Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

serious breach


  • This topic is locked This topic is locked
35 replies to this topic

#1 Harogam

Harogam

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 30 July 2016 - 10:58 AM

hello BleepingComputer Team,

i am glad i found this site, and this is the right section. I am sorry that i did'nt introduce my self in the introduction forum, will do that later. i am very sure that there is a Breach on my machine and i'm also worried about another machine(not at my home), but that later,  i would like to start with my System.

 

my machine: Windows 7 Professional 64bit

                      Eset smart Security

                      Malwarebytes Anti Malware

                      Hitman pro Alert (installed later)

 

 

following issues found by myself:

 

                     physical memory has a steady use of 30 or more percent

                     CPU usage steady at 12percent

                     idle process takes 88 cpu usage 24k and mem

                     i have almost 13 svchost processes running, 2 or 3 network, 6 local service, 5 system

                     one of the svchost system process takes 1.321.388k memory, 13 cpu usage

                     2x csrss running

 

suspicious files: in syswow64 there's a file, 3 squares with ? inside, file description says its a file(still there)

                          in syswow64 2 files with file extension cpx (still there)

                          in system32  1 file named .Crusader(1 kb) and says it's a crusader file, could'nt find information online so i deleted it

 

several folders inside the windows folder, like temp tells i'm not the owner, and to change or view it i need to overtake the rights for it.

 

 

Security results:

                     Hitman Pro: in standart delivers no results, in early warning scoring it says: IRP_MJ_SCSI Kernelmode-Hook on atapi.sys discovered,

                                                                                                                                           the Devicestack of the HD contains a link to a hidden process...

                                                                                                                                          (the text is too long and i cant click or see the rest of description)

 

                                         i performed 3 times a force breach, 1st: 26 processes terminated, standart scan, no internet connection, self reboot after 1 minute

                                                                                                 2nd: 40 processes terminated, standart scan, no internet connection, self reboot after 1 minute

                                                                                                  3rd: 41 processes terminated, EWS Scan, initiating, self reboot after over 2 minutes

 

                                         i also tried kickstart, booted from kickstart flashdrive, took option1 bypass mbr, windows is writing data, windows could not be started,

                                         repair console started, did some repair and booted into windows

 

 

                    Malwarebytes Antimalware:  scans gave 0 results, following a guide i downloaded chameleon, extracted to windows root, cause guide says so,

                                                                  ran the help file, first button worked, dos window appeared and updated mbam, scanned, mbam scan, 0 results.

                                                                  but an hour later by sheduled scan it found following:

 

                                                         2x     IEXPLORER.EXE : Backdoor Bot, Registry key

 

                                                                      located at: hklm/software/wow6432node/microsoft/windowsnt/currentversion/image file executions options/iexplorer.exe

                                                                                        hklm/software/microsoft/windowsnt/currentversion/image file executions options/iexplorer.exe

 

                                                                  iexplorer.exe       : Backdoor Bot,                                           File from Chameleon

                                                                  winlogon.exe       : riskware, heuristicreservedwordexploit    File from Chameleon

                                                                  windows.exe       : trojan agent                                              File from Chameleon

                                                                  svchost.exe         : trojan agent                                              File from Chameleon

                                                                  

 

                   Eset smart Security:  no scan gave any results, but every few days it says: a computer in this network sends dangerous data, connection closed

 

                  

                   Roguekiller:              finds always 6 registry entries and says its pum, no matter how often i fix it with RK it appears again, always dynds

                                                    those 6 finds have always attributes that say: control_1 and control_2

 

 

other performed steps:  i read and followed a few guides i found 

 

                                  SuperAntiSpyware: Scanned, a few tracking cookies found,one of the tools told me that i have several data from nvidia and microsoft that have no or invalid certificates

 

                                  Rkill: nor in safe mode or normal stops anything

 

                                  Combofix: (after reading here, was not the best idea) ran in safemode but i was unable to turn off Eset Smart security, nor the process or system tray appeared, no clue what it did

                                                   and still installed

 

                                 TDSSL or however that kasperky tool was named, found also nothing

 

 

extra information:      when i kill the 3 svchost that belong to network (internet unplugged) it becomes active. when i rightclicked on svchost system and hit show properties, it says: rpc host module is not active.

                                  can not start anything or open folders, design resets to default and a message pops up that says: windows security center has been disabled, tried to start hitman, a message popped up:

                                  hitman pro: windows is shutting down. after that it boots back into previous state, all working(seemly) so far

 

Pc works relative normal but sluggish. Games crash now and then (not all) with memory artifacts, sometimes i must reboot, sometimes windows says it has reset the graphic driver and i can go on(game still running) When i render something over a renderengine (zbrush/Daz) cpu usage goes instantly to 100 percent.

 

 

even after all that, memory and cpu usage is still at 30/12. i hope the provided information might be helpfull.

 

greetz Harogam


Edited by Harogam, 30 July 2016 - 11:01 AM.


BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:05:51 PM

Posted 04 August 2016 - 12:43 AM

Sorry for the delay in getting to your problem. I am going to need more info about your computer.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" .
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

I see you have already ran several tools. Can you please hang on to any logs they may have generated? I don't need them right now, but may need to look at them later.

Edited by Bezukhov, 04 August 2016 - 01:09 AM.

To err is Human. To blame it on someone else is even more Human.

#3 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 04 August 2016 - 09:17 AM

hello Bezukhov, thanks for your time and help. here are the requested logs from FRST. I'll put the other additional logs in the second reply.

i am sorry that fabar scans are german, tool and log were set to that language by default. if you want i could set my system language to english and edit the posts with that scan.

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
durchgeführt von Dante (Administrator) auf WORKSLAVE (04-08-2016 16:13:00)
Gestartet von C:\Users\Dante\Desktop
Geladene Profile: Dante (Verfügbare Profile: Dante)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-961798393-1801880041-2060533883-1000\...\Run: [GalaxyClient] => [X]

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97
Tcpip\..\Interfaces\{586B807F-6951-41AF-AB59-9D0B85B8D0E8}: [DhcpNameServer] 83.169.184.33 83.169.184.97

Internet Explorer:
==================
HKU\S-1-5-21-961798393-1801880041-2060533883-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-06-05] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-06-05] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-961798393-1801880041-2060533883-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Extension: NoScript - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-03]
FF Extension: Clean Links - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-06-22]
FF Extension: Video DownloadHelper - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-03]
FF Extension: Adblock Plus - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-23] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-07-27] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4764304 2016-07-26] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Datei ist nicht signiert]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-06-03] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
S2 HiPatchService; D:\Games\HiPatchService.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-06-22] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-05-12] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2016-05-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-05-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-05-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-05-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-05-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-05-12] (ESET)
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [245288 2016-07-26] (SurfRight B.V.)
R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [82864 2016-07-26] (SurfRight B.V.)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-02-22] ()
S3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [45208 2016-03-05] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
S3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [44800 2010-01-04] (Razer USA Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-30] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-04 16:13 - 2016-08-04 16:13 - 00012602 _____ C:\Users\Dante\Desktop\FRST.txt
2016-08-04 16:12 - 2016-08-04 16:13 - 00000000 ____D C:\FRST
2016-08-04 16:10 - 2016-08-04 16:10 - 00000000 ____D C:\Users\Dante\Desktop\lgs
2016-08-04 15:48 - 2016-08-04 15:48 - 02393600 _____ (Farbar) C:\Users\Dante\Desktop\FRST64.exe
2016-08-04 00:34 - 2016-08-04 00:34 - 00279411 ____N C:\Windows\Minidump\080416-11778-01.dmp
2016-07-30 02:58 - 2016-07-30 02:58 - 12716616 _____ C:\Users\Dante\Desktop\RogueKillerX64_old.exe
2016-07-29 01:34 - 2016-07-29 01:34 - 00000000 ____D C:\Users\Dante\.designer
2016-07-28 01:39 - 2016-07-28 01:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-07-28 01:36 - 2016-05-14 01:11 - 01512392 _____ (MalwareBytes) C:\Windows\mbam-killer.exe
2016-07-28 01:36 - 2016-05-14 01:09 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.scr
2016-07-28 01:36 - 2016-05-14 01:08 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.pif
2016-07-28 01:36 - 2016-05-14 01:07 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.exe
2016-07-28 01:36 - 2016-05-14 01:06 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.com
2016-07-28 01:36 - 2016-05-14 01:04 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.scr
2016-07-28 01:36 - 2016-05-14 01:03 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.pif
2016-07-28 01:36 - 2016-05-14 01:01 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.exe
2016-07-28 01:36 - 2016-05-14 01:00 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.com
2016-07-28 01:36 - 2016-05-14 00:52 - 00235882 _____ C:\Windows\chameleon.chm
2016-07-27 23:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-27 23:42 - 2016-07-28 09:58 - 00000000 ____D C:\Windows\erdnt
2016-07-27 23:42 - 2016-07-27 23:52 - 00000000 ____D C:\Qoobox
2016-07-27 01:06 - 2016-07-27 05:01 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-07-27 01:06 - 2016-07-27 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-07-26 03:08 - 2016-07-26 03:08 - 00041766 _____ C:\Users\Dante\AppData\Local\recently-used.xbel
2016-07-23 18:50 - 2016-07-23 18:50 - 00016384 _____ C:\Windows\SysWOW64\H3�
2016-07-19 21:21 - 2016-07-21 05:04 - 00000000 ____D C:\Users\Dante\Desktop\fetzen
2016-07-18 03:07 - 2016-07-18 03:07 - 00001311 _____ C:\Users\Dante\Desktop\skse_loader.lnk
2016-07-15 23:55 - 2016-08-04 15:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-15 23:54 - 2016-07-15 23:54 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-15 23:54 - 2016-07-15 23:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-15 23:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-15 23:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-15 23:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-15 23:38 - 2016-08-04 16:12 - 00000000 ____D C:\Windows\CryptoGuard
2016-07-15 23:38 - 2016-08-04 15:32 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2016-07-15 23:38 - 2016-07-27 00:33 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2016-07-15 23:38 - 2016-07-26 20:50 - 00863888 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2016-07-15 23:38 - 2016-07-26 20:50 - 00789136 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2016-07-15 23:38 - 2016-07-26 20:50 - 00245288 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2016-07-15 23:38 - 2016-07-26 20:50 - 00082864 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys
2016-07-15 23:38 - 2016-07-15 23:38 - 00016384 _____ C:\Windows\SysWOW64\���
2016-07-15 23:38 - 2016-07-15 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2016-07-11 04:02 - 2016-07-11 04:05 - 00000000 ____D C:\Users\Dante\Desktop\dragdomods
2016-07-10 02:55 - 2016-07-10 02:55 - 00000000 ____D C:\Users\Dante\AppData\Local\CAPCOM
2016-07-06 20:54 - 2016-07-06 20:55 - 00000000 ____D C:\Users\Dante\Desktop\crusade

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-04 15:40 - 2009-07-14 06:45 - 00026704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-04 15:40 - 2009-07-14 06:45 - 00026704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-04 15:39 - 2014-05-25 08:35 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-08-04 15:39 - 2014-05-25 08:35 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-08-04 15:39 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-04 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-04 15:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-04 02:05 - 2014-05-30 21:44 - 00000000 ____D C:\ProgramData\TEMP
2016-08-04 00:35 - 2014-06-08 03:14 - 00000000 ____D C:\Windows\Minidump
2016-08-03 23:39 - 2014-05-25 01:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-01 14:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-01 01:28 - 2014-05-24 23:43 - 00000000 ____D C:\Users\Dante\AppData\Roaming\vlc
2016-07-30 02:58 - 2015-09-24 00:49 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-29 01:34 - 2014-05-24 22:45 - 00000000 ____D C:\Users\Dante
2016-07-29 01:16 - 2014-05-24 22:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-28 22:45 - 2016-01-22 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-07-28 22:44 - 2015-05-23 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-07-28 09:58 - 2016-06-13 23:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-28 09:58 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-28 09:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-28 02:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PLA
2016-07-28 01:57 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-27 23:46 - 2009-07-14 04:34 - 61341696 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 18350080 _____ C:\Windows\system32\config\SYSTEM.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2016-07-27 02:13 - 2014-05-25 03:28 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-27 01:12 - 2015-09-24 00:43 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-27 01:06 - 2016-02-17 23:05 - 00000000 ____D C:\Program Files\HitmanPro
2016-07-26 21:24 - 2014-05-25 01:01 - 00000000 ____D C:\Users\Dante\AppData\Local\Battle.net
2016-07-26 03:08 - 2014-08-23 20:46 - 00000000 ____D C:\Users\Dante\AppData\Local\gtk-2.0
2016-07-26 03:08 - 2014-08-23 20:39 - 00000000 ____D C:\Users\Dante\.gimp-2.8
2016-07-25 16:14 - 2014-07-13 13:52 - 00000000 ____D C:\Users\Dante\dwhelper
2016-07-20 04:46 - 2014-06-27 00:14 - 00000000 ____D C:\Users\Dante\AppData\Roaming\TS3Client
2016-07-15 23:25 - 2015-09-24 00:03 - 11438608 _____ (SurfRight B.V.) C:\Users\Dante\Desktop\hitmanpro_x64.exe
2016-07-15 04:02 - 2015-06-16 22:23 - 00000000 ____D C:\Users\Dante\Desktop\temp work
2016-07-11 03:57 - 2016-06-27 07:10 - 00000000 ____D C:\Users\Dante\Desktop\text
2016-07-08 00:37 - 2016-01-29 22:46 - 00000000 ____D C:\Users\Dante\AppData\Local\UnrealEngine

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-11 02:17 - 2015-02-06 21:20 - 0005120 _____ () C:\Users\Dante\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-26 03:08 - 2016-07-26 03:08 - 0041766 _____ () C:\Users\Dante\AppData\Local\recently-used.xbel
2015-10-30 03:15 - 2015-10-30 03:15 - 0000121 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-23 21:56 - 2015-03-23 21:56 - 0000040 _____ () C:\ProgramData\ra3.ini

Einige Dateien in TEMP:
====================
C:\Users\Dante\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-07-31 22:33

==================== Ende von FRST.txt ============================


Edited by Harogam, 04 August 2016 - 09:59 AM.


#4 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 04 August 2016 - 09:20 AM

the Addition log

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-08-2016
durchgeführt von Dante (2016-08-04 16:13:26)
Gestartet von C:\Users\Dante\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-24 20:45:37)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-961798393-1801880041-2060533883-500 - Administrator - Disabled)
Dante (S-1-5-21-961798393-1801880041-2060533883-1000 - Administrator - Enabled) => C:\Users\Dante
Gast (S-1-5-21-961798393-1801880041-2060533883-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-961798393-1801880041-2060533883-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: ESET Smart Security 9.0.381.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk FBX Converter x64 2013.3 (HKLM-x32\...\Autodesk FBX Converter x64 2013.3) (Version:  - Autodesk)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 6 (HKLM-x32\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Creativerse (HKLM-x32\...\Steam App 280790) (Version:  - Playful Corporation)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Defense Grid 2 (HKLM-x32\...\Steam App 221540) (Version:  - Hidden Path Entertainment)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Demigod (HKLM-x32\...\Steam App 202710) (Version:  - Gas Powered Games)
Descent: Underground (HKLM-x32\...\Steam App 360950) (Version:  - Descendent Studios Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragon's Dogma: Dark Arisen (HKLM\...\Steam App 367500) (Version:  - Capcom)
ESET Smart Security (HKLM\...\{64D5DBAE-3C56-4FBE-9A2F-44C63FA13BAF}) (Version: 9.0.381.1 - ESET, spol. s r.o.)
Galaxy on Fire 2™ Full HD (HKLM-x32\...\Steam App 212010) (Version:  - Fishlabs Entertainment GmbH)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GIMP Extensions 2.8.20140902 (HKLM\...\GIMP Extensions) (Version: 2.8.20140902 - Pedro Cunha)
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version:  - Crate Entertainment)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hardland (HKLM-x32\...\Steam App 321980) (Version:  - Mountain Sheep)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.5.0.546 - SurfRight B.V.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.)
LuxRender 1.3.1 x64 OpenCL (HKLM\...\{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1) (Version: 1.3.1 - LuxRender)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA Grafiktreiber 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PhotoFiltre 7 (HKU\S-1-5-21-961798393-1801880041-2060533883-1000\...\PhotoFiltre 7) (Version:  - )
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Quake (HKLM-x32\...\Steam App 2310) (Version:  - id Software)
Quake 3 Arena Demo (HKLM-x32\...\Quake 3 Arena Demo) (Version:  - )
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Reality 2.5 (HKLM-x32\...\Reality) (Version: 2.5 - Pret-a-3D)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Red Faction: Guerrilla Steam Edition (HKLM\...\Steam App 20500) (Version:  - Volition)
Rise of the Triad (HKLM-x32\...\Steam App 217140) (Version:  - Interceptor Entertainment)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 3 - Titan Lords Enhanced Edition (HKLM-x32\...\{7C26395A-20EE-43F4-88FB-E26169B739EC}) (Version: 1.00 - Deep Silver)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version:  - GSC Game World)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Skyrim Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Star Wars® Knights of the Old Republic® II The Sith Lords™ (HKLM-x32\...\{3DF70451-99CA-4528-A583-0DF8BCCC953B}) (Version: 1.00.0000 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-961798393-1801880041-2060533883-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Man Wolf (HKLM-x32\...\The Man Wolf 1.1) (Version: 1.1 - DAZ 3D)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.22.0.0 - GOG.com)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1) (Version:  - White Rabbit Interactive)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
Waves (HKLM-x32\...\Steam App 107600) (Version:  - Squid In A Box Ltd)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
ZBrush 4R4 (HKLM-x32\...\ZBrush 4R4 4R4) (Version: 4R4 - Pixologic)
Zigfrak (HKLM-x32\...\Steam App 259430) (Version:  - Entheogen Studios LLC)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-961798393-1801880041-2060533883-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {8BC79052-5E13-43EA-AD9F-92D3B0CCA954} - System32\Tasks\{FFF62F1B-C5FD-457A-B237-7A369B4CA727} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {A4F9974A-10CC-4534-A6DD-82FE835FD593} - System32\Tasks\{83BCF3F2-478A-42A8-A934-5CBC86646E9E} => pcalua.exe -a D:\Games\HiRezGamesDiagAndSupport.exe -c uninstall=17
Task: {E96D1B88-4890-40B5-8E0D-62DB6A9C2056} - System32\Tasks\{7D7C80F4-728A-41BE-A357-163BE655310C} => D:\Games\Hunted\BINARIES\WIN32\HUNTED.EXE

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Dante\AppData\Local\Microsoft\Windows\GameExplorer\{E730DC55-1FB5-480F-8955-595834539731}\SupportTasks\1\Support.lnk -> hxxp://www.runningwithscissors.com/
Shortcut: C:\Users\Dante\AppData\Local\Microsoft\Windows\GameExplorer\{E730DC55-1FB5-480F-8955-595834539731}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.gopostal.com/postal2/index.php/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-06-07 16:50 - 2016-05-10 01:40 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-24 22:51 - 2013-12-04 18:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-05-25 00:28 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Dante:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\TEMP:890CC2F3 [127]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [127]
AlternateDataStreams: C:\Users\Dante\Cookies:gs5sys [2048]
AlternateDataStreams: C:\Users\Dante\Documents:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Eigene Dateien:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Dante\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Documents\desktop.ini:gs5sys [1792]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2048]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92144893.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92144893.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-01-30 02:50 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-961798393-1801880041-2060533883-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dante\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 83.169.184.33 - 83.169.184.97
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6214AFED-7632-4028-AF65-02DD2C90D2B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{87D771DE-1CFB-4F88-9C65-AF85B8131556}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{E732C3A5-E76D-472D-9E98-83FB911A6C74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{13332876-DEEC-4152-989E-5D04C3E203D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C1B0F53-E26C-42C7-8A5C-EB53307DA869}] => (Allow) D:\Steam\SteamApps\common\Strike Suit Infinity\pc\main\Binary\SSZ.exe
FirewallRules: [{DD5D99DF-DD46-4897-8D00-7AC8E49C6C2B}] => (Allow) D:\Steam\SteamApps\common\Strike Suit Infinity\pc\main\Binary\SSZ.exe
FirewallRules: [{49AF388F-A5A1-4788-8CCE-406BCCF56504}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{24B5142D-5D25-432F-9BDC-BD5545B6A5CC}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{4DC9BBEE-3285-4DCA-AF2D-DDD97A9A07DE}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{0C7C869F-3EEF-44C1-AC32-C2BE72ED9525}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{BF7C0E7A-55F6-4C2B-A54B-96B5B1B92D0C}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{8001FADE-1013-4DEF-8611-B0F03A82DB8B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{9830F108-0C78-48DB-A975-3625E708CFD5}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{EABF00C8-1867-4F1E-84EB-994A8CE7FB56}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{56DE9117-A0A8-4FB4-97A5-BEE3AB5FD147}] => (Block) %USERPROFILE%\Desktop\SketchBookPro.exe
FirewallRules: [{DB91F55C-89F5-42A6-B6B7-0AC2916627BF}] => (Block) %USERPROFILE%\Desktop\SketchBookPro.exe
FirewallRules: [{DC0DA02E-4A80-4A2C-B4A0-8832AA1BDD42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{39489F60-DDC9-4004-AFDF-9A7238AF8C6C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{327708B5-3C73-495C-866E-DACB17323099}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{CD446626-CD8B-41C4-B9D4-AB21EDA94FC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{0738F1FE-6419-417A-8BB9-8EC906B51E5A}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{7012C2D8-5FE5-4C84-B52D-BFBFB6C0D668}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{EE2EB66D-1206-422A-BDEF-F177DED686BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54EB3227-842E-405C-8BE3-784E8643C6B3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FAD85872-478E-481C-925C-2839DECD9958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{91A56B89-8DB8-46DA-90A0-E53CAD193D2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{6BF928CC-91F2-47F8-B984-2853D0DFEE76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{80ECAA18-02D9-473E-B12B-0387ACF551AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{5F964A84-E7D2-4180-9A45-58494E50AB41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{FBE07658-2EDB-4374-BBA2-4968F51B8F85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{92FAFCDF-1CB1-41DD-8236-5D33E06269D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0053D00-06DE-4653-B0A9-1C08CB06CC50}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C30D9BFA-EE7F-4562-A773-C6878B5B130E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C32DCE97-BFD5-4B9F-AF8C-E4C604E344D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43F307A1-D21E-47B3-8DF9-04D20EBBAA94}] => (Allow) D:\Steam\SteamApps\common\Hazard Ops\UnrealEngine3\Binaries\Win32\InfernumLogin.exe
FirewallRules: [{E834DC34-1AD1-407E-9A79-478EE4ED228B}] => (Allow) D:\Steam\SteamApps\common\Hazard Ops\UnrealEngine3\Binaries\Win32\InfernumLogin.exe
FirewallRules: [{8C69CA85-5B5B-4C0F-9B7B-CD2A57B7DD9F}] => (Allow) D:\Steam\SteamApps\common\GodMode\bin\GodMode.exe
FirewallRules: [{8549B542-B144-46A0-894E-63DA4F4EF06A}] => (Allow) D:\Steam\SteamApps\common\GodMode\bin\GodMode.exe
FirewallRules: [{AF37D05A-3787-46A2-B460-E7862A10F826}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7747A03E-1893-44DF-97F6-53E31753AFD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{51E9BB0C-B021-440D-BB70-17325E2E2D30}] => (Allow) D:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{04E732CF-918E-4956-A49D-9E856EC4ECBC}] => (Allow) D:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{3B70DE28-DE8C-4B35-B183-70ADAAD320B1}] => (Allow) D:\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
FirewallRules: [{8E1C7EA6-ECCA-475F-ABC9-21B1C620CF66}] => (Allow) D:\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
FirewallRules: [{40DADAAA-0CD3-4A1E-B406-CD0D695C7C15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DCEBE1D1-270B-4E03-8999-ED7ABAD1B33F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{427B176D-4E2C-4044-9B47-F01378F163D7}] => (Allow) D:\Steam\SteamApps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
FirewallRules: [{5336B23C-5D9A-40C3-A72B-15E573B40D22}] => (Allow) D:\Steam\SteamApps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
FirewallRules: [{D31E3010-9119-4B3A-B10F-AC2E1466FAC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{EFD9E773-8DE9-41AE-90D4-CF7E0A6D4A55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{17A680EA-B1D7-4BC2-9349-750A3A71F4BF}] => (Allow) D:\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{EF478E79-29F6-479C-B1BB-BCC136F349EC}] => (Allow) D:\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{A3168680-219B-483A-8F85-B7FB40E0D8BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4375D4B5-DA09-4D35-9749-425098C13075}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{16EC3177-DF3C-4043-8C30-ED5710D7CB2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{F6D9A13C-984B-475D-B49C-3F5ACEACED64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{180BD898-13AF-488F-9ED8-C14E5980D5C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{090878B7-E511-43EF-B1B0-9AB9B7D7570A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{CDF89548-8568-49CC-80C2-ACEA3C053428}] => (Allow) D:\Steam\SteamApps\common\Aura Kingdom\game.bin
FirewallRules: [{D744006D-409B-420A-A901-DFF5E89E3C23}] => (Allow) D:\Steam\SteamApps\common\Aura Kingdom\game.bin
FirewallRules: [{7DCE4416-8D65-4B9E-BA2A-26F2995C8E84}] => (Allow) D:\Steam\SteamApps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{4B9409EE-188C-4385-BB18-FFBBDB8F0EDE}] => (Allow) D:\Steam\SteamApps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{A9DA3BAA-6FBB-4711-980D-00C448ACDAF9}] => (Allow) D:\Steam\SteamApps\common\Quake\Winquake.exe
FirewallRules: [{BCD4EA71-81A0-4C09-A23C-A7054D43F4B6}] => (Allow) D:\Steam\SteamApps\common\Quake\Winquake.exe
FirewallRules: [{F293D680-FED9-4550-B381-FCA6BEB1DDB7}] => (Allow) D:\Steam\SteamApps\common\Quake\qwcl.exe
FirewallRules: [{99E8C118-6620-4C6A-B1F8-AE4DA542BF01}] => (Allow) D:\Steam\SteamApps\common\Quake\qwcl.exe
FirewallRules: [{9CF73F63-A0DC-45CC-9763-17DD7C855C88}] => (Allow) D:\Steam\SteamApps\common\Quake\Glquake.exe
FirewallRules: [{B13687B1-B89E-4B9C-AED7-1FA1C81C1988}] => (Allow) D:\Steam\SteamApps\common\Quake\Glquake.exe
FirewallRules: [{71BAE638-D86E-42A7-AEE2-7709AE5DC27D}] => (Allow) D:\Steam\SteamApps\common\Quake\glqwcl.exe
FirewallRules: [{54867B6A-CB15-46D8-9133-02E0863F475F}] => (Allow) D:\Steam\SteamApps\common\Quake\glqwcl.exe
FirewallRules: [{62951461-FE65-4365-B9E5-1A88DA57E30E}] => (Allow) D:\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{C61213F9-D986-435C-9FC4-B45896D28F5D}] => (Allow) D:\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{82E631E5-6984-464D-A6C8-1A21C87DC9DC}] => (Allow) D:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{5DC7CB64-26C5-4014-BE32-AAFD18E43B5F}] => (Allow) D:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{E7004CA4-0694-40B4-AC48-B4F5EB96837D}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{A05A0C19-B71D-4A02-916C-1B410D4E69D8}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{333A91E8-BCAF-49A9-A97C-607EB0CEA012}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{07F401C0-DFA4-4084-83D3-5A0CE28F57CB}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1DCC0AF2-94F3-4B27-849D-E2B60E26CD19}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B0F7F46B-B533-4C03-B782-1360474F19DE}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0870C000-838C-4AA0-9392-D9022135BDC1}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D0567F87-63F7-45CD-9253-4CAFF048C584}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{13A9EE4F-F3B0-4B41-BBA2-D37F81E3852E}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{685C2041-6EFD-441F-91E2-E47DC9269D70}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D3C06B94-0037-4C11-9E5D-FCAB4C49A3EB}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{77332C9C-7764-4873-BBBA-5D6F10EA5D41}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{CDF7416D-8CF3-4A82-BBE1-B20F45C3B242}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{317314A4-CF42-4967-B624-B68A33392C29}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0E509CF7-04C9-47D0-A24B-F7DADFD7B3C4}] => (Allow) D:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{198C360A-FEE2-4A6E-965E-BDA920CA5D9A}] => (Allow) D:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{CE58567C-5C10-4B76-BCD6-D00BE1890C87}] => (Allow) D:\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{A6BAE098-30F0-4FFD-91D4-D6C845E9937E}] => (Allow) D:\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{638A3402-ECED-4A7D-B153-58A2073F547D}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{2211A5AC-540E-4BB4-BEE8-D535B92BD168}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{FED1FBEA-6943-424F-8BEF-D972DEEAAB71}] => (Allow) D:\Games\Hellgate\HGLLauncher.exe
FirewallRules: [{A605D1A8-C25F-45E7-94A1-40F007B2CE95}] => (Allow) D:\Games\Hellgate\HGLLauncher.exe
FirewallRules: [{DC51757D-C42E-415C-A723-A9BC98BB2652}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1853D5D0-8181-4FBD-9077-F2A97FDF9252}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5CE80FD1-7ABA-4EB1-B834-C1888D786EF3}] => (Allow) D:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{E5980648-8E8F-4AF0-BEF2-66869868F1A5}] => (Allow) D:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{7FEC0CAB-9F7C-4044-8BE2-08FF7FA9D532}] => (Allow) D:\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{285FED4A-CE3D-4C54-A708-1D65EE360603}] => (Allow) D:\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{B2E367C5-46DF-4B0A-8493-4429FEFA855C}] => (Allow) D:\Tools\Winamp\winamp.exe
FirewallRules: [{9C90BA7E-7951-4FF0-8B2C-414852E05D1E}] => (Allow) D:\Tools\Winamp\winamp.exe
FirewallRules: [{75DA52F3-604B-458E-85D6-54BE59B082B0}] => (Allow) D:\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{4428039C-3B96-417D-9D4B-AE40DB5025E0}] => (Allow) D:\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{A51E77FF-81B0-4075-8AD8-0A672CCA3FC9}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
FirewallRules: [{2176AF84-D1A4-4561-BB0E-9D278F25AD8F}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
FirewallRules: [{AC2B13D3-F670-43CC-B89B-ACAD004613B9}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{A3E76191-5007-4E3D-B9AA-EAAD243D7873}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{BCFA8909-F554-4319-8F33-BE49999C75D9}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{2F209789-EA3E-45C2-9E6D-CD9EBB0B2289}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{2760ED86-B601-498B-8AD8-09294D6C7D2F}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9B51738E-EA31-43DF-921C-3CF09C318C4D}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{151BC085-4E2A-44D4-8A16-3B17A6D2881C}] => (Allow) D:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{3AC3AD99-20C7-404D-B7F3-89952F703879}] => (Allow) D:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{77D6D7BD-3B62-440D-9C5A-7EDF4B3F47A5}] => (Allow) D:\Steam\SteamApps\common\Waves\Binaries\Win32\Waves.exe
FirewallRules: [{4E5F4180-23C0-4104-BBF3-AC2895C48205}] => (Allow) D:\Steam\SteamApps\common\Waves\Binaries\Win32\Waves.exe
FirewallRules: [{29BD53C6-391E-4840-B321-A606D6819BED}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6479E5E1-9324-4BB4-B6AE-B672E7967186}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{19E5DD17-422E-4A0F-88FC-BB2D2291D717}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{C94B42FB-AF9D-4909-B9F7-0A1A8E8CC6B7}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{43F2CF92-C930-4F0A-83E3-B5C43CF620E9}] => (Allow) D:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{CE31193D-0384-4672-9A4F-5D8F1CC55D4B}] => (Allow) D:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{54933902-6F5A-449C-8696-B73E3DF56104}] => (Allow) D:\Steam\SteamApps\common\Demigod\bin\Demigod.exe
FirewallRules: [{86CF955F-9A93-47F0-9D77-81C9595939C5}] => (Allow) D:\Steam\SteamApps\common\Demigod\bin\Demigod.exe
FirewallRules: [{B6029E6C-119C-484A-B3F2-FB1839F6881C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B97BD9D-6141-4C9C-9CD2-CBB40EFBEE38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8034B22C-36FA-4586-B3CF-E9BCE760986C}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{540EDB01-1523-4CD7-9D0C-C4ADB1A1F02B}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{4166E868-8559-4EF7-A1AD-0C14F43AAE36}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{54E5616C-6B4B-4B7F-A6A0-2094A21A7843}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{3C7A8898-658B-462D-A0D5-C3CB54E1DF0D}] => (Allow) D:\Steam\SteamApps\common\DefenseGrid2\DefenseGrid2_Release.exe
FirewallRules: [{E2585EB5-59AD-4D09-8994-456BA093F5F4}] => (Allow) D:\Steam\SteamApps\common\DefenseGrid2\DefenseGrid2_Release.exe
FirewallRules: [{BE982F0E-84C8-4A1F-8CF0-9CE166451157}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{FF017C26-CF71-47F9-AAE6-193B7022B338}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{C556D7C6-F293-4D59-BA14-47817419BEF5}] => (Allow) D:\Steam\SteamApps\common\Dragomon Hunter\Game.bin
FirewallRules: [{654A07B7-D399-467E-8495-34BAC136A72E}] => (Allow) D:\Steam\SteamApps\common\Dragomon Hunter\Game.bin
FirewallRules: [{02E52F85-483E-43EE-83EE-6A355741C3B5}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{AEF826DF-98F7-4A86-A1CC-A79628834F35}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{C29593A6-190F-46F8-B671-997F792E3C23}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{5D8C0D35-4289-41AE-B130-E5DB6C56CA24}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{976674A1-A4D7-4E8C-9CFD-1A48DFF9F2E4}] => (Allow) %ProgramFiles% (x86)\NCWest\NCLauncher\NCLauncher.exe
FirewallRules: [{941A6FF9-789D-4990-8DBD-C0AADC973190}] => (Allow) %ProgramFiles% (x86)\NCWest\NCLauncher\NCLauncher.exe
FirewallRules: [{B7892AD1-0DE4-42D6-BF97-6CFBD9CDCFF3}] => (Allow) D:\Steam\SteamApps\common\Hardland\Hardland.exe
FirewallRules: [{BB474EE7-6586-4991-9F7C-F8A819E921DF}] => (Allow) D:\Steam\SteamApps\common\Hardland\Hardland.exe
FirewallRules: [{E146B9AD-2E4D-42F0-AF1E-9A99E899BF51}] => (Allow) D:\Steam\SteamApps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{97451D3E-47C0-43E2-AB62-00237B31EFC4}] => (Allow) D:\Steam\SteamApps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{358573D2-5B5F-4124-A2FA-3C0DB0BB955D}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{8E52B5F0-7A95-4F30-8645-B9E9FF7147AC}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{2A791305-F5E7-46CA-BB5A-82473E95E471}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{A3D12BEC-0C04-4D58-8EBF-6124C09ABBB3}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{08CB8572-F4FC-4658-A797-D23AACB241B6}] => (Allow) D:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{DC0513E9-92FD-43FA-9B00-0708FE26114E}] => (Allow) D:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{B51D9AFD-E3E3-494D-A3FF-B6D6710346A8}] => (Allow) D:\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{D09F7ECA-CC60-492C-B866-AF01EC74E6E4}] => (Allow) D:\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{2658C3F8-4CE5-4072-B28B-4DFE55B6061B}] => (Allow) D:\Steam\SteamApps\common\Descent Underground\launcher\Descent.exe
FirewallRules: [{D67AED3E-45CA-4EBD-B486-C2371D7EC645}] => (Allow) D:\Steam\SteamApps\common\Descent Underground\launcher\Descent.exe
FirewallRules: [{78DEF56E-B28F-4603-BDC6-FB452CB709D6}] => (Allow) D:\Steam\SteamApps\common\Galaxy On Fire 2 HD\GoF2Launcher.exe
FirewallRules: [{41DB9695-0348-4A5C-A812-C84D017D19B0}] => (Allow) D:\Steam\SteamApps\common\Galaxy On Fire 2 HD\GoF2Launcher.exe
FirewallRules: [{26A0AE9C-9DD3-49EC-9492-BAE5A6716E02}] => (Allow) D:\Steam\SteamApps\common\Sacred 3\sacred3.exe
FirewallRules: [{502EA04F-8A97-4705-AA58-EDA9281FA885}] => (Allow) D:\Steam\SteamApps\common\Sacred 3\sacred3.exe
FirewallRules: [{B7973164-115B-4E62-ADF8-9C5E43DFE68E}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{49DC736C-1479-4421-B20B-438C7F2F35A3}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{720B221B-58B5-4DE2-8ED6-9B017E0B08B8}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{336EEBE4-1DE2-446B-B187-96C2A2DDF3FE}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{8E058565-846E-4E01-A961-3EECA0447C89}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{FFB4353C-550B-431D-BFB9-4FE852031270}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0D5402DF-E4CB-439E-B57A-5E07A9EDD934}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A15E08D3-08BA-4B07-A84A-A6DBFD88952A}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{1426FF9A-E961-4DA6-9CB0-2F55D075A51E}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{23F689C4-0AD8-493F-ABE9-461F49EF751E}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{61B15C2E-DD06-43C6-A13B-540894F80FE5}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{F5E3548C-2157-4F85-A8D6-40444D895F98}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D0F45FEB-1AD1-4FDF-80B6-3349F769FF5E}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{77932430-D310-4F51-AF61-7FD767EC28F5}] => (Allow) D:\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{D33DA43D-7F80-46BF-AD0A-50E3547F68A3}] => (Allow) D:\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{3C4B41AE-0430-44AE-A7DB-7725FBE3898F}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{5B5F40BF-3B56-437A-B1A7-E72E536FAAB1}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{E1DD8534-0A38-43D2-A9C3-08EBEC0D80C6}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{CA9D2A1C-319A-4AB9-9611-BB3D2C2C3DD3}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{0FEB1016-9B47-4C4E-8222-6DB81ACDD0BD}] => (Allow) D:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{D88934FB-7B28-4E50-97C0-B2903C710E1E}] => (Allow) D:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{A219CD21-44AE-45B3-86B5-96B4C7E6B047}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{3E39CBB8-287D-4690-AF55-501DBEA558C7}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{D896F907-7026-42E4-B323-308A847F3F8B}D:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{FF755CE9-9F41-4962-8FFE-2FB70EC44C7D}D:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{2FFAAA9C-944B-4C32-AE96-BD326E613C46}] => (Allow) D:\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2F27695B-C186-4C2F-AE6C-3FAB399B7F96}] => (Allow) D:\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [TCP Query User{592F73EF-F44F-4520-B351-C7239BE17A4C}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DAAAEC14-DF7B-4F20-B81F-E9B86A450E39}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{9A17A5A6-BA8F-4391-B6E0-63F993319845}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{995371D1-2502-4DD0-BB72-6C488FDF67FE}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{910F716D-880F-4927-A78A-245C423C5475}] => (Allow) D:\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{E8E7FF16-1D44-44F9-80F9-5D337BB80F6B}] => (Allow) D:\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{3AF65BBA-8086-4A00-9931-6AACD6AB9881}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{0CD1C321-3BEC-4F8A-AEBD-D81E6D3A6C21}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{2A81F8B6-54B5-4B90-9ECE-EA0914FA38F6}] => (Allow) D:\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{C6F600C6-E829-4BAE-8190-6AF2AF6B5F67}] => (Allow) D:\Steam\SteamApps\common\The Stanley Parable\stanley.exe

==================== Wiederherstellungspunkte =========================

28-07-2016 22:45:22 Entfernt Blade & Soul
29-07-2016 01:12:33 Konfiguriert ASUS GPU Tweak
29-07-2016 01:13:27 Konfiguriert ASUS GPU Tweak

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/04/2016 03:34:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 01:18:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 12:37:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 08:29:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (08/03/2016 08:22:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2016 06:35:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (08/03/2016 04:51:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2016 09:42:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2016 06:12:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2016 01:12:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (08/04/2016 12:35:18 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000117 (0xfffffa8010d38010, 0xfffff8800f255c2c, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\080416-11778-01.dmp080416-11778-01

Error: (08/04/2016 12:35:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎08.‎2016 um 00:34:04 unerwartet heruntergefahren.

Error: (08/02/2016 01:12:45 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/01/2016 03:06:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (08/01/2016 03:06:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (08/01/2016 03:06:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (07/30/2016 02:58:31 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\System32\drivers\TrueSight.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/30/2016 01:40:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "RPC-Endpunktzuordnung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056 = Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (07/30/2016 01:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/30/2016 01:37:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst DNS-Client erreicht.


CodeIntegrity:
===================================
  Date: 2016-07-27 23:45:59.872
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\cof\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-07-27 23:45:59.857
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\cof\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 16262.64 MB
Verfügbarer physikalischer RAM: 11154.98 MB
Summe virtueller Speicher: 32523.47 MB
Verfügbarer virtueller Speicher: 27766.98 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:97.79 GB) (Free:12.66 GB) NTFS
Drive d: (pitchbleep) (Fixed) (Total:983.87 GB) (Free:353.79 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C89444CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=983.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

 

 

 

sorry, i made a mistake the rkill log iss too old, i added the latest one named: latest roguekiller log

Attached Files


Edited by Harogam, 04 August 2016 - 07:46 PM.


#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:05:51 PM

Posted 05 August 2016 - 10:43 PM

First some ground rules:

  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.

Now couple of questions, do you recognize these sites?

hxxp://www.runningwithscissors.com/
hxxp://www.gopostal.com/postal2/index.php/

Do you recognize these folders?

C:\Users\Dante\.designer
C:\Users\Dante\Desktop\fetzen
C:\Users\Dante\Desktop\dragdomods
C:\Users\Dante\Desktop\crusade

And finally, are you now, or have you ever used any sort of CD Emulation Software?

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    (())
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

So for your next reply please post the contents of fixlog.txt that is on your desktop.
And tell me how your computer is running. 


To err is Human. To blame it on someone else is even more Human.

#6 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 06 August 2016 - 02:03 PM

These two webadresses belong to an uninstalled Game (Postal2).

 

I am not sure what the .designer folder is, only file inside is a template, maybe a remnant of a 3dmodeling tool or game modtool.

The Folders: fetzen, crusade and dragdomods(Dragons Dogma mods) are legit and created by me.

 

It's been ages since i used any kind of cd emulator, but, at the beginning of the year i redownloaded Hellgate Tokyo (relative old free2play).

The downloads contained: 3 single Chunks(bin files) and one installer. The disclaimer said that some inbuild emulation software is used to install Hellgate Tokyo.

However i uninstalled an deleted it several months ago due service shutdown.

 

Performance: Browsing is faster now, less clunky, cpu usage steady 13%, ram usage steady 33%, overall performance is better.

 

         (update: After un- and replugging Internet, Cpu usage goes down to steady 0-1% and Ram goes down to steady 15-16% usage,

                        slowly goes up while connected to Internet, goes down when unplugged.

                        Also less Processes, before was around 72-74, now 62-63, the svchost(system) takes way less mem and usage now, idle still takes 99 usage.

                          Also less Performance Jumps, more stable)

 

 

Question: is it normal that the fixlist.txt diappears after the fix?

 

no reboot after fix needed

the Log

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-08-2016
durchgeführt von Dante (2016-08-06 20:44:00) Run:1
Gestartet von C:\Users\Dante\Desktop
Geladene Profile: Dante (Verfügbare Profile: Dante)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
HKU\S-1-5-21-961798393-1801880041-2060533883-1000\...\Run: [GalaxyClient] => [X]
S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
S2 HiPatchService; D:\Games\HiPatchService.exe [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
AlternateDataStreams: C:\Users\Dante:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\desktop.ini:gs5sys [2816]
AlternateDataStreams: C:\ProgramData\TEMP:890CC2F3 [127]
AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [127]
AlternateDataStreams: C:\Users\Dante\Cookies:gs5sys [2048]
AlternateDataStreams: C:\Users\Dante\Documents:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Eigene Dateien:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Dante\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\AppData\Local\Verlauf:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Documents\desktop.ini:gs5sys [1792]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2048]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nicht gefunden
File: C:\Windows\SysWOW64\H3
Reg: reg export HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
Reg: reg export HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
*****************

HKU\S-1-5-21-961798393-1801880041-2060533883-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => Wert erfolgreich entfernt
GalaxyClientService => Dienst erfolgreich entfernt
HiPatchService => Dienst erfolgreich entfernt
gdrv => Dienst erfolgreich entfernt
xhunter1 => Dienst erfolgreich entfernt
C:\Users\Dante => ":gs5sys" ADS erfolgreich entfernt.
C:\ProgramData\desktop.ini => ":gs5sys" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":890CC2F3" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":C8B8CEBD" ADS erfolgreich entfernt.
"C:\Users\Dante\Cookies" => ":gs5sys" ADS nicht gefunden.
"C:\Users\Dante\Documents" => ":gs5sys" ADS nicht gefunden.
"C:\Users\Dante\Eigene Dateien" => ":gs5sys" ADS nicht gefunden.
"C:\Users\Dante\Vorlagen" => ":gs5sys" ADS nicht gefunden.
C:\Users\Dante\Desktop\desktop.ini => ":gs5sys" ADS erfolgreich entfernt.
"C:\Users\Dante\AppData\Local\Verlauf" => ":gs5sys" ADS nicht gefunden.
C:\Users\Dante\Documents\desktop.ini => ":gs5sys" ADS erfolgreich entfernt.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS erfolgreich entfernt.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Wert erfolgreich entfernt

========================= File: C:\Windows\SysWOW64\H3 ========================

Datei ist nicht signiert
MD5: 1AD61B1344E76F9C3B0C670BFB876087
Erstellungs- und Änderungsdatum: 2016-07-23 18:50 - 2016-07-23 18:50
Größe: 0016384
Attribute: ----A
Firmenname:
Interne Name:
Original Name:
Produkt:
Beschreibung:
Datei Version:
Produkt Version:
Urheberrecht:

====== Ende von File: ======


========= reg export HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal =========

FEHLER: Ungltige Syntax.
Geben Sie "REG EXPORT /?" ein, um die Syntax anzuzeigen.


========= Ende von Reg: =========


========= reg export HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network =========

FEHLER: Ungltige Syntax.
Geben Sie "REG EXPORT /?" ein, um die Syntax anzuzeigen.


========= Ende von Reg: =========


==== Ende von Fixlog 20:44:01 ====


Edited by Harogam, 06 August 2016 - 06:17 PM.


#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:05:51 PM

Posted 07 August 2016 - 08:44 AM

Question: is it normal that the fixlist.txt diappears after the fix?

Quite normal, I can assure you.

There is one more file to remove. I had to check it out before doing anything with it. Please delete any old fixlist.txt files you may have.

We need to run a fix with FRST:
  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    ((txt.gif  fixlist.txt   404bytes   1 downloads))
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Once that is done, another set of FRST logs.
  • Right-click FRST.exe then click "Run as administrator" .
  • When the tool opens, click Yes to disclaimer.
  • Under the Optional Scan area choose Addition.txt
  • Press the Scan button.
  • When finished, it will produce two logs one called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both, the Addition.txt log and the FRST.txt log in your next reply.
Any concerns, let me know, and tell me how your computer is running. 
To err is Human. To blame it on someone else is even more Human.

#8 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 07 August 2016 - 01:26 PM

When i try to dowload the fixlist per rightclick, it appears as index.html. When i click on it, a new Tab opens and says i don't have the Permission to view this Attachment



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:05:51 PM

Posted 07 August 2016 - 02:45 PM

Try this:
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt.
  • Important! In the "Save As" box at the bottom is a drop down menu, Encoding. Click that and choose Unicode.
C:\Windows\SysWOW64\H3�
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92144893.sys
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92144893.sys
Reboot
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

To err is Human. To blame it on someone else is even more Human.

#10 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 07 August 2016 - 03:11 PM

ok done, cpu usage still at 13%, memory usage at 33% . Besides that, Idle process at 88 use now. svchost: 13 usage and 1.539.776k memory.

Still less performance jumps and more stable.

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-08-2016
durchgeführt von Dante (2016-08-07 21:58:26) Run:2
Gestartet von C:\Users\Dante\Desktop
Geladene Profile: Dante (Verfügbare Profile: Dante)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Windows\SysWOW64\H3�
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92144893.sys
Reg: reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92144893.sys
Reboot
*****************

C:\Windows\SysWOW64\H3� => erfolgreich verschoben

========= reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92144893.sys =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92144893.sys
    (Standard)    REG_SZ    Driver



========= Ende von Reg: =========


========= reg query HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92144893.sys =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92144893.sys
    (Standard)    REG_SZ    Driver



========= Ende von Reg: =========

Reboot => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.

==== Ende von Fixlog 21:58:27 ====

 

 

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
durchgeführt von Dante (Administrator) auf WORKSLAVE (07-08-2016 22:01:49)
Gestartet von C:\Users\Dante\Desktop
Geladene Profile: Dante (Verfügbare Profile: Dante)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15642744 2016-03-30] (Logitech Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 83.169.184.33 83.169.184.97
Tcpip\..\Interfaces\{586B807F-6951-41AF-AB59-9D0B85B8D0E8}: [DhcpNameServer] 83.169.184.33 83.169.184.97

Internet Explorer:
==================
HKU\S-1-5-21-961798393-1801880041-2060533883-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-26] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-06-05] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-06-05] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-26] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-961798393-1801880041-2060533883-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Extension: NoScript - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-03]
FF Extension: Clean Links - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-06-22]
FF Extension: Video DownloadHelper - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-03]
FF Extension: Adblock Plus - C:\Users\Dante\AppData\Roaming\Mozilla\Firefox\Profiles\9bkt9cgk.default-1462807354064\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-22]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-23] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-07-27] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4764304 2016-07-26] (SurfRight B.V.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Datei ist nicht signiert]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc.)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-06-03] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-06-22] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-05-12] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2016-05-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-05-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-05-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-05-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-05-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-05-12] (ESET)
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [245288 2016-07-26] (SurfRight B.V.)
R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [82864 2016-07-26] (SurfRight B.V.)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-02-22] ()
S3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [45208 2016-03-05] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
S3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [44800 2010-01-04] (Razer USA Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-30] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-07 22:01 - 2016-08-07 22:02 - 00012032 _____ C:\Users\Dante\Desktop\FRST.txt
2016-08-07 21:58 - 2016-08-07 21:58 - 00001252 _____ C:\Users\Dante\Desktop\Fixlog.txt
2016-08-06 20:40 - 2016-08-06 20:40 - 02393600 _____ (Farbar) C:\Users\Dante\Desktop\FRST64.exe
2016-08-04 16:12 - 2016-08-07 22:01 - 00000000 ____D C:\FRST
2016-08-04 16:10 - 2016-08-07 20:17 - 00000000 ____D C:\Users\Dante\Desktop\lgs
2016-08-04 00:34 - 2016-08-04 00:34 - 00279411 ____N C:\Windows\Minidump\080416-11778-01.dmp
2016-07-30 02:58 - 2016-07-30 02:58 - 12716616 _____ C:\Users\Dante\Desktop\RogueKillerX64_old.exe
2016-07-29 01:34 - 2016-07-29 01:34 - 00000000 ____D C:\Users\Dante\.designer
2016-07-28 01:39 - 2016-07-28 01:39 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-07-28 01:36 - 2016-05-14 01:11 - 01512392 _____ (MalwareBytes) C:\Windows\mbam-killer.exe
2016-07-28 01:36 - 2016-05-14 01:09 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.scr
2016-07-28 01:36 - 2016-05-14 01:08 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.pif
2016-07-28 01:36 - 2016-05-14 01:07 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.exe
2016-07-28 01:36 - 2016-05-14 01:06 - 00969160 _____ (MalwareBytes) C:\Windows\mbam-chameleon.com
2016-07-28 01:36 - 2016-05-14 01:04 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.scr
2016-07-28 01:36 - 2016-05-14 01:03 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.pif
2016-07-28 01:36 - 2016-05-14 01:01 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.exe
2016-07-28 01:36 - 2016-05-14 01:00 - 00969160 _____ (MalwareBytes) C:\Windows\firefox.com
2016-07-28 01:36 - 2016-05-14 00:52 - 00235882 _____ C:\Windows\chameleon.chm
2016-07-27 23:43 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-27 23:42 - 2016-07-28 09:58 - 00000000 ____D C:\Windows\erdnt
2016-07-27 23:42 - 2016-07-27 23:52 - 00000000 ____D C:\Qoobox
2016-07-27 01:06 - 2016-07-27 05:01 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-07-27 01:06 - 2016-07-27 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-07-26 03:08 - 2016-07-26 03:08 - 00041766 _____ C:\Users\Dante\AppData\Local\recently-used.xbel
2016-07-19 21:21 - 2016-08-04 19:14 - 00000000 ____D C:\Users\Dante\Desktop\fetzen
2016-07-18 03:07 - 2016-07-18 03:07 - 00001311 _____ C:\Users\Dante\Desktop\skse_loader.lnk
2016-07-15 23:55 - 2016-08-07 18:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-15 23:54 - 2016-07-15 23:54 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-15 23:54 - 2016-07-15 23:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-15 23:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-15 23:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-15 23:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-15 23:38 - 2016-08-07 21:59 - 00000000 ____D C:\Windows\CryptoGuard
2016-07-15 23:38 - 2016-08-07 18:09 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2016-07-15 23:38 - 2016-07-27 00:33 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2016-07-15 23:38 - 2016-07-26 20:50 - 00863888 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
2016-07-15 23:38 - 2016-07-26 20:50 - 00789136 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
2016-07-15 23:38 - 2016-07-26 20:50 - 00245288 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
2016-07-15 23:38 - 2016-07-26 20:50 - 00082864 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys
2016-07-15 23:38 - 2016-07-15 23:38 - 00016384 _____ C:\Windows\SysWOW64\���
2016-07-15 23:38 - 2016-07-15 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2016-07-11 04:02 - 2016-07-11 04:05 - 00000000 ____D C:\Users\Dante\Desktop\dragdomods
2016-07-10 02:55 - 2016-07-10 02:55 - 00000000 ____D C:\Users\Dante\AppData\Local\CAPCOM

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-08-07 18:18 - 2009-07-14 06:45 - 00026704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-07 18:18 - 2009-07-14 06:45 - 00026704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-07 18:14 - 2014-05-25 08:35 - 00699416 _____ C:\Windows\system32\perfh007.dat
2016-08-07 18:14 - 2014-05-25 08:35 - 00149556 _____ C:\Windows\system32\perfc007.dat
2016-08-07 18:14 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-07 18:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-07 18:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-07 05:26 - 2014-05-30 21:44 - 00000000 ____D C:\ProgramData\TEMP
2016-08-07 04:39 - 2014-05-25 01:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-06 06:19 - 2014-05-24 23:43 - 00000000 ____D C:\Users\Dante\AppData\Roaming\vlc
2016-08-04 00:35 - 2014-06-08 03:14 - 00000000 ____D C:\Windows\Minidump
2016-08-01 14:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-30 02:58 - 2015-09-24 00:49 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-29 01:34 - 2014-05-24 22:45 - 00000000 ____D C:\Users\Dante
2016-07-29 01:16 - 2014-05-24 22:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-28 22:45 - 2016-01-22 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-07-28 22:44 - 2015-05-23 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-07-28 09:58 - 2016-06-13 23:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-28 09:58 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-28 09:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-28 02:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PLA
2016-07-28 01:57 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-27 23:46 - 2009-07-14 04:34 - 61341696 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 18350080 _____ C:\Windows\system32\config\SYSTEM.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-07-27 23:46 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2016-07-27 02:13 - 2014-05-25 03:28 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-27 01:12 - 2015-09-24 00:43 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-27 01:06 - 2016-02-17 23:05 - 00000000 ____D C:\Program Files\HitmanPro
2016-07-26 21:24 - 2014-05-25 01:01 - 00000000 ____D C:\Users\Dante\AppData\Local\Battle.net
2016-07-26 03:08 - 2014-08-23 20:46 - 00000000 ____D C:\Users\Dante\AppData\Local\gtk-2.0
2016-07-26 03:08 - 2014-08-23 20:39 - 00000000 ____D C:\Users\Dante\.gimp-2.8
2016-07-25 16:14 - 2014-07-13 13:52 - 00000000 ____D C:\Users\Dante\dwhelper
2016-07-20 04:46 - 2014-06-27 00:14 - 00000000 ____D C:\Users\Dante\AppData\Roaming\TS3Client
2016-07-15 23:25 - 2015-09-24 00:03 - 11438608 _____ (SurfRight B.V.) C:\Users\Dante\Desktop\hitmanpro_x64.exe
2016-07-15 04:02 - 2015-06-16 22:23 - 00000000 ____D C:\Users\Dante\Desktop\temp work
2016-07-11 03:57 - 2016-06-27 07:10 - 00000000 ____D C:\Users\Dante\Desktop\text
2016-07-08 00:37 - 2016-01-29 22:46 - 00000000 ____D C:\Users\Dante\AppData\Local\UnrealEngine

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-11 02:17 - 2015-02-06 21:20 - 0005120 _____ () C:\Users\Dante\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-26 03:08 - 2016-07-26 03:08 - 0041766 _____ () C:\Users\Dante\AppData\Local\recently-used.xbel
2015-10-30 03:15 - 2015-10-30 03:15 - 0000121 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-23 21:56 - 2015-03-23 21:56 - 0000040 _____ () C:\ProgramData\ra3.ini

Einige Dateien in TEMP:
====================
C:\Users\Dante\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dante\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Dante\AppData\Local\Temp\drm_dyndata_7290008.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-08-07 01:58

==================== Ende von FRST.txt ============================


Edited by Harogam, 07 August 2016 - 03:14 PM.


#11 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 07 August 2016 - 03:12 PM

Addition log

 

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 03-08-2016
durchgeführt von Dante (2016-08-07 22:02:14)
Gestartet von C:\Users\Dante\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-24 20:45:37)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-961798393-1801880041-2060533883-500 - Administrator - Disabled)
Dante (S-1-5-21-961798393-1801880041-2060533883-1000 - Administrator - Enabled) => C:\Users\Dante
Gast (S-1-5-21-961798393-1801880041-2060533883-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-961798393-1801880041-2060533883-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: ESET Smart Security 9.0.381.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk FBX Converter x64 2013.3 (HKLM-x32\...\Autodesk FBX Converter x64 2013.3) (Version:  - Autodesk)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 6 (HKLM-x32\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Command & Conquer 3 (HKLM-x32\...\{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}) (Version: 1.00.0000 - Ihr Firmenname)
Creativerse (HKLM-x32\...\Steam App 280790) (Version:  - Playful Corporation)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Defense Grid 2 (HKLM-x32\...\Steam App 221540) (Version:  - Hidden Path Entertainment)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Demigod (HKLM-x32\...\Steam App 202710) (Version:  - Gas Powered Games)
Descent: Underground (HKLM-x32\...\Steam App 360950) (Version:  - Descendent Studios Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Dragon's Dogma: Dark Arisen (HKLM\...\Steam App 367500) (Version:  - Capcom)
ESET Smart Security (HKLM\...\{64D5DBAE-3C56-4FBE-9A2F-44C63FA13BAF}) (Version: 9.0.381.1 - ESET, spol. s r.o.)
Galaxy on Fire 2™ Full HD (HKLM-x32\...\Steam App 212010) (Version:  - Fishlabs Entertainment GmbH)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GIMP Extensions 2.8.20140902 (HKLM\...\GIMP Extensions) (Version: 2.8.20140902 - Pedro Cunha)
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version:  - Crate Entertainment)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hardland (HKLM-x32\...\Steam App 321980) (Version:  - Mountain Sheep)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.5.0.546 - SurfRight B.V.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Logitech Gaming Software 8.82 (HKLM\...\Logitech Gaming Software) (Version: 8.82.151 - Logitech Inc.)
LuxRender 1.3.1 x64 OpenCL (HKLM\...\{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1) (Version: 1.3.1 - LuxRender)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA Grafiktreiber 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PhotoFiltre 7 (HKU\S-1-5-21-961798393-1801880041-2060533883-1000\...\PhotoFiltre 7) (Version:  - )
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Quake (HKLM-x32\...\Steam App 2310) (Version:  - id Software)
Quake 3 Arena Demo (HKLM-x32\...\Quake 3 Arena Demo) (Version:  - )
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Reality 2.5 (HKLM-x32\...\Reality) (Version: 2.5 - Pret-a-3D)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Red Faction: Guerrilla Steam Edition (HKLM\...\Steam App 20500) (Version:  - Volition)
Rise of the Triad (HKLM-x32\...\Steam App 217140) (Version:  - Interceptor Entertainment)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 3 - Titan Lords Enhanced Edition (HKLM-x32\...\{7C26395A-20EE-43F4-88FB-E26169B739EC}) (Version: 1.00 - Deep Silver)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version:  - GSC Game World)
Sacred 3 (HKLM-x32\...\Steam App 247950) (Version:  - Keen Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Skyrim Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Star Wars® Knights of the Old Republic® II The Sith Lords™ (HKLM-x32\...\{3DF70451-99CA-4528-A583-0DF8BCCC953B}) (Version: 1.00.0000 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-961798393-1801880041-2060533883-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Man Wolf (HKLM-x32\...\The Man Wolf 1.1) (Version: 1.1 - DAZ 3D)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.22.0.0 - GOG.com)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1) (Version:  - White Rabbit Interactive)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
Waves (HKLM-x32\...\Steam App 107600) (Version:  - Squid In A Box Ltd)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
ZBrush 4R4 (HKLM-x32\...\ZBrush 4R4 4R4) (Version: 4R4 - Pixologic)
Zigfrak (HKLM-x32\...\Steam App 259430) (Version:  - Entheogen Studios LLC)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-961798393-1801880041-2060533883-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {8BC79052-5E13-43EA-AD9F-92D3B0CCA954} - System32\Tasks\{FFF62F1B-C5FD-457A-B237-7A369B4CA727} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {A4F9974A-10CC-4534-A6DD-82FE835FD593} - System32\Tasks\{83BCF3F2-478A-42A8-A934-5CBC86646E9E} => pcalua.exe -a D:\Games\HiRezGamesDiagAndSupport.exe -c uninstall=17
Task: {E96D1B88-4890-40B5-8E0D-62DB6A9C2056} - System32\Tasks\{7D7C80F4-728A-41BE-A357-163BE655310C} => D:\Games\Hunted\BINARIES\WIN32\HUNTED.EXE

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Dante\AppData\Local\Microsoft\Windows\GameExplorer\{E730DC55-1FB5-480F-8955-595834539731}\SupportTasks\1\Support.lnk -> hxxp://www.runningwithscissors.com/
Shortcut: C:\Users\Dante\AppData\Local\Microsoft\Windows\GameExplorer\{E730DC55-1FB5-480F-8955-595834539731}\SupportTasks\0\Weitere Spiele von Microsoft.lnk -> hxxp://www.gopostal.com/postal2/index.php/

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-06-07 16:50 - 2016-05-10 01:40 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-03-30 19:17 - 2016-03-30 19:17 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-05-24 22:51 - 2013-12-04 18:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-05-25 00:28 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [127]
AlternateDataStreams: C:\Users\Dante\Cookies:gs5sys [2048]
AlternateDataStreams: C:\Users\Dante\Documents:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Eigene Dateien:gs5sys [3074]
AlternateDataStreams: C:\Users\Dante\Vorlagen:gs5sys [1792]
AlternateDataStreams: C:\Users\Dante\AppData\Local\Verlauf:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92144893.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92144893.sys => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2016-01-30 02:50 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-961798393-1801880041-2060533883-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dante\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 83.169.184.33 - 83.169.184.97
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6214AFED-7632-4028-AF65-02DD2C90D2B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{87D771DE-1CFB-4F88-9C65-AF85B8131556}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{E732C3A5-E76D-472D-9E98-83FB911A6C74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{13332876-DEEC-4152-989E-5D04C3E203D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C1B0F53-E26C-42C7-8A5C-EB53307DA869}] => (Allow) D:\Steam\SteamApps\common\Strike Suit Infinity\pc\main\Binary\SSZ.exe
FirewallRules: [{DD5D99DF-DD46-4897-8D00-7AC8E49C6C2B}] => (Allow) D:\Steam\SteamApps\common\Strike Suit Infinity\pc\main\Binary\SSZ.exe
FirewallRules: [{49AF388F-A5A1-4788-8CCE-406BCCF56504}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{24B5142D-5D25-432F-9BDC-BD5545B6A5CC}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{4DC9BBEE-3285-4DCA-AF2D-DDD97A9A07DE}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{0C7C869F-3EEF-44C1-AC32-C2BE72ED9525}] => (Allow) D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{BF7C0E7A-55F6-4C2B-A54B-96B5B1B92D0C}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{8001FADE-1013-4DEF-8611-B0F03A82DB8B}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{9830F108-0C78-48DB-A975-3625E708CFD5}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{EABF00C8-1867-4F1E-84EB-994A8CE7FB56}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{56DE9117-A0A8-4FB4-97A5-BEE3AB5FD147}] => (Block) %USERPROFILE%\Desktop\SketchBookPro.exe
FirewallRules: [{DB91F55C-89F5-42A6-B6B7-0AC2916627BF}] => (Block) %USERPROFILE%\Desktop\SketchBookPro.exe
FirewallRules: [{DC0DA02E-4A80-4A2C-B4A0-8832AA1BDD42}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{39489F60-DDC9-4004-AFDF-9A7238AF8C6C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{327708B5-3C73-495C-866E-DACB17323099}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{CD446626-CD8B-41C4-B9D4-AB21EDA94FC8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{0738F1FE-6419-417A-8BB9-8EC906B51E5A}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{7012C2D8-5FE5-4C84-B52D-BFBFB6C0D668}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{EE2EB66D-1206-422A-BDEF-F177DED686BA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{54EB3227-842E-405C-8BE3-784E8643C6B3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FAD85872-478E-481C-925C-2839DECD9958}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{91A56B89-8DB8-46DA-90A0-E53CAD193D2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{6BF928CC-91F2-47F8-B984-2853D0DFEE76}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{80ECAA18-02D9-473E-B12B-0387ACF551AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{5F964A84-E7D2-4180-9A45-58494E50AB41}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{FBE07658-2EDB-4374-BBA2-4968F51B8F85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{92FAFCDF-1CB1-41DD-8236-5D33E06269D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C0053D00-06DE-4653-B0A9-1C08CB06CC50}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C30D9BFA-EE7F-4562-A773-C6878B5B130E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C32DCE97-BFD5-4B9F-AF8C-E4C604E344D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43F307A1-D21E-47B3-8DF9-04D20EBBAA94}] => (Allow) D:\Steam\SteamApps\common\Hazard Ops\UnrealEngine3\Binaries\Win32\InfernumLogin.exe
FirewallRules: [{E834DC34-1AD1-407E-9A79-478EE4ED228B}] => (Allow) D:\Steam\SteamApps\common\Hazard Ops\UnrealEngine3\Binaries\Win32\InfernumLogin.exe
FirewallRules: [{8C69CA85-5B5B-4C0F-9B7B-CD2A57B7DD9F}] => (Allow) D:\Steam\SteamApps\common\GodMode\bin\GodMode.exe
FirewallRules: [{8549B542-B144-46A0-894E-63DA4F4EF06A}] => (Allow) D:\Steam\SteamApps\common\GodMode\bin\GodMode.exe
FirewallRules: [{AF37D05A-3787-46A2-B460-E7862A10F826}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7747A03E-1893-44DF-97F6-53E31753AFD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{51E9BB0C-B021-440D-BB70-17325E2E2D30}] => (Allow) D:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{04E732CF-918E-4956-A49D-9E856EC4ECBC}] => (Allow) D:\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{3B70DE28-DE8C-4B35-B183-70ADAAD320B1}] => (Allow) D:\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
FirewallRules: [{8E1C7EA6-ECCA-475F-ABC9-21B1C620CF66}] => (Allow) D:\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
FirewallRules: [{40DADAAA-0CD3-4A1E-B406-CD0D695C7C15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{DCEBE1D1-270B-4E03-8999-ED7ABAD1B33F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{427B176D-4E2C-4044-9B47-F01378F163D7}] => (Allow) D:\Steam\SteamApps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
FirewallRules: [{5336B23C-5D9A-40C3-A72B-15E573B40D22}] => (Allow) D:\Steam\SteamApps\common\the-haunted-hells-reach\Binaries\Win32\HauntedGame.exe
FirewallRules: [{D31E3010-9119-4B3A-B10F-AC2E1466FAC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{EFD9E773-8DE9-41AE-90D4-CF7E0A6D4A55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{17A680EA-B1D7-4BC2-9349-750A3A71F4BF}] => (Allow) D:\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{EF478E79-29F6-479C-B1BB-BCC136F349EC}] => (Allow) D:\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{A3168680-219B-483A-8F85-B7FB40E0D8BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4375D4B5-DA09-4D35-9749-425098C13075}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{16EC3177-DF3C-4043-8C30-ED5710D7CB2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{F6D9A13C-984B-475D-B49C-3F5ACEACED64}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{180BD898-13AF-488F-9ED8-C14E5980D5C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{090878B7-E511-43EF-B1B0-9AB9B7D7570A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{CDF89548-8568-49CC-80C2-ACEA3C053428}] => (Allow) D:\Steam\SteamApps\common\Aura Kingdom\game.bin
FirewallRules: [{D744006D-409B-420A-A901-DFF5E89E3C23}] => (Allow) D:\Steam\SteamApps\common\Aura Kingdom\game.bin
FirewallRules: [{7DCE4416-8D65-4B9E-BA2A-26F2995C8E84}] => (Allow) D:\Steam\SteamApps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{4B9409EE-188C-4385-BB18-FFBBDB8F0EDE}] => (Allow) D:\Steam\SteamApps\common\Dragon Nest Europe\DragonNest\DragonNest.exe
FirewallRules: [{A9DA3BAA-6FBB-4711-980D-00C448ACDAF9}] => (Allow) D:\Steam\SteamApps\common\Quake\Winquake.exe
FirewallRules: [{BCD4EA71-81A0-4C09-A23C-A7054D43F4B6}] => (Allow) D:\Steam\SteamApps\common\Quake\Winquake.exe
FirewallRules: [{F293D680-FED9-4550-B381-FCA6BEB1DDB7}] => (Allow) D:\Steam\SteamApps\common\Quake\qwcl.exe
FirewallRules: [{99E8C118-6620-4C6A-B1F8-AE4DA542BF01}] => (Allow) D:\Steam\SteamApps\common\Quake\qwcl.exe
FirewallRules: [{9CF73F63-A0DC-45CC-9763-17DD7C855C88}] => (Allow) D:\Steam\SteamApps\common\Quake\Glquake.exe
FirewallRules: [{B13687B1-B89E-4B9C-AED7-1FA1C81C1988}] => (Allow) D:\Steam\SteamApps\common\Quake\Glquake.exe
FirewallRules: [{71BAE638-D86E-42A7-AEE2-7709AE5DC27D}] => (Allow) D:\Steam\SteamApps\common\Quake\glqwcl.exe
FirewallRules: [{54867B6A-CB15-46D8-9133-02E0863F475F}] => (Allow) D:\Steam\SteamApps\common\Quake\glqwcl.exe
FirewallRules: [{62951461-FE65-4365-B9E5-1A88DA57E30E}] => (Allow) D:\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{C61213F9-D986-435C-9FC4-B45896D28F5D}] => (Allow) D:\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{82E631E5-6984-464D-A6C8-1A21C87DC9DC}] => (Allow) D:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{5DC7CB64-26C5-4014-BE32-AAFD18E43B5F}] => (Allow) D:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{E7004CA4-0694-40B4-AC48-B4F5EB96837D}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{A05A0C19-B71D-4A02-916C-1B410D4E69D8}] => (Allow) D:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{333A91E8-BCAF-49A9-A97C-607EB0CEA012}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{07F401C0-DFA4-4084-83D3-5A0CE28F57CB}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{1DCC0AF2-94F3-4B27-849D-E2B60E26CD19}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B0F7F46B-B533-4C03-B782-1360474F19DE}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0870C000-838C-4AA0-9392-D9022135BDC1}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D0567F87-63F7-45CD-9253-4CAFF048C584}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{13A9EE4F-F3B0-4B41-BBA2-D37F81E3852E}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{685C2041-6EFD-441F-91E2-E47DC9269D70}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D3C06B94-0037-4C11-9E5D-FCAB4C49A3EB}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{77332C9C-7764-4873-BBBA-5D6F10EA5D41}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{CDF7416D-8CF3-4A82-BBE1-B20F45C3B242}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{317314A4-CF42-4967-B624-B68A33392C29}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0E509CF7-04C9-47D0-A24B-F7DADFD7B3C4}] => (Allow) D:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{198C360A-FEE2-4A6E-965E-BDA920CA5D9A}] => (Allow) D:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{CE58567C-5C10-4B76-BCD6-D00BE1890C87}] => (Allow) D:\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{A6BAE098-30F0-4FFD-91D4-D6C845E9937E}] => (Allow) D:\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{638A3402-ECED-4A7D-B153-58A2073F547D}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{2211A5AC-540E-4BB4-BEE8-D535B92BD168}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{FED1FBEA-6943-424F-8BEF-D972DEEAAB71}] => (Allow) D:\Games\Hellgate\HGLLauncher.exe
FirewallRules: [{A605D1A8-C25F-45E7-94A1-40F007B2CE95}] => (Allow) D:\Games\Hellgate\HGLLauncher.exe
FirewallRules: [{DC51757D-C42E-415C-A723-A9BC98BB2652}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{1853D5D0-8181-4FBD-9077-F2A97FDF9252}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5CE80FD1-7ABA-4EB1-B834-C1888D786EF3}] => (Allow) D:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{E5980648-8E8F-4AF0-BEF2-66869868F1A5}] => (Allow) D:\Games\Hearthstone\Hearthstone.exe
FirewallRules: [{7FEC0CAB-9F7C-4044-8BE2-08FF7FA9D532}] => (Allow) D:\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{285FED4A-CE3D-4C54-A708-1D65EE360603}] => (Allow) D:\Steam\SteamApps\common\Skyrim\CreationKit.exe
FirewallRules: [{B2E367C5-46DF-4B0A-8493-4429FEFA855C}] => (Allow) D:\Tools\Winamp\winamp.exe
FirewallRules: [{9C90BA7E-7951-4FF0-8B2C-414852E05D1E}] => (Allow) D:\Tools\Winamp\winamp.exe
FirewallRules: [{75DA52F3-604B-458E-85D6-54BE59B082B0}] => (Allow) D:\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{4428039C-3B96-417D-9D4B-AE40DB5025E0}] => (Allow) D:\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{A51E77FF-81B0-4075-8AD8-0A672CCA3FC9}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
FirewallRules: [{2176AF84-D1A4-4561-BB0E-9D278F25AD8F}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\LDKDedicatedServer.exe
FirewallRules: [{AC2B13D3-F670-43CC-B89B-ACAD004613B9}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{A3E76191-5007-4E3D-B9AA-EAAD243D7873}] => (Allow) D:\Steam\SteamApps\common\Rise of the Triad\Binaries\ROTTLauncher.exe
FirewallRules: [{BCFA8909-F554-4319-8F33-BE49999C75D9}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{2F209789-EA3E-45C2-9E6D-CD9EBB0B2289}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{2760ED86-B601-498B-8AD8-09294D6C7D2F}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9B51738E-EA31-43DF-921C-3CF09C318C4D}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{151BC085-4E2A-44D4-8A16-3B17A6D2881C}] => (Allow) D:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{3AC3AD99-20C7-404D-B7F3-89952F703879}] => (Allow) D:\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{77D6D7BD-3B62-440D-9C5A-7EDF4B3F47A5}] => (Allow) D:\Steam\SteamApps\common\Waves\Binaries\Win32\Waves.exe
FirewallRules: [{4E5F4180-23C0-4104-BBF3-AC2895C48205}] => (Allow) D:\Steam\SteamApps\common\Waves\Binaries\Win32\Waves.exe
FirewallRules: [{29BD53C6-391E-4840-B321-A606D6819BED}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6479E5E1-9324-4BB4-B6AE-B672E7967186}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{19E5DD17-422E-4A0F-88FC-BB2D2291D717}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{C94B42FB-AF9D-4909-B9F7-0A1A8E8CC6B7}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{43F2CF92-C930-4F0A-83E3-B5C43CF620E9}] => (Allow) D:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{CE31193D-0384-4672-9A4F-5D8F1CC55D4B}] => (Allow) D:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{54933902-6F5A-449C-8696-B73E3DF56104}] => (Allow) D:\Steam\SteamApps\common\Demigod\bin\Demigod.exe
FirewallRules: [{86CF955F-9A93-47F0-9D77-81C9595939C5}] => (Allow) D:\Steam\SteamApps\common\Demigod\bin\Demigod.exe
FirewallRules: [{B6029E6C-119C-484A-B3F2-FB1839F6881C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B97BD9D-6141-4C9C-9CD2-CBB40EFBEE38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8034B22C-36FA-4586-B3CF-E9BCE760986C}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{540EDB01-1523-4CD7-9D0C-C4ADB1A1F02B}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{4166E868-8559-4EF7-A1AD-0C14F43AAE36}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{54E5616C-6B4B-4B7F-A6A0-2094A21A7843}] => (Allow) D:\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{3C7A8898-658B-462D-A0D5-C3CB54E1DF0D}] => (Allow) D:\Steam\SteamApps\common\DefenseGrid2\DefenseGrid2_Release.exe
FirewallRules: [{E2585EB5-59AD-4D09-8994-456BA093F5F4}] => (Allow) D:\Steam\SteamApps\common\DefenseGrid2\DefenseGrid2_Release.exe
FirewallRules: [{BE982F0E-84C8-4A1F-8CF0-9CE166451157}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{FF017C26-CF71-47F9-AAE6-193B7022B338}] => (Allow) D:\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{C556D7C6-F293-4D59-BA14-47817419BEF5}] => (Allow) D:\Steam\SteamApps\common\Dragomon Hunter\Game.bin
FirewallRules: [{654A07B7-D399-467E-8495-34BAC136A72E}] => (Allow) D:\Steam\SteamApps\common\Dragomon Hunter\Game.bin
FirewallRules: [{02E52F85-483E-43EE-83EE-6A355741C3B5}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{AEF826DF-98F7-4A86-A1CC-A79628834F35}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\GAME.exe
FirewallRules: [{C29593A6-190F-46F8-B671-997F792E3C23}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{5D8C0D35-4289-41AE-B130-E5DB6C56CA24}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{976674A1-A4D7-4E8C-9CFD-1A48DFF9F2E4}] => (Allow) %ProgramFiles% (x86)\NCWest\NCLauncher\NCLauncher.exe
FirewallRules: [{941A6FF9-789D-4990-8DBD-C0AADC973190}] => (Allow) %ProgramFiles% (x86)\NCWest\NCLauncher\NCLauncher.exe
FirewallRules: [{B7892AD1-0DE4-42D6-BF97-6CFBD9CDCFF3}] => (Allow) D:\Steam\SteamApps\common\Hardland\Hardland.exe
FirewallRules: [{BB474EE7-6586-4991-9F7C-F8A819E921DF}] => (Allow) D:\Steam\SteamApps\common\Hardland\Hardland.exe
FirewallRules: [{E146B9AD-2E4D-42F0-AF1E-9A99E899BF51}] => (Allow) D:\Steam\SteamApps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{97451D3E-47C0-43E2-AB62-00237B31EFC4}] => (Allow) D:\Steam\SteamApps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{358573D2-5B5F-4124-A2FA-3C0DB0BB955D}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{8E52B5F0-7A95-4F30-8645-B9E9FF7147AC}] => (Allow) D:\Steam\SteamApps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{2A791305-F5E7-46CA-BB5A-82473E95E471}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{A3D12BEC-0C04-4D58-8EBF-6124C09ABBB3}] => (Allow) D:\Steam\SteamApps\common\Zigfrak\Zigfrak\Zigfrak.exe
FirewallRules: [{08CB8572-F4FC-4658-A797-D23AACB241B6}] => (Allow) D:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{DC0513E9-92FD-43FA-9B00-0708FE26114E}] => (Allow) D:\Steam\SteamApps\common\Creativerse\Creativerse.exe
FirewallRules: [{B51D9AFD-E3E3-494D-A3FF-B6D6710346A8}] => (Allow) D:\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{D09F7ECA-CC60-492C-B866-AF01EC74E6E4}] => (Allow) D:\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{2658C3F8-4CE5-4072-B28B-4DFE55B6061B}] => (Allow) D:\Steam\SteamApps\common\Descent Underground\launcher\Descent.exe
FirewallRules: [{D67AED3E-45CA-4EBD-B486-C2371D7EC645}] => (Allow) D:\Steam\SteamApps\common\Descent Underground\launcher\Descent.exe
FirewallRules: [{78DEF56E-B28F-4603-BDC6-FB452CB709D6}] => (Allow) D:\Steam\SteamApps\common\Galaxy On Fire 2 HD\GoF2Launcher.exe
FirewallRules: [{41DB9695-0348-4A5C-A812-C84D017D19B0}] => (Allow) D:\Steam\SteamApps\common\Galaxy On Fire 2 HD\GoF2Launcher.exe
FirewallRules: [{26A0AE9C-9DD3-49EC-9492-BAE5A6716E02}] => (Allow) D:\Steam\SteamApps\common\Sacred 3\sacred3.exe
FirewallRules: [{502EA04F-8A97-4705-AA58-EDA9281FA885}] => (Allow) D:\Steam\SteamApps\common\Sacred 3\sacred3.exe
FirewallRules: [{B7973164-115B-4E62-ADF8-9C5E43DFE68E}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{49DC736C-1479-4421-B20B-438C7F2F35A3}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{720B221B-58B5-4DE2-8ED6-9B017E0B08B8}] => (Allow) D:\Games\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{336EEBE4-1DE2-446B-B187-96C2A2DDF3FE}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{8E058565-846E-4E01-A961-3EECA0447C89}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{FFB4353C-550B-431D-BFB9-4FE852031270}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0D5402DF-E4CB-439E-B57A-5E07A9EDD934}] => (Allow) D:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A15E08D3-08BA-4B07-A84A-A6DBFD88952A}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{1426FF9A-E961-4DA6-9CB0-2F55D075A51E}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{23F689C4-0AD8-493F-ABE9-461F49EF751E}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{61B15C2E-DD06-43C6-A13B-540894F80FE5}] => (Allow) D:\Steam\SteamApps\common\firstassault\Shipping\nxsteam.exe
FirewallRules: [{F5E3548C-2157-4F85-A8D6-40444D895F98}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D0F45FEB-1AD1-4FDF-80B6-3349F769FF5E}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{77932430-D310-4F51-AF61-7FD767EC28F5}] => (Allow) D:\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{D33DA43D-7F80-46BF-AD0A-50E3547F68A3}] => (Allow) D:\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{3C4B41AE-0430-44AE-A7DB-7725FBE3898F}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{5B5F40BF-3B56-437A-B1A7-E72E536FAAB1}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg_launcher.exe
FirewallRules: [{E1DD8534-0A38-43D2-A9C3-08EBEC0D80C6}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{CA9D2A1C-319A-4AB9-9611-BB3D2C2C3DD3}] => (Allow) D:\Steam\SteamApps\common\Red Faction Guerrilla\rfg.exe
FirewallRules: [{0FEB1016-9B47-4C4E-8222-6DB81ACDD0BD}] => (Allow) D:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{D88934FB-7B28-4E50-97C0-B2903C710E1E}] => (Allow) D:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{A219CD21-44AE-45B3-86B5-96B4C7E6B047}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{3E39CBB8-287D-4690-AF55-501DBEA558C7}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{D896F907-7026-42E4-B323-308A847F3F8B}D:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{FF755CE9-9F41-4962-8FFE-2FB70EC44C7D}D:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{2FFAAA9C-944B-4C32-AE96-BD326E613C46}] => (Allow) D:\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{2F27695B-C186-4C2F-AE6C-3FAB399B7F96}] => (Allow) D:\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [TCP Query User{592F73EF-F44F-4520-B351-C7239BE17A4C}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{DAAAEC14-DF7B-4F20-B81F-E9B86A450E39}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{9A17A5A6-BA8F-4391-B6E0-63F993319845}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{995371D1-2502-4DD0-BB72-6C488FDF67FE}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{910F716D-880F-4927-A78A-245C423C5475}] => (Allow) D:\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{E8E7FF16-1D44-44F9-80F9-5D337BB80F6B}] => (Allow) D:\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{3AF65BBA-8086-4A00-9931-6AACD6AB9881}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{0CD1C321-3BEC-4F8A-AEBD-D81E6D3A6C21}] => (Allow) D:\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{2A81F8B6-54B5-4B90-9ECE-EA0914FA38F6}] => (Allow) D:\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{C6F600C6-E829-4BAE-8190-6AF2AF6B5F67}] => (Allow) D:\Steam\SteamApps\common\The Stanley Parable\stanley.exe

==================== Wiederherstellungspunkte =========================

28-07-2016 22:45:22 Entfernt Blade & Soul
29-07-2016 01:12:33 Konfiguriert ASUS GPU Tweak
29-07-2016 01:13:27 Konfiguriert ASUS GPU Tweak

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Standard-VGA-Grafikkarte
Description: Standard-VGA-Grafikkarte
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardgrafikkartentypen)
Service: vga
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/07/2016 06:11:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2016 03:45:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2016 01:59:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (08/06/2016 06:23:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2016 03:48:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2016 09:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2016 07:42:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2016 04:28:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2016 04:37:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2016 08:49:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (08/04/2016 12:35:18 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000117 (0xfffffa8010d38010, 0xfffff8800f255c2c, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\080416-11778-01.dmp080416-11778-01

Error: (08/04/2016 12:35:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎04.‎08.‎2016 um 00:34:04 unerwartet heruntergefahren.

Error: (08/02/2016 01:12:45 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/01/2016 03:06:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (08/01/2016 03:06:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (08/01/2016 03:06:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (07/30/2016 02:58:31 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\System32\drivers\TrueSight.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/30/2016 01:40:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "RPC-Endpunktzuordnung" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056 = Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (07/30/2016 01:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DNS-Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053 = Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/30/2016 01:37:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst DNS-Client erreicht.


CodeIntegrity:
===================================
  Date: 2016-07-27 23:45:59.872
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\cof\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2016-07-27 23:45:59.857
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\cof\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 16262.64 MB
Verfügbarer physikalischer RAM: 10853.59 MB
Summe virtueller Speicher: 32523.47 MB
Verfügbarer virtueller Speicher: 27431.07 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:97.79 GB) (Free:12.68 GB) NTFS
Drive d: (pitchbleep) (Fixed) (Total:983.87 GB) (Free:355.17 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C89444CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=983.9 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================



#12 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:05:51 PM

Posted 08 August 2016 - 07:33 PM

Your concerns about Idle process is best explained here:

https://askleo.com/what_is_the_system_idle_process_and_why_is_it_using_most_of_the_cpu/

Since we have cleaned out a few things, I'd like to give the following tools another shot. Any messages about some file already there, choose replace.

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com).If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2:

Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program<--Don't fix anything!
  • Copy and paste the report that opens into your next reply.
  • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

:step3:

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

So for your next reply please post:

1) RKreport
2) TDSSKiller__log.txt
3) aswMBR.txt

As always, let me know of any changes in your computer's performance. 


To err is Human. To blame it on someone else is even more Human.

#13 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 09 August 2016 - 06:59 PM

Thanks for the information about the idle process, my worries are gone.

 

Machine runs still stable, Internet slows down sometimes but not too much.

3rd Day back online permanent, no warning from eset so far about the machine in the network that sends malicious data.

Played a game, ran good so far, no crash after 3 hours into it.

high usage still present, RAM usage now at 40%, CPU at 12-14%. shut down takes a bit more time now, boot is faster now.

And i see the Logoff Screen now before the shut down screen. Normally i only saw shut down Screen.

 

 

TDSS found nothing

Roguekiller found the usual 6 entries

aswMBR had a yellow line.

 

my last worry: I could not find much information about it, are these -k Parameters behind svchost legit?

 

logs as requested

 

 

{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "12.4.3.0",
            "x64": true,
            "date": "Aug  8 2016",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/download/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "Dante",
            "user_admin": true,
            "program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
            "x64": true,
            "licensing": "free"
        },
        "report": {
            "type": 1,
            "aborted": false,
            "date": "08/10/2016 00:51:38",
            "switches": 0,
            "debug": false,
            "count": 6,
            "show_legit_hooks": false,
            "expert_mode": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 324,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "\\SystemRoot\\System32\\smss.exe",
                "pid_parent": 4,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 476,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
                "pid_parent": 468,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 588,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "wininit.exe",
                "pid_parent": 468,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 612,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
                "pid_parent": 600,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "services.exe",
                "name_parent": "wininit.exe",
                "pid": 652,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "C:\\Windows\\system32\\services.exe",
                "pid_parent": 588,
                "path_parent": "C:\\Windows\\System32\\wininit.exe",
                "is_64": true
            },
            {
                "name": "lsass.exe",
                "name_parent": "wininit.exe",
                "pid": 680,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\Windows\\system32\\lsass.exe",
                "pid_parent": 588,
                "path_parent": "C:\\Windows\\System32\\wininit.exe",
                "is_64": true
            },
            {
                "name": "lsm.exe",
                "name_parent": "wininit.exe",
                "pid": 688,
                "path": "C:\\Windows\\System32\\lsm.exe",
                "command_line": "C:\\Windows\\system32\\lsm.exe",
                "pid_parent": 588,
                "path_parent": "C:\\Windows\\System32\\wininit.exe",
                "is_64": true
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 808,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 600,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 844,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "ekrn.exe",
                "name_parent": "services.exe",
                "pid": 908,
                "path": "C:\\Program Files\\ESET\\ESET Smart Security\\ekrn.exe",
                "command_line": "\"C:\\Program Files\\ESET\\ESET Smart Security\\ekrn.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "hmpalert.exe",
                "name_parent": "services.exe",
                "pid": 932,
                "path": "C:\\Program Files (x86)\\HitmanPro.Alert\\hmpalert.exe",
                "command_line": "\"C:\\Program Files (x86)\\HitmanPro.Alert\\hmpalert.exe\" /service",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": false
            },
            {
                "name": "nvvsvc.exe",
                "name_parent": "services.exe",
                "pid": 184,
                "path": "C:\\Windows\\System32\\nvvsvc.exe",
                "command_line": "\"C:\\Windows\\system32\\nvvsvc.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 372,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 604,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 492,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1048,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1072,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "WTabletServicePro.exe",
                "name_parent": "services.exe",
                "pid": 1316,
                "path": "C:\\Program Files\\Tablet\\Wacom\\WTabletServicePro.exe",
                "command_line": "\"C:\\Program Files\\Tablet\\Wacom\\WTabletServicePro.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "nvxdsync.exe",
                "name_parent": "nvvsvc.exe",
                "pid": 1376,
                "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe\"",
                "pid_parent": 184,
                "path_parent": "C:\\Windows\\System32\\nvvsvc.exe",
                "is_64": true
            },
            {
                "name": "nvvsvc.exe",
                "name_parent": "nvvsvc.exe",
                "pid": 1384,
                "path": "C:\\Windows\\System32\\nvvsvc.exe",
                "command_line": "C:\\Windows\\system32\\nvvsvc.exe -session -first",
                "pid_parent": 184,
                "path_parent": "C:\\Windows\\System32\\nvvsvc.exe",
                "is_64": true
            },
            {
                "name": "hmpsched.exe",
                "name_parent": "services.exe",
                "pid": 1528,
                "path": "C:\\Program Files\\HitmanPro\\hmpsched.exe",
                "command_line": "\"C:\\Program Files\\HitmanPro\\hmpsched.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1668,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "services.exe",
                "pid": 1952,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\Windows\\System32\\spoolsv.exe",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1996,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "mDNSResponder.exe",
                "name_parent": "services.exe",
                "pid": 1804,
                "path": "C:\\Program Files\\Bonjour\\mDNSResponder.exe",
                "command_line": "\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "LogiRegistryService.exe",
                "name_parent": "services.exe",
                "pid": 2156,
                "path": "C:\\Program Files\\Logitech Gaming Software\\Drivers\\APOService\\LogiRegistryService.exe",
                "command_line": "\"C:\\Program Files\\Logitech Gaming Software\\Drivers\\APOService\\LogiRegistryService.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "mbamservice.exe",
                "name_parent": "services.exe",
                "pid": 2204,
                "path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamservice.exe",
                "command_line": "\"C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamservice.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": false
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2252,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "WUDFHost.exe",
                "name_parent": "svchost.exe",
                "pid": 2888,
                "path": "C:\\Windows\\System32\\WUDFHost.exe",
                "command_line": "\"C:\\Windows\\system32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f16f4363-39fd-41d7-9c93-883c113afcae -SystemEventPortName:HostProcess-fffa72b1-b772-443e-ba38-a9770dadf77a -IoCancelEventPortName:HostProcess-a03fa145-aee0-426a-bb8c-afe045ec3834 -NonStateChangingEventPortName:HostProcess-f9d65edd-5a12-480c-8ba0-92603ad08144 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:34552b49-2e5c-4795-892c-6f46aee3b53b",
                "pid_parent": 492,
                "path_parent": "C:\\Windows\\System32\\svchost.exe",
                "is_64": true
            },
            {
                "name": "jhi_service.exe",
                "name_parent": "services.exe",
                "pid": 296,
                "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\DAL\\jhi_service.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\DAL\\jhi_service.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": false
            },
            {
                "name": "LMS.exe",
                "name_parent": "services.exe",
                "pid": 2168,
                "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\LMS\\LMS.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\LMS\\LMS.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": false
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2744,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k secsvcs",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "wmpnetwk.exe",
                "name_parent": "services.exe",
                "pid": 1136,
                "path": "C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
                "command_line": "\"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2112,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "services.exe",
                "pid": 376,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\Windows\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "taskhost.exe",
                "name_parent": "services.exe",
                "pid": 3764,
                "path": "C:\\Windows\\System32\\taskhost.exe",
                "command_line": "\"taskhost.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "egui.exe",
                "name_parent": "ekrn.exe",
                "pid": 3772,
                "path": "C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe",
                "command_line": "\"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe\" /hide",
                "pid_parent": 908,
                "path_parent": "C:\\Program Files\\ESET\\ESET Smart Security\\ekrn.exe",
                "is_64": true
            },
            {
                "name": "dwm.exe",
                "name_parent": "svchost.exe",
                "pid": 3868,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"C:\\Windows\\system32\\Dwm.exe\"",
                "pid_parent": 492,
                "path_parent": "C:\\Windows\\System32\\svchost.exe",
                "is_64": true
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 3908,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\Windows\\Explorer.EXE",
                "pid_parent": 3808,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "rundll32.exe",
                "name_parent": "egui.exe",
                "pid": 3984,
                "path": "C:\\Windows\\SysWOW64\\rundll32.exe",
                "command_line": "rundll32 \"C:\\Program Files\\ESET\\ESET Smart Security\\x86\\eplgHooks.dll\",Proc32_HooksLoop",
                "pid_parent": 3772,
                "path_parent": "C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe",
                "is_64": false
            },
            {
                "name": "hmpalert.exe",
                "name_parent": "hmpalert.exe",
                "pid": 2036,
                "path": "C:\\Program Files (x86)\\HitmanPro.Alert\\hmpalert.exe",
                "command_line": "\"C:\\Program Files (x86)\\HitmanPro.Alert\\hmpalert.exe\" /tray",
                "pid_parent": 932,
                "path_parent": "C:\\Program Files (x86)\\HitmanPro.Alert\\hmpalert.exe",
                "is_64": false
            },
            {
                "name": "HeciServer.exe",
                "name_parent": "services.exe",
                "pid": 1404,
                "path": "C:\\Program Files\\Intel\\iCLS Client\\HeciServer.exe",
                "command_line": "\"C:\\Program Files\\Intel\\iCLS Client\\HeciServer.exe\"",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "mbam.exe",
                "name_parent": "mbamservice.exe",
                "pid": 1780,
                "path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbam.exe",
                "command_line": "\"C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbam.exe\" /starttray",
                "pid_parent": 2204,
                "path_parent": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamservice.exe",
                "is_64": false
            },
            {
                "name": "Wacom_TabletUser.exe",
                "name_parent": "WTabletServicePro.exe",
                "pid": 3756,
                "path": "C:\\Program Files\\Tablet\\Wacom\\Wacom_TabletUser.exe",
                "command_line": "\"C:\\Program Files\\Tablet\\Wacom\\Wacom_TabletUser.exe\" ",
                "pid_parent": 1316,
                "path_parent": "C:\\Program Files\\Tablet\\Wacom\\WTabletServicePro.exe",
                "is_64": true
            },
            {
                "name": "WacomHost.exe",
                "name_parent": "WTabletServicePro.exe",
                "pid": 1620,
                "path": "C:\\Program Files\\Tablet\\Wacom\\WacomHost.exe",
                "command_line": "\"C:\\Program Files\\Tablet\\Wacom\\WacomHost.exe\" \"C:\\Program Files\\Tablet\\Wacom\\Wacom_Tablet.exe\" au",
                "pid_parent": 1316,
                "path_parent": "C:\\Program Files\\Tablet\\Wacom\\WTabletServicePro.exe",
                "is_64": false
            },
            {
                "name": "LCore.exe",
                "name_parent": "Explorer.EXE",
                "pid": 3036,
                "path": "C:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "command_line": "\"C:\\Program Files\\Logitech Gaming Software\\LCore.exe\" /minimized",
                "pid_parent": 3908,
                "path_parent": "C:\\Windows\\explorer.exe",
                "is_64": true
            },
            {
                "name": "Wacom_TouchUser.exe",
                "name_parent": "WTabletServicePro.exe",
                "pid": 3904,
                "path": "C:\\Program Files\\Tablet\\Wacom\\Wacom_TouchUser.exe",
                "command_line": "\"C:\\Program Files\\Tablet\\Wacom\\Wacom_TouchUser.exe\" ",
                "pid_parent": 1316,
                "path_parent": "C:\\Program Files\\Tablet\\Wacom\\WTabletServicePro.exe",
                "is_64": true
            },
            {
                "name": "Wacom_Tablet.exe",
                "name_parent": "WacomHost.exe",
                "pid": 344,
                "path": "C:\\Program Files\\Tablet\\Wacom\\Wacom_Tablet.exe",
                "command_line": "\"C:\\Program Files\\Tablet\\Wacom\\Wacom_Tablet.exe\" au",
                "pid_parent": 1620,
                "path_parent": "C:\\Program Files\\Tablet\\Wacom\\WacomHost.exe",
                "is_64": true
            },
            {
                "name": "iusb3mon.exe",
                "name_parent": "",
                "pid": 4136,
                "path": "C:\\Program Files (x86)\\Intel\\Intel® USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel® USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\" ",
                "pid_parent": 2996,
                "path_parent": "",
                "is_64": false
            },
            {
                "name": "jusched.exe",
                "name_parent": "",
                "pid": 4176,
                "path": "C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" ",
                "pid_parent": 2996,
                "path_parent": "",
                "is_64": false
            },
            {
                "name": "LCDClock.exe",
                "name_parent": "LCore.exe",
                "pid": 4576,
                "path": "C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDClock.exe",
                "command_line": "\"C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDClock.exe\" ",
                "pid_parent": 3036,
                "path_parent": "C:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "is_64": true
            },
            {
                "name": "LCDCountdown.exe",
                "name_parent": "LCore.exe",
                "pid": 4600,
                "path": "C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDCountdown.exe",
                "command_line": "\"C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDCountdown.exe\" ",
                "pid_parent": 3036,
                "path_parent": "C:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "is_64": true
            },
            {
                "name": "LCDPictureViewer.exe",
                "name_parent": "LCore.exe",
                "pid": 4608,
                "path": "C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDPictureViewer.exe",
                "command_line": "\"C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDPictureViewer.exe\" ",
                "pid_parent": 3036,
                "path_parent": "C:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "is_64": true
            },
            {
                "name": "LCDMedia.exe",
                "name_parent": "LCore.exe",
                "pid": 4616,
                "path": "C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDMedia.exe",
                "command_line": "\"C:\\Program Files\\Logitech Gaming Software\\Applets\\LCDMedia.exe\" ",
                "pid_parent": 3036,
                "path_parent": "C:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "is_64": false
            },
            {
                "name": "wuauclt.exe",
                "name_parent": "svchost.exe",
                "pid": 3688,
                "path": "C:\\Windows\\System32\\wuauclt.exe",
                "command_line": "\"C:\\Windows\\system32\\wuauclt.exe\"",
                "pid_parent": 1072,
                "path_parent": "C:\\Windows\\System32\\svchost.exe",
                "is_64": true
            },
            {
                "name": "InputPersonalization.exe",
                "name_parent": "services.exe",
                "pid": 3012,
                "path": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InputPersonalization.exe",
                "command_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe\" ",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "PrivacyIconClient.exe",
                "name_parent": "",
                "pid": 3232,
                "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\IMSS\\PrivacyIconClient.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\IMSS\\PrivacyIconClient.exe\" -startup",
                "pid_parent": 4116,
                "path_parent": "",
                "is_64": true
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 4164,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServicePeerNet",
                "pid_parent": 652,
                "path_parent": "C:\\Windows\\System32\\services.exe",
                "is_64": true
            },
            {
                "name": "dllhost.exe",
                "name_parent": "svchost.exe",
                "pid": 3344,
                "path": "C:\\Windows\\System32\\dllhost.exe",
                "command_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe",
                "is_64": true
            },
            {
                "name": "dllhost.exe",
                "name_parent": "svchost.exe",
                "pid": 2096,
                "path": "C:\\Windows\\System32\\dllhost.exe",
                "command_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe",
                "is_64": true
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 3256,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 604,
                "path_parent": "C:\\Windows\\System32\\svchost.exe",
                "is_64": true
            },
            {
                "name": "SearchProtocolHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 3316,
                "path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
                "command_line": "\"C:\\Windows\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe7_ Global\\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ",
                "pid_parent": 376,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
                "is_64": true
            },
            {
                "name": "SearchFilterHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 4560,
                "path": "C:\\Windows\\System32\\SearchFilterHost.exe",
                "command_line": "\"C:\\Windows\\system32\\SearchFilterHost.exe\" 0 604 608 616 65536 612 ",
                "pid_parent": 376,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
                "is_64": true
            },
            {
                "name": "RogueKiller64.exe",
                "name_parent": "Explorer.EXE",
                "pid": 1824,
                "path": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
                "command_line": "\"C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ",
                "pid_parent": 3908,
                "path_parent": "C:\\Windows\\explorer.exe",
                "is_64": true
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [
            {
                "scan_what": 1,
                "scan_how": [
                    11
                ],
                "scan_how_trigger": 11,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "83.169.184.33 83.169.184.97",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
                "extra": "[Germany][Germany]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Gefunden",
                "status_choice": 0,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    11
                ],
                "scan_how_trigger": 11,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "83.169.184.33 83.169.184.97",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters",
                "extra": "[Germany][Germany]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Gefunden",
                "status_choice": 0,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    11
                ],
                "scan_how_trigger": 11,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "83.169.184.33 83.169.184.97",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services\\Tcpip\\Parameters",
                "extra": "[Germany][Germany]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Gefunden",
                "status_choice": 0,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    11
                ],
                "scan_how_trigger": 11,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "83.169.184.33 83.169.184.97",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{586B807F-6951-41AF-AB59-9D0B85B8D0E8}",
                "extra": "[Germany][Germany]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Gefunden",
                "status_choice": 0,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    11
                ],
                "scan_how_trigger": 11,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "83.169.184.33 83.169.184.97",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{586B807F-6951-41AF-AB59-9D0B85B8D0E8}",
                "extra": "[Germany][Germany]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Gefunden",
                "status_choice": 0,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    11
                ],
                "scan_how_trigger": 11,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "83.169.184.33 83.169.184.97",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services\\Tcpip\\Parameters\\Interfaces\\{586B807F-6951-41AF-AB59-9D0B85B8D0E8}",
                "extra": "[Germany][Germany]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Gefunden",
                "status_choice": 0,
                "status_removed": 0
            }
        ],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": true,
            "driver_error": 0,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++\n--- User ---\n[MBR] b5bfb7b94b1aeddfee055d62691a65a6\n[BSP] 8a27572c3cdc3b75d8ce33197db96857 : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100139 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205291520 | Size: 1007488 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++\nError reading User MBR! ([15] Das Ger\u00e4t ist nicht bereit. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Die Anforderung wird nicht unterst\u00fctzt. )\n\n+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++\nError reading User MBR! ([15] Das Ger\u00e4t ist nicht bereit. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Die Anforderung wird nicht unterst\u00fctzt. )\n\n+++++ PhysicalDrive3: Generic STORAGE DEVICE USB Device +++++\nError reading User MBR! ([15] Das Ger\u00e4t ist nicht bereit. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Die Anforderung wird nicht unterst\u00fctzt. )\n\n+++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++\nError reading User MBR! ([15] Das Ger\u00e4t ist nicht bereit. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Die Anforderung wird nicht unterst\u00fctzt. )\n\n+++++ PhysicalDrive5: Generic STORAGE DEVICE USB Device +++++\nError reading User MBR! ([15] Das Ger\u00e4t ist nicht bereit. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Die Anforderung wird nicht unterst\u00fctzt. )\n\n"
        }
    }
}


Edited by Harogam, 09 August 2016 - 08:10 PM.


#14 Harogam

Harogam
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:51 PM

Posted 09 August 2016 - 07:00 PM

00:37:28.0355 0x06c8  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
00:37:38.0089 0x06c8  ============================================================
00:37:38.0089 0x06c8  Current date / time: 2016/08/10 00:37:38.0089
00:37:38.0089 0x06c8  SystemInfo:
00:37:38.0089 0x06c8  
00:37:38.0089 0x06c8  OS Version: 6.1.7601 ServicePack: 1.0
00:37:38.0089 0x06c8  Product type: Workstation
00:37:38.0089 0x06c8  ComputerName: WORKSLAVE
00:37:38.0089 0x06c8  UserName: Dante
00:37:38.0089 0x06c8  Windows directory: C:\Windows
00:37:38.0089 0x06c8  System windows directory: C:\Windows
00:37:38.0089 0x06c8  Running under WOW64
00:37:38.0089 0x06c8  Processor architecture: Intel x64
00:37:38.0089 0x06c8  Number of processors: 8
00:37:38.0089 0x06c8  Page size: 0x1000
00:37:38.0089 0x06c8  Boot type: Normal boot
00:37:38.0089 0x06c8  CodeIntegrityOptions = 0x00000001
00:37:38.0089 0x06c8  ============================================================
00:37:39.0696 0x06c8  KLMD registered as C:\Windows\system32\drivers\34068347.sys
00:37:39.0696 0x06c8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.18798, osProperties = 0x1
00:37:39.0930 0x06c8  System UUID: {BE1157C4-3A92-1AB3-45ED-6DF836408EFC}
00:37:40.0148 0x06c8  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:37:40.0226 0x06c8  ============================================================
00:37:40.0226 0x06c8  \Device\Harddisk0\DR0:
00:37:40.0226 0x06c8  MBR partitions:
00:37:40.0226 0x06c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:37:40.0226 0x06c8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC395800
00:37:40.0226 0x06c8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC3C8000, BlocksNum 0x7AFC0000
00:37:40.0226 0x06c8  ============================================================
00:37:40.0242 0x06c8  C: <-> \Device\Harddisk0\DR0\Partition2
00:37:40.0273 0x06c8  D: <-> \Device\Harddisk0\DR0\Partition3
00:37:40.0273 0x06c8  ============================================================
00:37:40.0273 0x06c8  Initialize success
00:37:40.0273 0x06c8  ============================================================
00:37:47.0028 0x10cc  ============================================================
00:37:47.0028 0x10cc  Scan started
00:37:47.0028 0x10cc  Mode: Manual;
00:37:47.0028 0x10cc  ============================================================
00:37:47.0028 0x10cc  KSN ping started
00:37:49.0711 0x10cc  KSN ping finished: true
00:37:50.0756 0x10cc  ================ Scan system memory ========================
00:37:50.0756 0x10cc  System memory - ok
00:37:50.0756 0x10cc  ================ Scan services =============================
00:37:50.0881 0x10cc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:37:50.0881 0x10cc  1394ohci - ok
00:37:50.0912 0x10cc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:37:50.0912 0x10cc  ACPI - ok
00:37:50.0928 0x10cc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:37:50.0928 0x10cc  AcpiPmi - ok
00:37:50.0959 0x10cc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:37:50.0959 0x10cc  adp94xx - ok
00:37:50.0975 0x10cc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:37:50.0990 0x10cc  adpahci - ok
00:37:50.0990 0x10cc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:37:51.0006 0x10cc  adpu320 - ok
00:37:51.0022 0x10cc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:37:51.0022 0x10cc  AeLookupSvc - ok
00:37:51.0053 0x10cc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
00:37:51.0053 0x10cc  AFD - ok
00:37:51.0068 0x10cc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:37:51.0068 0x10cc  agp440 - ok
00:37:51.0084 0x10cc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:37:51.0084 0x10cc  ALG - ok
00:37:51.0100 0x10cc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:37:51.0100 0x10cc  aliide - ok
00:37:51.0100 0x10cc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:37:51.0100 0x10cc  amdide - ok
00:37:51.0115 0x10cc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:37:51.0115 0x10cc  AmdK8 - ok
00:37:51.0115 0x10cc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:37:51.0115 0x10cc  AmdPPM - ok
00:37:51.0115 0x10cc  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:37:51.0115 0x10cc  amdsata - ok
00:37:51.0131 0x10cc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:37:51.0131 0x10cc  amdsbs - ok
00:37:51.0146 0x10cc  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:37:51.0146 0x10cc  amdxata - ok
00:37:51.0178 0x10cc  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
00:37:51.0178 0x10cc  AppID - ok
00:37:51.0193 0x10cc  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:37:51.0193 0x10cc  AppIDSvc - ok
00:37:51.0209 0x10cc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
00:37:51.0209 0x10cc  Appinfo - ok
00:37:51.0224 0x10cc  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:37:51.0224 0x10cc  AppMgmt - ok
00:37:51.0240 0x10cc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
00:37:51.0240 0x10cc  arc - ok
00:37:51.0256 0x10cc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:37:51.0256 0x10cc  arcsas - ok
00:37:51.0380 0x10cc  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:37:51.0427 0x10cc  aspnet_state - ok
00:37:51.0443 0x10cc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:37:51.0443 0x10cc  AsyncMac - ok
00:37:51.0458 0x10cc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:37:51.0458 0x10cc  atapi - ok
00:37:51.0505 0x10cc  [ 64F07381335E37C142F6D176705FFCA6, 8F7F633B891FE653D3298578897711A04E7B2B08E51CEE131C50102EFD45AC0E ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
00:37:51.0521 0x10cc  atksgt - ok
00:37:51.0552 0x10cc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:37:51.0568 0x10cc  AudioEndpointBuilder - ok
00:37:51.0568 0x10cc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:37:51.0583 0x10cc  AudioSrv - ok
00:37:51.0599 0x10cc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:37:51.0599 0x10cc  AxInstSV - ok
00:37:51.0614 0x10cc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:37:51.0630 0x10cc  b06bdrv - ok
00:37:51.0646 0x10cc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:37:51.0646 0x10cc  b57nd60a - ok
00:37:51.0661 0x10cc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:37:51.0677 0x10cc  BDESVC - ok
00:37:51.0677 0x10cc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:37:51.0677 0x10cc  Beep - ok
00:37:51.0755 0x10cc  [ E543472B75FC78B3205273AE1E8CFE5F, 97CCA65B2BD59DF45B069DE66522E768968CD03B377F797691429E14D448BE9F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
00:37:51.0770 0x10cc  BEService - ok
00:37:51.0786 0x10cc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
00:37:51.0802 0x10cc  BFE - ok
00:37:51.0833 0x10cc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
00:37:51.0848 0x10cc  BITS - ok
00:37:51.0864 0x10cc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:37:51.0864 0x10cc  blbdrive - ok
00:37:51.0895 0x10cc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:37:51.0911 0x10cc  Bonjour Service - ok
00:37:51.0926 0x10cc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:37:51.0926 0x10cc  bowser - ok
00:37:51.0926 0x10cc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:37:51.0926 0x10cc  BrFiltLo - ok
00:37:51.0942 0x10cc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:37:51.0942 0x10cc  BrFiltUp - ok
00:37:51.0958 0x10cc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:37:51.0958 0x10cc  Browser - ok
00:37:51.0973 0x10cc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:37:51.0973 0x10cc  Brserid - ok
00:37:51.0989 0x10cc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:37:51.0989 0x10cc  BrSerWdm - ok
00:37:51.0989 0x10cc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:37:51.0989 0x10cc  BrUsbMdm - ok
00:37:51.0989 0x10cc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:37:51.0989 0x10cc  BrUsbSer - ok
00:37:52.0004 0x10cc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:37:52.0004 0x10cc  BTHMODEM - ok
00:37:52.0020 0x10cc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:37:52.0020 0x10cc  bthserv - ok
00:37:52.0020 0x10cc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:37:52.0020 0x10cc  cdfs - ok
00:37:52.0051 0x10cc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:37:52.0051 0x10cc  cdrom - ok
00:37:52.0098 0x10cc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:37:52.0098 0x10cc  CertPropSvc - ok
00:37:52.0114 0x10cc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:37:52.0114 0x10cc  circlass - ok
00:37:52.0129 0x10cc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
00:37:52.0129 0x10cc  CLFS - ok
00:37:52.0192 0x10cc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:37:52.0192 0x10cc  clr_optimization_v2.0.50727_32 - ok
00:37:52.0223 0x10cc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:37:52.0223 0x10cc  clr_optimization_v2.0.50727_64 - ok
00:37:52.0270 0x10cc  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:37:52.0441 0x10cc  clr_optimization_v4.0.30319_32 - ok
00:37:52.0457 0x10cc  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:37:52.0519 0x10cc  clr_optimization_v4.0.30319_64 - ok
00:37:52.0550 0x10cc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:37:52.0550 0x10cc  CmBatt - ok
00:37:52.0550 0x10cc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:37:52.0550 0x10cc  cmdide - ok
00:37:52.0597 0x10cc  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
00:37:52.0597 0x10cc  CNG - ok
00:37:52.0613 0x10cc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:37:52.0613 0x10cc  Compbatt - ok
00:37:52.0644 0x10cc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:37:52.0644 0x10cc  CompositeBus - ok
00:37:52.0644 0x10cc  COMSysApp - ok
00:37:52.0644 0x10cc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:37:52.0644 0x10cc  crcdisk - ok
00:37:52.0675 0x10cc  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:37:52.0675 0x10cc  CryptSvc - ok
00:37:52.0706 0x10cc  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
00:37:52.0706 0x10cc  CSC - ok
00:37:52.0722 0x10cc  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
00:37:52.0738 0x10cc  CscService - ok
00:37:52.0753 0x10cc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:37:52.0769 0x10cc  DcomLaunch - ok
00:37:52.0784 0x10cc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:37:52.0784 0x10cc  defragsvc - ok
00:37:52.0800 0x10cc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:37:52.0800 0x10cc  DfsC - ok
00:37:52.0816 0x10cc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:37:52.0816 0x10cc  Dhcp - ok
00:37:52.0816 0x10cc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:37:52.0816 0x10cc  discache - ok
00:37:52.0847 0x10cc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
00:37:52.0847 0x10cc  Disk - ok
00:37:52.0878 0x10cc  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
00:37:52.0878 0x10cc  dmvsc - ok
00:37:52.0894 0x10cc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:37:52.0894 0x10cc  Dnscache - ok
00:37:52.0909 0x10cc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:37:52.0909 0x10cc  dot3svc - ok
00:37:52.0925 0x10cc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:37:52.0925 0x10cc  DPS - ok
00:37:52.0940 0x10cc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:37:52.0940 0x10cc  drmkaud - ok
00:37:52.0972 0x10cc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:37:52.0987 0x10cc  DXGKrnl - ok
00:37:53.0003 0x10cc  [ B4B52D2D4976FB06C53DCC6F476EAE2F, 2D48A3A6DC4E19840543A2F22CA45D3F6C0C989E00CBCA65F7B4B7222E6D69ED ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
00:37:53.0003 0x10cc  eamonm - ok
00:37:53.0018 0x10cc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:37:53.0018 0x10cc  EapHost - ok
00:37:53.0081 0x10cc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:37:53.0143 0x10cc  ebdrv - ok
00:37:53.0190 0x10cc  [ 9ADE38E33B121243C848D74BE70A6B25, F6AD70656F2635CC9AEAA5221055F6F00E9581C107EB4678C5915E53703EF6F7 ] edevmon         C:\Windows\system32\DRIVERS\edevmon.sys
00:37:53.0190 0x10cc  edevmon - ok
00:37:53.0237 0x10cc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] EFS             C:\Windows\System32\lsass.exe
00:37:53.0237 0x10cc  EFS - ok
00:37:53.0268 0x10cc  [ 2072E5C612C0C178A1E725433EB4E7EB, FA99355AE119FFEB1C9C2DB1349ABCF59F87AB113C9D91186F59829FFFBA1286 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
00:37:53.0268 0x10cc  ehdrv - ok
00:37:53.0299 0x10cc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:37:53.0315 0x10cc  ehRecvr - ok
00:37:53.0330 0x10cc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
00:37:53.0330 0x10cc  ehSched - ok
00:37:53.0346 0x10cc  [ 70350E9D75CE4479AA1A046887F11519, 46FFACBBB8BC2B1F45D83884D7298F8B82EF24A033D173B3DA812BA42D2296C5 ] ekbdflt         C:\Windows\system32\DRIVERS\ekbdflt.sys
00:37:53.0346 0x10cc  ekbdflt - ok
00:37:53.0502 0x10cc  [ 287D7C125CCCBA0D2111181F44BE2C2A, 7D9892BB0CAF30AC90E5CE7D93FF85ED7B5D95418D13475CF7D2E66BEDDD574E ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
00:37:53.0533 0x10cc  ekrn - ok
00:37:53.0564 0x10cc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:37:53.0580 0x10cc  elxstor - ok
00:37:53.0596 0x10cc  [ D0268AFCBE7E16A30D4C7A0D91526BD1, D398E04EBC97F69CFE785B829ECB5CB15A21B5F3E82405D5221DFD122DC0D248 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
00:37:53.0596 0x10cc  epfw - ok
00:37:53.0627 0x10cc  [ 6B19C4B37E06E275D9AE54F06B1DEAAA, 62EEF3A5611456226D0B7B48738D0AE443375353BF631A4D07485680F4EAA212 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
00:37:53.0627 0x10cc  EpfwLWF - ok
00:37:53.0642 0x10cc  [ 75815E12D7B8209BD26E8DC4E6708A4F, CB3E443C3AC851A971B921C967025C12377E398E9069FD3DC2F33907DBB168BD ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
00:37:53.0642 0x10cc  epfwwfp - ok
00:37:53.0658 0x10cc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:37:53.0658 0x10cc  ErrDev - ok
00:37:53.0689 0x10cc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
00:37:53.0689 0x10cc  EventSystem - ok
00:37:53.0705 0x10cc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:37:53.0705 0x10cc  exfat - ok
00:37:53.0720 0x10cc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:37:53.0720 0x10cc  fastfat - ok
00:37:53.0752 0x10cc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
00:37:53.0752 0x10cc  Fax - ok
00:37:53.0767 0x10cc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
00:37:53.0767 0x10cc  fdc - ok
00:37:53.0783 0x10cc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
00:37:53.0783 0x10cc  fdPHost - ok
00:37:53.0783 0x10cc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:37:53.0783 0x10cc  FDResPub - ok
00:37:53.0798 0x10cc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:37:53.0798 0x10cc  FileInfo - ok
00:37:53.0814 0x10cc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:37:53.0814 0x10cc  Filetrace - ok
00:37:53.0814 0x10cc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:37:53.0830 0x10cc  flpydisk - ok
00:37:53.0830 0x10cc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:37:53.0845 0x10cc  FltMgr - ok
00:37:53.0876 0x10cc  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
00:37:53.0892 0x10cc  FontCache - ok
00:37:53.0939 0x10cc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:37:53.0939 0x10cc  FontCache3.0.0.0 - ok
00:37:53.0954 0x10cc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:37:53.0954 0x10cc  FsDepends - ok
00:37:53.0970 0x10cc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:37:53.0970 0x10cc  Fs_Rec - ok
00:37:53.0986 0x10cc  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:37:53.0986 0x10cc  fvevol - ok
00:37:54.0001 0x10cc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:37:54.0001 0x10cc  gagp30kx - ok
00:37:54.0017 0x10cc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:37:54.0032 0x10cc  gpsvc - ok
00:37:54.0032 0x10cc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:37:54.0032 0x10cc  hcw85cir - ok
00:37:54.0064 0x10cc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:37:54.0064 0x10cc  HdAudAddService - ok
00:37:54.0079 0x10cc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:37:54.0079 0x10cc  HDAudBus - ok
00:37:54.0079 0x10cc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:37:54.0095 0x10cc  HidBatt - ok
00:37:54.0095 0x10cc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:37:54.0095 0x10cc  HidBth - ok
00:37:54.0110 0x10cc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:37:54.0110 0x10cc  HidIr - ok
00:37:54.0157 0x10cc  [ 943B20F119F05BCAB4D2593E2D3D4278, 7056691C0EFF0AA236195BD254E452C026EEDFB2E257330F92A072D4CEC3B712 ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
00:37:54.0157 0x10cc  hidkmdf - ok
00:37:54.0157 0x10cc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
00:37:54.0173 0x10cc  hidserv - ok
00:37:54.0188 0x10cc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:37:54.0188 0x10cc  HidUsb - ok
00:37:54.0235 0x10cc  [ A2BEEAE0F5869181A81A2937908D3B3D, CDC100F1AD1E2FD36CACE2CDE0B324D68329BC72C4A7A5169EF00992F527F305 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
00:37:54.0235 0x10cc  HitmanProScheduler - ok
00:37:54.0251 0x10cc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:37:54.0251 0x10cc  hkmsvc - ok
00:37:54.0298 0x10cc  [ 0E0685EC6CC55FAD8F65FB1A0BF22B24, 3552838A20462B085B2787E5C2416BF6D37F6C4CAA662629C1C9042F60DFB775 ] hmpalert        C:\Windows\system32\drivers\hmpalert.sys
00:37:54.0298 0x10cc  hmpalert - ok
00:37:54.0407 0x10cc  [ 9660A9DD4D9E3B103894FAAD4FDD6CE9, C967DA56D093251F0D0CE55CA38B893E7C76181D2E6E323BB5081ADDD4672E97 ] hmpalertsvc     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
00:37:54.0454 0x10cc  hmpalertsvc - ok
00:37:54.0469 0x10cc  [ BD56D284C7703765D473E7095B38770F, 2921F3C97815D62137D65B03661505EEA870663055D6F7E607A75E428B681D59 ] hmpnet          C:\Windows\system32\drivers\hmpnet.sys
00:37:54.0469 0x10cc  hmpnet - ok
00:37:54.0485 0x10cc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:37:54.0485 0x10cc  HomeGroupListener - ok
00:37:54.0500 0x10cc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:37:54.0500 0x10cc  HomeGroupProvider - ok
00:37:54.0516 0x10cc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:37:54.0516 0x10cc  HpSAMD - ok
00:37:54.0547 0x10cc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:37:54.0563 0x10cc  HTTP - ok
00:37:54.0563 0x10cc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:37:54.0563 0x10cc  hwpolicy - ok
00:37:54.0610 0x10cc  [ B2EA4C4B2BA808C9E487F0AB651A22FA, 31ADEBE7DA658E5B1F6C9995412A80771F56FF593184F90BA177D220746B0A4C ] hxsyol          C:\Windows\system32\hxsy64.sys
00:37:54.0610 0x10cc  hxsyol - ok
00:37:54.0610 0x10cc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:37:54.0610 0x10cc  i8042prt - ok
00:37:54.0625 0x10cc  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:37:54.0641 0x10cc  iaStorV - ok
00:37:54.0688 0x10cc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:37:54.0703 0x10cc  idsvc - ok
00:37:54.0703 0x10cc  IEEtwCollectorService - ok
00:37:54.0719 0x10cc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:37:54.0719 0x10cc  iirsp - ok
00:37:54.0750 0x10cc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
00:37:54.0766 0x10cc  IKEEXT - ok
00:37:54.0812 0x10cc  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
00:37:54.0812 0x10cc  Intel® Capability Licensing Service Interface - ok
00:37:54.0844 0x10cc  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
00:37:54.0859 0x10cc  Intel® Capability Licensing Service TCP IP Interface - ok
00:37:54.0875 0x10cc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:37:54.0875 0x10cc  intelide - ok
00:37:54.0890 0x10cc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:37:54.0890 0x10cc  intelppm - ok
00:37:54.0906 0x10cc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:37:54.0906 0x10cc  IPBusEnum - ok
00:37:54.0922 0x10cc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:37:54.0922 0x10cc  IpFilterDriver - ok
00:37:54.0937 0x10cc  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:37:54.0953 0x10cc  iphlpsvc - ok
00:37:54.0953 0x10cc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:37:54.0968 0x10cc  IPMIDRV - ok
00:37:54.0968 0x10cc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:37:54.0968 0x10cc  IPNAT - ok
00:37:54.0984 0x10cc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:37:54.0984 0x10cc  IRENUM - ok
00:37:54.0984 0x10cc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:37:54.0984 0x10cc  isapnp - ok
00:37:55.0000 0x10cc  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:37:55.0000 0x10cc  iScsiPrt - ok
00:37:55.0031 0x10cc  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
00:37:55.0031 0x10cc  iusb3hcs - ok
00:37:55.0031 0x10cc  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
00:37:55.0046 0x10cc  iusb3hub - ok
00:37:55.0062 0x10cc  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
00:37:55.0078 0x10cc  iusb3xhc - ok
00:37:55.0109 0x10cc  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
00:37:55.0109 0x10cc  jhi_service - ok
00:37:55.0140 0x10cc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:37:55.0140 0x10cc  kbdclass - ok
00:37:55.0156 0x10cc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:37:55.0156 0x10cc  kbdhid - ok
00:37:55.0171 0x10cc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] KeyIso          C:\Windows\system32\lsass.exe
00:37:55.0171 0x10cc  KeyIso - ok
00:37:55.0202 0x10cc  [ C93EB3A92540830168F2057ECA7DE49A, 91DAEAD52B517E1E7CE9AAAE478493732156AA3122E6D16F7E8BD37116BB501C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:37:55.0202 0x10cc  KSecDD - ok
00:37:55.0234 0x10cc  [ 43F45C59A472993E5063F2DB2D22C509, E21B48733619B49272F46E01432D76072AC9241F55CDF08E84AF6277E3BF972A ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:37:55.0234 0x10cc  KSecPkg - ok
00:37:55.0249 0x10cc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:37:55.0249 0x10cc  ksthunk - ok
00:37:55.0265 0x10cc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:37:55.0280 0x10cc  KtmRm - ok
00:37:55.0312 0x10cc  [ A4F66F1079129D44570F600BE3930298, 27319C82BE20DE62F0FA6C8415A4880B134832AEC52ECBAD92124C1706B92196 ] ladfGSS         C:\Windows\system32\drivers\ladfGSS.sys
00:37:55.0312 0x10cc  ladfGSS - ok
00:37:55.0343 0x10cc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:37:55.0343 0x10cc  LanmanServer - ok
00:37:55.0358 0x10cc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:37:55.0358 0x10cc  LanmanWorkstation - ok
00:37:55.0390 0x10cc  [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
00:37:55.0390 0x10cc  LGBusEnum - ok
00:37:55.0452 0x10cc  [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
00:37:55.0452 0x10cc  LGCoreTemp - ok
00:37:55.0483 0x10cc  [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore     C:\Windows\system32\drivers\LGJoyXlCore.sys
00:37:55.0483 0x10cc  LGJoyXlCore - ok
00:37:55.0514 0x10cc  [ F705A641C18DF31B48B5DBDA94B425E4, 1F47EE43CAFE5458E56467E127EE99B5FDBFF8B810CF92B232094B475DD42B21 ] LGPBTDD         C:\Windows\system32\Drivers\LGPBTDD.sys
00:37:55.0514 0x10cc  LGPBTDD - ok
00:37:55.0546 0x10cc  [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
00:37:55.0546 0x10cc  LGVirHid - ok
00:37:55.0561 0x10cc  [ 83BA097ACAAD0B00505634A62D90F93A, 6F1FE2F413A4A939D2D921F537EBB9330E2A65A7C38BD380CF9405792FD03052 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
00:37:55.0577 0x10cc  lirsgt - ok
00:37:55.0592 0x10cc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:37:55.0592 0x10cc  lltdio - ok
00:37:55.0608 0x10cc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:37:55.0608 0x10cc  lltdsvc - ok
00:37:55.0624 0x10cc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:37:55.0624 0x10cc  lmhosts - ok
00:37:55.0655 0x10cc  [ 08E2B577DB95156F9A658C988EE71F5D, D229FFD97EE9478169D2418A722FD2AD6AD10108FF1B0156BE9A1ADF38B5633A ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:37:55.0655 0x10cc  LMS - ok
00:37:55.0670 0x10cc  [ 4849FAB87E35A6396819B0FF65E2687E, C037E6AA44AFB93DC98E4BB0EF780381918F846C0B3E957902C5CFA8D4652CD4 ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
00:37:55.0670 0x10cc  LogiRegistryService - ok
00:37:55.0686 0x10cc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:37:55.0686 0x10cc  LSI_FC - ok
00:37:55.0686 0x10cc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:37:55.0702 0x10cc  LSI_SAS - ok
00:37:55.0702 0x10cc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:37:55.0702 0x10cc  LSI_SAS2 - ok
00:37:55.0717 0x10cc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:37:55.0717 0x10cc  LSI_SCSI - ok
00:37:55.0733 0x10cc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:37:55.0733 0x10cc  luafv - ok
00:37:55.0748 0x10cc  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:37:55.0748 0x10cc  MBAMProtector - ok
00:37:55.0795 0x10cc  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
00:37:55.0795 0x10cc  MBAMService - ok
00:37:55.0826 0x10cc  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
00:37:55.0826 0x10cc  MBAMSwissArmy - ok
00:37:55.0826 0x10cc  [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
00:37:55.0826 0x10cc  MBAMWebAccessControl - ok
00:37:55.0842 0x10cc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:37:55.0842 0x10cc  Mcx2Svc - ok
00:37:55.0858 0x10cc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:37:55.0858 0x10cc  megasas - ok
00:37:55.0873 0x10cc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:37:55.0889 0x10cc  MegaSR - ok
00:37:55.0904 0x10cc  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
00:37:55.0904 0x10cc  MEIx64 - ok
00:37:55.0920 0x10cc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
00:37:55.0920 0x10cc  MMCSS - ok
00:37:55.0936 0x10cc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
00:37:55.0936 0x10cc  Modem - ok
00:37:55.0951 0x10cc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:37:55.0951 0x10cc  monitor - ok
00:37:55.0967 0x10cc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:37:55.0967 0x10cc  mouclass - ok
00:37:55.0982 0x10cc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:37:55.0982 0x10cc  mouhid - ok
00:37:56.0014 0x10cc  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:37:56.0014 0x10cc  mountmgr - ok
00:37:56.0045 0x10cc  [ D6F67A73E6557578B755F7B534E00F47, 769F3D6CB86B2DC4065BDE4CE39139879B7D96F455A3BE80C7ECEAD5494E8B79 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:37:56.0045 0x10cc  MozillaMaintenance - ok
00:37:56.0060 0x10cc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:37:56.0076 0x10cc  mpio - ok
00:37:56.0076 0x10cc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:37:56.0092 0x10cc  mpsdrv - ok
00:37:56.0107 0x10cc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:37:56.0107 0x10cc  MpsSvc - ok
00:37:56.0138 0x10cc  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:37:56.0138 0x10cc  MRxDAV - ok
00:37:56.0170 0x10cc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:37:56.0170 0x10cc  mrxsmb - ok
00:37:56.0185 0x10cc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:37:56.0185 0x10cc  mrxsmb10 - ok
00:37:56.0185 0x10cc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:37:56.0185 0x10cc  mrxsmb20 - ok
00:37:56.0201 0x10cc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:37:56.0201 0x10cc  msahci - ok
00:37:56.0201 0x10cc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:37:56.0216 0x10cc  msdsm - ok
00:37:56.0232 0x10cc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
00:37:56.0232 0x10cc  MSDTC - ok
00:37:56.0232 0x10cc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:37:56.0232 0x10cc  Msfs - ok
00:37:56.0248 0x10cc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:37:56.0248 0x10cc  mshidkmdf - ok
00:37:56.0263 0x10cc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:37:56.0263 0x10cc  msisadrv - ok
00:37:56.0279 0x10cc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:37:56.0279 0x10cc  MSiSCSI - ok
00:37:56.0279 0x10cc  msiserver - ok
00:37:56.0294 0x10cc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:37:56.0294 0x10cc  MSKSSRV - ok
00:37:56.0310 0x10cc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:37:56.0310 0x10cc  MSPCLOCK - ok
00:37:56.0310 0x10cc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:37:56.0310 0x10cc  MSPQM - ok
00:37:56.0326 0x10cc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:37:56.0326 0x10cc  MsRPC - ok
00:37:56.0326 0x10cc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:37:56.0326 0x10cc  mssmbios - ok
00:37:56.0341 0x10cc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:37:56.0341 0x10cc  MSTEE - ok
00:37:56.0341 0x10cc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:37:56.0357 0x10cc  MTConfig - ok
00:37:56.0357 0x10cc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
00:37:56.0357 0x10cc  Mup - ok
00:37:56.0388 0x10cc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
00:37:56.0388 0x10cc  napagent - ok
00:37:56.0404 0x10cc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:37:56.0419 0x10cc  NativeWifiP - ok
00:37:56.0435 0x10cc  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:37:56.0450 0x10cc  NDIS - ok
00:37:56.0466 0x10cc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:37:56.0466 0x10cc  NdisCap - ok
00:37:56.0466 0x10cc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:37:56.0466 0x10cc  NdisTapi - ok
00:37:56.0482 0x10cc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:37:56.0482 0x10cc  Ndisuio - ok
00:37:56.0497 0x10cc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:37:56.0497 0x10cc  NdisWan - ok
00:37:56.0513 0x10cc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:37:56.0513 0x10cc  NDProxy - ok
00:37:56.0513 0x10cc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:37:56.0513 0x10cc  NetBIOS - ok
00:37:56.0528 0x10cc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:37:56.0528 0x10cc  NetBT - ok
00:37:56.0544 0x10cc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] Netlogon        C:\Windows\system32\lsass.exe
00:37:56.0544 0x10cc  Netlogon - ok
00:37:56.0575 0x10cc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
00:37:56.0575 0x10cc  Netman - ok
00:37:56.0606 0x10cc  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:56.0622 0x10cc  NetMsmqActivator - ok
00:37:56.0622 0x10cc  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:56.0622 0x10cc  NetPipeActivator - ok
00:37:56.0638 0x10cc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
00:37:56.0638 0x10cc  netprofm - ok
00:37:56.0653 0x10cc  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:56.0653 0x10cc  NetTcpActivator - ok
00:37:56.0653 0x10cc  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:56.0653 0x10cc  NetTcpPortSharing - ok
00:37:56.0669 0x10cc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:37:56.0669 0x10cc  nfrd960 - ok
00:37:56.0700 0x10cc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:37:56.0700 0x10cc  NlaSvc - ok
00:37:56.0716 0x10cc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:37:56.0716 0x10cc  Npfs - ok
00:37:56.0716 0x10cc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
00:37:56.0716 0x10cc  nsi - ok
00:37:56.0731 0x10cc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:37:56.0731 0x10cc  nsiproxy - ok
00:37:56.0778 0x10cc  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:37:56.0794 0x10cc  Ntfs - ok
00:37:56.0794 0x10cc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
00:37:56.0794 0x10cc  Null - ok
00:37:56.0825 0x10cc  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
00:37:56.0825 0x10cc  nusb3hub - ok
00:37:56.0840 0x10cc  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
00:37:56.0840 0x10cc  nusb3xhc - ok
00:37:56.0872 0x10cc  [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
00:37:56.0872 0x10cc  NVHDA - ok
00:37:57.0090 0x10cc  [ 3740003FA980B92097072F851BBB86D8, 8FCAD5C176728659AFE4BC34D8E6A2E6AFDA58BFC9CDF9AE5CBD1A6CA59417A1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:37:57.0230 0x10cc  nvlddmkm - ok
00:37:57.0246 0x10cc  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:37:57.0262 0x10cc  nvraid - ok
00:37:57.0262 0x10cc  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:37:57.0277 0x10cc  nvstor - ok
00:37:57.0324 0x10cc  [ 5497F60D098B1096F731DC758D99588C, 87F238560D228C5432CBD8783E0E0947788C6886AEBDA95E4633BCD2FD8EB2A8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
00:37:57.0340 0x10cc  nvsvc - ok
00:37:57.0386 0x10cc  [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
00:37:57.0386 0x10cc  nvvad_WaveExtensible - ok
00:37:57.0386 0x10cc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:37:57.0402 0x10cc  nv_agp - ok
00:37:57.0402 0x10cc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:37:57.0402 0x10cc  ohci1394 - ok
00:37:57.0511 0x10cc  [ 7D006FC340B301A1DEAFB5878C078A12, 245A4647DEB2CD5D0C3FF07B45D50D6EE039733000C7F7FEC0A1B58162594B9D ] Origin Client Service D:\Origin\OriginClientService.exe
00:37:57.0558 0x10cc  Origin Client Service - ok
00:37:57.0589 0x10cc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:37:57.0589 0x10cc  p2pimsvc - ok
00:37:57.0605 0x10cc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:37:57.0620 0x10cc  p2psvc - ok
00:37:57.0636 0x10cc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:37:57.0636 0x10cc  Parport - ok
00:37:57.0652 0x10cc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:37:57.0652 0x10cc  partmgr - ok
00:37:57.0667 0x10cc  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:37:57.0683 0x10cc  PcaSvc - ok
00:37:57.0683 0x10cc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
00:37:57.0683 0x10cc  pci - ok
00:37:57.0698 0x10cc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:37:57.0698 0x10cc  pciide - ok
00:37:57.0714 0x10cc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:37:57.0730 0x10cc  pcmcia - ok
00:37:57.0745 0x10cc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:37:57.0745 0x10cc  pcw - ok
00:37:57.0776 0x10cc  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:37:57.0792 0x10cc  PEAUTH - ok
00:37:57.0839 0x10cc  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:37:57.0854 0x10cc  PeerDistSvc - ok
00:37:57.0886 0x10cc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:37:57.0901 0x10cc  PerfHost - ok
00:37:57.0932 0x10cc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
00:37:57.0948 0x10cc  pla - ok
00:37:57.0979 0x10cc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:37:57.0979 0x10cc  PlugPlay - ok
00:37:57.0995 0x10cc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:37:57.0995 0x10cc  PNRPAutoReg - ok
00:37:58.0010 0x10cc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:37:58.0026 0x10cc  PNRPsvc - ok
00:37:58.0042 0x10cc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:37:58.0042 0x10cc  PolicyAgent - ok
00:37:58.0057 0x10cc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
00:37:58.0057 0x10cc  Power - ok
00:37:58.0088 0x10cc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:37:58.0104 0x10cc  PptpMiniport - ok
00:37:58.0120 0x10cc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
00:37:58.0120 0x10cc  Processor - ok
00:37:58.0151 0x10cc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:37:58.0151 0x10cc  ProfSvc - ok
00:37:58.0166 0x10cc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] ProtectedStorage C:\Windows\system32\lsass.exe
00:37:58.0166 0x10cc  ProtectedStorage - ok
00:37:58.0166 0x10cc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:37:58.0182 0x10cc  Psched - ok
00:37:58.0213 0x10cc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:37:58.0229 0x10cc  ql2300 - ok
00:37:58.0244 0x10cc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:37:58.0244 0x10cc  ql40xx - ok
00:37:58.0260 0x10cc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
00:37:58.0260 0x10cc  QWAVE - ok
00:37:58.0276 0x10cc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:37:58.0276 0x10cc  QWAVEdrv - ok
00:37:58.0291 0x10cc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:37:58.0291 0x10cc  RasAcd - ok
00:37:58.0307 0x10cc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:37:58.0307 0x10cc  RasAgileVpn - ok
00:37:58.0322 0x10cc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
00:37:58.0322 0x10cc  RasAuto - ok
00:37:58.0338 0x10cc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:37:58.0354 0x10cc  Rasl2tp - ok
00:37:58.0354 0x10cc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
00:37:58.0369 0x10cc  RasMan - ok
00:37:58.0369 0x10cc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:37:58.0385 0x10cc  RasPppoe - ok
00:37:58.0385 0x10cc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:37:58.0385 0x10cc  RasSstp - ok
00:37:58.0400 0x10cc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:37:58.0416 0x10cc  rdbss - ok
00:37:58.0416 0x10cc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:37:58.0416 0x10cc  rdpbus - ok
00:37:58.0432 0x10cc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:37:58.0432 0x10cc  RDPCDD - ok
00:37:58.0447 0x10cc  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:37:58.0447 0x10cc  RDPDR - ok
00:37:58.0463 0x10cc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:37:58.0463 0x10cc  RDPENCDD - ok
00:37:58.0463 0x10cc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:37:58.0478 0x10cc  RDPREFMP - ok
00:37:58.0494 0x10cc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:37:58.0494 0x10cc  RDPWD - ok
00:37:58.0510 0x10cc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:37:58.0510 0x10cc  rdyboost - ok
00:37:58.0541 0x10cc  [ AA39AD162A4CB52FF18F18264336A85B, B3A550BA3050924C28D453F880B171561CDD9DFE40795908D3DB86E04D1AC1C8 ] RecFltr         C:\Windows\system32\drivers\RecFltr.sys
00:37:58.0541 0x10cc  RecFltr - ok
00:37:58.0556 0x10cc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:37:58.0556 0x10cc  RemoteAccess - ok
00:37:58.0572 0x10cc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:37:58.0572 0x10cc  RemoteRegistry - ok
00:37:58.0588 0x10cc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:37:58.0603 0x10cc  RpcEptMapper - ok
00:37:58.0603 0x10cc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
00:37:58.0603 0x10cc  RpcLocator - ok
00:37:58.0619 0x10cc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
00:37:58.0619 0x10cc  RpcSs - ok
00:37:58.0634 0x10cc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:37:58.0634 0x10cc  rspndr - ok
00:37:58.0681 0x10cc  [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:37:58.0681 0x10cc  RTL8167 - ok
00:37:58.0697 0x10cc  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:37:58.0697 0x10cc  s3cap - ok
00:37:58.0697 0x10cc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] SamSs           C:\Windows\system32\lsass.exe
00:37:58.0697 0x10cc  SamSs - ok
00:37:58.0712 0x10cc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:37:58.0712 0x10cc  sbp2port - ok
00:37:58.0728 0x10cc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:37:58.0728 0x10cc  SCardSvr - ok
00:37:58.0744 0x10cc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:37:58.0744 0x10cc  scfilter - ok
00:37:58.0775 0x10cc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
00:37:58.0790 0x10cc  Schedule - ok
00:37:58.0806 0x10cc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:37:58.0806 0x10cc  SCPolicySvc - ok
00:37:58.0822 0x10cc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:37:58.0822 0x10cc  SDRSVC - ok
00:37:58.0837 0x10cc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:37:58.0837 0x10cc  secdrv - ok
00:37:58.0853 0x10cc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
00:37:58.0853 0x10cc  seclogon - ok
00:37:58.0853 0x10cc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
00:37:58.0868 0x10cc  SENS - ok
00:37:58.0868 0x10cc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:37:58.0868 0x10cc  SensrSvc - ok
00:37:58.0884 0x10cc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:37:58.0884 0x10cc  Serenum - ok
00:37:58.0884 0x10cc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:37:58.0900 0x10cc  Serial - ok
00:37:58.0915 0x10cc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:37:58.0915 0x10cc  sermouse - ok
00:37:58.0931 0x10cc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:37:58.0931 0x10cc  SessionEnv - ok
00:37:58.0946 0x10cc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:37:58.0946 0x10cc  sffdisk - ok
00:37:58.0946 0x10cc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:37:58.0946 0x10cc  sffp_mmc - ok
00:37:58.0962 0x10cc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:37:58.0962 0x10cc  sffp_sd - ok
00:37:58.0978 0x10cc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:37:58.0978 0x10cc  sfloppy - ok
00:37:58.0993 0x10cc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:37:58.0993 0x10cc  SharedAccess - ok
00:37:59.0009 0x10cc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:37:59.0024 0x10cc  ShellHWDetection - ok
00:37:59.0040 0x10cc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:37:59.0040 0x10cc  SiSRaid2 - ok
00:37:59.0040 0x10cc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:37:59.0056 0x10cc  SiSRaid4 - ok
00:37:59.0071 0x10cc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:37:59.0071 0x10cc  Smb - ok
00:37:59.0071 0x10cc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:37:59.0087 0x10cc  SNMPTRAP - ok
00:37:59.0087 0x10cc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:37:59.0087 0x10cc  spldr - ok
00:37:59.0102 0x10cc  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
00:37:59.0118 0x10cc  Spooler - ok
00:37:59.0180 0x10cc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:37:59.0212 0x10cc  sppsvc - ok
00:37:59.0227 0x10cc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:37:59.0227 0x10cc  sppuinotify - ok
00:37:59.0258 0x10cc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:37:59.0258 0x10cc  srv - ok
00:37:59.0274 0x10cc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:37:59.0274 0x10cc  srv2 - ok
00:37:59.0290 0x10cc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:37:59.0290 0x10cc  srvnet - ok
00:37:59.0305 0x10cc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:37:59.0305 0x10cc  SSDPSRV - ok
00:37:59.0321 0x10cc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:37:59.0321 0x10cc  SstpSvc - ok
00:37:59.0383 0x10cc  [ 296268EE8C9427D49DDA579017014244, 5EF5D88775219869FA8965F37E8E988813D7295A5466A736378BC51A76510C41 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
00:37:59.0399 0x10cc  Steam Client Service - ok
00:37:59.0399 0x10cc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:37:59.0414 0x10cc  stexstor - ok
00:37:59.0430 0x10cc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
00:37:59.0446 0x10cc  stisvc - ok
00:37:59.0461 0x10cc  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:37:59.0461 0x10cc  storflt - ok
00:37:59.0477 0x10cc  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
00:37:59.0477 0x10cc  StorSvc - ok
00:37:59.0492 0x10cc  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:37:59.0492 0x10cc  storvsc - ok
00:37:59.0508 0x10cc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:37:59.0508 0x10cc  swenum - ok
00:37:59.0524 0x10cc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
00:37:59.0539 0x10cc  swprv - ok
00:37:59.0570 0x10cc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
00:37:59.0586 0x10cc  SysMain - ok
00:37:59.0602 0x10cc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:37:59.0602 0x10cc  TabletInputService - ok
00:37:59.0617 0x10cc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:37:59.0617 0x10cc  TapiSrv - ok
00:37:59.0633 0x10cc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
00:37:59.0633 0x10cc  TBS - ok
00:37:59.0664 0x10cc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:37:59.0695 0x10cc  Tcpip - ok
00:37:59.0711 0x10cc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:37:59.0742 0x10cc  TCPIP6 - ok
00:37:59.0742 0x10cc  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:37:59.0758 0x10cc  tcpipreg - ok
00:37:59.0758 0x10cc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:37:59.0758 0x10cc  TDPIPE - ok
00:37:59.0789 0x10cc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:37:59.0789 0x10cc  TDTCP - ok
00:37:59.0789 0x10cc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:37:59.0804 0x10cc  tdx - ok
00:37:59.0804 0x10cc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:37:59.0804 0x10cc  TermDD - ok
00:37:59.0836 0x10cc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
00:37:59.0851 0x10cc  TermService - ok
00:37:59.0851 0x10cc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
00:37:59.0851 0x10cc  Themes - ok
00:37:59.0867 0x10cc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
00:37:59.0867 0x10cc  THREADORDER - ok
00:37:59.0882 0x10cc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
00:37:59.0882 0x10cc  TrkWks - ok
00:37:59.0929 0x10cc  [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
00:37:59.0929 0x10cc  TrueSight - ok
00:37:59.0960 0x10cc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:37:59.0960 0x10cc  TrustedInstaller - ok
00:37:59.0992 0x10cc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:37:59.0992 0x10cc  tssecsrv - ok
00:38:00.0007 0x10cc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:38:00.0007 0x10cc  TsUsbFlt - ok
00:38:00.0007 0x10cc  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:38:00.0007 0x10cc  TsUsbGD - ok
00:38:00.0023 0x10cc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:38:00.0038 0x10cc  tunnel - ok
00:38:00.0038 0x10cc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:38:00.0038 0x10cc  uagp35 - ok
00:38:00.0054 0x10cc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:38:00.0054 0x10cc  udfs - ok
00:38:00.0085 0x10cc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:38:00.0085 0x10cc  UI0Detect - ok
00:38:00.0085 0x10cc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:38:00.0085 0x10cc  uliagpkx - ok
00:38:00.0116 0x10cc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:38:00.0116 0x10cc  umbus - ok
00:38:00.0116 0x10cc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:38:00.0116 0x10cc  UmPass - ok
00:38:00.0148 0x10cc  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:38:00.0148 0x10cc  UmRdpService - ok
00:38:00.0163 0x10cc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
00:38:00.0163 0x10cc  upnphost - ok
00:38:00.0194 0x10cc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:38:00.0194 0x10cc  usbaudio - ok
00:38:00.0226 0x10cc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:38:00.0226 0x10cc  usbccgp - ok
00:38:00.0241 0x10cc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:38:00.0241 0x10cc  usbcir - ok
00:38:00.0257 0x10cc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:38:00.0257 0x10cc  usbehci - ok
00:38:00.0272 0x10cc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:38:00.0288 0x10cc  usbhub - ok
00:38:00.0288 0x10cc  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:38:00.0288 0x10cc  usbohci - ok
00:38:00.0288 0x10cc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
00:38:00.0288 0x10cc  usbprint - ok
00:38:00.0304 0x10cc  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:38:00.0304 0x10cc  USBSTOR - ok
00:38:00.0319 0x10cc  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:38:00.0319 0x10cc  usbuhci - ok
00:38:00.0319 0x10cc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
00:38:00.0335 0x10cc  UxSms - ok
00:38:00.0335 0x10cc  [ 4C3FAC816925F73A34AD52F1F7C0A7EA, 7E9B4F68E2ADABA3A9324DA16CF680D77CF2812D4BD0BFCFF0173CA61260A3FE ] VaultSvc        C:\Windows\system32\lsass.exe
00:38:00.0335 0x10cc  VaultSvc - ok
00:38:00.0335 0x10cc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:38:00.0335 0x10cc  vdrvroot - ok
00:38:00.0366 0x10cc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
00:38:00.0366 0x10cc  vds - ok
00:38:00.0382 0x10cc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:38:00.0382 0x10cc  vga - ok
00:38:00.0397 0x10cc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:38:00.0397 0x10cc  VgaSave - ok
00:38:00.0397 0x10cc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:38:00.0413 0x10cc  vhdmp - ok
00:38:00.0413 0x10cc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:38:00.0428 0x10cc  viaide - ok
00:38:00.0444 0x10cc  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:38:00.0444 0x10cc  vmbus - ok
00:38:00.0460 0x10cc  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:38:00.0460 0x10cc  VMBusHID - ok
00:38:00.0460 0x10cc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:38:00.0460 0x10cc  volmgr - ok
00:38:00.0475 0x10cc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:38:00.0475 0x10cc  volmgrx - ok
00:38:00.0506 0x10cc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:38:00.0506 0x10cc  volsnap - ok
00:38:00.0522 0x10cc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:38:00.0522 0x10cc  vsmraid - ok
00:38:00.0553 0x10cc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
00:38:00.0584 0x10cc  VSS - ok
00:38:00.0600 0x10cc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:38:00.0600 0x10cc  vwifibus - ok
00:38:00.0616 0x10cc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
00:38:00.0631 0x10cc  W32Time - ok
00:38:00.0647 0x10cc  [ 0D67B715AE6729D0B518D20B7A7BAD1C, 05B044CB816CBF54DCB634AC765A5937C76B471722C6D6E1A9C27E7EBAB68913 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
00:38:00.0647 0x10cc  WacHidRouter - ok
00:38:00.0662 0x10cc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:38:00.0662 0x10cc  WacomPen - ok
00:38:00.0678 0x10cc  [ 1042B08B4336EF3CE34E09435BB33A4A, A42B447B4A9B364BAE329F75D36A906999E8CB754F1B10DE322B6611FF9764F7 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
00:38:00.0678 0x10cc  wacomrouterfilter - ok
00:38:00.0678 0x10cc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:38:00.0694 0x10cc  WANARP - ok
00:38:00.0694 0x10cc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:38:00.0694 0x10cc  Wanarpv6 - ok
00:38:00.0725 0x10cc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
00:38:00.0740 0x10cc  wbengine - ok
00:38:00.0756 0x10cc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:38:00.0772 0x10cc  WbioSrvc - ok
00:38:00.0787 0x10cc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:38:00.0787 0x10cc  wcncsvc - ok
00:38:00.0803 0x10cc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:38:00.0803 0x10cc  WcsPlugInService - ok
00:38:00.0818 0x10cc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
00:38:00.0818 0x10cc  Wd - ok
00:38:00.0850 0x10cc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:38:00.0850 0x10cc  Wdf01000 - ok
00:38:00.0865 0x10cc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:38:00.0865 0x10cc  WdiServiceHost - ok
00:38:00.0865 0x10cc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:38:00.0865 0x10cc  WdiSystemHost - ok
00:38:00.0881 0x10cc  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
00:38:00.0896 0x10cc  WebClient - ok
00:38:00.0912 0x10cc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:38:00.0912 0x10cc  Wecsvc - ok
00:38:00.0928 0x10cc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:38:00.0928 0x10cc  wercplsupport - ok
00:38:00.0943 0x10cc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:38:00.0943 0x10cc  WerSvc - ok
00:38:00.0943 0x10cc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:38:00.0943 0x10cc  WfpLwf - ok
00:38:00.0959 0x10cc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:38:00.0959 0x10cc  WIMMount - ok
00:38:00.0974 0x10cc  WinDefend - ok
00:38:00.0974 0x10cc  WinHttpAutoProxySvc - ok
00:38:01.0021 0x10cc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:38:01.0037 0x10cc  Winmgmt - ok
00:38:01.0084 0x10cc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:38:01.0115 0x10cc  WinRM - ok
00:38:01.0130 0x10cc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:38:01.0146 0x10cc  Wlansvc - ok
00:38:01.0224 0x10cc  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:38:01.0271 0x10cc  wlidsvc - ok
00:38:01.0286 0x10cc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:38:01.0286 0x10cc  WmiAcpi - ok
00:38:01.0286 0x10cc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:38:01.0302 0x10cc  wmiApSrv - ok
00:38:01.0302 0x10cc  WMPNetworkSvc - ok
00:38:01.0318 0x10cc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:38:01.0318 0x10cc  WPCSvc - ok
00:38:01.0318 0x10cc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:38:01.0333 0x10cc  WPDBusEnum - ok
00:38:01.0333 0x10cc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:38:01.0349 0x10cc  ws2ifsl - ok
00:38:01.0349 0x10cc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
00:38:01.0349 0x10cc  wscsvc - ok
00:38:01.0349 0x10cc  WSearch - ok
00:38:01.0396 0x10cc  [ B3730C83E305A8D5E195EC5CAF508D06, 616116565252E866E429250C4131A0B0F86C43BE58B97A7B34DCED6CCC2DFD93 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
00:38:01.0396 0x10cc  WTabletServicePro - ok
00:38:01.0474 0x10cc  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:38:01.0520 0x10cc  wuauserv - ok
00:38:01.0536 0x10cc  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:38:01.0536 0x10cc  WudfPf - ok
00:38:01.0567 0x10cc  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:38:01.0567 0x10cc  WUDFRd - ok
00:38:01.0567 0x10cc  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:38:01.0567 0x10cc  wudfsvc - ok
00:38:01.0583 0x10cc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:38:01.0583 0x10cc  WwanSvc - ok
00:38:01.0630 0x10cc  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
00:38:01.0630 0x10cc  xnacc - ok
00:38:01.0645 0x10cc  ================ Scan global ===============================
00:38:01.0645 0x10cc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:38:01.0676 0x10cc  [ A171AC55EE4B4EE35C18EF0977017A72, E0E3E3B1C3708C30C7292CA09E41CA6C49EB850699126C6D2C0383A72C0097A6 ] C:\Windows\system32\winsrv.dll
00:38:01.0692 0x10cc  [ A171AC55EE4B4EE35C18EF0977017A72, E0E3E3B1C3708C30C7292CA09E41CA6C49EB850699126C6D2C0383A72C0097A6 ] C:\Windows\system32\winsrv.dll
00:38:01.0708 0x10cc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:38:01.0739 0x10cc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
00:38:01.0739 0x10cc  [ Global ] - ok
00:38:01.0739 0x10cc  ================ Scan MBR ==================================
00:38:01.0739 0x10cc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:38:01.0895 0x10cc  \Device\Harddisk0\DR0 - ok
00:38:01.0895 0x10cc  ================ Scan VBR ==================================
00:38:01.0895 0x10cc  [ 98D913214B97352B63E88DD95D601C0C ] \Device\Harddisk0\DR0\Partition1
00:38:01.0895 0x10cc  \Device\Harddisk0\DR0\Partition1 - ok
00:38:01.0895 0x10cc  [ FCF21A69FCE48A9259B04B14B61E0B6C ] \Device\Harddisk0\DR0\Partition2
00:38:01.0895 0x10cc  \Device\Harddisk0\DR0\Partition2 - ok
00:38:01.0895 0x10cc  [ C1727089B7CE84F741335132676B7375 ] \Device\Harddisk0\DR0\Partition3
00:38:01.0895 0x10cc  \Device\Harddisk0\DR0\Partition3 - ok
00:38:01.0895 0x10cc  ================ Scan generic autorun ======================
00:38:02.0176 0x10cc  [ 235C24048A1D641569E8F3A840229533, 662EA0EE64E94CE6EFF742C7E2230646C7E246690772DD666775CD68C34A5534 ] C:\Program Files\Logitech Gaming Software\LCore.exe
00:38:02.0332 0x10cc  Launch LCore - ok
00:38:02.0394 0x10cc  [ 3AC269FDBF84B8BE16D5EBAD1F373550, 9EEEFB96D7940816C681968ABA15F7E05DFF4D5D29B93BF5E9D5D3F8475C0DF2 ] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
00:38:02.0394 0x10cc  IMSS - ok
00:38:02.0425 0x10cc  [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
00:38:02.0425 0x10cc  USB3MON - ok
00:38:02.0472 0x10cc  [ 059B8158C08C82C78DC6A8153A2467A4, 8E88DBC785CF679D238DC5CCBF0C79B03B30F742CF0FC6427AD0AD2AD5943169 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
00:38:02.0472 0x10cc  SunJavaUpdateSched - ok
00:38:02.0519 0x10cc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:38:02.0550 0x10cc  Sidebar - ok
00:38:02.0566 0x10cc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:38:02.0566 0x10cc  mctadmin - ok
00:38:02.0597 0x10cc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
00:38:02.0612 0x10cc  Sidebar - ok
00:38:02.0612 0x10cc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
00:38:02.0628 0x10cc  mctadmin - ok
00:38:02.0628 0x10cc  Waiting for KSN requests completion. In queue: 327
00:38:03.0642 0x10cc  Waiting for KSN requests completion. In queue: 327
00:38:04.0656 0x10cc  Waiting for KSN requests completion. In queue: 21
00:38:05.0701 0x10cc  AV detected via SS2: ESET Smart Security 9.0.381.1, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 9.0.376.0 ), 0x41000 ( enabled : updated )
00:38:05.0701 0x10cc  FW detected via SS2: ESET Personal Firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 9.0.376.0 ), 0x41010 ( enabled )
00:38:08.0369 0x10cc  ============================================================
00:38:08.0369 0x10cc  Scan finished
00:38:08.0369 0x10cc  ============================================================
00:38:08.0369 0x0d84  Detected object count: 0
00:38:08.0369 0x0d84  Actual detected object count: 0
 

 

 

 

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-08-10 00:59:13
-----------------------------
00:59:13.081    OS Version: Windows x64 6.1.7601 Service Pack 1
00:59:13.081    Number of processors: 8 586 0x3C03
00:59:13.081    ComputerName: WORKSLAVE  UserName: Dante
00:59:13.549    Initialize success
00:59:13.581    VM: initialized successfully
00:59:13.581    VM: Intel CPU supported
00:59:18.111    VM: supported disk I/O ataport.SYS
01:01:08.156    AVAST engine defs: 16080906
01:02:05.121    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:02:05.136    Disk 0 Vendor:   Size: 0MB BusType: 0
01:02:05.136    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000094
01:02:05.136    Disk 1 Vendor:   Size: 0MB BusType: 0
01:02:05.136    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000095
01:02:05.136    Disk 2 Vendor:   Size: 0MB BusType: 0
01:02:05.136    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000096
01:02:05.136    Disk 3 Vendor:   Size: 0MB BusType: 0
01:02:05.152    Disk 4  \Device\Harddisk4\DR4 -> \Device\00000097
01:02:05.152    Disk 4 Vendor:   Size: 0MB BusType: 0
01:02:05.651    Disk 5  \Device\Harddisk5\DR5 -> \Device\00000098
01:02:05.651    Disk 5 Vendor:   Size: 0MB BusType: 0
01:02:05.760    VM: Disk 0 MBR read successfully
01:02:05.760    Disk 0 MBR scan
01:02:05.760    Disk 0 Windows 7 default MBR code
01:02:05.776    Disk 0 MBR hidden
01:02:05.776    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
01:02:05.776    Disk 0 default boot code
01:02:05.791    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       100139 MB offset 206848
01:02:05.807    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS      1007488 MB offset 205291520
01:02:05.838    Disk 0 scanning C:\Windows\system32\drivers
01:02:16.571    Service scanning
01:02:32.701    Modules scanning
01:02:32.701    Disk 0 trace - called modules:
01:02:32.748    ntoskrnl.exe CLASSPNP.SYS disk.sys hmpalert.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:02:32.748    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800daa6060]
01:02:32.748    3 CLASSPNP.SYS[fffff880018dc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d810060]
01:02:32.748    \Driver\atapi[0xfffffa800d7ebaa0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> hmpalert.sys[0xfffff88005a66540]
01:02:33.435    AVAST engine scan C:\Windows
01:02:35.431    AVAST engine scan C:\Windows\system32
01:05:31.072    AVAST engine scan C:\Windows\system32\drivers
01:05:44.691    AVAST engine scan C:\Users\Dante
01:27:57.533    AVAST engine scan C:\ProgramData
01:32:52.654    Disk 0 statistics 4298688/0/22 @ 1,58 MB/s
01:32:52.670    Scan finished successfully
01:38:14.296    Disk 0 MBR has been saved successfully to "C:\Users\Dante\Desktop\MBR.dat"
01:38:14.296    The log file has been saved successfully to "C:\Users\Dante\Desktop\aswMBR.txt"
 



#15 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:05:51 PM

Posted 12 August 2016 - 08:34 AM

Some reading about svchost.exe in general:

http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

And about the K Parameters specifically:

http://www.gfi.com/blog/exploring-svchostexe-part-2/

--------------
:step1:

I believe that the reference to atapi.sys by Hirtman Pro is in fact a False Positive.
What we can do is remove Hitman Pro for now. You can reinstall it when we're finished.

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Hitman Pro
  • When prompted if you want to uninstall click Yes
  • Be sure the Advanced option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

:step2:

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Please post the result from the new aswMBR log.

:step3:

I would like to take a look at what processes are running on your machine.
 

Identifying Task Manager Running Processes

--------------------

  • Right click on the Taskbar and select Start Task Manager
  • Select the Processes tab
  • Identify and list in your reply the top 5 processes using the most amount of Memory under the Memory column
  • Identify and list in your reply the top 5 processes using the most amount of CPU under the CPU column

 


To err is Human. To blame it on someone else is even more Human.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users