acv
Megapat
- Katılım
- 31 Temmuz 2015
- Mesajlar
- 7.593
- Makaleler
- 1
- Çözümler
- 74
Tor Tarayıcı ile birkaç sitede gezindikten sonra içime sinmedi; KVRT, Malwarebytes ve Hitman Pro ile tarama yaptım. Sorun yok fakat, Hitman Pro EWS modunda System32 içinde bazı bilinmeyen dosyalar buldu. Taramanın log dosyası aşağıda.
Teşekkürler.
Kod:
[code]
HitmanPro 3.8.0.292
www.hitmanpro.com
Computer name . . . . : DESKTOP-FV6PG2P
Windows . . . . . . . : 10.0.0.16299.X64/12
User name . . . . . . : DESKTOP-FV6PG2P\Tugberk
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (Expired)
Scan date . . . . . . : 2018-04-22 12:28:07
Scan mode . . . . . . : EWS
Scan duration . . . . : 3m 50s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 298
Objects scanned . . . : 1.661.228
Files scanned . . . . : 33.384
Remnants scanned . . : 352.524 files / 1.275.320 keys
Early Warning Scoring _______________________________________________________
C:\Windows\System32\APHostService.dll
Size . . . . . . . : 369.664 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:32)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 0895649806196B2C75013585F9C93397AB3F64817CDC4CCD17ACDE6B01F3DC38
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Accounts Host Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : OneSyncSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc\
C:\Windows\System32\appinfo.dll
Size . . . . . . . : 144.896 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:29)
Entropy . . . . . : 5.9
SHA-256 . . . . . : E9D7F44A87D87F56CD3AA9D22C5466C04F2B9515124872BFA7FDE3FD81659DD4
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Application Information Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Appinfo
LanguageID . . . . : 1033
Fuzzy . . . . . . : 11.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Appinfo\
C:\Windows\system32\appxdeploymentserver.dll
Size . . . . . . . : 3.170.816 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:24)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 20C2687A81599954F77D0AC82180ADCA3800FE49D19FF36C2E8B9A0BAEFC6A8B
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : AppX Deployment Server DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : AppXSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc\
C:\Windows\System32\bfe.dll
Size . . . . . . . : 841.216 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.8
SHA-256 . . . . . : FDC66CBBD041B35B726686F7593119D29C65D568BCA40B13918E57A25AB840CF
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Base Filtering Engine
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : BFE
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
C:\Windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
HKLM\SYSTEM\CurrentControlSet\Services\BFE\
C:\Windows\System32\bisrv.dll
Size . . . . . . . : 813.568 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:36)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 95EE006E89FDC78F17BD68DE9977030A0FD47343FDF8308A68742F9E3D13CDF2
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Background Tasks Infrastructure Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : BrokerInfrastructure
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\
C:\Windows\System32\certprop.dll
Size . . . . . . . : 188.928 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:15)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 92C276A18F99D2A423BC3A99EBDA1239F3B335C1EB6EBAF2F2800A23188B26F2
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Smartcard Certificate Propagation Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SCPolicySvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\
HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\
C:\Windows\system32\dhcpcore.dll
Size . . . . . . . : 379.392 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 5512DB70C942FBFD78DBAE3DF379A2DDB9249B45BF5CE2CB305605C14CD1F25F
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : DHCP Client Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Dhcp
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\
C:\Windows\system32\diagtrack.dll
Size . . . . . . . : 2.628.608 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:27)
Entropy . . . . . : 6.2
SHA-256 . . . . . : B5277B71244FDBBE2C7D351CD519B01BDF26D8605E88F480B17B2E85B35A9B5A
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Windows Diagnostics Tracking
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : DiagTrack
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack\
C:\Windows\System32\dnsrslvr.dll
Size . . . . . . . : 286.720 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 4A362C947852C076B53AD4655DD4EDE7D6106AABAFAD6ED1D874DA4F33EC0F8B
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : DNS Caching Resolver Service
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Dnscache
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\
C:\Windows\System32\dot3svc.dll
Size . . . . . . . : 253.440 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 20B573BD6C5C760C21863F7E8B5AA544661C38E240C41ABA1C69B61C68A8FDD0
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Wired AutoConfig Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : dot3svc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\dot3svc\
C:\Windows\system32\drivers\94261AFE.sys
Size . . . . . . . : 478.392 bytes
Age . . . . . . . : 0.0 days (2018-04-22 11:31:05)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 4D853D78E459F7BFE4F4217FCAD47CDACFAC19C2F6CF8261FBAA46BDB387FFDC
Product . . . . . : Kaspersky Anti-Virus
Publisher . . . . : Kaspersky Lab ZAO
Description . . . : Kaspersky Unified Driver
Version . . . . . : 6.8.0.54
Copyright . . . . : © 2015 Kaspersky Lab ZAO. All Rights Reserved.
RSA Key Size . . . : 2048
Service . . . . . : 94261AFE
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : 20.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\ControlSet001\Services\94261AFE\
Forensic Cluster
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
-5.5s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db
-5.4s C:\Users\Tugberk\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
-2.0s C:\Users\Tugberk\AppData\Local\Temp\{3AB76BD4-DB38-40F3-910F-B8A4D17326C4}\
-0.5s C:\Windows\System32\drivers\80311604.sys
0.0s C:\Windows\System32\drivers\94261AFE.sys
0.3s C:\Users\Tugberk\AppData\Local\Temp\{3AB76BD4-DB38-40F3-910F-B8A4D17326C4}\{C72BBD39-E5F7-492F-8B69-1551A72D6907}.tmp
0.5s C:\Users\Tugberk\AppData\Local\Temp\{3AB76BD4-DB38-40F3-910F-B8A4D17326C4}\msvcr100.dll
C:\Windows\system32\DRIVERS\ahcache.sys
Size . . . . . . . : 240.640 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.4
SHA-256 . . . . . : CC851775136EC09CD41BF7EE1582BC6BE41086A807F5EBF3F97C60B57D5ADBC5
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Application Compatibility Cache
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : ahcache
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\ahcache\
C:\Windows\System32\drivers\amdk8.sys
Size . . . . . . . : 180.736 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 298D21026D503CBCE7A5385E8466905C62EDC89EE7AAD824127A213A9662ED73
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Processor Device Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : AmdK8
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\AmdK8\
C:\Windows\System32\drivers\amdppm.sys
Size . . . . . . . : 178.688 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : EDB6C085FB1291FE5436360FFE227E9885C5698B2076C6C326316A4E672AE8AE
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Processor Device Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : AmdPPM
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\
C:\Windows\system32\DRIVERS\bowser.sys
Size . . . . . . . : 101.888 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 35D893B9C53215548C95143377F8DDC98A45F2269839BA498F2FA22B409F13C0
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : NT Lan Manager Datagram Receiver Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : bowser
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\bowser\
C:\Windows\system32\Drivers\dfsc.sys
Size . . . . . . . : 151.040 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 3FB5FDB9B7B4B55916F102E6AA2FE387F2D552229FB1E6852E5DAC9A49B214A3
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : DFS Namespace Client Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Dfsc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Dfsc\
C:\Windows\System32\drivers\dmvsc.sys
Size . . . . . . . : 46.592 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.6
SHA-256 . . . . . : C94E63FB12AC58022C0C7F7721C7A38E9411DE94BFB12416091DC1A1F8C90414
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Dynamic Memory
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : dmvsc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\dmvsc\
C:\Windows\system32\drivers\gpuenergydrv.sys
Size . . . . . . . : 8.192 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 3.6
SHA-256 . . . . . : 4BB1E20A2BDF8F504FF787EF338B6180DD537F53A0DC843B96AEFD8BBE970653
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : GPU Energy Kernel Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : GpuEnergyDrv
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\GpuEnergyDrv\
C:\Windows\System32\drivers\hyperkbd.sys
Size . . . . . . . : 16.896 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 4.9
SHA-256 . . . . . : 954EC837636D0F08A3596E4270F37E03C99F8D1A7E80D0D323E0CB793324D776
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft VMBus Synthetic Keyboard Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : hyperkbd
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\hyperkbd\
C:\Windows\System32\drivers\HyperVideo.sys
Size . . . . . . . : 28.160 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 66D6E64353CE80949082E594061BCA077849840B175F18F0743285B389F57250
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft VMBus Video Device Miniport Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : HyperVideo
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\HyperVideo\
C:\Windows\System32\drivers\intelppm.sys
Size . . . . . . . : 199.168 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 821947C152E7A2B4782199E033EAEE8D3F43A5EC4CC369334A6C0793C62DA069
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Processor Device Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : intelppm
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\intelppm\
C:\Windows\system32\drivers\irda.sys
Size . . . . . . . : 119.808 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.2
SHA-256 . . . . . : F9B47A83945DF2A043384626A2EB47AE9F915048636334D9768A0B4901C84E08
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : IRDA Protocol Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : irda
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\irda\
C:\Windows\system32\drivers\lltdio.sys
Size . . . . . . . : 65.024 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.1
SHA-256 . . . . . : F3F99397B12529FAF4B77E11A3279B882F9BF986D0DDB3F1847B8EE96C6E40FF
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Link-Layer Topology Mapper I/O Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : lltdio
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\lltdio\
C:\Windows\system32\drivers\ndisuio.sys
Size . . . . . . . : 65.024 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 8FFF34D44E4E7E2EBE9C9337BA8E713ACD6344551C709A5537900290C51B66B3
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : NDIS User mode I/O driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Ndisuio
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\
C:\Windows\system32\DRIVERS\netbt.sys
Size . . . . . . . : 316.928 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 16D21CC0E65906ECFE17F4FD1D8A5FAE4CC7A3BD5B96E704835961DF2A131726
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : MBT Transport driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : NetBT
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\NetBT\
C:\Windows\System32\drivers\netvsc.sys
Size . . . . . . . : 192.512 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:38)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 7208216C9E6A938E2CCB2F510D4A6F00F35E1AAF3FE0E6D7272F5543B843EBFC
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Virtual NDIS Miniport
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : netvsc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\netvsc\
C:\Windows\system32\drivers\nsiproxy.sys
Size . . . . . . . : 44.544 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.7
SHA-256 . . . . . : BC5662D43B073B41E3810938FAE511E82AD3F69DDE8B73C23D7EDBB3E6364B5B
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : NSI Proxy
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : nsiproxy
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\nsiproxy\
C:\Windows\system32\drivers\peauth.sys
Size . . . . . . . : 723.968 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.4
SHA-256 . . . . . : D94EA6B775414031273D0C55BBAAEC07D780B7226859F22A26772B104BA302BD
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Protected Environment Authentication and Authorization Export Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : PEAUTH
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\
C:\Windows\System32\drivers\processr.sys
Size . . . . . . . : 177.664 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:15)
Entropy . . . . . : 6.5
SHA-256 . . . . . : E834AEB963E4FA8DBE9A9E69BD2212C001EF9F5461719EFB80C55C87450AFD73
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Processor Device Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Processor
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Processor\
C:\Windows\system32\DRIVERS\rasacd.sys
Size . . . . . . . : 17.920 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.0
SHA-256 . . . . . : D5D8FF60403BC0B1B315B3413D15E47FE64C63D8F1AC28225DDC21E41BD8A7E5
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : RAS Automatic Connection Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : RasAcd
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\RasAcd\
C:\Windows\System32\drivers\rdpbus.sys
Size . . . . . . . : 27.136 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.3
SHA-256 . . . . . : F2D2D73EBF3A866B0511135D60C5C6CE397F41366A2D33D0B045A4A08066CF72
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft RDP Bus Device driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : rdpbus
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\rdpbus\
C:\Windows\system32\drivers\rdpdr.sys
Size . . . . . . . : 182.784 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 58817B7941377DD5C972131EAF8FD472992F912ED48E6CB770410D359675D3B9
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft RDP Device redirector
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : RDPDR
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\RDPDR\
C:\Windows\system32\DRIVERS\srv2.sys
Size . . . . . . . : 726.016 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 7B443D0619BB166CF6021E9352817590AA35093FDD9A0C79CFC76DC49DC632EA
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Smb 2.0 Server driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : srv2
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\srv2\
C:\Windows\system32\drivers\storqosflt.sys
Size . . . . . . . : 79.872 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 2ED213F392D4C2B848187F0583C7AEE2A41A2AA1E4DE8AC85D45EFEB0A430593
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Storage QoS Filter
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : storqosflt
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\storqosflt\
C:\Windows\System32\drivers\Synth3dVsc.sys
Size . . . . . . . : 64.512 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.8
SHA-256 . . . . . : F520333AFF9F8D37707A6B50A33B712B5AF114D12C8092D2DFB04F05F241B03E
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft RemoteFX Synth3D Video VSC
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Synth3dVsc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Synth3dVsc\
C:\Windows\System32\drivers\usbser.sys
Size . . . . . . . : 71.680 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 830A0E9170B1BD58447EB12AAF7FA8B97B15F3D35DE53553CFC4A67620DA4619
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : USB Serial Driver
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : usbser
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\usbser\
C:\Windows\System32\drivers\VMBusHID.sys
Size . . . . . . . : 25.088 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.5
SHA-256 . . . . . : DFAA6FC88F6EC7A540B5AAE930A591DD59E844630A6B03DEEA31126EAAEA256E
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft VMBus HID Miniport
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : VMBusHID
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\VMBusHID\
C:\Windows\System32\drivers\vmgencounter.sys
Size . . . . . . . : 13.312 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 4.5
SHA-256 . . . . . : BABCAE227CD2E87E37C708539C2232251B37F35EFFE2B927914D72517F161E44
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Virtual Machine Generation Counter
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : gencounter
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\gencounter\
C:\Windows\System32\drivers\vmgid.sys
Size . . . . . . . : 10.240 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 3.9
SHA-256 . . . . . : 7423E69CECC2791DF814ECA6464C522BB914F7F6B0178C1A9881CBF56A1F8E1C
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Virtual Machine Guest Infrastructure Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : vmgid
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\vmgid\
C:\Windows\System32\drivers\vms3cap.sys
Size . . . . . . . : 9.216 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 3.1
SHA-256 . . . . . : F8753CB05393EDDAC5FF99C5DAAFCF955C4CE8D14E065E9A7B4ED156BF9503D3
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft S3 Emulated Device Cap Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : s3cap
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\s3cap\
C:\Windows\system32\DRIVERS\wanarp.sys
Size . . . . . . . : 80.896 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 2D93403BCB2A44F9CF110C1EF99C1C79D2BBB8068CCCA7C30B6606C1190F6C98
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : MS Remote Access and Routing ARP Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : wanarpv6
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\wanarp\
HKLM\SYSTEM\CurrentControlSet\Services\wanarpv6\
C:\Windows\system32\drivers\wcnfs.sys
Size . . . . . . . : 75.264 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:45)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 4025B95FAF4751633E9DD9BA9312274E99778EEBADC8EA37D5E179A41C1EE344
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Container Name Virtualization FS Filter Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : wcnfs
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\wcnfs\
C:\Windows\system32\drivers\winnat.sys
Size . . . . . . . : 225.792 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 432AAEDE3628EAD3F844D3CBBA0AAA6AFDD04CAB04EA7871689D7FD394F25EC1
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows NAT Driver
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : WinNat
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\WinNat\
C:\Windows\System32\DsSvc.dll
Size . . . . . . . : 151.552 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.9
SHA-256 . . . . . : E344797EDD9EC2ED3D1D07FF1B94DFB8BA318DDE8CD6CECA937A27B4B2E22A0E
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Data Sharing Service NT Service DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : DsSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\DsSvc\
C:\Windows\System32\dusmsvc.dll
Size . . . . . . . : 334.848 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:24)
Entropy . . . . . : 6.1
SHA-256 . . . . . : E638F97043274515F9A8A46B55C9478E886683580F33A0E90A3BDFBA6A4F6C26
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Data Usage Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : DusmSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\DusmSvc\
C:\Windows\system32\efssvc.dll
Size . . . . . . . : 57.856 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.3
SHA-256 . . . . . : 3B23F51E4346B6D35033CA3DCB9619924DE4530D3694F8C78C86BC34FBC94CCA
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : EFS Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : EFS
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\EFS\
C:\Windows\system32\FntCache.dll
Size . . . . . . . : 1.967.104 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:21)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 701BFDFAD6E86C48E02612E54F3F8819632FC13526893AD2BBAA51348F5E24FF
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Font Cache Service
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : FontCache
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\FontCache\
C:\Windows\System32\gpsvc.dll
Size . . . . . . . : 1.275.904 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.9
SHA-256 . . . . . : DCC888F1262CA50DA3109D132A9C04F83A961720647E9882D3EFCBF8E3D703B5
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Group Policy Client
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : gpsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 11.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\gpsvc\
C:\Windows\System32\icsvc.dll
Size . . . . . . . : 286.208 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 613FAB4F93FA1C33D6303C5712B516AAFB1DACDAB712F7F52A34D7CD558183BE
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Virtual Machine Integration Component Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : vmicvmsession
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface\
HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat\
HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange\
HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown\
HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync\
HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession\
C:\Windows\System32\icsvcext.dll
Size . . . . . . . : 309.760 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.7
SHA-256 . . . . . : 03D9A033B694BF95AC04355EB54B72030372880E0EF63C4A6D6A2A10F571AFEA
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Virtual Machine Integration Component Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : vmicvss
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv\
HKLM\SYSTEM\CurrentControlSet\Services\vmicvss\
C:\Windows\System32\ie4uinit.exe
Size . . . . . . . : 229.888 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:46)
Entropy . . . . . : 6.2
SHA-256 . . . . . : D8E6EB5F16AD51C5BFF6703AC48F1CF3195D413E110FF6922971AF4702AD1B09
Product . . . . . : Internet Explorer
Publisher . . . . : Microsoft Corporation
Description . . . : IE Per-User Initialization Utility
Version . . . . . : 11.00.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\
C:\Windows\System32\ieframe.dll
Size . . . . . . . : 12.833.280 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:39)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 30B5A5453903D98D3BA27291190B2DB9AD10FFECAAF8071C3BB8C50952FBF425
Product . . . . . : Internet Explorer
Publisher . . . . : Microsoft Corporation
Description . . . : Internet Browser
Version . . . . . : 11.00.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-2352175606-588879104-2581293325-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
C:\Windows\System32\ikeext.dll
Size . . . . . . . : 984.064 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:16)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 8F003562F50218307ECC48A7BF43BE1DA88352D2749902A029081804B71C85DB
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : IKE extension
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : IKEEXT
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT\
C:\Windows\System32\iphlpsvc.dll
Size . . . . . . . : 820.224 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 56FA9888A7A969539833644AD50730BBA5E770AC6097AFB490E34196596C55E0
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Service that offers IPv6 connectivity over an IPv4 network.
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : iphlpsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\
C:\Windows\system32\keyiso.dll
Size . . . . . . . : 90.112 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.7
SHA-256 . . . . . : 00C06D363FCD6E2D057D38FBCAE3F27216E647FE0FBCBBC912DABD79C9F9C8A9
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : CNG Key Isolation Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : KeyIso
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\KeyIso\
C:\Windows\system32\LicenseManagerSvc.dll
Size . . . . . . . : 48.640 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.6
SHA-256 . . . . . : AF5315AFAAE41AAB55BB7243FD9EA2949C7F114C0ED24073751733B5A11142BA
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : LicenseManagerSvc
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : LicenseManager
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager\
C:\Windows\system32\mpssvc.dll
Size . . . . . . . : 925.184 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:36)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 3F57C8794F2CBFFE098B614418BBA8FC051E8DD798313228B4E03E101FCD9791
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Protection Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : MpsSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc\
C:\Windows\System32\NaturalAuth.dll
Size . . . . . . . : 795.136 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:34)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 88EC0AA1144F1523B7DDD6BCAF8771CB246153B14E950AA6F4859FB8287D6634
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Natural Authentication Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : NaturalAuthentication
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\NaturalAuthentication\
C:\Windows\System32\ncbservice.dll
Size . . . . . . . : 374.272 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 24FF1D06A2A05DC7A2D7552E0B45CF6F689A4FC9A135474B587FA7649BCFED3D
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Network Connection Broker
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : NcbService
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\NcbService\
C:\Windows\System32\nlasvc.dll
Size . . . . . . . : 366.080 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:30)
Entropy . . . . . : 6.3
SHA-256 . . . . . : C61FAD8431F3E627E9D81DFF95A37C057ED4EB3F3F78A598D5BD236D194EB612
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Network Location Awareness 2
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : NlaSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\
C:\Windows\system32\nsisvc.dll
Size . . . . . . . : 30.720 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.2
SHA-256 . . . . . : 7A22A15A5EC874682FF04B35A69867A476FE88A97E27AA3A9C3F32E4B31D160F
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Network Store Interface RPC server
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : nsi
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\nsi\
C:\Windows\system32\p2psvc.dll
Size . . . . . . . : 423.936 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:33)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 4B4AE686C7D2A9B7D496E62162E984CCCE79D6E42223F5B3D2EBBC7E526EA85C
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Peer-to-Peer Services
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : p2psvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\p2psvc\
C:\Windows\System32\PhoneService.dll
Size . . . . . . . : 791.552 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:35)
Entropy . . . . . : 6.2
SHA-256 . . . . . : B37FA2DF1607F1B4443BDB94C5AC95A66A498A0FF51C2C9C2F4E1D5C7400B949
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : The service used to manage phone calls and other telephony related functionality
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : PhoneSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc\
C:\Windows\system32\pnrpsvc.dll
Size . . . . . . . : 341.504 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:38)
Entropy . . . . . : 6.3
SHA-256 . . . . . : B2FACDF82CF8E2EA263CB6B2FDB3CF66B41D01D014F2BE1A683513971D050C3C
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : PNRP Service Dll
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : PNRPsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\
HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\
C:\Windows\System32\qmgr.dll
Size . . . . . . . : 1.346.560 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:19)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 742F245105412476A8713ADFBBA5E6498B3B1A03DCF3EE58C15F5AC06C686B44
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Background Intelligent Transfer Service
Version . . . . . : 7.8.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : BITS
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\BITS\
C:\Windows\System32\ScDeviceEnum.dll
Size . . . . . . . : 198.144 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.1
SHA-256 . . . . . : E002C70A34C01B0F5EEA3D53A150DFB3693D1ABA63D61E7EEF3C5B6D5AC86215
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Smart Card Device Enumeration Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : ScDeviceEnum
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum\
C:\Windows\system32\schedsvc.dll
Size . . . . . . . : 880.640 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:35)
Entropy . . . . . : 5.7
SHA-256 . . . . . : B34DFEC3565B8F33D919A6A6BBEC9315466E525E1B2F069968CBC9969EB9E05B
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Task Scheduler Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Schedule
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Schedule\
C:\Windows\system32\SensorService.dll
Size . . . . . . . : 555.520 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:25)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 37BAECE685E79F37889CD0603F086341A5CA349E943D26CB991A7EFBD2998FAF
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Sensor Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SensorService
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\SensorService\
C:\Windows\system32\sensrsvc.dll
Size . . . . . . . : 205.312 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:17)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 75EEAA870D027FAB9406AACE969D386DAA1C3A8933895424AB70350BD5F30227
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Windows Sensor Monitoring Service
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SensrSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc\
C:\Windows\system32\sessenv.dll
Size . . . . . . . : 387.584 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.3
SHA-256 . . . . . : EC72C2C860921A4234079D29C29D6F80F73B1D87610C6A4F0B1ABC948E532756
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Remote Desktop Configuration service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SessionEnv
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv\
C:\Windows\system32\SmsRouterSvc.dll
Size . . . . . . . : 588.800 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:44)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 72E675166B3E90D3FC23FD1AF1A3B201416294C962E0800707DCBA71DB9D7736
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows SMS Router Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SmsRouter
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter\
C:\Windows\system32\spectrum.exe
Size . . . . . . . : 956.416 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:25)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 6D370EA797617A3138FB15F285F08373299BE77B5C8CCD28BF559F17437E8A48
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Perception Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : spectrum
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\spectrum\
C:\Windows\System32\spoolsv.exe
Size . . . . . . . : 765.952 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:20)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 6C55023782082B4E5CB5E653C530A6CF0AF86D5D38566AA4C3A332534BE0EA7B
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Spooler SubSystem App
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Spooler
LanguageID . . . . : 1033
Running processes : 2960
Fuzzy . . . . . . : 17.0
This program is actively listening for inbound network connections.
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Spooler\
Network Ports
0.0.0.0:1539
C:\Windows\system32\srvsvc.dll
Size . . . . . . . : 270.848 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 74EABA6EEEE771F19D75D9B64972B94C5308EEA5D51C0C2DB360570F1CB36F69
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Server Service DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : LanmanServer
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\
C:\Windows\System32\ssdpsrv.dll
Size . . . . . . . : 228.352 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.3
SHA-256 . . . . . : A5ED49F465BCB26C61F390018520BE97392BA9D85CC6A7C040BAA2D0EFF983FF
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : SSDP Service DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SSDPSRV
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV\
C:\Windows\system32\storsvc.dll
Size . . . . . . . : 963.584 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:44)
Entropy . . . . . : 6.0
SHA-256 . . . . . : D9BF3D2C5127E469BB037308114287686A9C3927396D64013007927C9A9716AB
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Storage Services
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : StorSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\StorSvc\
C:\Windows\system32\sysmain.dll
Size . . . . . . . : 970.240 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:34)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F172BE926BBDD8B11F641687FC5F9C062F322C43D08A5E1F189BCCB44CE3C4E4
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Superfetch Service Host
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SysMain
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
C:\Windows\system32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
HKLM\SYSTEM\CurrentControlSet\Services\SysMain\
C:\Windows\System32\SystemEventsBrokerServer.dll
Size . . . . . . . : 284.672 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 69AF6FF98C5793441CC46136AD99B05392974E2C0189C76066EA0DDEE8B5CF31
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : System Events Broker
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : SystemEventsBroker
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker\
C:\Windows\System32\tetheringservice.dll
Size . . . . . . . : 208.384 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 6.2
SHA-256 . . . . . : C72235865426659957909E8465B7D208EB5CAA21B529F07BB055D33028326D9C
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Tethering Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : icssvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\icssvc\
C:\Windows\System32\TimeBrokerServer.dll
Size . . . . . . . : 175.616 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 7DC0A5C2F56C0FD0C4BE84EA09900DF20275A2FD63ADB9D8EE4CBF39E1E2A4F4
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Time Event Broker
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : TimeBrokerSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\
C:\Windows\System32\unistore.dll
Size . . . . . . . : 1.245.184 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:36)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 1B325D1BF2B041C33BF0336D9651A744AC0A9529085F898A3D90158784F26DC2
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Unified Store
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : UnistoreSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc\
C:\Windows\System32\userdataservice.dll
Size . . . . . . . : 1.573.376 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:36)
Entropy . . . . . : 6.4
SHA-256 . . . . . : FE7EAB44503C72EC3CD722617D04C0BF01EDFD2F5834C3D501538800E43C6B74
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : The endpoint for 3rd party APIs to read/write user data
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : UserDataSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc\
C:\Windows\System32\usermgr.dll
Size . . . . . . . : 951.808 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:35)
Entropy . . . . . : 5.8
SHA-256 . . . . . : 500CBB6AD5B097525CD5DD70F127ED66BDE8E5608DAAC5067FA0F04DC1F00D06
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : UserMgr
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : UserManager
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\UserManager\
C:\Windows\system32\usocore.dll
Size . . . . . . . : 1.298.944 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:22)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 5DD497FD9A97FA6E5C94E04E75C23D5CC2C5A0BEE252277F67A6FC00D11A3C33
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Update Session Orchestrator Core
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : UsoSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 11.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\
C:\Windows\system32\vssvc.exe
Size . . . . . . . : 1.556.992 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:27)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 799759ACDF514F195A6C9DACBA966866E9012AA862B45D2E27D345D5901B7924
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft® Volume Shadow Copy Service
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : VSS
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\VSS\
C:\Windows\System32\wcmsvc.dll
Size . . . . . . . : 889.856 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 5A439FCADBB277EF497F6B590192C6AAB361D1D013D4C461D3A5620FCD263174
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Connection Manager Service DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : Wcmsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 13.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc\
C:\Windows\System32\wcncsvc.dll
Size . . . . . . . : 465.920 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:41)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 6003C93FB0997A9FFD5CBE9BD18C86B08594AD56D70AD93F72FB67C5F6D7666A
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Connect Now - Config Registrar Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : wcncsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc\
C:\Windows\System32\webclnt.dll
Size . . . . . . . : 217.088 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:34)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 8B6E7D7BC091DDCA6AF90ED100AAEDACCE9110179BAD5E444D6788E52C68F461
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Web DAV Service DLL
Version . . . . . : 10.0.16299.334
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : WebClient
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\WebClient\
C:\Windows\System32\wkssvc.dll
Size . . . . . . . : 276.480 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 1BDFB850ACE73E8882BBC3B18A5A7BCEE68696917D8462A159CE2763133DC516
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Workstation Service DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : LanmanWorkstation
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\
C:\Windows\System32\wlansvc.dll
Size . . . . . . . : 2.528.256 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:34)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 32003C63D3EB60D9B3F2F249873047C6C510E9195FAFE145B1CDB5C9F0358026
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows WLAN AutoConfig Service DLL
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : WlanSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc\
C:\Windows\System32\wscsvc.dll
Size . . . . . . . : 246.784 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:14)
Entropy . . . . . : 6.3
SHA-256 . . . . . : B9F0F8B2F50B48125B89BF61B3229317E918619B6A9D47FF0B368A87EE0CE734
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Security Center Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : wscsvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\
C:\Windows\System32\wwansvc.dll
Size . . . . . . . : 1.424.896 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:34)
Entropy . . . . . : 6.2
SHA-256 . . . . . : DBFD3C9EF34645EB3A11107760C8298590368A2E815695B857CCF653910265A7
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : WWAN Auto Config Service
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : WwanSvc
LanguageID . . . . : 1033
Fuzzy . . . . . . : 9.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc\
C:\Windows\SysWOW64\ieframe.dll
Size . . . . . . . : 11.924.992 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:42)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 53F5998A2587D1D07B4951238C5689D48CE3D2DC0A86DFC2EA741F6817C97B66
Product . . . . . : Internet Explorer
Publisher . . . . : Microsoft Corporation
Description . . . : Internet Browser
Version . . . . . : 11.00.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 8.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-2352175606-588879104-2581293325-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
C:\Windows\SysWow64\perfhost.exe
Size . . . . . . . : 21.504 bytes
Age . . . . . . . : 10.6 days (2018-04-11 22:12:13)
Entropy . . . . . : 5.4
SHA-256 . . . . . : 9A89007DBBD936F985D562B3C686ADE49ED947289500A2D776BFCF9B4DF478BF
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : x86 Performance Counter Host
Version . . . . . : 10.0.16299.371
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : PerfHost
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\PerfHost\
Cookies _____________________________________________________________________
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:acuityplatform.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adfarm1.adition.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:creative-serving.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:ctnsnet.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:eus.rubiconproject.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool.admedo.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap2-cdn.rubiconproject.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:x.bidswitch.net
C:\Users\Tugberk\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldlab.net
Son düzenleyen: Moderatör:
