD453DF97269911AC94B0EFD38CC116 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:15:29.0293 0x2a20  Steam Client Service - detected UnsignedFile.Multi.Generic ( 1 )
15:15:29.0359 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:29.0360 0x2a20  Steam Client Service ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:29.0360 0x2a20  Force sending object to P2P due to detect: Steam Client Service
15:15:29.0528 0x2a20  Object send P2P result: true
15:15:29.0671 0x2a20  [ DA82903F26AE12034CC5229F61098948, E7B5CA27C864BE95EC109D0692F44BE9F5F56AB6173AB1811F4E83A3EB5F26CA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:15:29.0695 0x2a20  stexstor - ok
15:15:29.0715 0x2a20  [ EB2C25A3700309F3F67D9334CF33A36C, 9262778566EEEA810AD32CD660DEA841797BD9F874252CC5445D917FF159280B ] stisvc          C:\Windows\System32\wiaservc.dll
15:15:29.0749 0x2a20  stisvc - ok
15:15:29.0757 0x2a20  [ F2D1983C7BEF5E3AB8978A7796C59A75, 39B2005F7CCEC95D2F67AE5F69C3768FEFA04AABC0723BAD8A986A036AF0629B ] storahci        C:\Windows\system32\drivers\storahci.sys
15:15:29.0771 0x2a20  storahci - ok
15:15:29.0776 0x2a20  [ 76C9E2AA3400C22FC7091AD2F2999F95, 0015CF42CBA603448DFD85909D5047D5F9BE9153972C3832B1CF4B92A6BF0D01 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
15:15:29.0788 0x2a20  storflt - ok
15:15:29.0794 0x2a20  [ 701078F20919BD635EA25F691880F651, 6D56027007EF92A72C20B9B8024FDD96E03E2B8746F39D57BD1F7CAD2FC80DB2 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
15:15:29.0807 0x2a20  stornvme - ok
15:15:29.0812 0x2a20  [ 16CEC85543981EE1D01978C210462993, 7627CDD01ECEEA378A88C73F0ABD49AE559B365B8D8D69A75CA8D6EC3F54A249 ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
15:15:29.0827 0x2a20  storqosflt - ok
15:15:29.0848 0x2a20  [ DEA7BB6D3724F2FD9E61ED085E69DFA7, 5047F184894E79C31739D3C9632E43E8D2ABD70AA674DE82D6D2D0FDA137BF3F ] StorSvc        C:\Windows\system32\storsvc.dll
15:15:29.0892 0x2a20  StorSvc - ok
15:15:29.0898 0x2a20  [ 25D7B79F80F3C2CD97D797C14D470165, 5425F98A66741BB2BC7BDC8B21C3AF859A503596D983010883BF5BE4FD999D9D ] storufs        C:\Windows\system32\drivers\storufs.sys
15:15:29.0910 0x2a20  storufs - ok
15:15:29.0915 0x2a20  [ 1FC7B7BE58A29DF27F5E6F6C2F061FA3, D8CD6D1BD0ACA4B851DBC85F898CB5DA8715C5AB3D62D7B0D6BBFEADC0382A8E ] storvsc        C:\Windows\system32\drivers\storvsc.sys
15:15:29.0926 0x2a20  storvsc - ok
15:15:29.0931 0x2a20  [ 0B154B033AD7F9215DED11E0CFC80A25, 383D7BF361D75A3B78E4C8E3F616E487FA6172F860AE364B1AC73F75BE38944F ] svsvc          C:\Windows\system32\svsvc.dll
15:15:29.0949 0x2a20  svsvc - ok
15:15:29.0962 0x2a20  [ 54255DF324C621A97220EBFA832237D2, 27BAB2018BE66C67D6C2BBAA8E849E89B4150B8C81E7350DB0A1D14BEEB965D9 ] swenum          C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
15:15:29.0972 0x2a20  swenum - ok
15:15:29.0984 0x2a20  [ B3C113C9B784A4D296C7A7BA515F74BF, 0D20281B8AA9ED6C89E10122F3A153C2E21464686E5A3D2F907224584E6B5BCF ] swprv          C:\Windows\System32\swprv.dll
15:15:30.0014 0x2a20  swprv - ok
15:15:30.0020 0x2a20  [ A2A42A570524C975259E3B81C4D80DCA, 4B2A6295E46DD2042B3C741D9519A0376687B30711F2DA8B9B81A039E46229F9 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
15:15:30.0035 0x2a20  Synth3dVsc - ok
15:15:30.0056 0x2a20  [ A8D839012996A00F3071116C529FF5D5, 9C2828C8F645F9F44B65FAC50CACD7D2699634059585DDE84D11C7F06F244060 ] SysMain        C:\Windows\system32\sysmain.dll
15:15:30.0098 0x2a20  SysMain - ok
15:15:30.0108 0x2a20  [ 93851A044CE51AB4D6A92ED783B3DDE7, 5E4BB31C5A15C3E6E31C64AD65B513D8A92475393F62EED76056EDC805E8F283 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
15:15:30.0131 0x2a20  SystemEventsBroker - ok
15:15:30.0139 0x2a20  [ CE9975A9E0DFBEFECECE218D2674C1CD, 20ABA9B78FF40C89A757ED2B4AE2F8BE5F4C6C257AA00A324849D68ACA59A264 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:15:30.0163 0x2a20  TabletInputService - ok
15:15:30.0168 0x2a20  [ 877F60F3BCF2E40D8D65E8616EAD7217, F8FD628CE0F2EB7D2245F2EDEFE1889F61912826EAE1A35089C1C31ECC5806E2 ] tapexpressvpn  C:\Windows\System32\drivers\tapexpressvpn.sys
15:15:30.0179 0x2a20  tapexpressvpn - ok
15:15:30.0189 0x2a20  [ E38C7C4D57B1438F70A1B913870E8665, EEBE640E31F3D9126FD2F58EB93051FE4EEA591223DFAB9E918DEBE879718B95 ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:15:30.0215 0x2a20  TapiSrv - ok
15:15:30.0220 0x2a20  [ 1960E9FD4082A0170FBA0231FD709113, D5854811787EBC979E9FAB02847F1E662F430A06AB2D3CB9F0EE4BB3A9EC56FE ] tapprotonvpn    C:\Windows\System32\drivers\tapprotonvpn.sys
15:15:30.0234 0x2a20  tapprotonvpn - ok
15:15:30.0284 0x2a20  [ B8BED15865E17E73CF19A23CD6EB9FB7, A5CA2B4E00F8F681C7FD9BA5BA3DB3A95E9E4CD785C0FC85A24E9C481EBE08E6 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:15:30.0349 0x2a20  Tcpip - ok
15:15:30.0401 0x2a20  [ B8BED15865E17E73CF19A23CD6EB9FB7, A5CA2B4E00F8F681C7FD9BA5BA3DB3A95E9E4CD785C0FC85A24E9C481EBE08E6 ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
15:15:30.0467 0x2a20  Tcpip6 - ok
15:15:30.0477 0x2a20  [ 085F8A5F09E64CC27309AF160EF4F9BA, DB3DFD3059836A9FB26FE924E9F2B960E454F4B20D8862266DFDA3168D610FD8 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:15:30.0493 0x2a20  tcpipreg - ok
15:15:30.0501 0x2a20  [ 16071C42E21CE3378FA449322FB9AB1D, 44CA7FD91275546492EEF0A59261E2B1C924613515D45EFD2EF0442023B2CBE5 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:15:30.0514 0x2a20  tdx - ok
15:15:30.0520 0x2a20  [ B2C4D7CB291293CAC636748E695D111E, 5E0AA8147EFDA5D21CEE8AE254F74A974B0ADAF298F569CAA73AC4E3B758438A ] terminpt        C:\Windows\System32\drivers\terminpt.sys
15:15:30.0531 0x2a20  terminpt - ok
15:15:30.0554 0x2a20  [ 10ADC3589E50B1ED8452C86E0CBE8248, BE82341A12EA83D9EFADC9AC35CF16D327F8499C99107DCDE88DD0F5DF84523C ] TermService    C:\Windows\System32\termsrv.dll
15:15:30.0597 0x2a20  TermService - ok
15:15:30.0603 0x2a20  [ 1A0A0F6A139148AFDC4622046D4B3CBD, 8FC2FB99B70A3A5B2F1D757A2F0E3085B1D242B792A35070E1DB3871A275329E ] Themes          C:\Windows\system32\themeservice.dll
15:15:30.0623 0x2a20  Themes - ok
15:15:30.0632 0x2a20  [ 811910E891A6DB4A864AE119EB71218C, 2CBB6159E2ACAE4BA73892A4F7F8A3981C159083C29F1A1D548C59FB713B9D74 ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
15:15:30.0659 0x2a20  TieringEngineService - ok
15:15:30.0667 0x2a20  [ 8BF5E2FD72E939CF68D617E273034793, EE27D070E1C4EFE902BE173C5561F5601499F835762278CC1E5987886BD8A4D1 ] TimeBrokerSvc  C:\Windows\System32\TimeBrokerServer.dll
15:15:30.0689 0x2a20  TimeBrokerSvc - ok
15:15:30.0717 0x2a20  [ 5431EB746C6D993C3758389EF297CB01, 36F60AF80379B3F0DDDBBB6A20F45712502BDDF1192F792C78733F6AF465371A ] TokenBroker    C:\Windows\System32\TokenBroker.dll
15:15:30.0770 0x2a20  TokenBroker - ok
15:15:30.0780 0x2a20  [ 330F5AA122A302F0244D918B9C92C9D1, 62D513B7357AC8CFC649BCEB4EB682B7493219957A1264BAD4E5C26086BD8F3D ] TPM            C:\Windows\System32\drivers\tpm.sys
15:15:30.0796 0x2a20  TPM - ok
15:15:30.0802 0x2a20  [ A5C0F857C38278A90E953A24E1701196, 1A646E47013946CCE41C798A494C6D266AEFC8A8D6EB65CD8848E72106687E38 ] TrkWks          C:\Windows\System32\trkwks.dll
15:15:30.0820 0x2a20  TrkWks - ok
15:15:30.0826 0x2a20  [ 4578046C54A954C917BB393B70BA0AEB, 2DFE9DE656B415CF7D81F583F33A20A74CD54C07DB8C3196AA2102431F42F74F ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:15:30.0845 0x2a20  TrustedInstaller - ok
15:15:30.0853 0x2a20  [ 0D721F40C179EC5737C15E551F22C69B, BBA04E11C3D9150C60F74D8B1A3F444BDE0C19857BB7C45D58448F641082DE1A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:15:30.0868 0x2a20  TsUsbFlt - ok
15:15:30.0873 0x2a20  [ DE1296871208D1F13B7AC57C4B1FA46C, D18709F65E372A47AE114ECFD6A45E6736089B4A8E719E2FB5D831D9415E995D ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
15:15:30.0886 0x2a20  TsUsbGD - ok
15:15:30.0892 0x2a20  [ 3A84A09CBC42148A0C7D00B3E82517F1, 75E609AC991C96E31F55E723925EAF9A363DC5B3324FFD4CFCB701189369D701 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
15:15:30.0909 0x2a20  tsusbhub - ok
15:15:30.0916 0x2a20  [ BC938ABBF586272BD4063CA51F09149F, 06EB662948D212ACDF930C3CD01C6381A6FB152AC0F1628C86764F0973ABA1CB ] tunnel          C:\Windows\system32\drivers\tunnel.sys
15:15:30.0933 0x2a20  tunnel - ok
15:15:30.0939 0x2a20  [ 7F7686C491FD783D42BF70DF8FCC4461, 18C6BE5AD93A8A46862A0AC5E0FD2301178E41CC581926BD9B77D1EBC8A0985C ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
15:15:30.0956 0x2a20  tzautoupdate - ok
15:15:30.0962 0x2a20  [ BDFACE024EFF2398214797143AD76C87, EF9B6CB1F6EAE4786BBDE1E0946BECC5BD2AA493FC32A8F779A757BA57238EC9 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
15:15:30.0975 0x2a20  UASPStor - ok
15:15:30.0982 0x2a20  [ 00C4396DE1CD3502884BB2E2B6D6861C, 39F6BF25096ACE29CAF964DCA15078F47986F645DF49FB502A2CDF2C05C89AAB ] UcmCx0101      C:\Windows\system32\Drivers\UcmCx.sys
15:15:31.0000 0x2a20  UcmCx0101 - ok
15:15:31.0007 0x2a20  [ ED9CBD1541C8AFDAA9B8255A384E2B53, D970F5E976CEBE0BCDF07B9E155EDB5B3C225812991779748CD04A9C4852DF3D ] UcmTcpciCx0101  C:\Windows\system32\Drivers\UcmTcpciCx.sys
15:15:31.0027 0x2a20  UcmTcpciCx0101 - ok
15:15:31.0033 0x2a20  [ F58F1BC6A6972437CE18516F8ACCEB9F, 2C619D1E2E80662FA463EE48E3D41C8437A81B0F68EE67A0839A93DEDCD2E0B2 ] UcmUcsi        C:\Windows\System32\drivers\UcmUcsi.sys
15:15:31.0049 0x2a20  UcmUcsi - ok
15:15:31.0057 0x2a20  [ 017FB9532F54B28EFC1E37A91DB9ECC5, B753A114C644E57E3A4754836F29A6974BAADE547D3114D783070E7CDAA7CE1D ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
15:15:31.0073 0x2a20  Ucx01000 - ok
15:15:31.0078 0x2a20  [ 12E2B6B642360E66396502B62B048694, C9AC86BF767ED4ACE0F58BA3720369A2758BA154AFFE10CAAD5A2C4C259BA50A ] UdeCx          C:\Windows\system32\drivers\udecx.sys
15:15:31.0093 0x2a20  UdeCx - ok
15:15:31.0103 0x2a20  [ 6A442723D4D05D9F15D24C9942CDA00D, 4A60D6CF7214A3891877AC6E5A49AE49D056567162D6355C0D893510F0241DA7 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:15:31.0126 0x2a20  udfs - ok
15:15:31.0132 0x2a20  [ D30AF38971B6670C222250AC2CBB6227, 52C1C7AC29D06C701DA0E2772294CED0C1790EC7FCBD5074238B54BEB951E9D0 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
15:15:31.0143 0x2a20  UEFI - ok
15:15:31.0149 0x2a20  [ AD58EA78772B8163CFDE9BF671B6F8F1, E8304179B6B52B143846AEF80C7B2D577125742EA2DFF09F8AC5F37F4E28793E ] UevAgentDriver  C:\Windows\system32\drivers\UevAgentDriver.sys
15:15:31.0160 0x2a20  UevAgentDriver - ok
15:15:31.0184 0x2a20  [ F7E36C20DB953DFF4FDDB817904C0E48, 2C5EDE0807D8A5EC4B6E0FE0C308B37DBBDE12714FD9ADC4CE3EF4E0A5692207 ] UevAgentService C:\Windows\system32\AgentService.exe
15:15:31.0231 0x2a20  UevAgentService - ok
15:15:31.0242 0x2a20  [ 588B9212DEE84F5192C09A147AA5C316, 80C70FD489D72015FCF8AFBE649F6C77F40B613882A1F031A2DAE088B9B4F67B ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
15:15:31.0258 0x2a20  Ufx01000 - ok
15:15:31.0265 0x2a20  [ 78B5C069C9AA1463ACC833FD7E2A3BD5, A44BAB6AB5E071537BD37A26DAF6D0D69BBFFFF686C183BFAAB04286DD3B81BB ] UfxChipidea    C:\Windows\System32\drivers\UfxChipidea.sys
15:15:31.0277 0x2a20  UfxChipidea - ok
15:15:31.0285 0x2a20  [ 533BF4F456A1C6E7581E8C0A4EC59300, E5AE7EB4A8E6CE410F465C48F102797806172B5881C2CF570A9851CCDFE656FD ] ufxsynopsys    C:\Windows\System32\drivers\ufxsynopsys.sys
15:15:31.0298 0x2a20  ufxsynopsys - ok
15:15:31.0308 0x2a20  [ 360FEE6F687D98EFFE46A5433FE6182E, 1A35569DC29F45F78D705BCEDE850CAF86FD27D6253977497EB3B000CAAE0B27 ] umbus          C:\Windows\System32\drivers\umbus.sys
15:15:31.0323 0x2a20  umbus - ok
15:15:31.0328 0x2a20  [ F6F1A9D91F684AA02951B96EE8127DAE, 351139331041BC123C9FEE3A5CE4965AFC4CDCA488080338D98C5EB85D5843D4 ] UmPass          C:\Windows\System32\drivers\umpass.sys
15:15:31.0343 0x2a20  UmPass - ok
15:15:31.0354 0x2a20  [ 0D806415E1F86E7C1C192261C247EF0D, 640CB73D9ACC3B6E0F2A2A5A4587375F05A7519081BEC510B926A8A4A496C3B9 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:15:31.0379 0x2a20  UmRdpService - ok
15:15:31.0404 0x2a20  [ EAEC69961D9D8B39FEA44D56F7FB259D, 43FEB15A32B353B6F3C8E5F1072FF9507F2FA7799A414F30FEA0B8C47999D969 ] UnistoreSvc    C:\Windows\System32\unistore.dll
15:15:31.0455 0x2a20  UnistoreSvc - ok
15:15:31.0471 0x2a20  [ 2362D5C18120FAB9CE5BD1F73EE33758, D9AB5D5BEAF95F62A204CE8A3B8B3B6C9C1E85FB5425CA2AADCBB4770EDCDF30 ] upnphost        C:\Windows\System32\upnphost.dll
15:15:31.0499 0x2a20  upnphost - ok
15:15:31.0505 0x2a20  [ 49A5E1B43C59DC0E363AD9C2D7D10BE4, B903C1C24DAF316AF9D8C1770687DE0A24ACDA4EFE47845E13BE99985609B7CE ] UrsChipidea    C:\Windows\System32\drivers\urschipidea.sys
15:15:31.0516 0x2a20  UrsChipidea - ok
15:15:31.0521 0x2a20  [ 53F1DA2D92D1D8CE4BB9D33E58D7DF01, CD3F4B92EDA042FE696C59D67BEB711C7AF0EB5979AD5F4110297C47454EBBFA ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
15:15:31.0532 0x2a20  UrsCx01000 - ok
15:15:31.0537 0x2a20  [ 09518A324B95BBC0B472BD5A472CB916, B3C6BF8C84268C02CC43E5C6B37648F9691B6038D275F4BEBA7B5E9ECA046181 ] UrsSynopsys    C:\Windows\System32\drivers\urssynopsys.sys
15:15:31.0547 0x2a20  UrsSynopsys - ok
15:15:31.0554 0x2a20  [ C7AD46F101A681B0F4D7F15534A5FF04, 20380A613A3E476A6282BC642534328AC35E24A03D34D6A2DF1C5468912C72D7 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:15:31.0572 0x2a20  usbaudio - ok
15:15:31.0579 0x2a20  [ B7211393225AB05324C52BA47B31FEB4, 3FFB7F1C1CA5001B95026D30ECD1991747DDAFFBE3B4929CAEDFA90E169A28AE ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
15:15:31.0593 0x2a20  usbccgp - ok
15:15:31.0600 0x2a20  [ 250D21958EE5F45CD13FE6BE3788EE70, C0EF097EE2ED91950BD3A6881AB08698E85C4ABABC4F7520F7E92E70CA454D4E ] usbcir          C:\Windows\System32\drivers\usbcir.sys
15:15:31.0615 0x2a20  usbcir - ok
15:15:31.0621 0x2a20  [ 4269DE1EB8029D55B3BB3A8A330FCF90, 5D9081A07F91AF704D27EEE60516D6E1E0A106D1656CEF0C5C50E51C23E17F61 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
15:15:31.0634 0x2a20  usbehci - ok
15:15:31.0648 0x2a20  [ D67AABAE0C9EBAC9BBA2E20E0AF52EF1, FE51895BB81E5320F66C433378469092D39F325D310543AFE28A5603FA9B4F08 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
15:15:31.0669 0x2a20  usbhub - ok
15:15:31.0684 0x2a20  [ 95A5A70091854B99C09A4231E5050C65, 4313CD94624A9F81B1C4334F37792A9FD35718143EB0CACE0969E02BB858D452 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
15:15:31.0706 0x2a20  USBHUB3 - ok
15:15:31.0712 0x2a20  [ A547E7B1B3FB2228259AA85AC7E82698, AB18BBE30A2D149A0E10621DC8497A72DFB841B09F4E4B47FED21843C0F88D92 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
15:15:31.0728 0x2a20  usbohci - ok
15:15:31.0733 0x2a20  [ 692C0BA4109C8F78392A299369F51129, A675E11CD4794693D0B65A06E85F264199506A4C6EDBB68503163EED389B8D1F ] usbprint        C:\Windows\System32\drivers\usbprint.sys
15:15:31.0746 0x2a20  usbprint - ok
15:15:31.0752 0x2a20  [ 555DE99E30E6A6EF37137F8325B30068, B78B44883A3E524DFEC13B72AFFDF06FD446EFB12061593D8247C0B92D558B8A ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
15:15:31.0767 0x2a20  usbscan - ok
15:15:31.0773 0x2a20  [ 45A9E57185B79420EFEA5A4AED655809, 91D4BDBBAF1D06C404AC926357C3F20D780CF5C858B223930D69CFB17D81F3D3 ] usbser          C:\Windows\System32\drivers\usbser.sys
15:15:31.0788 0x2a20  usbser - ok
15:15:31.0795 0x2a20  [ CEF7527514EC49EBE0C760D784643EF0, 2A4E49C5C906339C31F0A646E53773297F4B4CEAFD94CE653C37556AE243E104 ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
15:15:31.0808 0x2a20  USBSTOR - ok
15:15:31.0813 0x2a20  [ A4124036C4FD2B94C6157C4588EEB4E3, 595C8BFB5E63AEA2F7DF2745F7C7CE45938B091470C921E3064E766A0E12851F ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
15:15:31.0829 0x2a20  usbuhci - ok
15:15:31.0841 0x2a20  [ 9F4CCFCD4B4C6008C940510E43D54AEC, CD6082E95EBA618490A2A97E258875440B3440E721B21E81608804B90DEF0D20 ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
15:15:31.0861 0x2a20  USBXHCI - ok
15:15:31.0890 0x2a20  [ CE0E3BA8FC974BEE5BE20E4F43A1C583, E19DE81559FD92D1F7B0ADB4297926E6971F7FCB642E11758D361FC2A22C33BB ] UserDataSvc    C:\Windows\System32\userdataservice.dll
15:15:31.0948 0x2a20  UserDataSvc - ok
15:15:31.0974 0x2a20  [ B8D1D74FEF1F190BA4DA7E7A72D5D9CE, F467F39EE09DDC7750BF42C3FF317E0DC324897589268B4C7B63F8E176445820 ] UserManager    C:\Windows\System32\usermgr.dll
15:15:32.0019 0x2a20  UserManager - ok
15:15:32.0048 0x2a20  [ C07A5BC1CD6C8C2ED474B9DCED6E785C, 4D723B16C2B450D042E0C0FB1864385AB04D4F15BEDC7C90F360A3C79ADE6548 ] UsoSvc          C:\Windows\system32\usocore.dll
15:15:32.0103 0x2a20  UsoSvc - ok
15:15:32.0116 0x2a20  [ 3E283D06357616CD4117CC15BDB7C4C3, ACE50702EE61C9F93855720037898F19E509D45982F9173643EDA455F54FB9E7 ] VacSvc          C:\Windows\System32\vac.dll
15:15:32.0136 0x2a20  VacSvc - ok
15:15:32.0142 0x2a20  [ 3DF3B76B19DA92A8ADC01FF38560282D, F56DDDF7A8F1AA0F3D9FFE0CD618544CFAF233A33314240ECCBE5F897A91B534 ] VaultSvc        C:\Windows\system32\lsass.exe
15:15:32.0155 0x2a20  VaultSvc - ok
15:15:32.0159 0x2a20  [ F257A2737280F0076EAE3AB489C06474, A02E37292D86E675D55C13097E9F107C73DDFD8AAC69310F7D9910A811A541D8 ] VClone          C:\Windows\System32\drivers\VClone.sys
15:15:32.0173 0x2a20  VClone - ok
15:15:32.0179 0x2a20  [ 8DCB7E5A9497C030484E5AD9E541B85C, 1170E5C190E2B6F2966076EFF11B8476CC03D924F43144C2936E11314A89ACA6 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:15:32.0190 0x2a20  vdrvroot - ok
15:15:32.0205 0x2a20  [ 4940B49502323905B66039D0D1AB4613, 963BFD563B5A79F0AE81EB9708E85901A545545D4F25FCF37A17295EE9EDA514 ] vds            C:\Windows\System32\vds.exe
15:15:32.0240 0x2a20  vds - ok
15:15:32.0259 0x2a20  [ 065E87298A14E08900A8B2369BB4F078, A9DD128B3F0B59930C07F5136376902266F4FDEB745FC0018899A5294E7AA862 ] veracrypt      C:\Windows\system32\drivers\veracrypt.sys
15:15:32.0283 0x2a20  veracrypt - ok
15:15:32.0292 0x2a20  [ 5C25C1A89650C95D15F7988D71487B08, EC42E586309B46CF51EC5DC00362ABA82A503545292CACE7B3D23BB0F5E687B9 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
15:15:32.0306 0x2a20  VerifierExt - ok
15:15:32.0323 0x2a20  [ 621BC9225307C834A0DCE2842052A6B8, 8ED9B414F9C02C7D8C25BB85BA3F47D420C64385702C7D70A7102A2D468E0530 ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
15:15:32.0348 0x2a20  vhdmp - ok
15:15:32.0355 0x2a20  [ EDCD732D7845A2B21B91C7D0CE96DA10, 5C132F33E0FE42A366200BCCFE98D0A55586E9D817B7DF9BA70E2E1736B62E5F ] vhf            C:\Windows\System32\drivers\vhf.sys
15:15:32.0370 0x2a20  vhf - ok
15:15:32.0406 0x2a20  [ 90F354410D8CFEB9F908885F6DB84260, 74F9F14A36CBAFFC2118A7F43A1DC80CC5730EB027D141472EEB229C7EFE705E ] VMAuthdService  D:\VMware Workstation\Workstation\vmware-authd.exe
15:15:32.0416 0x2a20  VMAuthdService - ok
15:15:32.0423 0x2a20  [ AD63BC4A11A4FD436ED23208BB8D1A9C, 079718B9B2F57716FC50119E9893AABF2AAC6223764E8C2ACAE1016A53E069E5 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
15:15:32.0434 0x2a20  vmbus - ok
15:15:32.0439 0x2a20  [ E2D57FB1A62F0BB7F70570806A09CE2B, DCF1699488D913C9E94E2C74CD8606BDAFF69B995B2E3B7DE7F2E9C4D2E6ECF2 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
15:15:32.0452 0x2a20  VMBusHID - ok
15:15:32.0458 0x2a20  [ 9C3FD3B0B9376537181067A28F2A5290, CFD39EBCA8B07C876BBB8469B145AAE95838C4445F946DFF19EB226581DACCEA ] vmci            C:\Windows\system32\drivers\vmci.sys
15:15:32.0469 0x2a20  vmci - ok
15:15:32.0473 0x2a20  [ 7D778F1E82EBA9F5A4DD392CFD3C4224, E81D71E88C472B1631758E3C5D22A214450480C2E2DA010FDE21EC1B129C5FAD ] vmgid          C:\Windows\System32\drivers\vmgid.sys
15:15:32.0488 0x2a20  vmgid - ok
15:15:32.0498 0x2a20  [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicguestinterface C:\Windows\System32\icsvc.dll
15:15:32.0521 0x2a20  vmicguestinterface - ok
15:15:32.0530 0x2a20  [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicheartbeat  C:\Windows\System32\icsvc.dll
15:15:32.0552 0x2a20  vmicheartbeat - ok
15:15:32.0562 0x2a20  [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmickvpexchange C:\Windows\System32\icsvc.dll
15:15:32.0591 0x2a20  vmickvpexchange - ok
15:15:32.0601 0x2a20  [ DB7FB1DA7E1564EACBADD436191309C5, B567DFB5828D64A2A199C16538F3557696C3381B858420F23EABC757FDC341C2 ] vmicrdv        C:\Windows\System32\icsvcext.dll
15:15:32.0623 0x2a20  vmicrdv - ok
15:15:32.0633 0x2a20  [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicshutdown    C:\Windows\System32\icsvc.dll
15:15:32.0654 0x2a20  vmicshutdown - ok
15:15:32.0663 0x2a20  [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmictimesync    C:\Windows\System32\icsvc.dll
15:15:32.0684 0x2a20  vmictimesync - ok
15:15:32.0693 0x2a20  [ E4F5E83951810583FE8C2423772171DF, B2C7D44AA3F578C8E5B0A6FD8002BA554BAA4492FDFCFAED9D581C3ACD05D620 ] vmicvmsession  C:\Windows\System32\icsvc.dll
15:15:32.0714 0x2a20  vmicvmsession - ok
15:15:32.0724 0x2a20  [ DB7FB1DA7E1564EACBADD436191309C5, B567DFB5828D64A2A199C16538F3557696C3381B858420F23EABC757FDC341C2 ] vmicvss        C:\Windows\System32\icsvcext.dll
15:15:32.0746 0x2a20  vmicvss - ok
15:15:32.0752 0x2a20  [ 57F53D802486F346BF0110F56B4B07D1, 7B31CE1010ED51350D5C69D5D4C93A1E55053887AEBCF7C3899901139BD67C8D ] vmkbd3          C:\Windows\system32\DRIVERS\vmkbd.sys
15:15:32.0760 0x2a20  vmkbd3 - ok
15:15:32.0766 0x2a20  [ B3C2E4DE5B1A39B16D43310085E2DEAA, F67D02E8F6FD6C49336B696409DFDF89B0229120D529709DB512F67348E8FE9A ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:15:32.0776 0x2a20  VMnetAdapter - ok
15:15:32.0781 0x2a20  [ 508BD3B4EF66B4D01A3C848EED4DAB15, D995B802934B5A78019D10A1AB04615D5FBA8DD90270B5EFE9BD559DDC27C3DE ] VMnetBridge    C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:15:32.0791 0x2a20  VMnetBridge - ok
15:15:32.0811 0x2a20  [ 7A6AE9A60EA5408EF92F778CFD94D713, 14F441895BF339C7F1786A2A2F6B39458D8284695E39939B706A0EC29D0E9CAC ] VMnetDHCP      C:\Windows\SysWOW64\vmnetdhcp.exe
15:15:32.0827 0x2a20  VMnetDHCP - ok
15:15:32.0850 0x2a20  [ 75CACACDA46FD9CB802E9FFB7B5C44DC, 4FD2D97DD70FFD2AEAD76E09DBCF00B06CD309EA6C36427AF392A9D0D45DE925 ] VMnetuserif    C:\Windows\system32\DRIVERS\vmnetuserif.sys
15:15:32.0859 0x2a20  VMnetuserif - ok
15:15:32.0865 0x2a20  [ F235ABE47DFEFAC7D1078099F212B68B, A3475FA90D052DE6A09CBA2B5E1A174AC85C46C641963E4E9BECAA2A6448CF2B ] vmusb          C:\Windows\System32\drivers\vmusb.sys
15:15:32.0875 0x2a20  vmusb - ok
15:15:32.0896 0x2a20  [ F31CE96F77EAB9A60B42D64DF7C43D89, 210199C260DB853CBD664EB2F3B3A19EAB1FB41EA1EF68D8809684315E427661 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:15:32.0920 0x2a20  VMUSBArbService - ok
15:15:32.0945 0x2a20  [ 2315ED34AC56039BE948C8704C0DE88E, 0B2316A4C226C03545F6B71F87709E825909E1ED6D101AF0D8FCF473162B0C82 ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
15:15:32.0961 0x2a20  VMware NAT Service - ok
15:15:33.0318 0x2a20  [ B72AC58260F05D3EB1F29EFC08BADDF3, 4FBE50305D60DA01334D47AF8E44A7A062FB31AC59CDD13DFE47733AD371E9AA ] VMwareHostd    D:\VMware Workstation\Workstation\vmware-hostd.exe
15:15:33.0591 0x2a20  VMwareHostd - ok
15:15:33.0631 0x2a20  [ B13E3C8819736F80D44C26982F32CA08, 9CD54E8D3718B9358A085EDC584D20CC3F54DD852461B7D65F30ACA141FCAEA7 ] vmx86          C:\Windows\system32\DRIVERS\vmx86.sys
15:15:33.0641 0x2a20  vmx86 - ok
15:15:33.0647 0x2a20  [ 708410755721F94FC8939673893C2E2B, C8516DDE667614545DA076A9D034A7941D3E03953CB41576A979199363AB7A99 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:15:33.0660 0x2a20  volmgr - ok
15:15:33.0671 0x2a20  [ 1514506CA7462A64DC38C48108DDBB45, DEE5D7B79962D9EB6D92FCF870CA1B06FE68CE6AE25F82A5B449445C99E76D2A ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:15:33.0689 0x2a20  volmgrx - ok
15:15:33.0700 0x2a20  [ F0EE4E6028CCA58BEA9A04E7BEAB7DB4, 628D0E3D60256B914E46C26BCE8F512DFE0409C34EA603EB0A20C80EB469A4D2 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:15:33.0719 0x2a20  volsnap - ok
15:15:33.0725 0x2a20  [ 77FD1607F2C371ABD241EC7699C58884, A6FE00D76C615DC641A667EB9B6824C992ED752A31A89AE3FE43BAE5462F3EB7 ] volume          C:\Windows\system32\drivers\volume.sys
15:15:33.0735 0x2a20  volume - ok
15:15:33.0741 0x2a20  [ A8E3A6BA6A1B4D1DFEC5E8D5CFF786DF, DEAE1C20AF6BBE419FDE432288C7A45B29AADA8D9E416BC428A4C2BF428D2861 ] vpci            C:\Windows\System32\drivers\vpci.sys
15:15:33.0753 0x2a20  vpci - ok
15:15:33.0761 0x2a20  [ ED0B3436E1DE601C6C8EB86789AC8BAB, 0CD186B09903A1D3748A3258D8B84557F3674DA04FEB8EFA24AE81FFE376265C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
15:15:33.0774 0x2a20  vsmraid - ok
15:15:33.0780 0x2a20  [ A394233BCBAF2D7DEF632EF6BD2D8D6A, DCF8A2D05459351A59C9F666C2E658E453142C7FEBC978F4AE1D1E9D8BC4D782 ] vsock          C:\Windows\system32\DRIVERS\vsock.sys
15:15:33.0790 0x2a20  vsock - ok
15:15:33.0826 0x2a20  [ C7053D974A35EAB81F153FF33C883613, 9D89DC644971F93931D0E59D42ADE0A4AB49A5490709B46FCBBC309041C5432D ] VSS            C:\Windows\system32\vssvc.exe
15:15:33.0886 0x2a20  VSS - ok
15:15:33.0964 0x2a20  [ AC5D1FB64A169D972AD52897BDC53305, 118F2A49B1C166F9A139A8DF8961790EC0B4B4B181E7903D962BD7C1B46F9287 ] VSStandardCollectorService150 D:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe
15:15:33.0977 0x2a20  VSStandardCollectorService150 - detected UnsignedFile.Multi.Generic ( 1 )
15:15:34.0041 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:34.0041 0x2a20  VSStandardCollectorService150 ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:34.0041 0x2a20  Force sending object to P2P due to detect: VSStandardCollectorService150
15:15:34.0176 0x2a20  Object send P2P result: true
15:15:34.0315 0x2a20  [ 23A0B9F051625718C2A0EC9E28D384E8, F146FB6E882B809D913854D4926C8231065024DD7463832B868CC8F4606FA183 ] vstor2-mntapi20-shared C:\Windows\syswow64\drivers\vstor2-x64.sys
15:15:34.0325 0x2a20  vstor2-mntapi20-shared - ok
15:15:34.0354 0x2a20  [ 3D706FBED35DF3B17809C6714F31F9B0, BBC337479DEB628721E651FC165EA01D986E31950189F1A81534922667101487 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
15:15:34.0371 0x2a20  VSTXRAID - ok
15:15:34.0377 0x2a20  [ 0B11DBB8173AD374D67893D54EBEE9F3, AB8B6FC81244729157E59D062FCC234FD7E818804D94AA6B7BF81E01B7922395 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:15:34.0391 0x2a20  vwifibus - ok
15:15:34.0398 0x2a20  [ 95540F74893235C189409C98643D7A77, 4F041301C95F55C8448C3CC5825ED9E631E770BA35BEC8498A0ABB3563584AAE ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
15:15:34.0414 0x2a20  vwififlt - ok
15:15:34.0421 0x2a20  [ 60A14582772A4DF0D0BE27B3F873BE6B, 93DB43D2F4B985A3FF1A152ADEDBB52567CCC29B899F96F8BA0FA9558EF2DF6D ] vwifimp        C:\Windows\System32\drivers\vwifimp.sys
15:15:34.0437 0x2a20  vwifimp - ok
15:15:34.0453 0x2a20  [ 4F904ADE8BECDFB48CBA3F44FC0676A1, 2C3D619E9AD0D0DAEC0D170795FD6E5B7FE3FC667C947660320A9BC671B55736 ] W32Time        C:\Windows\system32\w32time.dll
15:15:34.0486 0x2a20  W32Time - ok
15:15:34.0498 0x2a20  [ A513D44421D6556FF08CF791FDAF11FC, 0D29306CEF2AEA216088BFDA350F859317F40DF053C657F289A153F035749664 ] WaaSMedicSvc    C:\Windows\System32\WaaSMedicSvc.dll
15:15:34.0525 0x2a20  WaaSMedicSvc - ok
15:15:34.0530 0x2a20  [ 87A01F65BD16C9FCCDD1B65F56CB93B0, E84B46DB67F2FCB22DB7130570FE7211FC96A806AC9D1D69D187899C93785CB2 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
15:15:34.0545 0x2a20  WacomPen - ok
15:15:34.0557 0x2a20  [ 25FAB8A2CFFA21FDB472AB3AE6C17A57, C97E651111643F32FD5B94BEDA31D62E6FF83CA0644FFE8BA98463EC9EA6EF9B ] WalletService  C:\Windows\system32\WalletService.dll
15:15:34.0588 0x2a20  WalletService - ok
15:15:34.0595 0x2a20  [ 85E187443F68F285DB78BD2279AE3701, FAC03A162CF07FCC6BDB4E45F5EDF16D48BE10D95F73A74E9BADA62EC7F24B53 ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:15:34.0613 0x2a20  wanarp - ok
15:15:34.0618 0x2a20  [ 85E187443F68F285DB78BD2279AE3701, FAC03A162CF07FCC6BDB4E45F5EDF16D48BE10D95F73A74E9BADA62EC7F24B53 ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:15:34.0636 0x2a20  wanarpv6 - ok
15:15:34.0642 0x2a20  [ 395447583F42FD840520EE87AE439D74, 984AE1EE8BA3B8926C6FC94BC22DE9061C90C15135EA56D0F16C1D3C4EF8DAF8 ] WarpJITSvc      C:\Windows\System32\Windows.WARP.JITService.dll
15:15:34.0660 0x2a20  WarpJITSvc - ok
15:15:34.0690 0x2a20  [ 7FDA8043417BF4C30E12BD2704565DA6, ADD2A36164D650A510F85D083EA97B1BE2F26721FD870C9EFACCFBE94A4866E5 ] wbengine        C:\Windows\system32\wbengine.exe
15:15:34.0749 0x2a20  wbengine - ok
15:15:34.0772 0x2a20  [ 960FA25C6CAA9082A4DE0A2C81628287, 3DE39C2E28038F9B900319EAF2BC0E2EA5E7415E89AB6FB03E22354AB07A06DD ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:15:34.0816 0x2a20  WbioSrvc - ok
15:15:34.0824 0x2a20  [ 8A304D6CDC067922448CBA1EBB9FFCA8, DE40DD3A32DFF22C477F38B5E2224D55B8CCF2499EFFE0A8E9923728295BAEC1 ] wcifs          C:\Windows\system32\drivers\wcifs.sys
15:15:34.0838 0x2a20  wcifs - ok
15:15:34.0860 0x2a20  [ E5822CB7C69F41B1B321F2583A85A268, 430AFC79C343951CE2B84ECA1C4951BCCD5473FFBA0AC6FA5031FF4045A6EB68 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
15:15:34.0903 0x2a20  Wcmsvc - ok
15:15:34.0917 0x2a20  [ B797B163EDCA46B5244F4E083BE7A7E7, 18D977A8015380A87EC9962273B90806145186A69F3455B3445A0FE1FE431219 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:15:34.0945 0x2a20  wcncsvc - ok
15:15:34.0952 0x2a20  [ 8E899F2D39BBE4BD49A1E36C3E8A1E5F, 37FB8860A0FCD5753EA486A735EFD5A92ED87069141F31CBB6587DA195877410 ] wcnfs          C:\Windows\system32\drivers\wcnfs.sys
15:15:34.0968 0x2a20  wcnfs - ok
15:15:34.0974 0x2a20  [ E7E16778C8440BB459C94B5AD8282491, 728B2208884B4244E3481DDD82F9B353FC27DAC77488DBC8224AB1630616676A ] WdBoot          C:\Windows\system32\drivers\wd\WdBoot.sys
15:15:34.0984 0x2a20  WdBoot - ok
15:15:35.0004 0x2a20  [ 152926023B401D1F5F8852929572F5C3, 61D0FDB0E3A4D16FFA6852174B3824F6294502E331BB0831BCF99F049B09C328 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:15:35.0031 0x2a20  Wdf01000 - ok
15:15:35.0042 0x2a20  [ 421A69C03BEB260A1CCAFFD3435AD587, 821FE66B3BB102BF7FDAF2F9A53ADEF89D677FEB4564C6E6EBE08FADF354ED36 ] WdFilter        C:\Windows\system32\drivers\wd\WdFilter.sys
15:15:35.0059 0x2a20  WdFilter - ok
15:15:35.0065 0x2a20  [ 067D1A81B4708CA97523709FDF57B728, CA331223250B37E7D2D8B04640EDF279F7FD7336017181ECF2D3E4F82E370F97 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:15:35.0085 0x2a20  WdiServiceHost - ok
15:15:35.0091 0x2a20  [ 067D1A81B4708CA97523709FDF57B728, CA331223250B37E7D2D8B04640EDF279F7FD7336017181ECF2D3E4F82E370F97 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:15:35.0110 0x2a20  WdiSystemHost - ok
15:15:35.0129 0x2a20  [ 7CF63F36E6271E9647CE3C44F95DD613, 54DD9AA9569D7FBAF50E10453C001DF9A384599208BD04CE8818E4573B120C15 ] wdiwifi        C:\Windows\system32\DRIVERS\wdiwifi.sys
15:15:35.0164 0x2a20  wdiwifi - ok
15:15:35.0170 0x2a20  [ EAF4FB729E94561EE31BDE5BEF869C65, 73290250B565E0A3F453BC45E69FF16A1D964E372A15401A2D3E2CDEB4670B38 ] WdmCompanionFilter C:\Windows\system32\drivers\WdmCompanionFilter.sys
15:15:35.0181 0x2a20  WdmCompanionFilter - ok
15:15:35.0187 0x2a20  [ E385410A4C16A62E9B6CC2DFF3C7C921, AAE3270025C7A0EC0490504B51C2FBF6C24AA44415DD836B9F49BE5614E20FA6 ] WdNisDrv        C:\Windows\system32\drivers\wd\WdNisDrv.sys
15:15:35.0196 0x2a20  WdNisDrv - ok
15:15:35.0266 0x2a20  [ A14F36BF245442B88B1C0109C16C48ED, AE6E300E11B0CC725F444EDA22FC324FB27002CC5FD0F4216F3B6E8004E73302 ] WdNisSvc        C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe
15:15:35.0380 0x2a20  WdNisSvc - detected UnsignedFile.Multi.Generic ( 1 )
15:15:35.0436 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:35.0438 0x2a20  WdNisSvc ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:35.0438 0x2a20  Force sending object to P2P due to detect: WdNisSvc
15:15:35.0600 0x2a20  Object send P2P result: true
15:15:35.0728 0x2a20  [ BDCC510E85F7AF152E2DFF030A526EA2, 67830B42DE20EBB30DD33093F30FBA166B27D3C1F25B52DABE1BC436671A1882 ] WebClient      C:\Windows\System32\webclnt.dll
15:15:35.0751 0x2a20  WebClient - ok
15:15:35.0759 0x2a20  [ 506F0A1CCABF4428733CF854BCBB6832, 859A7E21ABB93A0AD538AAF93D32E31B961EA6012C24567B4C76A9ED8FD4AD46 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:15:35.0782 0x2a20  Wecsvc - ok
15:15:35.0788 0x2a20  [ D8D727E8311C86B2A993A9006A453BAC, AD6C93F5ED51C621841DF68A25D5932578FADB83689FB668D056F316A8AA749D ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
15:15:35.0805 0x2a20  WEPHOSTSVC - ok
15:15:35.0812 0x2a20  [ 30B4568D058E17500E7BF88AECEDF3F1, 612597DFAF63E55ACB80789483CBCF0E5AC5FF7607C478C61E5A86D77B169E9E ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:15:35.0832 0x2a20  wercplsupport - ok
15:15:35.0841 0x2a20  [ 5DDB06B07A60E7AEA69837931373C159, 4E0A3260058B19F414B5053701C4723C27735818212AB3D297F896BF4C39E536 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:15:35.0865 0x2a20  WerSvc - ok
15:15:35.0882 0x2a20  [ 690537B9569F770ED81CE9C19FD7358A, FF780EBCD8C0B91E99BB2451F08D7826130781136E08FCB4571C3DD0C01B616F ] WFDSConMgrSvc  C:\Windows\System32\wfdsconmgrsvc.dll
15:15:35.0915 0x2a20  WFDSConMgrSvc - ok
15:15:35.0924 0x2a20  [ EB0B154F12F78DE232F38EF61BCDEEA2, D4BC28969C94F9A3906339B42FC3638E8BFF575C28C709461D48A84821A89A21 ] WFPLWFS        C:\Windows\system32\drivers\wfplwfs.sys
15:15:35.0938 0x2a20  WFPLWFS - ok
15:15:35.0944 0x2a20  [ 752F5931696914DF2EC0B27275C38458, 83415E7BE50D9548785FBF6550FA679E425B5990F303E2D74513275A5E1DC828 ] WiaRpc          C:\Windows\System32\wiarpc.dll
15:15:35.0963 0x2a20  WiaRpc - ok
15:15:35.0969 0x2a20  [ 3AE28A996C9EB8A6F2AC12BC55035126, E54227B97F42800D445241EA638EFE86A7FEC664E96A0FA38BC48DDF7DA182AD ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:15:35.0979 0x2a20  WIMMount - ok
15:15:35.0986 0x2a20  [ AEBF97B10B719B94738F76C5389D1B49, AAB6434F9DA27C01E2B7B5E57310CA0AB9D9169BEF0870165AF418540C59B4BC ] WinDefend      C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe
15:15:35.0997 0x2a20  WinDefend - detected UnsignedFile.Multi.Generic ( 1 )
15:15:36.0056 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:36.0056 0x2a20  WinDefend ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:36.0056 0x2a20  Force sending object to P2P due to detect: WinDefend
15:15:36.0208 0x2a20  Object send P2P result: true
15:15:36.0362 0x2a20  [ 2BB82BABE32D41F430D290239ABC0E87, 2D519F0B86F7B87B7028E404821EDE8B7BDA18288EF32CF81C25B9C1E629FFB1 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
15:15:36.0377 0x2a20  WindowsTrustedRT - ok
15:15:36.0383 0x2a20  [ 5F0EDDA201630E132C2251BC9DA85023, 842B5CBA8C33616345EDC2F91B560416AAEAAB15A8CE1F36978B251CE4CBDA16 ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
15:15:36.0394 0x2a20  WindowsTrustedRTProxy - ok
15:15:36.0414 0x2a20  [ AABFB1421D248D086519F43BAF839A87, D51F22DE26E053EDD0A4B2D2FD4DBDD5BC5B63F4D6482E26AC4D24C96F3347A8 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
15:15:36.0446 0x2a20  WinHttpAutoProxySvc - ok
15:15:36.0452 0x2a20  [ 762D8D839C44C5A0BE0449AA84034522, E6602D0FDB501081DF165CE904DA0FEC75F3FE29C3B07B44DED6268612742F9C ] WinMad          C:\Windows\System32\drivers\winmad.sys
15:15:36.0464 0x2a20  WinMad - ok
15:15:36.0475 0x2a20  [ 72D83880FEF0C788C5F305F330744208, 3126C2907170BBA47421D61CD6ED04DA3A3FCC66B4DBFCB4E3B56001B3BF6045 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:15:36.0497 0x2a20  Winmgmt - ok
15:15:36.0506 0x2a20  [ C5AE3E1B653FD1F8072BE67D2BA28160, A126B9F7C54E978BF1DA74BFB8042357630AB326E82D20D5E2A9645ADB5B3B43 ] WinNat          C:\Windows\system32\drivers\winnat.sys
15:15:36.0526 0x2a20  WinNat - ok
15:15:36.0576 0x2a20  [ C57185CC62AA13E4F5A989D904CC9A16, 993F27F710148335C4244AB74D4B1D232DEDB0E3D82E39093A1E422C72283D31 ] WinRM          C:\Windows\system32\WsmSvc.dll
15:15:36.0667 0x2a20  WinRM - ok
15:15:36.0681 0x2a20  [ 6FA3D810FE082001B16ADE19829F1E8E, 64B420FC14AB3194D4D2907EA5BE741456928E7E3CB9CBA50FEB8677A43B1971 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
15:15:36.0698 0x2a20  WINUSB - ok
15:15:36.0705 0x2a20  [ D2D6DB37E06608A5AF5B68D8E677B219, C7AAFEE7AAF76A4DCFF4FD2EE7232501832A57E3EE92CE20FA4A5D22F03FBE45 ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
15:15:36.0718 0x2a20  WinVerbs - ok
15:15:36.0738 0x2a20  [ 08BEB7851B4B8AA07325C23A657233F1, 6D7A4D194D342A5BC3EE9738765B2F5D6B75165954CA6B0D9CD4B40B262C300E ] wisvc          C:\Windows\system32\flightsettings.dll
15:15:36.0775 0x2a20  wisvc - ok
15:15:36.0824 0x2a20  [ 0C700D63A0321073C30D2BED9FDB0F27, 409A5110D442B9FB16E4430AD1756105F81EE30CFAB0D054D787C6A06FEB3FF9 ] WlanSvc        C:\Windows\System32\wlansvc.dll
15:15:36.0910 0x2a20  WlanSvc - ok
15:15:36.0955 0x2a20  [ B33CA3C4BA1807B126CE44D98CC20366, 19CE56C9099E0DF249B69CF80F79CDD73EF77B421E7D5769E913E6BCE2A801D6 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
15:15:37.0031 0x2a20  wlidsvc - ok
15:15:37.0062 0x2a20  [ 1E2CBF80A663B6A662F68460DD4A5AC1, 4AAEECE3B849D2431F67593C4BA834920E31C1121F0E9802608583ED6B220027 ] wlpasvc        C:\Windows\System32\lpasvc.dll
15:15:37.0113 0x2a20  wlpasvc - ok
15:15:37.0119 0x2a20  [ EAEF2A087812BB7110C744446AB731D5, F5571D3C47564DFB6182DC43CC28124892323B60C3F389599DFEC94D227B4A86 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
15:15:37.0133 0x2a20  WmiAcpi - ok
15:15:37.0144 0x2a20  [ ABAC310F5E01CBA9B33AE694F99D0977, 700CDC85479CDBF765FB1A6A389DC991FC4D2A77851A81FF80BEED921250DBF6 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:15:37.0165 0x2a20  wmiApSrv - ok
15:15:37.0170 0x2a20  WMPNetworkSvc - ok
15:15:37.0178 0x2a20  [ E122AD60BF4D7E4B28CCBABF33B28C1F, 1ABABE62FCC1B1A837540EE66F3EB0CE062962F05247002D61CFDE6ABB8E7E87 ] Wof            C:\Windows\system32\drivers\Wof.sys
15:15:37.0191 0x2a20  Wof - ok
15:15:37.0237 0x2a20  [ 0D3303BDBC591ECF113601D7853A1AA7, 437CF89541696E0B1A8056F4A5189642FC76D762113ED4F71458AF4D72FC3E9A ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
15:15:37.0295 0x2a20  workfolderssvc - ok
15:15:37.0327 0x2a20  [ 58DA02D34C964C00AF9140C07CCFF8F0, 6A02F326251A790F76E59737E20CB6C38190F671766E56CE6C7FB33D1A4588B9 ] WpcMonSvc      C:\Windows\System32\WpcDesktopMonSvc.dll
15:15:37.0382 0x2a20  WpcMonSvc - ok
15:15:37.0390 0x2a20  [ 7412ECE8BD5590881FA9780B68BD70C5, 52329B5BF78E2F5792369FE5A72CF4E3E216D4F0670507D10F3DB8383FA5E0BC ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:15:37.0412 0x2a20  WPDBusEnum - ok
15:15:37.0418 0x2a20  [ 15C1131EA0216F799C86B03EDAE0BE45, 39F50C084407BC3B498714B74DDA5D63E0539681F324A18ABBED3CD0DE5D52AA ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
15:15:37.0429 0x2a20  WpdUpFltr - ok
15:15:37.0439 0x2a20  [ 096969606BB5C4822AB020081EA07FC5, 522F372834B0497215F45ACBC417DA10DCE45C6D3C7099E47BBA18700C294B22 ] WpnService      C:\Windows\system32\WpnService.dll
15:15:37.0463 0x2a20  WpnService - ok
15:15:37.0470 0x2a20  [ 8B694BC50D2D2B98311283CFE5B40EE6, 734F8985CAD99E8635ACF09309D958D2B7FB05C6FF54DBE3623DC071BECE3413 ] WpnUserService  C:\Windows\System32\WpnUserService.dll
15:15:37.0491 0x2a20  WpnUserService - ok
15:15:37.0502 0x2a20  [ C1C2E769FCD3B00A59FF876FB2AD4336, B4D9065268A8B3C509E9160E6F30C20F80D14876C9F6C1057245F09CEB6B0F36 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:15:37.0518 0x2a20  ws2ifsl - ok
15:15:37.0527 0x2a20  [ DCB549367EB94CD8AFAA28E3F77F6493, 9FD2C6E03F398E76403502CFC94EB8EBD2F90ED5E95ABA5E86C1B7F63601C43C ] wscsvc          C:\Windows\System32\wscsvc.dll
15:15:37.0551 0x2a20  wscsvc - ok
15:15:37.0556 0x2a20  WSearch - ok
15:15:37.0612 0x2a20  [ F097CE3EAEF42CCBC9A4FEA9B17BD4A6, 04BEC83B08DADA8896EAFEC3B0004767F9C057D94F7B1A97345E1C0D2C91BD43 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:15:37.0705 0x2a20  wuauserv - ok
15:15:37.0714 0x2a20  [ 813DC18CC654CFB1875074139B0FEFD3, 87901841AFD9224BFEC06A712BE3C2371E16D3571210D4792F91034A2B926A06 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:15:37.0732 0x2a20  WudfPf - ok
15:15:37.0741 0x2a20  [ FB64BAD6DEDB27EA39B03685AC0A8EB4, CEDCB71F5FC8BAFF69948960F69A46E3A41CDF81304495AFF41088E5B4E9EB1D ] WUDFRd          C:\Windows\system32\drivers\WudfRd.sys
15:15:37.0764 0x2a20  WUDFRd - ok
15:15:37.0773 0x2a20  [ FB64BAD6DEDB27EA39B03685AC0A8EB4, CEDCB71F5FC8BAFF69948960F69A46E3A41CDF81304495AFF41088E5B4E9EB1D ] WUDFWpdFs      C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:37.0794 0x2a20  WUDFWpdFs - ok
15:15:37.0803 0x2a20  [ FB64BAD6DEDB27EA39B03685AC0A8EB4, CEDCB71F5FC8BAFF69948960F69A46E3A41CDF81304495AFF41088E5B4E9EB1D ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:37.0824 0x2a20  WUDFWpdMtp - ok
15:15:37.0857 0x2a20  [ 5F2074E76546A85B0D6D79CA7024AA3E, D75DCD4C6F1CFB439B5EF0A7CFDDC40B2FCDB466C2574FE2E0FFA08BF216CCA3 ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:15:37.0925 0x2a20  WwanSvc - ok
15:15:37.0933 0x2a20  [ 51D3A1E2285E2E931A553281BBA10E81, 8B371AF5E7717C53780A5C2F68400412C4DB0F01AC6551476FF062B83A7D0AC8 ] xbgm            C:\Windows\system32\xbgmsvc.exe
15:15:37.0947 0x2a20  xbgm - ok
15:15:37.0971 0x2a20  [ DB952AD196A9548CF5235A71E5197F3F, 6C51EB14B2808665FCB999F376A97018F6B0A91EE6E63A25C044EA59A5713EE1 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
15:15:38.0020 0x2a20  XblAuthManager - ok
15:15:38.0048 0x2a20  [ 8C0DD7BFFF5A81AEC26AD720057F5451, 4503D4DD540DB9977BBFF3BF7E92BE9778578B769972CF8A54AF0F1FF5C79BF5 ] XblGameSave    C:\Windows\System32\XblGameSave.dll
15:15:38.0101 0x2a20  XblGameSave - ok
15:15:38.0112 0x2a20  [ 93352403D9E6B71C275996690672488F, A012D907679B29988D18C71928BDF528506DC05A2DEF01F472B7F0CC043A0340 ] xboxgip        C:\Windows\System32\drivers\xboxgip.sys
15:15:38.0141 0x2a20  xboxgip - ok
15:15:38.0148 0x2a20  [ C7FEC5C0377E5598BA919B29731CA45F, C153C62742B6F981905AEF7C464761E5894260F26EE164968B21D93979376378 ] XboxGipSvc      C:\Windows\System32\XboxGipSvc.dll
15:15:38.0167 0x2a20  XboxGipSvc - ok
15:15:38.0192 0x2a20  [ 3A94BD93CD2D9C34725D924230B502A5, 87AF2061D348FFFA190D0E50E6860903BED46968CF64B7765D8D80127C702E6A ] XboxNetApiSvc  C:\Windows\system32\XboxNetApiSvc.dll
15:15:38.0250 0x2a20  XboxNetApiSvc - ok
15:15:38.0258 0x2a20  [ CE1F78B5C1F14F74242008B2B3153FA2, 682D1F32DD1BBEB031D5129CE40D9C77D3C6CF4FB5979F1918B2482AF617B5BE ] xinputhid      C:\Windows\System32\drivers\xinputhid.sys
15:15:38.0274 0x2a20  xinputhid - ok
15:15:38.0285 0x2a20  [ F8EAA1E498EF356906B3509948CF482E, 036785C3B89C50AD262DFF794F606CCDB28D297E64660D585DF18C6F8A8E0D1D ] ysusb_w10_64    C:\Windows\system32\drivers\ysusb_w10_64.sys
15:15:38.0298 0x2a20  ysusb_w10_64 - ok
15:15:38.0298 0x2a20  ================ Scan global ===============================
15:15:38.0303 0x2a20  [ 44D259E3B8F950D123CBE21893CEF1AB, 94FEA350B54D1581FF07D078D25A27FE3C9F815E24D299A0504FB1153E68A903 ] C:\Windows\system32\basesrv.dll
15:15:38.0309 0x2a20  [ 1C346B5D7E5336246604A9FCFCB092BC, BD0C56C943A8F23CA9CD1CE1FE4F9D2183F752B469A72D14B713301A867AE776 ] C:\Windows\system32\winsrv.dll
15:15:38.0315 0x2a20  [ FE8D1AB6D6711BE791A01C17EDEBD0D6, EECE3A16DFA0BE1BB1E7B882D33FB926C90A1DCA89805DD3514FABF7C9F05253 ] C:\Windows\system32\sxssrv.dll
15:15:38.0330 0x2a20  [ 2FC61B2CF84792516D543CA94139A92C, BE42E4A901D6AC8885882D2CD9372A64023794428E0AC8CC87EE3121DD5DC402 ] C:\Windows\system32\services.exe
15:15:38.0340 0x2a20  [ Global ] - ok
15:15:38.0341 0x2a20  ================ Scan MBR ==================================
15:15:38.0342 0x2a20  [ 1F998BE06DC960CE70B919FFF503E98C ] \Device\Harddisk0\DR0
15:15:38.0428 0x2a20  \Device\Harddisk0\DR0 - ok
15:15:38.0450 0x2a20  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
15:15:38.0550 0x2a20  \Device\Harddisk1\DR1 - ok
15:15:38.0551 0x2a20  ================ Scan VBR ==================================
15:15:38.0554 0x2a20  [ 831F7CD8FC9F2758E614FB623826019E ] \Device\Harddisk0\DR0\Partition1
15:15:38.0556 0x2a20  \Device\Harddisk0\DR0\Partition1 - ok
15:15:38.0558 0x2a20  [ AB956D2B21D619B7953AB2E48F0A3948 ] \Device\Harddisk0\DR0\Partition2
15:15:38.0560 0x2a20  \Device\Harddisk0\DR0\Partition2 - ok
15:15:38.0589 0x2a20  [ 8C4292C70B855FD22AB86D4CB4729945 ] \Device\Harddisk1\DR1\Partition1
15:15:38.0592 0x2a20  \Device\Harddisk1\DR1\Partition1 - ok
15:15:38.0593 0x2a20  ================ Scan generic autorun ======================
15:15:38.0594 0x2a20  SecurityHealth - ok
15:15:38.0659 0x2a20  [ 14EFA69C5065CF7A7DA3CD5EACA1AC10, CABC3B4B3C6D435A02DB6C3CA639D2136945CB8460A657C299893B6363E8FA34 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
15:15:38.0723 0x2a20  KeePass 2 PreLoad - ok
15:15:38.0758 0x2a20  [ 9BFBB718830C85F296F9FB87C977232B, BEE40CDE1B9AD704D8B1708A9B3847AF390AAAFAC5F5E7E96A500C892D1474B2 ] D:\VMware Workstation\Workstation\vmware-tray.exe
15:15:38.0770 0x2a20  vmware-tray.exe - detected UnsignedFile.Multi.Generic ( 1 )
15:15:38.0831 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:38.0831 0x2a20  vmware-tray.exe ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:38.0831 0x2a20  Force sending object to P2P due to detect: D:\VMware Workstation\Workstation\vmware-tray.exe
15:15:38.0982 0x2a20  Object send P2P result: true
15:15:39.0168 0x2a20  [ A70070CF2470EEB4544DA7D1BBEE7089, E5B7ADDB00462D72FBE7219C9266FBEC1B016DBBFCEBC6AB7A0375DB068A0B4A ] C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe
15:15:39.0225 0x2a20  WPSTool - detected UnsignedFile.Multi.Generic ( 1 )
15:15:39.0293 0x2a20  Detect skipped due to KSN trusted
15:15:39.0293 0x2a20  WPSTool - ok
15:15:39.0333 0x2a20  [ 993C7977DEE1E4951E11336110218A9C, 75E1F865FD86E5ADE965E764FB52740649B896AB9FB06ADB22A49C4496787986 ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
15:15:39.0400 0x2a20  Wondershare Helper Compact.exe - detected UnsignedFile.Multi.Generic ( 1 )
15:15:39.0458 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:39.0458 0x2a20  Wondershare Helper Compact.exe ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:39.0458 0x2a20  Force sending object to P2P due to detect: C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
15:15:39.0599 0x2a20  Object send P2P result: true
15:15:39.0757 0x2a20  [ 6AF81399C8D74051A74D73BE84B6F3A7, B0BB69D690A5CB556D56FCAB0D891BA1A76280907BD9DDEA7505AF8F302007A0 ] C:\Program Files (x86)\CCEnhancer\CCEnhancer.exe
15:15:39.0791 0x2a20  CCEnhancer - detected UnsignedFile.Multi.Generic ( 1 )
15:15:39.0860 0x2a20  Object required for P2P: [ 6AF81399C8D74051A74D73BE84B6F3A7 ] C:\Program Files (x86)\CCEnhancer\CCEnhancer.exe
15:15:40.0018 0x2a20  Object send P2P result: true
15:15:40.0019 0x2a20  CCEnhancer ( UnsignedFile.Multi.Generic ) - warning
15:15:40.0178 0x2a20  [ E358A20B5008FE3AC3CC90B81024B817, 1F5FAE5BD358CBBFF79E4922BEBBA16984782B78FC50EF445027F9B6AA73EA5B ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:15:40.0213 0x2a20  SunJavaUpdateSched - ok
15:15:40.0600 0x2a20  [ 450FDD861FD582026BDCE55FCB2162C4, 91166DBAEE6A0D97ABA5EED352D06078870A265E736ED491C666CB6A8559BEB2 ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:15:40.0995 0x2a20  OneDriveSetup - ok
15:15:41.0355 0x2a20  [ 450FDD861FD582026BDCE55FCB2162C4, 91166DBAEE6A0D97ABA5EED352D06078870A265E736ED491C666CB6A8559BEB2 ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:15:41.0738 0x2a20  OneDriveSetup - ok
15:15:42.0101 0x2a20  [ 91D01D7B0835671BF21873C87222C8D7, 18685B196733DFE6FAFCC888940361B35E12B428B8843B53C32CC043F7537753 ] C:\Program Files\CCleaner\CCleaner64.exe
15:15:42.0486 0x2a20  CCleaner Smart Cleaning - ok
15:15:42.0556 0x2a20  [ 14EFA69C5065CF7A7DA3CD5EACA1AC10, CABC3B4B3C6D435A02DB6C3CA639D2136945CB8460A657C299893B6363E8FA34 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
15:15:42.0620 0x2a20  KeePass Password Safe 2 - ok
15:15:42.0727 0x2a20  [ EF5D4F2BC8731C744006E13CAF3F6AC0, 89209688D7436153E780C772CF5A2EFF3AC3E092EA12232CA543C658661FF884 ] C:\Program Files\VeraCrypt\VeraCrypt.exe
15:15:42.0835 0x2a20  VeraCrypt - ok
15:15:42.0876 0x2a20  [ 2526B94482C1F25F000A5835F28FFB39, E4DBA0A971A6397070E7F63315A68C345DD4076B07CB79FE904D5F26A158260D ] C:\Program Files (x86)\Thunder Master\THPanel.exe
15:15:42.0918 0x2a20  THPanel - ok
15:15:42.0979 0x2a20  EpicGamesLauncher - ok
15:15:43.0112 0x2a20  [ C8B0E47E25B727CDDDE7457589B35AFF, EC72E53698072214B4A3035F5CA2F6B4961D58DEC189F1134C254B4BC7AB1336 ] D:\Games\Steam\steam.exe
15:15:43.0206 0x2a20  Steam - detected UnsignedFile.Multi.Generic ( 1 )
15:15:43.0264 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:43.0264 0x2a20  Steam ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:43.0264 0x2a20  Force sending object to P2P due to detect: D:\Games\Steam\steam.exe
15:15:43.0488 0x2a20  Object send P2P result: true
15:15:43.0715 0x2a20  [ A34781E9A2A6CC393B8CA6ED0CFEDDD1, 851D8924D39912879C54BC45CC896AAAC418695CBC2C3A6A4F1EA5894C4F0083 ] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
15:15:43.0815 0x2a20  Synapse3 - detected UnsignedFile.Multi.Generic ( 1 )
15:15:43.0868 0x2a20  Synapse3 ( UnsignedFile.Multi.Generic ) - warning
15:15:44.0127 0x2a20  [ 3EBB1F423EF0C5BA02E1C216052BE308, 6AD47FED409B7D2F307110AAA70A593BB35D3BFEA954C94D630CA206819C44D6 ] D:\Games\Origin\Origin.exe
15:15:44.0217 0x2a20  EADM - detected UnsignedFile.Multi.Generic ( 1 )
15:15:44.0281 0x2a20  Detect turned to UDS exact due to KSN untrusted
15:15:44.0281 0x2a20  EADM ( UDS:DangerousObject.Multi.Generic ) - infected
15:15:44.0281 0x2a20  Force sending object to P2P due to detect: D:\Games\Origin\Origin.exe
15:15:44.0474 0x2a20  Object send P2P result: true
15:15:44.0971 0x2a20  [ 91D01D7B0835671BF21873C87222C8D7, 18685B196733DFE6FAFCC888940361B35E12B428B8843B53C32CC043F7537753 ] C:\Program Files\CCleaner\CCleaner64.exe
15:15:45.0338 0x2a20  CCleaner - ok
15:15:45.0352 0x2a20  Waiting for KSN requests completion. In queue: 297
15:15:46.0388 0x2a20  AV detected via SS2: Windows Defender, windowsdefender:// (  ), 0x60100 ( disabled : updated )
15:15:46.0388 0x2a20  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.181 ), 0x61000 ( enabled : updated )
15:15:46.0402 0x2a20  Win FW state via NFP2: enabled ( trusted )
15:15:46.0531 0x2a20  ============================================================
15:15:46.0531 0x2a20  Scan finished
15:15:46.0531 0x2a20  ============================================================
15:15:46.0546 0x23d0  Detected object count: 16
15:15:46.0546 0x23d0  Actual detected object count: 16
15:20:20.0213 0x23d0  BEService ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0213 0x23d0  BEService ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0250 0x23d0  C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe - copied to quarantine
15:20:20.0254 0x23d0  HKLM\SYSTEM\ControlSet001\services\EasyAntiCheat - will be deleted on reboot
15:20:20.0265 0x23d0  C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe - will be deleted on reboot
15:20:20.0265 0x23d0  EasyAntiCheat ( UDS:DangerousObject.Multi.Generic ) - User select action: Delete
15:20:20.0267 0x23d0  gupdate ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0267 0x23d0  gupdate ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0268 0x23d0  gupdatem ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0268 0x23d0  gupdatem ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0269 0x23d0  MozillaMaintenance ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:20.0269 0x23d0  MozillaMaintenance ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:20.0270 0x23d0  Origin Client Service ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0270 0x23d0  Origin Client Service ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0272 0x23d0  Steam Client Service ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0272 0x23d0  Steam Client Service ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0273 0x23d0  VSStandardCollectorService150 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0273 0x23d0  VSStandardCollectorService150 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0274 0x23d0  WdNisSvc ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0274 0x23d0  WdNisSvc ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0275 0x23d0  WinDefend ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0275 0x23d0  WinDefend ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0276 0x23d0  vmware-tray.exe ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0276 0x23d0  vmware-tray.exe ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0277 0x23d0  Wondershare Helper Compact.exe ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0277 0x23d0  Wondershare Helper Compact.exe ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0279 0x23d0  CCEnhancer ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:20.0279 0x23d0  CCEnhancer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:20.0280 0x23d0  Steam ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0280 0x23d0  Steam ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0281 0x23d0  Synapse3 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:20.0281 0x23d0  Synapse3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:20.0282 0x23d0  EADM ( UDS:DangerousObject.Multi.Generic ) - skipped by user
15:20:20.0282 0x23d0  EADM ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
15:20:20.0306 0x23d0  KLMD registered as C:\Windows\system32\drivers\18084314.sys

cosinus 17.12.2018 15:49
Ok, dein System ist im Eimer.

Der Neshta werkelt nicht nur, nein als Fileinfector hat er einige, womöglich alle *.exe Files infiziert. Eine Bereinung ergibt keinen Sinn.

Du wirst eine komplett Neuinstallation durchführen müssen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:13 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132